From a263b4177a2fb1f376814fed3687c89a1dabfb44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 8 Nov 2025 03:37:15 +0100 Subject: [PATCH 01/23] chore: rename hosts --- .github/README.md | 19 ++++--- files/scripts/swarsel-install.sh | 8 +-- files/scripts/swarsel-postinstall.sh | 6 +-- files/scripts/swarsel-rebuild.sh | 4 +- .../nixos/{chaostheatre => hotel}/default.nix | 4 +- .../{chaostheatre => hotel}/disk-config.nix | 0 .../hardware-configuration.nix | 0 .../{chaostheatre => hotel}/options-home.nix | 0 .../nixos/{chaostheatre => hotel}/options.nix | 0 install/installer-config.nix | 4 +- nix/topology.nix | 4 +- profiles/home/hotel/default.nix | 44 ++++++++++++++++ profiles/nixos/hotel/default.nix | 50 +++++++++++++++++++ 13 files changed, 121 insertions(+), 22 deletions(-) rename hosts/nixos/{chaostheatre => hotel}/default.nix (94%) rename hosts/nixos/{chaostheatre => hotel}/disk-config.nix (100%) rename hosts/nixos/{chaostheatre => hotel}/hardware-configuration.nix (100%) rename hosts/nixos/{chaostheatre => hotel}/options-home.nix (100%) rename hosts/nixos/{chaostheatre => hotel}/options.nix (100%) create mode 100644 profiles/home/hotel/default.nix create mode 100644 profiles/nixos/hotel/default.nix diff --git a/.github/README.md b/.github/README.md index 6a24483..798076e 100644 --- a/.github/README.md +++ b/.github/README.md @@ -66,7 +66,7 @@ nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u ``` - This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. + This will activate the `hotel` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes. @@ -153,16 +153,21 @@ | Name | Hardware | Use | |--------------------|-----------------------------------------------------|------------------------------------------------------| |πŸ’» **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | - |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal lapto | - |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS sandbox | - |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae | - |πŸ–₯️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | - |πŸ–₯️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | + |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | + |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | + |🏠 **treehouse** | NVIDIA DGX Spark | Workstation, AI playground and home-manager reference| + |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Secondary homeserver and data storgae | + |πŸ–₯️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Main homeserver running microvms, data storage | + |πŸ–₯️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | + |☁️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |☁️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | + |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache | + |☁️ **monkeycave** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server | + |☁️ **eagleland** | Hetzner Cloud: CX23 | Mail server | |πŸ“± **magicant** | Samsung Galaxy Z Flip 6 | Phone | |πŸ’Ώ **drugstore** | - | ISO installer configuration | |❔ **chaotheatre** | - | Demo config for checking out my configurtion | |❔ **toto** | - | Helper configuration for bootstrapping a new system | - |🏠 **treehouse** | - | Reference configuration for a home-manager only host | ## General Nix tips & useful links diff --git a/files/scripts/swarsel-install.sh b/files/scripts/swarsel-install.sh index b70faf9..c130cc6 100644 --- a/files/scripts/swarsel-install.sh +++ b/files/scripts/swarsel-install.sh @@ -1,7 +1,7 @@ set -eo pipefail -target_config="chaostheatre" -target_hostname="chaostheatre" +target_config="hotel" +target_hostname="hotel" target_user="swarsel" persist_dir="" target_disk="/dev/vda" @@ -15,7 +15,7 @@ function help_and_exit() { echo echo "ARGS:" echo " -n specify the nixos config to deploy." - echo " Default: chaostheatre" + echo " Default: hotel" echo " -d specify disk to install on." echo " Default: /dev/vda" echo " -u specify user to deploy for." @@ -152,7 +152,7 @@ if [ "$disk_encryption" -eq 1 ]; then fi green "Setting up disk ..." -if [[ $target_config == "chaostheatre" ]]; then +if [[ $target_config == "hotel" ]]; then sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk" else sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks diff --git a/files/scripts/swarsel-postinstall.sh b/files/scripts/swarsel-postinstall.sh index 1e98e65..448d3d8 100644 --- a/files/scripts/swarsel-postinstall.sh +++ b/files/scripts/swarsel-postinstall.sh @@ -1,6 +1,6 @@ set -eo pipefail -target_config="chaostheatre" +target_config="hotel" target_user="swarsel" function help_and_exit() { @@ -12,8 +12,8 @@ function help_and_exit() { echo "ARGS:" echo " -d specify disk to install on." echo " -n specify the nixos config to deploy." - echo " Default: chaostheatre" - echo " Default: chaostheatre" + echo " Default: hotel" + echo " Default: hotel" echo " -u specify user to deploy for." echo " Default: swarsel" echo " -h | --help Print this help." diff --git a/files/scripts/swarsel-rebuild.sh b/files/scripts/swarsel-rebuild.sh index 7cfac1f..106ac84 100644 --- a/files/scripts/swarsel-rebuild.sh +++ b/files/scripts/swarsel-rebuild.sh @@ -1,6 +1,6 @@ set -eo pipefail -target_config="chaostheatre" +target_config="hotel" target_user="swarsel" function help_and_exit() { @@ -11,7 +11,7 @@ function help_and_exit() { echo echo "ARGS:" echo " -n specify nixos config to build." - echo " Default: chaostheatre" + echo " Default: hotel" echo " -u specify user to deploy for." echo " Default: swarsel" echo " -h | --help Print this help." diff --git a/hosts/nixos/chaostheatre/default.nix b/hosts/nixos/hotel/default.nix similarity index 94% rename from hosts/nixos/chaostheatre/default.nix rename to hosts/nixos/hotel/default.nix index d202a67..b499f10 100644 --- a/hosts/nixos/chaostheatre/default.nix +++ b/hosts/nixos/hotel/default.nix @@ -25,7 +25,7 @@ in }; networking = { - hostName = "chaostheatre"; + hostName = "hotel"; firewall.enable = true; }; @@ -47,7 +47,7 @@ in } // lib.optionalAttrs (!minimal) { swarselprofiles = { - chaostheatre = true; + hotel = true; minimal = true; }; } diff --git a/hosts/nixos/chaostheatre/disk-config.nix b/hosts/nixos/hotel/disk-config.nix similarity index 100% rename from hosts/nixos/chaostheatre/disk-config.nix rename to hosts/nixos/hotel/disk-config.nix diff --git a/hosts/nixos/chaostheatre/hardware-configuration.nix b/hosts/nixos/hotel/hardware-configuration.nix similarity index 100% rename from hosts/nixos/chaostheatre/hardware-configuration.nix rename to hosts/nixos/hotel/hardware-configuration.nix diff --git a/hosts/nixos/chaostheatre/options-home.nix b/hosts/nixos/hotel/options-home.nix similarity index 100% rename from hosts/nixos/chaostheatre/options-home.nix rename to hosts/nixos/hotel/options-home.nix diff --git a/hosts/nixos/chaostheatre/options.nix b/hosts/nixos/hotel/options.nix similarity index 100% rename from hosts/nixos/chaostheatre/options.nix rename to hosts/nixos/hotel/options.nix diff --git a/install/installer-config.nix b/install/installer-config.nix index 91e0034..3ee5c91 100644 --- a/install/installer-config.nix +++ b/install/installer-config.nix @@ -10,7 +10,7 @@ in file = { ".bash_history" = { text = '' - swarsel-install -n chaostheatre + swarsel-install -n hotel ''; }; }; @@ -27,7 +27,7 @@ in file = { ".bash_history" = { text = '' - swarsel-install -n chaostheatre + swarsel-install -n hotel ''; }; }; diff --git a/nix/topology.nix b/nix/topology.nix index 9b69f5b..372616c 100644 --- a/nix/topology.nix +++ b/nix/topology.nix @@ -37,11 +37,11 @@ (mkConnection "milkywell" "wan") (mkConnection "magicant" "wifi") (mkConnection "toto" "bootstrapper") - (mkConnection "chaostheatre" "demo host") + (mkConnection "hotel" "demo host") ]; }; - chaostheatre.interfaces."demo host" = { }; + hotel.interfaces."demo host" = { }; toto.interfaces."bootstrapper" = { }; milkywell.interfaces.wan = { }; moonside.interfaces.wan = { }; diff --git a/profiles/home/hotel/default.nix b/profiles/home/hotel/default.nix new file mode 100644 index 0000000..e6d7105 --- /dev/null +++ b/profiles/home/hotel/default.nix @@ -0,0 +1,44 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; + config = lib.mkIf config.swarselprofiles.hotel { + swarselmodules = { + packages = lib.mkForce true; + ownpackages = lib.mkForce true; + general = lib.mkForce true; + nixgl = lib.mkForce true; + sops = lib.mkForce true; + yubikey = lib.mkForce false; + ssh = lib.mkForce true; + stylix = lib.mkForce true; + desktop = lib.mkForce true; + symlink = lib.mkForce true; + env = lib.mkForce false; + programs = lib.mkForce true; + nix-index = lib.mkForce true; + direnv = lib.mkForce true; + eza = lib.mkForce true; + git = lib.mkForce false; + fuzzel = lib.mkForce true; + starship = lib.mkForce true; + kitty = lib.mkForce true; + zsh = lib.mkForce true; + zellij = lib.mkForce true; + tmux = lib.mkForce true; + mail = lib.mkForce false; + emacs = lib.mkForce true; + waybar = lib.mkForce true; + firefox = lib.mkForce true; + gnome-keyring = lib.mkForce true; + kdeconnect = lib.mkForce true; + mako = lib.mkForce true; + swayosd = lib.mkForce true; + yubikeytouch = lib.mkForce true; + sway = lib.mkForce true; + kanshi = lib.mkForce true; + gpgagent = lib.mkForce true; + gammastep = lib.mkForce false; + }; + }; + +} diff --git a/profiles/nixos/hotel/default.nix b/profiles/nixos/hotel/default.nix new file mode 100644 index 0000000..7ff8794 --- /dev/null +++ b/profiles/nixos/hotel/default.nix @@ -0,0 +1,50 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; + config = lib.mkIf config.swarselprofiles.hotel { + swarselmodules = { + packages = lib.mkForce true; + general = lib.mkForce true; + home-manager = lib.mkForce true; + xserver = lib.mkForce true; + users = lib.mkForce true; + sops = lib.mkForce true; + env = lib.mkForce true; + security = lib.mkForce true; + systemdTimeout = lib.mkForce true; + hardware = lib.mkForce true; + pulseaudio = lib.mkForce true; + pipewire = lib.mkForce true; + network = lib.mkForce true; + time = lib.mkForce true; + stylix = lib.mkForce true; + programs = lib.mkForce true; + zsh = lib.mkForce true; + syncthing = lib.mkForce true; + blueman = lib.mkForce true; + networkDevices = lib.mkForce true; + gvfs = lib.mkForce true; + interceptionTools = lib.mkForce true; + swayosd = lib.mkForce true; + ppd = lib.mkForce true; + yubikey = lib.mkForce false; + ledger = lib.mkForce true; + keyboards = lib.mkForce true; + login = lib.mkForce true; + nix-ld = lib.mkForce true; + impermanence = lib.mkForce true; + nvd = lib.mkForce true; + gnome-keyring = lib.mkForce true; + sway = lib.mkForce true; + xdg-portal = lib.mkForce true; + distrobox = lib.mkForce true; + appimage = lib.mkForce true; + lid = lib.mkForce true; + lowBattery = lib.mkForce true; + lanzaboote = lib.mkForce true; + autologin = lib.mkForce true; + }; + + }; + +} From 7ef0ebf5e7f90a94819e6429e2482b325c65e14d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 8 Nov 2025 03:38:04 +0100 Subject: [PATCH 02/23] feat[server]: add garage --- hosts/nixos/winters/default.nix | 9 +++ modules/nixos/server/garage.nix | 101 ++++++++++++++++++++++++++++++++ secrets/winters/secrets2.yaml | 9 ++- 3 files changed, 116 insertions(+), 3 deletions(-) create mode 100644 modules/nixos/server/garage.nix diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix index 98d3bc5..cbe391e 100644 --- a/hosts/nixos/winters/default.nix +++ b/hosts/nixos/winters/default.nix @@ -29,6 +29,14 @@ isBtrfs = false; isLinux = true; isNixos = true; + server.garage = { + data_dir = [ + { + capacity = "200G"; + path = "/Vault/data/garage/main"; + } + ]; + }; }; } // lib.optionalAttrs (!minimal) { @@ -67,6 +75,7 @@ # snipeit = lib.mkDefault false; homebox = lib.mkDefault true; opkssh = lib.mkDefault true; + garage = lib.mkDefault false; }; } diff --git a/modules/nixos/server/garage.nix b/modules/nixos/server/garage.nix new file mode 100644 index 0000000..5ac3673 --- /dev/null +++ b/modules/nixos/server/garage.nix @@ -0,0 +1,101 @@ +{ self, lib, pkgs, config, configName, globals, ... }: +let + sopsFile = self + /secrets/${configName}/secrets2.yaml; + + serviceName = "garage"; + servicePort = 3900; + serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}"; + serviceAddress = globals.hosts.${configName}.ipv4; + + cfg = config.services.${serviceName}; + metadata_dir = "/var/lib/garage/meta"; +in +{ + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselsystems.server.${serviceName} = { + data_dir = lib.mkOption { + type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs); + default = "/var/lib/garage/data"; + }; + }; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + sops = { + secrets.garage-admin-token = { inherit sopsFile; }; + secrets.garage-rpc-secret = { inherit sopsFile; }; + }; + + environment = { + persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { directory = metadata_dir; } + ]; + systemPackages = [ + cfg.package + ]; + }; + + systemd.services.${serviceName}.serviceConfig = { + DynamicUser = false; + ProtectHome = lib.mkForce false; + }; + + services.${serviceName} = { + enable = true; + package = pkgs.garage_2; + settings = { + inherit (config.swarselsystems.${serviceName}) data_dir; + inherit metadata_dir; + db_engine = "lmdb"; + block_size = "1MiB"; + use_local_tz = false; + + replication_factor = 2; # Number of copies of data + + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317"; + rpc_secret_file = config.sops.secrets.garage-rpc-secret.path; + + s3_api = { + s3_region = "swarsel"; + api_bind_addr = "0.0.0.0:${builtins.toString servicePort}"; + root_domain = ".s3.garage.localhost"; + }; + + admin = { + api_bind_addr = "0.0.0.0:3903"; + admin_token_file = config.sops.secrets.garage-admin-token.path; + }; + + k2v_api = { + api_bind_addr = "[::]:3904"; + }; + }; + }; + + nodes.moonside.services.nginx = { + upstreams = { + ${serviceName} = { + servers = { + "${serviceAddress}:${builtins.toString servicePort}" = { }; + }; + }; + }; + virtualHosts = { + "${serviceDomain}" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + oauth2.enable = false; + locations = { + "/" = { + proxyPass = "http://${serviceName}"; + }; + }; + }; + }; + }; + + }; +} diff --git a/secrets/winters/secrets2.yaml b/secrets/winters/secrets2.yaml index 18deb9d..00ea63e 100644 --- a/secrets/winters/secrets2.yaml +++ b/secrets/winters/secrets2.yaml @@ -4,6 +4,9 @@ radicale-user: ENC[AES256_GCM,data:2G+WXxw6jrnPXsI=,iv:bUEhBDrdTt+O/4TXMkhmqnzfk prometheus-admin-hash: ENC[AES256_GCM,data:dUmTW6W419TzF8dLGcgRLlbLBg9puzgznNCrrAuNOIuhXCBrqaJdtyIVFCsnrDSEh1ZdMfGki4UERZcf,iv:XIlb65V6yhrKSU7AbRs6k1ISljZjWnAm1dPTCONwDJI=,tag:UkdDTywivitSxYR902uM5A==,type:str] snipe-it-appkey: ENC[AES256_GCM,data:VWEGKbCD5P3uxeyMVtK9a7BcVjXlXSEsJxfLEwkHz8l5o0Xq9lTbTpsfOoc=,iv:3nq+xuuujjevWdmk3SdBai/EWXwL4F3Kv4M3yc/faIM=,tag:/cNC/EKR1NWQhJrh46meCw==,type:str] snipe-it-db-password: ENC[AES256_GCM,data:O+LgX+XyJEaF+1oYcjyMpUab7AD7tWK3LBd+7VJOKq/Mz+k=,iv:yJgwlG/ln5BdwW2c62UJLIkrCWakKvj64LMQsjTIwJI=,tag:yw0rC1GJo+KMn1wXRdJomA==,type:str] +#ENC[AES256_GCM,data:jGvWDKbVKA==,iv:N4cMopsUPOfymKpMD7oB04VtS0cUX9yNNqwyWEdyMi4=,tag:L4PMmMcM1NCc8LPG6GJLMQ==,type:comment] +garage-admin-token: ENC[AES256_GCM,data:2N2kqXt7kraqMQEkDuNQN3SRiL2WKRA959Uc7HAdSlZcC2Ft06YUb+Elktw=,iv:dhAZoQBhvK07+wBpMEsI73YN2oX9dMthV3SaDWZgea4=,tag:0Pu0BDEYU9WYQQ1hJr8qFQ==,type:str] +garage-rpc-secret: ENC[AES256_GCM,data:s8qGCm8WM/pvX7wZJyenohMAHnNWrumUxyJvst194h2XPfpLBbKVZwZ5t4zkwqh0yJNgLqE+2ekwCxa/xKqemQ==,iv:zUo/x2LWS7b2E2kZHDfa6lAwxAcuNir5a+mg+ASDarE=,tag:XgBh3ajVDy0vWccX8yZXSg==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -15,8 +18,8 @@ sops: ZWxwbGs1bTNzdXVNSzhpNWVESGJlUzQKzZr3cYBF6s5ihgW/6CreOKWvQpqITrFX pW6gwbRbxaxDPRRdfn8qswcezxq5AwOk9drbOH+qgcwL2owRGxEhcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-24T13:27:33Z" - mac: ENC[AES256_GCM,data:1Eqt/uwVuGlihw04FMxrRDDSHMkEqeueEz3yFFpFcKCnOa2VAE2dlTr3a72NPHgLHGnKZvEwJBDq7kwxvB9vtE4360AdfCMd7tpoLCzO9W475nSsYk2En1uQIuZDwuPEg0DHF8+qeBfPerky2mLE7vM/zLdlJQGVRI/0+scLPVo=,iv:8A72UAeUdIZOZtwj5NK+SulnCqAUhe0CsLXLUubmGs4=,tag:sg5vntLuvL9Jx2J33soE9Q==,type:str] + lastmodified: "2025-11-05T14:55:44Z" + mac: ENC[AES256_GCM,data:nyz3jp/qV8bwgx0q6c7RmXtzdmwVrt8C6FU36qtzUm8tPlAd1K7MmgxRKFi85NqOu3XPII2OkwhNPRBOJuQOoXGfo27odfZl4riQ+any4GNarDZ5deZ54+kjgqyvP70dsm/tiZgZ8Fjwat4iLV+mqJYMS4OBl5krr5ocU+LY1pU=,iv:l56tIBgMog4HSxP9Fb4pWSD/z5FaPlHRkUYqlkhydzc=,tag:IT++kT0EncDzEEX4DdjW3g==,type:str] pgp: - created_at: "2025-06-28T23:22:37Z" enc: |- @@ -50,4 +53,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 From 0caef3e5879e1e95482fb85a678fc9c18c5edc83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 8 Nov 2025 03:45:54 +0100 Subject: [PATCH 03/23] feat: use nixos-extra-modules --- .sops.yaml | 81 +- SwarselSystems.org | 863 +++- flake.lock | 3722 ++++++++++------- flake.nix | 4 + hosts/home/treehouse/default.nix | 8 +- hosts/nixos/summers/default.nix | 108 + hosts/nixos/summers/disk-config.nix | 118 + hosts/nixos/summers/guests/guest1/default.nix | 25 + .../nixos/summers/hardware-configuration.nix | 28 + .../nixos/summers/secrets/guest1/pii.nix.enc | 15 + hosts/nixos/summers/secrets/pii.nix.enc | 26 + modules/home/common/settings.nix | 14 +- modules/nixos/common/home-manager.nix | 8 +- modules/nixos/optional/microvm-guest.nix | 55 +- modules/nixos/optional/microvm-host.nix | 7 +- nix/hosts.nix | 60 +- nix/lib.nix | 3 + nix/overlays.nix | 27 +- nix/packages.nix | 27 +- 19 files changed, 3397 insertions(+), 1802 deletions(-) create mode 100644 hosts/nixos/summers/default.nix create mode 100644 hosts/nixos/summers/disk-config.nix create mode 100644 hosts/nixos/summers/guests/guest1/default.nix create mode 100644 hosts/nixos/summers/hardware-configuration.nix create mode 100644 hosts/nixos/summers/secrets/guest1/pii.nix.enc create mode 100644 hosts/nixos/summers/secrets/pii.nix.enc diff --git a/.sops.yaml b/.sops.yaml index a6adc63..2626089 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -49,48 +49,58 @@ creation_rules: - *surface - *winters - *moonside - - path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *swarsel - age: - - *nbl - - path_regex: secrets/moonside/secrets.yaml - key_groups: - - pgp: - - *swarsel - age: - - *moonside - - path_regex: secrets/bakery/secrets.yaml - key_groups: - - pgp: - - *swarsel - age: - - *bakery - - path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *swarsel - age: - - *winters - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - *nbl - - path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$ + + - path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: - *swarsel age: - - *milkywell + - *nbl - path_regex: hosts/nixos/pyramid/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - *nbl + + - path_regex: secrets/moonside/secrets.yaml + key_groups: + - pgp: + - *swarsel + age: + - *moonside + - path_regex: hosts/nixos/moonside/secrets/pii.nix.enc + key_groups: + - pgp: + - *swarsel + age: + - *moonside + + - path_regex: secrets/bakery/secrets.yaml + key_groups: + - pgp: + - *swarsel + age: + - *bakery + - path_regex: hosts/nixos/bakery/secrets/pii.nix.enc + key_groups: + - pgp: + - *swarsel + age: + - *bakery + + - path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *swarsel + age: + - *winters - path_regex: hosts/nixos/winters/secrets/pii.nix.enc key_groups: - pgp: @@ -98,24 +108,25 @@ creation_rules: age: - *winters - *moonside + + - path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *swarsel + age: + - *milkywell - path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - *milkywell - - path_regex: hosts/nixos/bakery/secrets/pii.nix.enc + + - path_regex: hosts/nixos/summers/secrets/ key_groups: - pgp: - *swarsel - age: - - *bakery - - path_regex: hosts/nixos/moonside/secrets/pii.nix.enc - key_groups: - - pgp: - - *swarsel - age: - - *moonside + - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc key_groups: - pgp: diff --git a/SwarselSystems.org b/SwarselSystems.org index 38778b4..d5ad46a 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -233,16 +233,21 @@ Here I give a brief overview over the hostmachines that I am using. This is held | Name | Hardware | Use | |--------------------|-----------------------------------------------------|------------------------------------------------------| |πŸ’» **pyramid** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | - |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal lapto | - |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS sandbox | - |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae | - |πŸ–₯️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | - |πŸ–₯️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | + |πŸ’» **bakery** | Lenovo Ideapad 720S-13IKB | Personal laptop | + |πŸ’» **machpizza** | MacBook Pro 2016 | MacOS reference and build sandbox | + |🏠 **treehouse** | NVIDIA DGX Spark | Workstation, AI playground and home-manager reference| + |πŸ–₯️ **winters** | ASRock J4105-ITX, 32GB RAM | Secondary homeserver and data storgae | + |πŸ–₯️ **summers** | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM | Main homeserver running microvms, data storage | + |πŸ–₯️ **hintbooth** | HUNSN RM02, 8GB RAM | Router | + |☁️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |☁️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | + |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache | + |☁️ **monkeycave** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server | + |☁️ **eagleland** | Hetzner Cloud: CX23 | Mail server | |πŸ“± **magicant** | Samsung Galaxy Z Flip 6 | Phone | |πŸ’Ώ **drugstore** | - | ISO installer configuration | |❔ **chaotheatre** | - | Demo config for checking out my configurtion | |❔ **toto** | - | Helper configuration for bootstrapping a new system | - |🏠 **treehouse** | - | Reference configuration for a home-manager only host | #+end_src ** Programs @@ -510,6 +515,10 @@ A short overview over each input and what it does: url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-extra-modules = { + url = "github:oddlama/nixos-extra-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -559,7 +568,7 @@ This file is used by [[https://github.com/shlevy/nix-plugins][nix-plugins]]. nix - [[https://github.com/AGWA/git-crypt][git-crypt]] - a separate repo containing my secrets - As for the second approach, I actually used this up to some point (see for example =7e11641: feat: add initial oauth2-proxy and freshrss oidc= as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration ([[#h:e1498bef-ec67-483d-bf02-76264e30be8e][ChaosTheatre (Demo Physical/VM)]]) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by [[https://oddlama.org/blog/evaluation-time-secrets-in-nix/][this blog article]] and large parts of it are adapted from [[https://github.com/oddlama/nix-config][oddlama's nix-config]]. + As for the second approach, I actually used this up to some point (see for example =7e11641: feat: add initial oauth2-proxy and freshrss oidc= as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration ([[#h:e1498bef-ec67-483d-bf02-76264e30be8e][Hotel (Demo Physical/VM)]]) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by [[https://oddlama.org/blog/evaluation-time-secrets-in-nix/][this blog article]] and large parts of it are adapted from [[https://github.com/oddlama/nix-config][oddlama's nix-config]]. The builtin that is added is a simple call to the =exec= function that calls a bash script. In order to keep some sanity, we are checking that we are actually calling it no an encryted nix file (even though there is no syntax check inside) and that the path given is a true nix path. Note that a string path will not be accepted, as that can have impurity implications. @@ -731,6 +740,9 @@ Concerning the =flake = _:= part: inherit (inputs.home-manager.lib) hm; inherit swarselsystems; }); + + swarselsystemsLib = swarselsystems; + homeLib = self.outputs.lib; }; } #+end_src @@ -746,8 +758,20 @@ Other nix users can make use of these packages either by installing them directl More information on the actual packages build can be found in [[#h:64a5cc16-6b16-4802-b421-c67ccef853e1][Packages]]. #+begin_src nix-ts :tangle nix/packages.nix -{ self, ... }: +{ self, inputs, ... }: { + imports = [ + ( + { lib, flake-parts-lib, ... }: + flake-parts-lib.mkTransposedPerSystemModule { + name = "pkgs"; + file = ./packages.nix; + option = lib.mkOption { + type = lib.types.unspecified; + }; + } + ) + ]; flake = _: let inherit (self.outputs) lib; @@ -755,6 +779,19 @@ More information on the actual packages build can be found in [[#h:64a5cc16-6b16 { packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); }; + + perSystem = { pkgs, system, ... }: + { + # see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ + self.overlays.default + ]; + }; + inherit pkgs; + }; } #+end_src ** Globals @@ -866,12 +903,29 @@ The rest of the outputs either define or help define the actual configurations: flake = { config, ... }: let inherit (self) outputs; - inherit (outputs) lib; + inherit (outputs) lib homeLib; # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); mkNixosHost = { minimal }: configName: - lib.nixosSystem { - specialArgs = { inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; + let + sys = "x86_64-linux"; + # lib = config.pkgsPre.${sys}.lib // { + # inherit (inputs.home-manager.lib) hm; + # swarselsystems = self.outputs.swarselsystemsLib; + # }; + + # lib = config.pkgsPre.${sys}.lib // { + # inherit (inputs.home-manager.lib) hm; + # swarselsystems = self.outputs.swarselsystemsLib; + # }; + inherit (config.pkgs.${sys}) lib; + in + inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs self minimal configName; + inherit lib homeLib; + inherit (config) globals nodes; + }; modules = [ inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops @@ -886,6 +940,7 @@ The rest of the outputs either define or help define the actual configurations: inputs.niri-flake.nixosModules.niri inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm + (inputs.nixos-extra-modules + "/modules/guests") "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" @@ -894,7 +949,7 @@ The rest of the outputs either define or help define the actual configurations: microvm.guest.enable = lib.mkDefault false; node = { - name = configName; + name = lib.mkForce configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; @@ -916,7 +971,7 @@ The rest of the outputs either define or help define the actual configurations: mkDarwinHost = { minimal }: configName: inputs.nix-darwin.lib.darwinSystem { specialArgs = { - inherit inputs outputs lib self minimal configName; + inherit inputs lib outputs self minimal configName; inherit (config) globals nodes; }; modules = [ @@ -933,7 +988,7 @@ The rest of the outputs either define or help define the actual configurations: "${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/globals.nix" { - node.name = configName; + node.name = lib.mkForce configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; } @@ -949,7 +1004,7 @@ The rest of the outputs either define or help define the actual configurations: { inherit pkgs; extraSpecialArgs = { - inherit inputs outputs lib self configName; + inherit inputs lib outputs self configName; inherit (config) globals nodes; minimal = false; }; @@ -984,14 +1039,32 @@ The rest of the outputs either define or help define the actual configurations: minimal = true; }); - # TODO: Build these for all architectures - homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux // mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.aarch64-linux; - nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; + homeConfigurations = + let + inherit (lib.swarselsystems) pkgsFor readHosts; + in + mkHalfHostConfigs (readHosts "home") "home" pkgsFor.x86_64-linux + // mkHalfHostConfigs (readHosts "home") "home" pkgsFor.aarch64-linux; + + nixOnDroidConfigurations = + let + inherit (lib.swarselsystems) pkgsFor readHosts; + in + mkHalfHostConfigs (readHosts "android") "android" pkgsFor.aarch64-linux; + + guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations ( + _: node: + lib.flip lib.mapAttrs' (node.config.microvm.vms or { }) ( + guestName: guestDef: + lib.nameValuePair guestDef.nodeName node.config.microvm.vms.${guestName}.config + ) + ); diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; - nodes = config.nixosConfigurations // config.darwinConfigurations; - + nodes = config.nixosConfigurations + // config.darwinConfigurations + // config.guestConfigurations; }; } #+end_src @@ -1046,11 +1119,11 @@ Another note concerning [[https://flake.parts/][flake-parts]]: (mkConnection "milkywell" "wan") (mkConnection "magicant" "wifi") (mkConnection "toto" "bootstrapper") - (mkConnection "chaostheatre" "demo host") + (mkConnection "hotel" "demo host") ]; }; - chaostheatre.interfaces."demo host" = { }; + hotel.interfaces."demo host" = { }; toto.interfaces."bootstrapper" = { }; milkywell.interfaces.wan = { }; moonside.interfaces.wan = { }; @@ -1549,6 +1622,11 @@ On the structure of overlays: as you notice, all of the attributes within overla # withSystemVencord = true; # }; + lib = prev.lib // { + swarselsystems = self.outputs.swarselsystemsLib; + hm = self.outputs.homeLib; + }; + firefox = prev.firefox.override { nativeMessagingHosts = [ prev.tridactyl-native @@ -1599,15 +1677,19 @@ On the structure of overlays: as you notice, all of the attributes within overla (builtins.attrNames nixpkgsInputs)); in - (additions final prev) - // (modifications final prev) - // (nixpkgs-stable-versions final prev) - // (inputs.niri-flake.overlays.niri final prev) - // (inputs.vbc-nix.overlays.default final prev) - // (inputs.nur.overlays.default final prev) - // (inputs.emacs-overlay.overlay final prev) - // (inputs.nix-topology.overlays.default final prev) - // (inputs.nixgl.overlay final prev); + lib.recursiveUpdate + ( + (additions final prev) + // (nixpkgs-stable-versions final prev) + // (inputs.niri-flake.overlays.niri final prev) + // (inputs.vbc-nix.overlays.default final prev) + // (inputs.nur.overlays.default final prev) + // (inputs.emacs-overlay.overlay final prev) + // (inputs.nix-topology.overlays.default final prev) + // (inputs.nixgl.overlay final prev) + // (inputs.nixos-extra-modules.overlays.default final prev) + ) + (modifications final prev); }; }; } @@ -2392,7 +2474,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se } #+end_src -**** Winters (Server) +**** Winters (Server: ASRock J4105-ITX) :PROPERTIES: :CUSTOM_ID: h:932ef6b0-4c14-4200-8e3f-2e208e748746 :END: @@ -2435,6 +2517,14 @@ This is my main server that I run at home. It handles most tasks that require bi isBtrfs = false; isLinux = true; isNixos = true; + server.garage = { + data_dir = [ + { + capacity = "200G"; + path = "/Vault/data/garage/main"; + } + ]; + }; }; } // lib.optionalAttrs (!minimal) { @@ -2473,6 +2563,7 @@ This is my main server that I run at home. It handles most tasks that require bi # snipeit = lib.mkDefault false; homebox = lib.mkDefault true; opkssh = lib.mkDefault true; + garage = lib.mkDefault false; }; } @@ -2530,6 +2621,305 @@ This is my main server that I run at home. It handles most tasks that require bi hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } #+end_src +**** Summers (Server: ASUS Z10PA-D8) + +***** Main Configuration +#+begin_src nix-ts :tangle hosts/nixos/summers/default.nix + { inputs, lib, config, configName, minimal, nodes, globals, ... }: + { + + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + + # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + + networking = { + inherit (config.repo.secrets.local) hostId; + hostName = configName; + firewall.enable = true; + enableIPv6 = true; + }; + + swarselsystems = { + info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; + flakePath = "/root/.dotfiles"; + isImpermanence = true; + isSecureBoot = true; + isCrypted = true; + isBtrfs = true; + isLinux = true; + isNixos = true; + withMicroVMs = false; + }; + + } // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = true; + }; + + swarselmodules = { + optional = { + microvmHost = true; + }; + server = { + nfs = false; + nginx = false; + kavita = false; + restic = false; + jellyfin = false; + navidrome = false; + spotifyd = false; + mpd = false; + postgresql = false; + matrix = false; + nextcloud = false; + immich = false; + paperless = false; + transmission = false; + syncthing = false; + grafana = false; + emacs = false; + freshrss = false; + jenkins = false; + kanidm = false; + firefly-iii = false; + koillection = false; + radicale = false; + atuin = false; + forgejo = false; + ankisync = false; + homebox = false; + opkssh = false; + garage = false; + }; + }; + + microvm.vms = + let + mkMicrovm = guestName: { + ${guestName} = { + backend = "microvm"; + autostart = true; + modules = [ + ./guests/${guestName}.nix + { + node.secretsDir = ./secrets/${guestName}; + } + ]; + microvm = { + system = "x86_64-linux"; + # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; + # interfaces.vlan-services = { }; + }; + specialArgs = { + inherit (config) nodes globals; + inherit lib; + inherit inputs minimal; + }; + }; + }; + in + lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) ( + { } + // mkMicrovm "guest1" + ); + + } + +#+end_src + +***** hardware-configuration +#+begin_src nix-ts :tangle hosts/nixos/summers/hardware-configuration.nix + { config, lib, modulesPath, ... }: + + { + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + zfs.extraPools = [ "Vault" ]; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + } +#+end_src +***** disko + +#+begin_src nix-ts :tangle hosts/nixos/summers/disk-config.nix + { lib, config, ... }: + let + type = "btrfs"; + extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; + }; + "/home" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/home"; + mountOptions = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; + }; + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + }; + "/log" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/var/log"; + mountOptions = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + "/swap" = lib.mkIf config.swarselsystems.isSwap { + mountpoint = "/.swapvol"; + swap.swapfile.size = config.swarselsystems.swapSize; + }; + }; + in + { + disko.devices = { + disk = { + disk0 = { + type = "disk"; + device = config.swarselsystems.rootDisk; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + root = lib.mkIf (!config.swarselsystems.isCrypted) { + size = "100%"; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + luks = lib.mkIf config.swarselsystems.isCrypted { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh + settings = { + allowDiscards = true; + # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + } +#+end_src +***** Guests +****** Guest 1 +#+begin_src nix-ts :tangle hosts/nixos/summers/guests/guest1/default.nix + { lib, minimal, ... }: + { + + swarselsystems = { + info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; + }; + + } // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = false; + }; + + swarselmodules = { + optional = { + microvmGuest = false; + }; + }; + + microvm = { + mem = 1024 * 4; + vcpu = 2; + }; + + } + +#+end_src + **** machpizza (MacBook Pro) :PROPERTIES: :CUSTOM_ID: h:28e1a7eb-356b-4015-83f7-9c552c8c0e9d @@ -2623,7 +3013,7 @@ My phone. I use only a minimal config for remote debugging here. **** Treehouse (DGX Spark) #+begin_src nix-ts :tangle hosts/home/treehouse/default.nix - { self, outputs, ... }: + { self, ... }: { imports = [ @@ -2633,12 +3023,6 @@ My phone. I use only a minimal config for remote debugging here. "${self}/modules/nixos/common/meta.nix" ]; - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; services.xcape = { enable = true; @@ -3427,7 +3811,7 @@ TODO: cleanup this mess file = { ".bash_history" = { text = '' - swarsel-install -n chaostheatre + swarsel-install -n hotel ''; }; }; @@ -3444,7 +3828,7 @@ TODO: cleanup this mess file = { ".bash_history" = { text = '' - swarsel-install -n chaostheatre + swarsel-install -n hotel ''; }; }; @@ -3586,7 +3970,7 @@ TODO: cleanup this mess #+end_src -**** ChaosTheatre (Demo Physical/VM) +**** Hotel (Demo Physical/VM) :PROPERTIES: :CUSTOM_ID: h:e1498bef-ec67-483d-bf02-76264e30be8e :END: @@ -3599,7 +3983,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:9f1f3439-b0af-4dcd-a96f-b6aa7b6cd2ab :END: -#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/default.nix +#+begin_src nix-ts :tangle hosts/nixos/hotel/default.nix { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; @@ -3627,7 +4011,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru }; networking = { - hostName = "chaostheatre"; + hostName = "hotel"; firewall.enable = true; }; @@ -3649,7 +4033,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru } // lib.optionalAttrs (!minimal) { swarselprofiles = { - chaostheatre = true; + hotel = true; minimal = true; }; } @@ -3662,7 +4046,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:849e4233-ba40-4fec-acfe-0d76e1e4371b :END: -#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/hotel/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , pkgs @@ -3798,7 +4182,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:6f9c1a3b-452e-4944-86e8-cb17603cc3f9 :END: -#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/options.nix +#+begin_src nix-ts :tangle hosts/nixos/hotel/options.nix _: { } @@ -3809,7 +4193,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:88ccb198-74b9-4269-8e22-af1277f44667 :END: -#+begin_src nix-ts :tangle hosts/nixos/chaostheatre/options-home.nix +#+begin_src nix-ts :tangle hosts/nixos/hotel/options-home.nix _: { } @@ -4265,7 +4649,7 @@ A breakdown of the flags being set: We enable the use of =home-manager= as a NixoS module. A nice trick here is the =extraSpecialArgs = inputs= line, which enables the use of =seflf= in most parts of the configuration. This is useful to refer to the root of the flake (which is otherwise quite hard while maintaining flake purity). #+begin_src nix-ts :tangle modules/nixos/common/home-manager.nix - { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: + { self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }: { options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; config = lib.mkIf config.swarselmodules.home-manager { @@ -4296,7 +4680,11 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the home.stateVersion = lib.mkDefault config.system.stateVersion; } ]; - extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; + extraSpecialArgs = { + inherit (inputs) self nixgl; + inherit inputs outputs globals nodes minimal configName; + lib = homeLib; + }; }; }; } @@ -10417,6 +10805,114 @@ Deployment notes: } #+end_src +**** Garage + +Generate the admin token using =openssl rand -base64 32=. +Generate the rpc token using =openssl rand -hex 32=. + +#+begin_src nix-ts :tangle modules/nixos/server/garage.nix + { self, lib, pkgs, config, configName, globals, ... }: + let + sopsFile = self + /secrets/${configName}/secrets2.yaml; + + serviceName = "garage"; + servicePort = 3900; + serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}"; + serviceAddress = globals.hosts.${configName}.ipv4; + + cfg = config.services.${serviceName}; + metadata_dir = "/var/lib/garage/meta"; + in + { + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + swarselsystems.server.${serviceName} = { + data_dir = lib.mkOption { + type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs); + default = "/var/lib/garage/data"; + }; + }; + }; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + sops = { + secrets.garage-admin-token = { inherit sopsFile; }; + secrets.garage-rpc-secret = { inherit sopsFile; }; + }; + + environment = { + persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ + { directory = metadata_dir; } + ]; + systemPackages = [ + cfg.package + ]; + }; + + systemd.services.${serviceName}.serviceConfig = { + DynamicUser = false; + ProtectHome = lib.mkForce false; + }; + + services.${serviceName} = { + enable = true; + package = pkgs.garage_2; + settings = { + inherit (config.swarselsystems.${serviceName}) data_dir; + inherit metadata_dir; + db_engine = "lmdb"; + block_size = "1MiB"; + use_local_tz = false; + + replication_factor = 2; # Number of copies of data + + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317"; + rpc_secret_file = config.sops.secrets.garage-rpc-secret.path; + + s3_api = { + s3_region = "swarsel"; + api_bind_addr = "0.0.0.0:${builtins.toString servicePort}"; + root_domain = ".s3.garage.localhost"; + }; + + admin = { + api_bind_addr = "0.0.0.0:3903"; + admin_token_file = config.sops.secrets.garage-admin-token.path; + }; + + k2v_api = { + api_bind_addr = "[::]:3904"; + }; + }; + }; + + nodes.moonside.services.nginx = { + upstreams = { + ${serviceName} = { + servers = { + "${serviceAddress}:${builtins.toString servicePort}" = { }; + }; + }; + }; + virtualHosts = { + "${serviceDomain}" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + oauth2.enable = false; + locations = { + "/" = { + proxyPass = "http://${serviceName}"; + }; + }; + }; + }; + }; + + }; + } +#+end_src *** Darwin :PROPERTIES: :CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47 @@ -11021,18 +11517,19 @@ Some standard options that should be set for every microvm host. #+begin_src nix-ts :tangle modules/nixos/optional/microvm-host.nix { lib, config, ... }: { - options.swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; - # imports = [ - # inputs.microvm.nixosModules.host - # ]; + options = { + swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; + }; + # imports = [ + # inputs.microvm.nixosModules.host + # ]; - config = lib.mkIf (config.swarselmodules.optional.microvmHost && config.swarselsystems.withMicroVMs) { + config = lib.mkIf (config.guests != {}) { microvm = { hypervisor = lib.mkDefault "qemu"; }; }; - } #+end_src @@ -11051,58 +11548,6 @@ Some standard options that should be set vor every microvm guest. We set the def # ]; config = lib.mkIf config.swarselmodules.optional.microvmGuest { - # imports = [ - # inputs.microvm.nixosModules.microvm - - # "${self}/profiles/nixos" - # "${self}/modules/nixos" - # ]; - - boot.kernelParams = [ "systemd.hostname=${config.networking.hostName}" ]; - - node.name = config; - documentation.enable = lib.mkForce false; - - microvm = { - guest.enable = lib.mkForce true; - hypervisor = lib.mkDefault "qemu"; - mem = lib.mkDefault 1024 * 4; - vcpu = lib.mkDefault 4; - optimize.enable = false; - writableStoreOverlay = "/nix/.rw-store"; - - # interfaces = flip lib.mapAttrsToList guestCfg.microvm.interfaces ( - # _: { mac, hostLink, ...}: - # { - # type = "macvtap"; - # id = "vm-${replaceStrings [ ":" ] [ "" ] mac}"; - # inherit mac; - # macvtap = { - # link = hostLink; - # mode = "bridge"; - # }; - # } - # ); - shares = - [ - { - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - ]; - }; - # systemd.network.networks = lib.flip lib.concatMapAttrs guestCfg.microvm.interfaces ( - # name: - # { mac, ... }: - # { - # "10-${name}".matchConfig = mkForce { - # MACAddress = mac; - # }; - # } - # ); - }; } @@ -11200,95 +11645,101 @@ This section sets up all the imports that are used in the home-manager section. Again, we adapt =nix= to our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same. #+begin_src nix-ts :tangle modules/home/common/settings.nix - { self, lib, pkgs, config, ... }: + { self, outputs, lib, pkgs, config, ... }: let inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; in - { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = - let - nix-version = "2_30"; - in - lib.mkIf config.swarselmodules.general { - nix = lib.mkIf (!config.swarselsystems.isNixos) { - package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; - # extraOptions = '' - # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins - # extra-builtins-file = ${self + /nix/extra-builtins.nix} - # ''; - extraOptions = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - '' - plugin-files = ${nix-plugins}/lib/nix/plugins + { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = + let + nix-version = "2_30"; + in + lib.mkIf config.swarselmodules.general { + nix = lib.mkIf (!config.swarselsystems.isNixos) { + package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; + # extraOptions = '' + # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins + # extra-builtins-file = ${self + /nix/extra-builtins.nix} + # ''; + extraOptions = + let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; + in + '' + plugin-files = ${nix-plugins}/lib/nix/plugins extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - trusted-users = [ "@wheel" "${mainUser}" ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)Ξ» "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf isLinux true; - }; - }; + ''; + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)Ξ» "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf isLinux true; + }; + }; - nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); + # nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); + nixpkgs = lib.mkIf (!isNixos) { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; + }; - programs = { - # home-manager.enable = lib.mkIf (!isNixos) true; - man = { - enable = true; - generateCaches = true; - }; - }; + programs = { + # home-manager.enable = lib.mkIf (!isNixos) true; + man = { + enable = true; + generateCaches = true; + }; + }; - targets.genericLinux.enable = lib.mkIf (!isNixos) true; + targets.genericLinux.enable = lib.mkIf (!isNixos) true; - home = { - username = lib.mkDefault mainUser; - homeDirectory = lib.mkDefault "/home/${mainUser}"; - stateVersion = lib.mkDefault "23.05"; - keyboard.layout = "us"; - sessionVariables = { - FLAKE = "/home/${mainUser}/.dotfiles"; - }; - extraOutputsToInstall = [ - "doc" - "info" - "devdoc" - ]; - packages = lib.mkIf (!isNixos) [ - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' - wrapProgram $out/bin/home-manager \ + home = { + username = lib.mkDefault mainUser; + homeDirectory = lib.mkDefault "/home/${mainUser}"; + stateVersion = lib.mkDefault "23.05"; + keyboard.layout = "us"; + sessionVariables = { + FLAKE = "/home/${mainUser}/.dotfiles"; + }; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + packages = lib.mkIf (!isNixos) [ + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' + wrapProgram $out/bin/home-manager \ --append-flags '--flake ${flakePath}#$(hostname)' - ''; - }) - ]; - }; - }; + ''; + }) + ]; + }; + }; - } + } #+end_src **** nixGL @@ -17614,7 +18065,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man #+begin_src shell :tangle files/scripts/swarsel-rebuild.sh set -eo pipefail - target_config="chaostheatre" + target_config="hotel" target_user="swarsel" function help_and_exit() { @@ -17625,7 +18076,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man echo echo "ARGS:" echo " -n specify nixos config to build." - echo " Default: chaostheatre" + echo " Default: hotel" echo " -u specify user to deploy for." echo " Default: swarsel" echo " -h | --help Print this help." @@ -17734,8 +18185,8 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+begin_src shell :tangle files/scripts/swarsel-install.sh set -eo pipefail - target_config="chaostheatre" - target_hostname="chaostheatre" + target_config="hotel" + target_hostname="hotel" target_user="swarsel" persist_dir="" target_disk="/dev/vda" @@ -17749,7 +18200,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f echo echo "ARGS:" echo " -n specify the nixos config to deploy." - echo " Default: chaostheatre" + echo " Default: hotel" echo " -d specify disk to install on." echo " Default: /dev/vda" echo " -u specify user to deploy for." @@ -17886,7 +18337,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f fi green "Setting up disk ..." - if [[ $target_config == "chaostheatre" ]]; then + if [[ $target_config == "hotel" ]]; then sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk" else sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks @@ -17935,7 +18386,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+begin_src shell :tangle files/scripts/swarsel-postinstall.sh set -eo pipefail - target_config="chaostheatre" + target_config="hotel" target_user="swarsel" function help_and_exit() { @@ -17947,8 +18398,8 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f echo "ARGS:" echo " -d specify disk to install on." echo " -n specify the nixos config to deploy." - echo " Default: chaostheatre" - echo " Default: chaostheatre" + echo " Default: hotel" + echo " Default: hotel" echo " -u specify user to deploy for." echo " Default: swarsel" echo " -h | --help Print this help." @@ -18726,16 +19177,16 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a } #+end_src -**** Chaostheatre +**** Hotel :PROPERTIES: :CUSTOM_ID: h:b79fbb59-9cf2-48eb-b469-2589223dda95 :END: -#+begin_src nix-ts :tangle profiles/nixos/chaostheatre/default.nix :mkdirp yes +#+begin_src nix-ts :tangle profiles/nixos/hotel/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselprofiles.chaostheatre { + options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; + config = lib.mkIf config.swarselprofiles.hotel { swarselmodules = { packages = lib.mkForce true; general = lib.mkForce true; @@ -19109,16 +19560,16 @@ This holds modules that are to be used on most hosts. These are also the most im #+end_src -**** Chaostheatre +**** Hotel :PROPERTIES: :CUSTOM_ID: h:36a0209f-2c17-4808-a1d0-a9e1920c307a :END: -#+begin_src nix-ts :tangle profiles/home/chaostheatre/default.nix :mkdirp yes +#+begin_src nix-ts :tangle profiles/home/hotel/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host"; - config = lib.mkIf config.swarselprofiles.chaostheatre { + options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host"; + config = lib.mkIf config.swarselprofiles.hotel { swarselmodules = { packages = lib.mkForce true; ownpackages = lib.mkForce true; @@ -24965,7 +25416,7 @@ Here lies defined the readme for GitHub and Forgejo: nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u ``` - This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. + This will activate the `hotel` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed. Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes. @@ -25213,7 +25664,7 @@ builtins.listToAttrs converts a list of name-value pairs into an attribute set. #+end_src #+RESULTS: -: { bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; } +: { bakery = "directory"; hotel= "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; } ** nixpkgs.lib.recursiveUpdate :PROPERTIES: :CUSTOM_ID: h:2227ba24-e3a1-40ba-8fb8-4cab5210692a diff --git a/flake.lock b/flake.lock index b90a12e..b045d34 100644 --- a/flake.lock +++ b/flake.lock @@ -538,6 +538,21 @@ "type": "github" } }, + "blank": { + "locked": { + "lastModified": 1625557891, + "narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=", + "owner": "divnix", + "repo": "blank", + "rev": "5a5d2684073d9f563072ed07c871d577a6c614a8", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "blank", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1754269165, @@ -585,11 +600,11 @@ }, "crane_12": { "locked": { - "lastModified": 1754269165, - "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", "owner": "ipetkov", "repo": "crane", - "rev": "444e81206df3f7d92780680e45858e31d2f07a08", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", "type": "github" }, "original": { @@ -658,7 +673,7 @@ "type": "github" } }, - "crane_2": { + "crane_17": { "locked": { "lastModified": 1754269165, "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", @@ -673,6 +688,33 @@ "type": "github" } }, + "crane_2": { + "inputs": { + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "paisano-mdbook-preprocessor", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1676162383, + "narHash": "sha256-krUCKdz7ebHlFYm/A7IbKDnj2ZmMMm3yIEQcooqm7+E=", + "owner": "ipetkov", + "repo": "crane", + "rev": "6fb400ec631b22ccdbc7090b38207f7fb5cfb5f2", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "crane_3": { "locked": { "lastModified": 1754269165, @@ -735,11 +777,11 @@ }, "crane_7": { "locked": { - "lastModified": 1750266157, - "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -804,7 +846,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nix-topology", "nixpkgs" ] @@ -830,7 +871,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nixpkgs" ] }, @@ -855,7 +895,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nix-topology", "nixpkgs" ] @@ -882,7 +921,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nixpkgs" ] }, @@ -908,7 +946,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nix-topology", "nixpkgs" ] @@ -936,7 +973,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nixpkgs" ] }, @@ -955,6 +991,60 @@ } }, "devshell_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_17": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_18": { "inputs": { "nixpkgs": [ "swarsel", @@ -1006,16 +1096,16 @@ "devshell_3": { "inputs": { "nixpkgs": [ - "swarsel", + "nixos-extra-modules", "nixpkgs" ] }, "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", "owner": "numtide", "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", "type": "github" }, "original": { @@ -1026,18 +1116,25 @@ }, "devshell_4": { "inputs": { + "flake-utils": [ + "nixos-extra-modules", + "nixt", + "std", + "flake-utils" + ], "nixpkgs": [ - "swarsel", - "nix-topology", + "nixos-extra-modules", + "nixt", + "std", "nixpkgs" ] }, "locked": { - "lastModified": 1728330715, - "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "lastModified": 1682700442, + "narHash": "sha256-qjaAAcCYgp1pBBG7mY9z95ODUBZMtUpf0Qp3Gt/Wha0=", "owner": "numtide", "repo": "devshell", - "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "rev": "fb6673fe9fe4409e3f43ca86968261e970918a83", "type": "github" }, "original": { @@ -1049,7 +1146,6 @@ "devshell_5": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "nixpkgs" ] @@ -1071,7 +1167,6 @@ "devshell_6": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "nix-topology", "nixpkgs" @@ -1094,7 +1189,6 @@ "devshell_7": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "swarsel", "nixpkgs" @@ -1117,7 +1211,6 @@ "devshell_8": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "swarsel", "nix-topology", @@ -1144,7 +1237,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "nixpkgs" ] }, @@ -1350,6 +1442,38 @@ "type": "github" } }, + "dmerge": { + "inputs": { + "haumea": "haumea", + "namaka": "namaka", + "nixlib": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ], + "yants": [ + "nixos-extra-modules", + "nixt", + "std", + "yants" + ] + }, + "locked": { + "lastModified": 1684178600, + "narHash": "sha256-EtSQcCHRQUBBEj4vbYU0vgPUYiKP261ero5k1QfQ3Bc=", + "owner": "divnix", + "repo": "dmerge", + "rev": "ac9932f26325afac5baa59cf6478432d17762a4e", + "type": "github" + }, + "original": { + "owner": "divnix", + "ref": "0.2.0", + "repo": "dmerge", + "type": "github" + } + }, "emacs-overlay": { "inputs": { "nixpkgs": [ @@ -1548,6 +1672,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_4", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1677306201, + "narHash": "sha256-VZ9x7qdTosFvVsrpgFHrtYfT6PU3yMIs7NRYn9ELapI=", + "owner": "nix-community", + "repo": "fenix", + "rev": "0923f0c162f65ae40261ec940406049726cfeab4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -1695,11 +1838,11 @@ "flake-compat_10": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -1711,11 +1854,11 @@ "flake-compat_11": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -1727,11 +1870,11 @@ "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -1741,22 +1884,6 @@ } }, "flake-compat_13": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_14": { "flake": false, "locked": { "lastModified": 1733328505, @@ -1772,7 +1899,7 @@ "type": "github" } }, - "flake-compat_15": { + "flake-compat_14": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1788,7 +1915,7 @@ "type": "github" } }, - "flake-compat_16": { + "flake-compat_15": { "flake": false, "locked": { "lastModified": 1696426674, @@ -1804,7 +1931,7 @@ "type": "github" } }, - "flake-compat_17": { + "flake-compat_16": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1820,7 +1947,7 @@ "type": "github" } }, - "flake-compat_18": { + "flake-compat_17": { "flake": false, "locked": { "lastModified": 1733328505, @@ -1836,7 +1963,7 @@ "type": "github" } }, - "flake-compat_19": { + "flake-compat_18": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1852,6 +1979,22 @@ "type": "github" } }, + "flake-compat_19": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { "flake": false, "locked": { @@ -1871,11 +2014,11 @@ "flake-compat_20": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -1887,11 +2030,11 @@ "flake-compat_21": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -1903,11 +2046,11 @@ "flake-compat_22": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -1917,6 +2060,22 @@ } }, "flake-compat_23": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_24": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1932,39 +2091,7 @@ "type": "github" } }, - "flake-compat_24": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_25": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_26": { "flake": false, "locked": { "lastModified": 1733328505, @@ -1980,7 +2107,7 @@ "type": "github" } }, - "flake-compat_27": { + "flake-compat_26": { "flake": false, "locked": { "lastModified": 1747046372, @@ -1996,6 +2123,22 @@ "type": "github" } }, + "flake-compat_27": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_28": { "flake": false, "locked": { @@ -2013,6 +2156,54 @@ } }, "flake-compat_29": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_30": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_31": { "flake": false, "locked": { "lastModified": 1696426674, @@ -2028,14 +2219,14 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_32": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -2047,11 +2238,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -2159,6 +2350,28 @@ } }, "flake-parts_10": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_11": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2180,9 +2393,9 @@ "type": "github" } }, - "flake-parts_11": { + "flake-parts_12": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_5" + "nixpkgs-lib": "nixpkgs-lib_6" }, "locked": { "lastModified": 1759362264, @@ -2198,7 +2411,7 @@ "type": "github" } }, - "flake-parts_12": { + "flake-parts_13": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2221,9 +2434,9 @@ "type": "github" } }, - "flake-parts_13": { + "flake-parts_14": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_6" + "nixpkgs-lib": "nixpkgs-lib_7" }, "locked": { "lastModified": 1719994518, @@ -2238,7 +2451,7 @@ "type": "indirect" } }, - "flake-parts_14": { + "flake-parts_15": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2261,7 +2474,7 @@ "type": "github" } }, - "flake-parts_15": { + "flake-parts_16": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2284,25 +2497,25 @@ "type": "github" } }, - "flake-parts_16": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_7" - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_17": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_8" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_18": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2326,9 +2539,9 @@ "type": "github" } }, - "flake-parts_18": { + "flake-parts_19": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_8" + "nixpkgs-lib": "nixpkgs-lib_9" }, "locked": { "lastModified": 1719994518, @@ -2343,30 +2556,6 @@ "type": "indirect" } }, - "flake-parts_19": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_2": { "inputs": { "nixpkgs-lib": [ @@ -2394,16 +2583,16 @@ "swarsel", "swarsel", "swarsel", - "stylix", + "nur", "nixpkgs" ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -2414,7 +2603,13 @@ }, "flake-parts_21": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_9" + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] }, "locked": { "lastModified": 1756770412, @@ -2431,6 +2626,24 @@ } }, "flake-parts_22": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_10" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_23": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2455,9 +2668,9 @@ "type": "github" } }, - "flake-parts_23": { + "flake-parts_24": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_10" + "nixpkgs-lib": "nixpkgs-lib_11" }, "locked": { "lastModified": 1719994518, @@ -2472,7 +2685,7 @@ "type": "indirect" } }, - "flake-parts_24": { + "flake-parts_25": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2497,7 +2710,7 @@ "type": "github" } }, - "flake-parts_25": { + "flake-parts_26": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2522,9 +2735,9 @@ "type": "github" } }, - "flake-parts_26": { + "flake-parts_27": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_11" + "nixpkgs-lib": "nixpkgs-lib_12" }, "locked": { "lastModified": 1754487366, @@ -2540,7 +2753,7 @@ "type": "github" } }, - "flake-parts_27": { + "flake-parts_28": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2566,9 +2779,9 @@ "type": "github" } }, - "flake-parts_28": { + "flake-parts_29": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_12" + "nixpkgs-lib": "nixpkgs-lib_13" }, "locked": { "lastModified": 1719994518, @@ -2583,7 +2796,25 @@ "type": "indirect" } }, - "flake-parts_29": { + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_30": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2609,24 +2840,7 @@ "type": "github" } }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_30": { + "flake-parts_31": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2652,126 +2866,10 @@ "type": "github" } }, - "flake-parts_31": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_13" - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_32": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_33": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_14" }, - "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_34": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_35": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_36": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_15" - }, "locked": { "lastModified": 1751413152, "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", @@ -2786,7 +2884,123 @@ "type": "github" } }, + "flake-parts_33": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_34": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_15" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_35": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_36": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-parts_37": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_16" + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_38": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2814,9 +3028,9 @@ "type": "github" } }, - "flake-parts_38": { + "flake-parts_39": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_16" + "nixpkgs-lib": "nixpkgs-lib_17" }, "locked": { "lastModified": 1719994518, @@ -2831,56 +3045,52 @@ "type": "indirect" } }, - "flake-parts_39": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_4": { "inputs": { - "nixpkgs-lib": [ - "nur", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" + "id": "flake-parts", + "type": "indirect" } }, "flake-parts_40": { + "inputs": { + "nixpkgs-lib": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_41": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -2908,9 +3118,9 @@ "type": "github" } }, - "flake-parts_41": { + "flake-parts_42": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_17" + "nixpkgs-lib": "nixpkgs-lib_18" }, "locked": { "lastModified": 1754487366, @@ -2926,24 +3136,6 @@ "type": "github" } }, - "flake-parts_42": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_18" - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_43": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_19" @@ -2967,11 +3159,11 @@ "nixpkgs-lib": "nixpkgs-lib_20" }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -3038,6 +3230,24 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib_24" }, + "locked": { + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_49": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_25" + }, "locked": { "lastModified": 1760948891, "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", @@ -3052,9 +3262,30 @@ "type": "github" } }, - "flake-parts_49": { + "flake-parts_5": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_25" + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_50": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_26" }, "locked": { "lastModified": 1759362264, @@ -3070,7 +3301,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -3091,9 +3322,9 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1759362264, @@ -3109,7 +3340,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": [ "swarsel", @@ -3131,9 +3362,9 @@ "type": "github" } }, - "flake-parts_8": { + "flake-parts_9": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_4" + "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { "lastModified": 1719994518, @@ -3148,28 +3379,6 @@ "type": "indirect" } }, - "flake-parts_9": { - "inputs": { - "nixpkgs-lib": [ - "swarsel", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -3190,7 +3399,7 @@ }, "flake-utils_10": { "inputs": { - "systems": "systems_16" + "systems": "systems_12" }, "locked": { "lastModified": 1726560853, @@ -3208,7 +3417,7 @@ }, "flake-utils_11": { "inputs": { - "systems": "systems_17" + "systems": "systems_13" }, "locked": { "lastModified": 1731533236, @@ -3226,7 +3435,7 @@ }, "flake-utils_12": { "inputs": { - "systems": "systems_20" + "systems": "systems_16" }, "locked": { "lastModified": 1726560853, @@ -3244,7 +3453,7 @@ }, "flake-utils_13": { "inputs": { - "systems": "systems_21" + "systems": "systems_17" }, "locked": { "lastModified": 1731533236, @@ -3262,7 +3471,7 @@ }, "flake-utils_14": { "inputs": { - "systems": "systems_24" + "systems": "systems_20" }, "locked": { "lastModified": 1726560853, @@ -3280,7 +3489,7 @@ }, "flake-utils_15": { "inputs": { - "systems": "systems_25" + "systems": "systems_21" }, "locked": { "lastModified": 1731533236, @@ -3298,7 +3507,7 @@ }, "flake-utils_16": { "inputs": { - "systems": "systems_28" + "systems": "systems_24" }, "locked": { "lastModified": 1726560853, @@ -3316,7 +3525,7 @@ }, "flake-utils_17": { "inputs": { - "systems": "systems_29" + "systems": "systems_25" }, "locked": { "lastModified": 1731533236, @@ -3334,7 +3543,7 @@ }, "flake-utils_18": { "inputs": { - "systems": "systems_31" + "systems": "systems_28" }, "locked": { "lastModified": 1726560853, @@ -3352,7 +3561,7 @@ }, "flake-utils_19": { "inputs": { - "systems": "systems_32" + "systems": "systems_29" }, "locked": { "lastModified": 1731533236, @@ -3388,14 +3597,14 @@ }, "flake-utils_20": { "inputs": { - "systems": "systems_36" + "systems": "systems_31" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -3406,7 +3615,7 @@ }, "flake-utils_21": { "inputs": { - "systems": "systems_39" + "systems": "systems_32" }, "locked": { "lastModified": 1731533236, @@ -3424,7 +3633,7 @@ }, "flake-utils_22": { "inputs": { - "systems": "systems_43" + "systems": "systems_36" }, "locked": { "lastModified": 1731533236, @@ -3442,7 +3651,7 @@ }, "flake-utils_23": { "inputs": { - "systems": "systems_47" + "systems": "systems_39" }, "locked": { "lastModified": 1731533236, @@ -3460,7 +3669,7 @@ }, "flake-utils_24": { "inputs": { - "systems": "systems_51" + "systems": "systems_43" }, "locked": { "lastModified": 1731533236, @@ -3478,7 +3687,7 @@ }, "flake-utils_25": { "inputs": { - "systems": "systems_56" + "systems": "systems_47" }, "locked": { "lastModified": 1731533236, @@ -3496,7 +3705,7 @@ }, "flake-utils_26": { "inputs": { - "systems": "systems_61" + "systems": "systems_51" }, "locked": { "lastModified": 1731533236, @@ -3513,6 +3722,42 @@ } }, "flake-utils_27": { + "inputs": { + "systems": "systems_56" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_28": { + "inputs": { + "systems": "systems_61" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_29": { "inputs": { "systems": "systems_66" }, @@ -3549,6 +3794,36 @@ } }, "flake-utils_4": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "inputs": { "systems": "systems_6" }, @@ -3566,7 +3841,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_7": { "inputs": { "systems": "systems_7" }, @@ -3584,7 +3859,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_8": { "inputs": { "systems": "systems_8" }, @@ -3602,45 +3877,9 @@ "type": "github" } }, - "flake-utils_7": { - "inputs": { - "systems": "systems_11" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_12" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flake-utils_9": { "inputs": { - "systems": "systems_13" + "systems": "systems_11" }, "locked": { "lastModified": 1731533236, @@ -3786,7 +4025,7 @@ }, "fw-fanctrl": { "inputs": { - "flake-compat": "flake-compat_10", + "flake-compat": "flake-compat_13", "nixpkgs": [ "swarsel", "swarsel", @@ -3811,7 +4050,7 @@ }, "fw-fanctrl_2": { "inputs": { - "flake-compat": "flake-compat_14", + "flake-compat": "flake-compat_17", "nixpkgs": [ "swarsel", "swarsel", @@ -3837,7 +4076,7 @@ }, "fw-fanctrl_3": { "inputs": { - "flake-compat": "flake-compat_18", + "flake-compat": "flake-compat_21", "nixpkgs": [ "swarsel", "swarsel", @@ -3864,7 +4103,7 @@ }, "fw-fanctrl_4": { "inputs": { - "flake-compat": "flake-compat_22", + "flake-compat": "flake-compat_25", "nixpkgs": [ "swarsel", "swarsel", @@ -3892,7 +4131,7 @@ }, "fw-fanctrl_5": { "inputs": { - "flake-compat": "flake-compat_26", + "flake-compat": "flake-compat_29", "nixpkgs": [ "swarsel", "swarsel", @@ -3946,9 +4185,7 @@ "nixpkgs": [ "swarsel", "swarsel", - "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "pre-commit-hooks", "nixpkgs" ] }, @@ -3972,8 +4209,8 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", - "pre-commit-hooks", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -3997,6 +4234,7 @@ "swarsel", "swarsel", "swarsel", + "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4021,9 +4259,7 @@ "swarsel", "swarsel", "swarsel", - "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4048,8 +4284,8 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", - "pre-commit-hooks", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4074,6 +4310,7 @@ "swarsel", "swarsel", "swarsel", + "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4099,9 +4336,7 @@ "swarsel", "swarsel", "swarsel", - "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4127,8 +4362,8 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", - "pre-commit-hooks", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4154,6 +4389,7 @@ "swarsel", "swarsel", "swarsel", + "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4180,9 +4416,7 @@ "swarsel", "swarsel", "swarsel", - "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4231,8 +4465,8 @@ "swarsel", "swarsel", "swarsel", - "nix-topology", - "pre-commit-hooks", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4259,6 +4493,7 @@ "swarsel", "swarsel", "swarsel", + "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4278,6 +4513,33 @@ } }, "gitignore_22": { + "inputs": { + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_23": { "inputs": { "nixpkgs": [ "swarsel", @@ -4306,7 +4568,7 @@ "type": "github" } }, - "gitignore_23": { + "gitignore_24": { "inputs": { "nixpkgs": [ "swarsel", @@ -4335,7 +4597,7 @@ "type": "github" } }, - "gitignore_24": { + "gitignore_25": { "inputs": { "nixpkgs": [ "swarsel", @@ -4366,6 +4628,7 @@ "gitignore_3": { "inputs": { "nixpkgs": [ + "nixos-extra-modules", "pre-commit-hooks", "nixpkgs" ] @@ -4385,6 +4648,27 @@ } }, "gitignore_4": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "swarsel", @@ -4407,33 +4691,11 @@ "type": "github" } }, - "gitignore_5": { - "inputs": { - "nixpkgs": [ - "swarsel", - "nix-topology", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gitignore_6": { "inputs": { "nixpkgs": [ "swarsel", + "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4456,9 +4718,7 @@ "inputs": { "nixpkgs": [ "swarsel", - "swarsel", - "lanzaboote", - "pre-commit-hooks-nix", + "pre-commit-hooks", "nixpkgs" ] }, @@ -4481,8 +4741,8 @@ "nixpkgs": [ "swarsel", "swarsel", - "nix-topology", - "pre-commit-hooks", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -4505,6 +4765,7 @@ "nixpkgs": [ "swarsel", "swarsel", + "nix-topology", "pre-commit-hooks", "nixpkgs" ] @@ -4659,6 +4920,30 @@ "type": "github" } }, + "haumea": { + "inputs": { + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "dmerge", + "nixlib" + ] + }, + "locked": { + "lastModified": 1681176209, + "narHash": "sha256-bJLDun6esIyWtwRVXcsgzGbh4UKu8wJDrPgykqPyzmg=", + "owner": "nix-community", + "repo": "haumea", + "rev": "b915b66b27da3a595d77b139e945bb0a2fcac926", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "haumea", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -5165,6 +5450,29 @@ "type": "github" } }, + "incl": { + "inputs": { + "nixlib": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1669263024, + "narHash": "sha256-E/+23NKtxAqYG/0ydYgxlgarKnxmDbg6rCMWnOBqn9Q=", + "owner": "divnix", + "repo": "incl", + "rev": "ce7bebaee048e4cd7ebdb4cee7885e00c4e2abca", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "incl", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -5190,12 +5498,12 @@ }, "lanzaboote_2": { "inputs": { - "crane": "crane_2", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_9", + "crane": "crane_3", + "flake-compat": "flake-compat_7", + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_10", "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1756744479, @@ -5213,12 +5521,12 @@ }, "lanzaboote_3": { "inputs": { - "crane": "crane_3", - "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_12", - "nixpkgs": "nixpkgs_17", + "crane": "crane_4", + "flake-compat": "flake-compat_10", + "flake-parts": "flake-parts_13", + "nixpkgs": "nixpkgs_18", "pre-commit-hooks-nix": "pre-commit-hooks-nix_3", - "rust-overlay": "rust-overlay_3" + "rust-overlay": "rust-overlay_4" }, "locked": { "lastModified": 1756744479, @@ -5236,12 +5544,12 @@ }, "lanzaboote_4": { "inputs": { - "crane": "crane_4", - "flake-compat": "flake-compat_11", - "flake-parts": "flake-parts_17", - "nixpkgs": "nixpkgs_25", + "crane": "crane_5", + "flake-compat": "flake-compat_14", + "flake-parts": "flake-parts_18", + "nixpkgs": "nixpkgs_26", "pre-commit-hooks-nix": "pre-commit-hooks-nix_4", - "rust-overlay": "rust-overlay_4" + "rust-overlay": "rust-overlay_5" }, "locked": { "lastModified": 1756744479, @@ -5259,12 +5567,12 @@ }, "lanzaboote_5": { "inputs": { - "crane": "crane_5", - "flake-compat": "flake-compat_15", - "flake-parts": "flake-parts_22", - "nixpkgs": "nixpkgs_33", + "crane": "crane_6", + "flake-compat": "flake-compat_18", + "flake-parts": "flake-parts_23", + "nixpkgs": "nixpkgs_34", "pre-commit-hooks-nix": "pre-commit-hooks-nix_5", - "rust-overlay": "rust-overlay_5" + "rust-overlay": "rust-overlay_6" }, "locked": { "lastModified": 1756744479, @@ -5282,12 +5590,12 @@ }, "lanzaboote_6": { "inputs": { - "crane": "crane_6", - "flake-compat": "flake-compat_19", - "flake-parts": "flake-parts_27", - "nixpkgs": "nixpkgs_41", + "crane": "crane_7", + "flake-compat": "flake-compat_22", + "flake-parts": "flake-parts_28", + "nixpkgs": "nixpkgs_42", "pre-commit-hooks-nix": "pre-commit-hooks-nix_6", - "rust-overlay": "rust-overlay_6" + "rust-overlay": "rust-overlay_7" }, "locked": { "lastModified": 1754297745, @@ -5305,12 +5613,12 @@ }, "lanzaboote_7": { "inputs": { - "crane": "crane_7", - "flake-compat": "flake-compat_23", - "flake-parts": "flake-parts_32", - "nixpkgs": "nixpkgs_49", + "crane": "crane_8", + "flake-compat": "flake-compat_26", + "flake-parts": "flake-parts_33", + "nixpkgs": "nixpkgs_50", "pre-commit-hooks-nix": "pre-commit-hooks-nix_7", - "rust-overlay": "rust-overlay_7" + "rust-overlay": "rust-overlay_8" }, "locked": { "lastModified": 1751381593, @@ -5328,12 +5636,12 @@ }, "lanzaboote_8": { "inputs": { - "crane": "crane_8", - "flake-compat": "flake-compat_27", - "flake-parts": "flake-parts_37", - "nixpkgs": "nixpkgs_57", + "crane": "crane_9", + "flake-compat": "flake-compat_30", + "flake-parts": "flake-parts_38", + "nixpkgs": "nixpkgs_58", "pre-commit-hooks-nix": "pre-commit-hooks-nix_8", - "rust-overlay": "rust-overlay_8" + "rust-overlay": "rust-overlay_9" }, "locked": { "lastModified": 1751381593, @@ -5373,7 +5681,7 @@ }, "microvm_2": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_6", "nixpkgs": [ "swarsel", "nixpkgs" @@ -5396,7 +5704,7 @@ }, "microvm_3": { "inputs": { - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_9", "nixpkgs": [ "swarsel", "swarsel", @@ -5418,6 +5726,67 @@ "type": "github" } }, + "n2c": { + "inputs": { + "flake-utils": [ + "nixos-extra-modules", + "nixt", + "std", + "flake-utils" + ], + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677330646, + "narHash": "sha256-hUYCwJneMjnxTvj30Fjow6UMJUITqHlpUGpXMPXUJsU=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "ebca8f58d450cae1a19c07701a5a8ae40afc9efc", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, + "namaka": { + "inputs": { + "haumea": [ + "nixos-extra-modules", + "nixt", + "std", + "dmerge", + "haumea" + ], + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "dmerge", + "nixlib" + ] + }, + "locked": { + "lastModified": 1683059428, + "narHash": "sha256-ZTMqleCWmuNWhZE375gtF1j1JRkaKEUFN1AM43e7h4Y=", + "owner": "nix-community", + "repo": "namaka", + "rev": "2deba2f416454aec770bc1cc7365e39c73e6b1d7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.1.1", + "repo": "namaka", + "type": "github" + } + }, "niri-flake": { "inputs": { "niri-stable": "niri-stable", @@ -6628,10 +6997,10 @@ }, "nix-topology_2": { "inputs": { - "devshell": "devshell_4", - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_10", - "pre-commit-hooks": "pre-commit-hooks_3" + "devshell": "devshell_6", + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_11", + "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { "lastModified": 1752093877, @@ -6649,10 +7018,10 @@ }, "nix-topology_3": { "inputs": { - "devshell": "devshell_6", - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_18", - "pre-commit-hooks": "pre-commit-hooks_5" + "devshell": "devshell_8", + "flake-utils": "flake-utils_10", + "nixpkgs": "nixpkgs_19", + "pre-commit-hooks": "pre-commit-hooks_6" }, "locked": { "lastModified": 1752093877, @@ -6670,10 +7039,10 @@ }, "nix-topology_4": { "inputs": { - "devshell": "devshell_8", - "flake-utils": "flake-utils_10", - "nixpkgs": "nixpkgs_26", - "pre-commit-hooks": "pre-commit-hooks_7" + "devshell": "devshell_10", + "flake-utils": "flake-utils_12", + "nixpkgs": "nixpkgs_27", + "pre-commit-hooks": "pre-commit-hooks_8" }, "locked": { "lastModified": 1752093877, @@ -6691,10 +7060,10 @@ }, "nix-topology_5": { "inputs": { - "devshell": "devshell_10", - "flake-utils": "flake-utils_12", - "nixpkgs": "nixpkgs_34", - "pre-commit-hooks": "pre-commit-hooks_9" + "devshell": "devshell_12", + "flake-utils": "flake-utils_14", + "nixpkgs": "nixpkgs_35", + "pre-commit-hooks": "pre-commit-hooks_10" }, "locked": { "lastModified": 1752093877, @@ -6712,10 +7081,10 @@ }, "nix-topology_6": { "inputs": { - "devshell": "devshell_12", - "flake-utils": "flake-utils_14", - "nixpkgs": "nixpkgs_42", - "pre-commit-hooks": "pre-commit-hooks_11" + "devshell": "devshell_14", + "flake-utils": "flake-utils_16", + "nixpkgs": "nixpkgs_43", + "pre-commit-hooks": "pre-commit-hooks_12" }, "locked": { "lastModified": 1752093877, @@ -6733,10 +7102,10 @@ }, "nix-topology_7": { "inputs": { - "devshell": "devshell_14", - "flake-utils": "flake-utils_16", - "nixpkgs": "nixpkgs_50", - "pre-commit-hooks": "pre-commit-hooks_13" + "devshell": "devshell_16", + "flake-utils": "flake-utils_18", + "nixpkgs": "nixpkgs_51", + "pre-commit-hooks": "pre-commit-hooks_14" }, "locked": { "lastModified": 1744142264, @@ -6754,10 +7123,10 @@ }, "nix-topology_8": { "inputs": { - "devshell": "devshell_16", - "flake-utils": "flake-utils_18", - "nixpkgs": "nixpkgs_58", - "pre-commit-hooks": "pre-commit-hooks_15" + "devshell": "devshell_18", + "flake-utils": "flake-utils_20", + "nixpkgs": "nixpkgs_59", + "pre-commit-hooks": "pre-commit-hooks_16" }, "locked": { "lastModified": 1744142264, @@ -6773,6 +7142,41 @@ "type": "github" } }, + "nixago": { + "inputs": { + "flake-utils": [ + "nixos-extra-modules", + "nixt", + "std", + "flake-utils" + ], + "nixago-exts": [ + "nixos-extra-modules", + "nixt", + "std", + "blank" + ], + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1683210100, + "narHash": "sha256-bhGDOlkWtlhVECpoOog4fWiFJmLCpVEg09a40aTjCbw=", + "owner": "nix-community", + "repo": "nixago", + "rev": "1da60ad9412135f9ed7a004669fdcf3d378ec630", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixago", + "type": "github" + } + }, "nixgl": { "inputs": { "flake-utils": "flake-utils_3", @@ -6794,8 +7198,8 @@ }, "nixgl_2": { "inputs": { - "flake-utils": "flake-utils_6", - "nixpkgs": "nixpkgs_11" + "flake-utils": "flake-utils_8", + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1752054764, @@ -6813,8 +7217,8 @@ }, "nixgl_3": { "inputs": { - "flake-utils": "flake-utils_9", - "nixpkgs": "nixpkgs_19" + "flake-utils": "flake-utils_11", + "nixpkgs": "nixpkgs_20" }, "locked": { "lastModified": 1752054764, @@ -6832,8 +7236,8 @@ }, "nixgl_4": { "inputs": { - "flake-utils": "flake-utils_11", - "nixpkgs": "nixpkgs_27" + "flake-utils": "flake-utils_13", + "nixpkgs": "nixpkgs_28" }, "locked": { "lastModified": 1752054764, @@ -6851,8 +7255,8 @@ }, "nixgl_5": { "inputs": { - "flake-utils": "flake-utils_13", - "nixpkgs": "nixpkgs_35" + "flake-utils": "flake-utils_15", + "nixpkgs": "nixpkgs_36" }, "locked": { "lastModified": 1752054764, @@ -6870,8 +7274,8 @@ }, "nixgl_6": { "inputs": { - "flake-utils": "flake-utils_15", - "nixpkgs": "nixpkgs_43" + "flake-utils": "flake-utils_17", + "nixpkgs": "nixpkgs_44" }, "locked": { "lastModified": 1752054764, @@ -6889,8 +7293,8 @@ }, "nixgl_7": { "inputs": { - "flake-utils": "flake-utils_17", - "nixpkgs": "nixpkgs_51" + "flake-utils": "flake-utils_19", + "nixpkgs": "nixpkgs_52" }, "locked": { "lastModified": 1751696036, @@ -6908,8 +7312,8 @@ }, "nixgl_8": { "inputs": { - "flake-utils": "flake-utils_19", - "nixpkgs": "nixpkgs_59" + "flake-utils": "flake-utils_21", + "nixpkgs": "nixpkgs_60" }, "locked": { "lastModified": 1751696036, @@ -7045,6 +7449,30 @@ "type": "github" } }, + "nixos-extra-modules": { + "inputs": { + "devshell": "devshell_3", + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "nixt": "nixt", + "pre-commit-hooks": "pre-commit-hooks_2" + }, + "locked": { + "lastModified": 1757854196, + "narHash": "sha256-RDr3/JTpRyXSR1OOg+wzdOUmDL1Ke05OLV/xctbuQOw=", + "owner": "oddlama", + "repo": "nixos-extra-modules", + "rev": "a584a970a05d0410dcb00e0ade684a0c0ce00c4b", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nixos-extra-modules", + "type": "github" + } + }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -7921,114 +8349,6 @@ } }, "nixpkgs-lib_10": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_11": { - "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_12": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_13": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_14": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_15": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_16": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, - "nixpkgs-lib_17": { - "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_18": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -8043,6 +8363,114 @@ "type": "github" } }, + "nixpkgs-lib_11": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_12": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_13": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_14": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_15": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_16": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_17": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_18": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-lib_19": { "locked": { "lastModified": 1754788789, @@ -8060,14 +8488,14 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, "nixpkgs-lib_20": { @@ -8160,7 +8588,7 @@ "type": "github" } }, - "nixpkgs-lib_3": { + "nixpkgs-lib_26": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -8175,61 +8603,61 @@ "type": "github" } }, + "nixpkgs-lib_3": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, "nixpkgs-lib_4": { "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-lib_5": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", - "type": "github" + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" }, "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, "nixpkgs-lib_6": { "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-lib_7": { - "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_8": { "locked": { "lastModified": 1719876945, "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", @@ -8241,7 +8669,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, - "nixpkgs-lib_9": { + "nixpkgs-lib_8": { "locked": { "lastModified": 1754788789, "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", @@ -8256,6 +8684,18 @@ "type": "github" } }, + "nixpkgs-lib_9": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1760139962, @@ -8881,6 +9321,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -8896,7 +9352,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -8911,7 +9367,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1760284886, "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", @@ -8927,7 +9383,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -8943,7 +9399,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1760284886, "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", @@ -8959,7 +9415,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1760164275, "narHash": "sha256-gKl2Gtro/LNf8P+4L3S2RsZ0G390ccd5MyXYrTdMCFE=", @@ -8975,7 +9431,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -8991,7 +9447,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9007,7 +9463,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9023,21 +9479,6 @@ "type": "github" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1746378225, - "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "93e8cdce7afc64297cfec447c311470788131cd9", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1730531603, @@ -9055,6 +9496,21 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1759381078, "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", @@ -9070,7 +9526,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -9086,7 +9542,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1759381078, "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", @@ -9102,7 +9558,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1759570798, "narHash": "sha256-kbkzsUKYzKhuvMOuxt/aTwWU2mnrwoY964yN3Y4dE98=", @@ -9118,7 +9574,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -9134,7 +9590,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_26": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9150,7 +9606,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_27": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9166,7 +9622,7 @@ "type": "github" } }, - "nixpkgs_27": { + "nixpkgs_28": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -9181,7 +9637,7 @@ "type": "github" } }, - "nixpkgs_28": { + "nixpkgs_29": { "locked": { "lastModified": 1758427187, "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", @@ -9197,22 +9653,6 @@ "type": "github" } }, - "nixpkgs_29": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_3": { "locked": { "lastModified": 1746378225, @@ -9229,6 +9669,22 @@ } }, "nixpkgs_30": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_31": { "locked": { "lastModified": 1758427187, "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", @@ -9244,7 +9700,7 @@ "type": "github" } }, - "nixpkgs_31": { + "nixpkgs_32": { "locked": { "lastModified": 1758262103, "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", @@ -9260,7 +9716,7 @@ "type": "github" } }, - "nixpkgs_32": { + "nixpkgs_33": { "locked": { "lastModified": 1756819007, "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", @@ -9276,7 +9732,7 @@ "type": "github" } }, - "nixpkgs_33": { + "nixpkgs_34": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9292,7 +9748,7 @@ "type": "github" } }, - "nixpkgs_34": { + "nixpkgs_35": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9308,7 +9764,7 @@ "type": "github" } }, - "nixpkgs_35": { + "nixpkgs_36": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -9323,7 +9779,7 @@ "type": "github" } }, - "nixpkgs_36": { + "nixpkgs_37": { "locked": { "lastModified": 1757745802, "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", @@ -9339,7 +9795,7 @@ "type": "github" } }, - "nixpkgs_37": { + "nixpkgs_38": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -9355,7 +9811,7 @@ "type": "github" } }, - "nixpkgs_38": { + "nixpkgs_39": { "locked": { "lastModified": 1757745802, "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", @@ -9371,7 +9827,23 @@ "type": "github" } }, - "nixpkgs_39": { + "nixpkgs_4": { + "locked": { + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_40": { "locked": { "lastModified": 1757746433, "narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=", @@ -9387,23 +9859,7 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_40": { + "nixpkgs_41": { "locked": { "lastModified": 1756819007, "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", @@ -9419,7 +9875,7 @@ "type": "github" } }, - "nixpkgs_41": { + "nixpkgs_42": { "locked": { "lastModified": 1754243818, "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", @@ -9435,7 +9891,7 @@ "type": "github" } }, - "nixpkgs_42": { + "nixpkgs_43": { "locked": { "lastModified": 1730531603, "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", @@ -9451,7 +9907,7 @@ "type": "github" } }, - "nixpkgs_43": { + "nixpkgs_44": { "locked": { "lastModified": 1746378225, "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", @@ -9466,7 +9922,7 @@ "type": "github" } }, - "nixpkgs_44": { + "nixpkgs_45": { "locked": { "lastModified": 1754498491, "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", @@ -9482,23 +9938,23 @@ "type": "github" } }, - "nixpkgs_45": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_46": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_47": { "locked": { "lastModified": 1754498491, "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", @@ -9514,7 +9970,7 @@ "type": "github" } }, - "nixpkgs_47": { + "nixpkgs_48": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -9530,213 +9986,23 @@ "type": "github" } }, - "nixpkgs_48": { - "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_49": { "locked": { - "lastModified": 1751203939, - "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_50": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_51": { - "locked": { - "lastModified": 1746378225, - "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "93e8cdce7afc64297cfec447c311470788131cd9", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_52": { - "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_53": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_54": { - "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_55": { - "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_56": { - "locked": { - "lastModified": 1748460289, - "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_57": { - "locked": { - "lastModified": 1751203939, - "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_58": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_59": { - "locked": { - "lastModified": 1746378225, - "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "93e8cdce7afc64297cfec447c311470788131cd9", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -9752,7 +10018,54 @@ "type": "github" } }, - "nixpkgs_60": { + "nixpkgs_50": { + "locked": { + "lastModified": 1751203939, + "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_51": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_52": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_53": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -9768,7 +10081,7 @@ "type": "github" } }, - "nixpkgs_61": { + "nixpkgs_54": { "locked": { "lastModified": 1720957393, "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", @@ -9784,7 +10097,7 @@ "type": "github" } }, - "nixpkgs_62": { + "nixpkgs_55": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -9800,7 +10113,7 @@ "type": "github" } }, - "nixpkgs_63": { + "nixpkgs_56": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -9816,7 +10129,7 @@ "type": "github" } }, - "nixpkgs_64": { + "nixpkgs_57": { "locked": { "lastModified": 1748460289, "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", @@ -9832,13 +10145,124 @@ "type": "github" } }, - "nixpkgs_65": { + "nixpkgs_58": { "locked": { - "lastModified": 1750865895, - "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "lastModified": 1751203939, + "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_59": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_60": { + "locked": { + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_61": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_62": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_63": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_64": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", "type": "github" }, "original": { @@ -9848,6 +10272,22 @@ "type": "github" } }, + "nixpkgs_65": { + "locked": { + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_66": { "locked": { "lastModified": 1750865895, @@ -9865,6 +10305,22 @@ } }, "nixpkgs_67": { + "locked": { + "lastModified": 1750865895, + "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_68": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -9880,7 +10336,7 @@ "type": "github" } }, - "nixpkgs_68": { + "nixpkgs_69": { "locked": { "lastModified": 1750865895, "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", @@ -9896,183 +10352,7 @@ "type": "github" } }, - "nixpkgs_69": { - "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_7": { - "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_70": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_71": { - "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_72": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_73": { - "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_74": { - "locked": { - "lastModified": 1759733170, - "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8913c168d1c56dc49a7718685968f38752171c3b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_75": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_76": { - "locked": { - "lastModified": 1760284886, - "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_77": { - "locked": { - "lastModified": 1759733170, - "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8913c168d1c56dc49a7718685968f38752171c3b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_78": { - "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_79": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -10088,23 +10368,87 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_70": { "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", - "owner": "NixOS", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_80": { + "nixpkgs_71": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_72": { + "locked": { + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_73": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_74": { + "locked": { + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_75": { "locked": { "lastModified": 1759733170, "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", @@ -10120,7 +10464,119 @@ "type": "github" } }, + "nixpkgs_76": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_77": { + "locked": { + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_78": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_79": { + "locked": { + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1760596604, + "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_80": { + "locked": { + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_81": { + "locked": { + "lastModified": 1759733170, + "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8913c168d1c56dc49a7718685968f38752171c3b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_82": { "locked": { "lastModified": 1754800730, "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", @@ -10138,20 +10594,44 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1754243818, - "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, + "nixt": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": [ + "nixos-extra-modules", + "nixpkgs" + ], + "std": "std", + "std-data-collection": "std-data-collection" + }, + "locked": { + "lastModified": 1729273076, + "narHash": "sha256-h2Y+5bikSXS8MPYpxyZpd+VX9H5uuCS/csMMxZCoS3c=", + "owner": "nix-community", + "repo": "nixt", + "rev": "ad8863c9f9e5a166d663f2f1f0eef74ab913a883", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixt", + "type": "github" + } + }, "nmd": { "flake": false, "locked": { @@ -10612,10 +11092,25 @@ "type": "gitlab" } }, + "nosys": { + "locked": { + "lastModified": 1668010795, + "narHash": "sha256-JBDVBnos8g0toU7EhIIqQ1If5m/nyBqtHhL3sicdPwI=", + "owner": "divnix", + "repo": "nosys", + "rev": "feade0141487801c71ff55623b421ed535dbdefa", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "nosys", + "type": "github" + } + }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_5" + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1721304043, @@ -10633,8 +11128,8 @@ }, "nswitch-rcm-nix_2": { "inputs": { - "flake-parts": "flake-parts_8", - "nixpkgs": "nixpkgs_13" + "flake-parts": "flake-parts_9", + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1721304043, @@ -10652,8 +11147,8 @@ }, "nswitch-rcm-nix_3": { "inputs": { - "flake-parts": "flake-parts_13", - "nixpkgs": "nixpkgs_21" + "flake-parts": "flake-parts_14", + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1721304043, @@ -10671,8 +11166,8 @@ }, "nswitch-rcm-nix_4": { "inputs": { - "flake-parts": "flake-parts_18", - "nixpkgs": "nixpkgs_29" + "flake-parts": "flake-parts_19", + "nixpkgs": "nixpkgs_30" }, "locked": { "lastModified": 1721304043, @@ -10690,8 +11185,8 @@ }, "nswitch-rcm-nix_5": { "inputs": { - "flake-parts": "flake-parts_23", - "nixpkgs": "nixpkgs_37" + "flake-parts": "flake-parts_24", + "nixpkgs": "nixpkgs_38" }, "locked": { "lastModified": 1721304043, @@ -10709,8 +11204,8 @@ }, "nswitch-rcm-nix_6": { "inputs": { - "flake-parts": "flake-parts_28", - "nixpkgs": "nixpkgs_45" + "flake-parts": "flake-parts_29", + "nixpkgs": "nixpkgs_46" }, "locked": { "lastModified": 1721304043, @@ -10728,8 +11223,8 @@ }, "nswitch-rcm-nix_7": { "inputs": { - "flake-parts": "flake-parts_33", - "nixpkgs": "nixpkgs_53" + "flake-parts": "flake-parts_34", + "nixpkgs": "nixpkgs_54" }, "locked": { "lastModified": 1721304043, @@ -10747,8 +11242,8 @@ }, "nswitch-rcm-nix_8": { "inputs": { - "flake-parts": "flake-parts_38", - "nixpkgs": "nixpkgs_61" + "flake-parts": "flake-parts_39", + "nixpkgs": "nixpkgs_62" }, "locked": { "lastModified": 1721304043, @@ -10766,8 +11261,8 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_6" + "flake-parts": "flake-parts_5", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1762033460, @@ -10818,8 +11313,8 @@ }, "nur_11": { "inputs": { - "flake-parts": "flake-parts_29", - "nixpkgs": "nixpkgs_46" + "flake-parts": "flake-parts_30", + "nixpkgs": "nixpkgs_47" }, "locked": { "lastModified": 1754726338, @@ -10872,8 +11367,8 @@ }, "nur_13": { "inputs": { - "flake-parts": "flake-parts_34", - "nixpkgs": "nixpkgs_54" + "flake-parts": "flake-parts_35", + "nixpkgs": "nixpkgs_55" }, "locked": { "lastModified": 1751906969, @@ -10929,8 +11424,8 @@ }, "nur_15": { "inputs": { - "flake-parts": "flake-parts_39", - "nixpkgs": "nixpkgs_62" + "flake-parts": "flake-parts_40", + "nixpkgs": "nixpkgs_63" }, "locked": { "lastModified": 1751906969, @@ -11013,8 +11508,8 @@ }, "nur_3": { "inputs": { - "flake-parts": "flake-parts_9", - "nixpkgs": "nixpkgs_14" + "flake-parts": "flake-parts_10", + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1760434122, @@ -11059,8 +11554,8 @@ }, "nur_5": { "inputs": { - "flake-parts": "flake-parts_14", - "nixpkgs": "nixpkgs_22" + "flake-parts": "flake-parts_15", + "nixpkgs": "nixpkgs_23" }, "locked": { "lastModified": 1759783224, @@ -11107,8 +11602,8 @@ }, "nur_7": { "inputs": { - "flake-parts": "flake-parts_19", - "nixpkgs": "nixpkgs_30" + "flake-parts": "flake-parts_20", + "nixpkgs": "nixpkgs_31" }, "locked": { "lastModified": 1758706012, @@ -11157,8 +11652,8 @@ }, "nur_9": { "inputs": { - "flake-parts": "flake-parts_24", - "nixpkgs": "nixpkgs_38" + "flake-parts": "flake-parts_25", + "nixpkgs": "nixpkgs_39" }, "locked": { "lastModified": 1757935448, @@ -11174,6 +11669,120 @@ "type": "github" } }, + "paisano": { + "inputs": { + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ], + "nosys": "nosys", + "yants": [ + "nixos-extra-modules", + "nixt", + "std", + "yants" + ] + }, + "locked": { + "lastModified": 1678949904, + "narHash": "sha256-oAoF66hYYz1RPh3lEwb9/4e4iyBAfTbQKZRRQ8gP0Ds=", + "owner": "paisano-nix", + "repo": "core", + "rev": "88f2aff10a5064551d1d4cb86800d17084489ce3", + "type": "github" + }, + "original": { + "owner": "paisano-nix", + "repo": "core", + "type": "github" + } + }, + "paisano-actions": { + "inputs": { + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "paisano-mdbook-preprocessor", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677306424, + "narHash": "sha256-H9/dI2rGEbKo4KEisqbRPHFG2ajF8Tm111NPdKGIf28=", + "owner": "paisano-nix", + "repo": "actions", + "rev": "65ec4e080b3480167fc1a748c89a05901eea9a9b", + "type": "github" + }, + "original": { + "owner": "paisano-nix", + "repo": "actions", + "type": "github" + } + }, + "paisano-mdbook-preprocessor": { + "inputs": { + "crane": "crane_2", + "fenix": "fenix", + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ], + "paisano-actions": "paisano-actions", + "std": [ + "nixos-extra-modules", + "nixt", + "std" + ] + }, + "locked": { + "lastModified": 1680654400, + "narHash": "sha256-Qdpio+ldhUK3zfl22Mhf8HUULdUOJXDWDdO7MIK69OU=", + "owner": "paisano-nix", + "repo": "mdbook-paisano-preprocessor", + "rev": "11a8fc47f574f194a7ae7b8b98001f6143ba4cf1", + "type": "github" + }, + "original": { + "owner": "paisano-nix", + "repo": "mdbook-paisano-preprocessor", + "type": "github" + } + }, + "paisano-tui": { + "inputs": { + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "blank" + ], + "std": [ + "nixos-extra-modules", + "nixt", + "std" + ] + }, + "locked": { + "lastModified": 1681847764, + "narHash": "sha256-mdd7PJW1BZvxy0cIKsPfAO+ohVl/V7heE5ZTAHzTdv8=", + "owner": "paisano-nix", + "repo": "tui", + "rev": "3096bad91cae73ab8ab3367d31f8a143d248a244", + "type": "github" + }, + "original": { + "owner": "paisano-nix", + "ref": "0.1.1", + "repo": "tui", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_2", @@ -11234,7 +11843,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_4", + "gitignore": "gitignore_5", "nixpkgs": [ "swarsel", "lanzaboote", @@ -11263,7 +11872,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_7", + "gitignore": "gitignore_8", "nixpkgs": [ "swarsel", "swarsel", @@ -11294,7 +11903,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_10", + "gitignore": "gitignore_11", "nixpkgs": [ "swarsel", "swarsel", @@ -11327,7 +11936,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_13", + "gitignore": "gitignore_14", "nixpkgs": [ "swarsel", "swarsel", @@ -11362,7 +11971,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_16", + "gitignore": "gitignore_17", "nixpkgs": [ "swarsel", "swarsel", @@ -11399,7 +12008,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_19", + "gitignore": "gitignore_20", "nixpkgs": [ "swarsel", "swarsel", @@ -11438,7 +12047,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_22", + "gitignore": "gitignore_23", "nixpkgs": [ "swarsel", "swarsel", @@ -11467,8 +12076,43 @@ }, "pre-commit-hooks_10": { "inputs": { - "flake-compat": "flake-compat_17", + "flake-compat": "flake-compat_19", "gitignore": "gitignore_15", + "nixpkgs": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "swarsel", + "swarsel", + "swarsel", + "swarsel", + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_11": { + "inputs": { + "flake-compat": "flake-compat_20", + "gitignore": "gitignore_16", "nixpkgs": [ "swarsel", "swarsel", @@ -11491,10 +12135,10 @@ "type": "github" } }, - "pre-commit-hooks_11": { + "pre-commit-hooks_12": { "inputs": { - "flake-compat": "flake-compat_20", - "gitignore": "gitignore_17", + "flake-compat": "flake-compat_23", + "gitignore": "gitignore_18", "nixpkgs": [ "swarsel", "swarsel", @@ -11528,10 +12172,10 @@ "type": "github" } }, - "pre-commit-hooks_12": { + "pre-commit-hooks_13": { "inputs": { - "flake-compat": "flake-compat_21", - "gitignore": "gitignore_18", + "flake-compat": "flake-compat_24", + "gitignore": "gitignore_19", "nixpkgs": [ "swarsel", "swarsel", @@ -11555,10 +12199,10 @@ "type": "github" } }, - "pre-commit-hooks_13": { + "pre-commit-hooks_14": { "inputs": { - "flake-compat": "flake-compat_24", - "gitignore": "gitignore_20", + "flake-compat": "flake-compat_27", + "gitignore": "gitignore_21", "nixpkgs": [ "swarsel", "swarsel", @@ -11594,10 +12238,10 @@ "type": "github" } }, - "pre-commit-hooks_14": { + "pre-commit-hooks_15": { "inputs": { - "flake-compat": "flake-compat_25", - "gitignore": "gitignore_21", + "flake-compat": "flake-compat_28", + "gitignore": "gitignore_22", "nixpkgs": [ "swarsel", "swarsel", @@ -11622,10 +12266,10 @@ "type": "github" } }, - "pre-commit-hooks_15": { + "pre-commit-hooks_16": { "inputs": { - "flake-compat": "flake-compat_28", - "gitignore": "gitignore_23", + "flake-compat": "flake-compat_31", + "gitignore": "gitignore_24", "nixpkgs": [ "swarsel", "swarsel", @@ -11663,10 +12307,10 @@ "type": "github" } }, - "pre-commit-hooks_16": { + "pre-commit-hooks_17": { "inputs": { - "flake-compat": "flake-compat_29", - "gitignore": "gitignore_24", + "flake-compat": "flake-compat_32", + "gitignore": "gitignore_25", "nixpkgs": [ "swarsel", "swarsel", @@ -11694,8 +12338,31 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_5", "gitignore": "gitignore_3", + "nixpkgs": [ + "nixos-extra-modules", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_3": { + "inputs": { + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ] @@ -11714,10 +12381,10 @@ "type": "github" } }, - "pre-commit-hooks_3": { + "pre-commit-hooks_4": { "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_5", + "flake-compat": "flake-compat_8", + "gitignore": "gitignore_6", "nixpkgs": [ "swarsel", "nix-topology", @@ -11743,10 +12410,10 @@ "type": "github" } }, - "pre-commit-hooks_4": { + "pre-commit-hooks_5": { "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_6", + "flake-compat": "flake-compat_9", + "gitignore": "gitignore_7", "nixpkgs": [ "swarsel", "nixpkgs" @@ -11766,10 +12433,10 @@ "type": "github" } }, - "pre-commit-hooks_5": { + "pre-commit-hooks_6": { "inputs": { - "flake-compat": "flake-compat_8", - "gitignore": "gitignore_8", + "flake-compat": "flake-compat_11", + "gitignore": "gitignore_9", "nixpkgs": [ "swarsel", "swarsel", @@ -11797,10 +12464,10 @@ "type": "github" } }, - "pre-commit-hooks_6": { + "pre-commit-hooks_7": { "inputs": { - "flake-compat": "flake-compat_9", - "gitignore": "gitignore_9", + "flake-compat": "flake-compat_12", + "gitignore": "gitignore_10", "nixpkgs": [ "swarsel", "swarsel", @@ -11821,10 +12488,10 @@ "type": "github" } }, - "pre-commit-hooks_7": { + "pre-commit-hooks_8": { "inputs": { - "flake-compat": "flake-compat_12", - "gitignore": "gitignore_11", + "flake-compat": "flake-compat_15", + "gitignore": "gitignore_12", "nixpkgs": [ "swarsel", "swarsel", @@ -11854,10 +12521,10 @@ "type": "github" } }, - "pre-commit-hooks_8": { + "pre-commit-hooks_9": { "inputs": { - "flake-compat": "flake-compat_13", - "gitignore": "gitignore_12", + "flake-compat": "flake-compat_16", + "gitignore": "gitignore_13", "nixpkgs": [ "swarsel", "swarsel", @@ -11879,41 +12546,6 @@ "type": "github" } }, - "pre-commit-hooks_9": { - "inputs": { - "flake-compat": "flake-compat_16", - "gitignore": "gitignore_14", - "nixpkgs": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nix-topology", - "nixpkgs" - ], - "nixpkgs-stable": [ - "swarsel", - "swarsel", - "swarsel", - "swarsel", - "nix-topology", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730797577, - "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "devshell": "devshell", @@ -11930,9 +12562,10 @@ "nix-on-droid": "nix-on-droid", "nix-topology": "nix-topology", "nixgl": "nixgl", + "nixos-extra-modules": "nixos-extra-modules", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", "nixpkgs-stable": "nixpkgs-stable_3", @@ -11941,7 +12574,7 @@ "nixpkgs-stable25_05": "nixpkgs-stable25_05", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks_2", + "pre-commit-hooks": "pre-commit-hooks_3", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix", @@ -11953,6 +12586,23 @@ "zjstatus": "zjstatus_8" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1677221702, + "narHash": "sha256-1M+58rC4eTCWNmmX0hQVZP20t3tfYNunl9D/PrGUyGE=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "f5401f620699b26ed9d47a1d2e838143a18dbe3b", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -11983,6 +12633,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "zjstatus", "nixpkgs" ] @@ -12009,6 +12660,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "zjstatus", "nixpkgs" ] @@ -12034,16 +12686,17 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "zjstatus", "nixpkgs" ] }, "locked": { - "lastModified": 1754880555, - "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "lastModified": 1750905536, + "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", "type": "github" }, "original": { @@ -12058,6 +12711,7 @@ "swarsel", "swarsel", "swarsel", + "swarsel", "zjstatus", "nixpkgs" ] @@ -12079,6 +12733,7 @@ "rust-overlay_14": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "swarsel", "zjstatus", @@ -12102,6 +12757,7 @@ "rust-overlay_15": { "inputs": { "nixpkgs": [ + "swarsel", "swarsel", "zjstatus", "nixpkgs" @@ -12122,6 +12778,28 @@ } }, "rust-overlay_16": { + "inputs": { + "nixpkgs": [ + "swarsel", + "zjstatus", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_17": { "inputs": { "nixpkgs": [ "zjstatus", @@ -12144,18 +12822,29 @@ }, "rust-overlay_2": { "inputs": { + "flake-utils": [ + "nixos-extra-modules", + "nixt", + "std", + "paisano-mdbook-preprocessor", + "crane", + "flake-utils" + ], "nixpkgs": [ - "swarsel", - "lanzaboote", + "nixos-extra-modules", + "nixt", + "std", + "paisano-mdbook-preprocessor", + "crane", "nixpkgs" ] }, "locked": { - "lastModified": 1754189623, - "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", + "lastModified": 1675391458, + "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", + "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", "type": "github" }, "original": { @@ -12167,7 +12856,6 @@ "rust-overlay_3": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "lanzaboote", "nixpkgs" @@ -12190,7 +12878,6 @@ "rust-overlay_4": { "inputs": { "nixpkgs": [ - "swarsel", "swarsel", "swarsel", "lanzaboote", @@ -12217,7 +12904,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "lanzaboote", "nixpkgs" ] @@ -12243,7 +12929,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "lanzaboote", "nixpkgs" ] @@ -12270,17 +12955,16 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1751165203, - "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", + "lastModified": 1754189623, + "narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", + "rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", "type": "github" }, "original": { @@ -12298,7 +12982,6 @@ "swarsel", "swarsel", "swarsel", - "swarsel", "lanzaboote", "nixpkgs" ] @@ -12327,16 +13010,16 @@ "swarsel", "swarsel", "swarsel", - "zjstatus", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1750905536, - "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", + "lastModified": 1751165203, + "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", + "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", "type": "github" }, "original": { @@ -12475,7 +13158,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1760998189, @@ -12493,7 +13176,7 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_15" + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1760393368, @@ -12511,7 +13194,7 @@ }, "sops-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1759635238, @@ -12529,7 +13212,7 @@ }, "sops-nix_4": { "inputs": { - "nixpkgs": "nixpkgs_31" + "nixpkgs": "nixpkgs_32" }, "locked": { "lastModified": 1758425756, @@ -12547,7 +13230,7 @@ }, "sops-nix_5": { "inputs": { - "nixpkgs": "nixpkgs_39" + "nixpkgs": "nixpkgs_40" }, "locked": { "lastModified": 1757847158, @@ -12565,7 +13248,7 @@ }, "sops-nix_6": { "inputs": { - "nixpkgs": "nixpkgs_47" + "nixpkgs": "nixpkgs_48" }, "locked": { "lastModified": 1754328224, @@ -12583,7 +13266,7 @@ }, "sops-nix_7": { "inputs": { - "nixpkgs": "nixpkgs_55" + "nixpkgs": "nixpkgs_56" }, "locked": { "lastModified": 1751606940, @@ -12601,7 +13284,7 @@ }, "sops-nix_8": { "inputs": { - "nixpkgs": "nixpkgs_63" + "nixpkgs": "nixpkgs_64" }, "locked": { "lastModified": 1751606940, @@ -12806,6 +13489,84 @@ "type": "github" } }, + "std": { + "inputs": { + "arion": [ + "nixos-extra-modules", + "nixt", + "std", + "blank" + ], + "blank": "blank", + "devshell": "devshell_4", + "dmerge": "dmerge", + "flake-utils": "flake-utils_4", + "incl": "incl", + "makes": [ + "nixos-extra-modules", + "nixt", + "std", + "blank" + ], + "microvm": [ + "nixos-extra-modules", + "nixt", + "std", + "blank" + ], + "n2c": "n2c", + "nixago": "nixago", + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "nixpkgs" + ], + "paisano": "paisano", + "paisano-mdbook-preprocessor": "paisano-mdbook-preprocessor", + "paisano-tui": "paisano-tui", + "yants": "yants" + }, + "locked": { + "lastModified": 1684180498, + "narHash": "sha256-kA58ms4yunOVPhe3r7V0IIKeWUV+vl4r2GTcfFfYW5o=", + "owner": "divnix", + "repo": "std", + "rev": "45b431ae09df98e046bcc8271aa209bdfc87444d", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "std", + "type": "github" + } + }, + "std-data-collection": { + "inputs": { + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "nixpkgs" + ], + "std": [ + "nixos-extra-modules", + "nixt", + "std" + ] + }, + "locked": { + "lastModified": 1676163535, + "narHash": "sha256-xofkWLBqU4zj5vzJhWor2Z9CyPGKt7UGkTchsCT48Po=", + "owner": "divnix", + "repo": "std-data-collection", + "rev": "f713d81a6197e1b0854fb201cc7acde5ef9e93d4", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "std-data-collection", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -12813,9 +13574,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nur": "nur_2", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -12845,9 +13606,9 @@ "base16-helix": "base16-helix_2", "base16-vim": "base16-vim_2", "firefox-gnome-theme": "firefox-gnome-theme_2", - "flake-parts": "flake-parts_10", + "flake-parts": "flake-parts_11", "gnome-shell": "gnome-shell_2", - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "nur": "nur_4", "systems": "systems_10", "tinted-foot": "tinted-foot_2", @@ -12877,9 +13638,9 @@ "base16-helix": "base16-helix_3", "base16-vim": "base16-vim_3", "firefox-gnome-theme": "firefox-gnome-theme_3", - "flake-parts": "flake-parts_15", + "flake-parts": "flake-parts_16", "gnome-shell": "gnome-shell_3", - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_25", "nur": "nur_6", "systems": "systems_15", "tinted-foot": "tinted-foot_3", @@ -12909,9 +13670,9 @@ "base16-helix": "base16-helix_4", "base16-vim": "base16-vim_4", "firefox-gnome-theme": "firefox-gnome-theme_4", - "flake-parts": "flake-parts_20", + "flake-parts": "flake-parts_21", "gnome-shell": "gnome-shell_4", - "nixpkgs": "nixpkgs_32", + "nixpkgs": "nixpkgs_33", "nur": "nur_8", "systems": "systems_19", "tinted-foot": "tinted-foot_4", @@ -12941,9 +13702,9 @@ "base16-helix": "base16-helix_5", "base16-vim": "base16-vim_5", "firefox-gnome-theme": "firefox-gnome-theme_5", - "flake-parts": "flake-parts_25", + "flake-parts": "flake-parts_26", "gnome-shell": "gnome-shell_5", - "nixpkgs": "nixpkgs_40", + "nixpkgs": "nixpkgs_41", "nur": "nur_10", "systems": "systems_23", "tinted-foot": "tinted-foot_5", @@ -12973,9 +13734,9 @@ "base16-helix": "base16-helix_6", "base16-vim": "base16-vim_6", "firefox-gnome-theme": "firefox-gnome-theme_6", - "flake-parts": "flake-parts_30", + "flake-parts": "flake-parts_31", "gnome-shell": "gnome-shell_6", - "nixpkgs": "nixpkgs_48", + "nixpkgs": "nixpkgs_49", "nur": "nur_12", "systems": "systems_27", "tinted-foot": "tinted-foot_6", @@ -13005,9 +13766,9 @@ "base16-helix": "base16-helix_7", "base16-vim": "base16-vim_7", "firefox-gnome-theme": "firefox-gnome-theme_7", - "flake-parts": "flake-parts_35", + "flake-parts": "flake-parts_36", "gnome-shell": "gnome-shell_7", - "nixpkgs": "nixpkgs_56", + "nixpkgs": "nixpkgs_57", "nur": "nur_14", "systems": "systems_30", "tinted-foot": "tinted-foot_7", @@ -13037,9 +13798,9 @@ "base16-helix": "base16-helix_8", "base16-vim": "base16-vim_8", "firefox-gnome-theme": "firefox-gnome-theme_8", - "flake-parts": "flake-parts_40", + "flake-parts": "flake-parts_41", "gnome-shell": "gnome-shell_8", - "nixpkgs": "nixpkgs_64", + "nixpkgs": "nixpkgs_65", "nur": "nur_16", "systems": "systems_33", "tinted-foot": "tinted-foot_8", @@ -13064,10 +13825,10 @@ }, "swarsel": { "inputs": { - "devshell": "devshell_3", + "devshell": "devshell_5", "disko": "disko_2", "emacs-overlay": "emacs-overlay_2", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "home-manager": "home-manager_3", "impermanence": "impermanence_2", "lanzaboote": "lanzaboote_2", @@ -13080,7 +13841,7 @@ "nixgl": "nixgl_2", "nixos-generators": "nixos-generators_2", "nixos-hardware": "nixos-hardware_2", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "nixpkgs-dev": "nixpkgs-dev_2", "nixpkgs-kernel": "nixpkgs-kernel_2", "nixpkgs-stable": "nixpkgs-stable_6", @@ -13088,7 +13849,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_2", "nswitch-rcm-nix": "nswitch-rcm-nix_2", "nur": "nur_3", - "pre-commit-hooks": "pre-commit-hooks_4", + "pre-commit-hooks": "pre-commit-hooks_5", "sops-nix": "sops-nix_2", "spicetify-nix": "spicetify-nix_2", "stylix": "stylix_2", @@ -13115,8 +13876,8 @@ }, "swarsel-modules": { "inputs": { - "flake-parts": "flake-parts_41", - "nixpkgs": "nixpkgs_67", + "flake-parts": "flake-parts_42", + "nixpkgs": "nixpkgs_68", "systems": "systems_40" }, "locked": { @@ -13136,8 +13897,8 @@ }, "swarsel-modules_2": { "inputs": { - "flake-parts": "flake-parts_42", - "nixpkgs": "nixpkgs_69", + "flake-parts": "flake-parts_43", + "nixpkgs": "nixpkgs_70", "systems": "systems_44" }, "locked": { @@ -13157,8 +13918,8 @@ }, "swarsel-modules_3": { "inputs": { - "flake-parts": "flake-parts_43", - "nixpkgs": "nixpkgs_71", + "flake-parts": "flake-parts_44", + "nixpkgs": "nixpkgs_72", "systems": "systems_48" }, "locked": { @@ -13178,8 +13939,8 @@ }, "swarsel-modules_4": { "inputs": { - "flake-parts": "flake-parts_44", - "nixpkgs": "nixpkgs_73", + "flake-parts": "flake-parts_45", + "nixpkgs": "nixpkgs_74", "systems": "systems_52" }, "locked": { @@ -13199,8 +13960,8 @@ }, "swarsel-modules_5": { "inputs": { - "flake-parts": "flake-parts_46", - "nixpkgs": "nixpkgs_76", + "flake-parts": "flake-parts_47", + "nixpkgs": "nixpkgs_77", "systems": "systems_57" }, "locked": { @@ -13220,8 +13981,8 @@ }, "swarsel-modules_6": { "inputs": { - "flake-parts": "flake-parts_48", - "nixpkgs": "nixpkgs_79", + "flake-parts": "flake-parts_49", + "nixpkgs": "nixpkgs_80", "systems": "systems_62" }, "locked": { @@ -13241,8 +14002,8 @@ }, "swarsel-nix": { "inputs": { - "flake-parts": "flake-parts_45", - "nixpkgs": "nixpkgs_74", + "flake-parts": "flake-parts_46", + "nixpkgs": "nixpkgs_75", "systems": "systems_53" }, "locked": { @@ -13262,8 +14023,8 @@ }, "swarsel-nix_2": { "inputs": { - "flake-parts": "flake-parts_47", - "nixpkgs": "nixpkgs_77", + "flake-parts": "flake-parts_48", + "nixpkgs": "nixpkgs_78", "systems": "systems_58" }, "locked": { @@ -13283,8 +14044,8 @@ }, "swarsel-nix_3": { "inputs": { - "flake-parts": "flake-parts_49", - "nixpkgs": "nixpkgs_80", + "flake-parts": "flake-parts_50", + "nixpkgs": "nixpkgs_81", "systems": "systems_63" }, "locked": { @@ -13304,10 +14065,10 @@ }, "swarsel_2": { "inputs": { - "devshell": "devshell_5", + "devshell": "devshell_7", "disko": "disko_3", "emacs-overlay": "emacs-overlay_3", - "flake-parts": "flake-parts_11", + "flake-parts": "flake-parts_12", "home-manager": "home-manager_5", "impermanence": "impermanence_3", "lanzaboote": "lanzaboote_3", @@ -13320,7 +14081,7 @@ "nixgl": "nixgl_3", "nixos-generators": "nixos-generators_3", "nixos-hardware": "nixos-hardware_3", - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_21", "nixpkgs-dev": "nixpkgs-dev_3", "nixpkgs-kernel": "nixpkgs-kernel_3", "nixpkgs-stable": "nixpkgs-stable_9", @@ -13328,7 +14089,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_3", "nswitch-rcm-nix": "nswitch-rcm-nix_3", "nur": "nur_5", - "pre-commit-hooks": "pre-commit-hooks_6", + "pre-commit-hooks": "pre-commit-hooks_7", "sops-nix": "sops-nix_3", "spicetify-nix": "spicetify-nix_3", "stylix": "stylix_3", @@ -13355,10 +14116,10 @@ }, "swarsel_3": { "inputs": { - "devshell": "devshell_7", + "devshell": "devshell_9", "disko": "disko_4", "emacs-overlay": "emacs-overlay_4", - "flake-parts": "flake-parts_16", + "flake-parts": "flake-parts_17", "fw-fanctrl": "fw-fanctrl", "home-manager": "home-manager_7", "impermanence": "impermanence_4", @@ -13371,7 +14132,7 @@ "nixgl": "nixgl_4", "nixos-generators": "nixos-generators_4", "nixos-hardware": "nixos-hardware_4", - "nixpkgs": "nixpkgs_28", + "nixpkgs": "nixpkgs_29", "nixpkgs-dev": "nixpkgs-dev_4", "nixpkgs-kernel": "nixpkgs-kernel_4", "nixpkgs-stable": "nixpkgs-stable_12", @@ -13379,7 +14140,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_4", "nswitch-rcm-nix": "nswitch-rcm-nix_4", "nur": "nur_7", - "pre-commit-hooks": "pre-commit-hooks_8", + "pre-commit-hooks": "pre-commit-hooks_9", "sops-nix": "sops-nix_4", "spicetify-nix": "spicetify-nix_4", "stylix": "stylix_4", @@ -13405,10 +14166,10 @@ }, "swarsel_4": { "inputs": { - "devshell": "devshell_9", + "devshell": "devshell_11", "disko": "disko_5", "emacs-overlay": "emacs-overlay_5", - "flake-parts": "flake-parts_21", + "flake-parts": "flake-parts_22", "fw-fanctrl": "fw-fanctrl_2", "home-manager": "home-manager_9", "impermanence": "impermanence_5", @@ -13421,7 +14182,7 @@ "nixgl": "nixgl_5", "nixos-generators": "nixos-generators_5", "nixos-hardware": "nixos-hardware_5", - "nixpkgs": "nixpkgs_36", + "nixpkgs": "nixpkgs_37", "nixpkgs-dev": "nixpkgs-dev_5", "nixpkgs-kernel": "nixpkgs-kernel_5", "nixpkgs-stable": "nixpkgs-stable_15", @@ -13429,7 +14190,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_5", "nswitch-rcm-nix": "nswitch-rcm-nix_5", "nur": "nur_9", - "pre-commit-hooks": "pre-commit-hooks_10", + "pre-commit-hooks": "pre-commit-hooks_11", "sops-nix": "sops-nix_5", "spicetify-nix": "spicetify-nix_5", "stylix": "stylix_5", @@ -13455,10 +14216,10 @@ }, "swarsel_5": { "inputs": { - "devshell": "devshell_11", + "devshell": "devshell_13", "disko": "disko_6", "emacs-overlay": "emacs-overlay_6", - "flake-parts": "flake-parts_26", + "flake-parts": "flake-parts_27", "fw-fanctrl": "fw-fanctrl_3", "home-manager": "home-manager_11", "impermanence": "impermanence_6", @@ -13471,7 +14232,7 @@ "nixgl": "nixgl_6", "nixos-generators": "nixos-generators_6", "nixos-hardware": "nixos-hardware_6", - "nixpkgs": "nixpkgs_44", + "nixpkgs": "nixpkgs_45", "nixpkgs-dev": "nixpkgs-dev_6", "nixpkgs-kernel": "nixpkgs-kernel_6", "nixpkgs-stable": "nixpkgs-stable_18", @@ -13479,7 +14240,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_6", "nswitch-rcm-nix": "nswitch-rcm-nix_6", "nur": "nur_11", - "pre-commit-hooks": "pre-commit-hooks_12", + "pre-commit-hooks": "pre-commit-hooks_13", "sops-nix": "sops-nix_6", "spicetify-nix": "spicetify-nix_6", "stylix": "stylix_6", @@ -13505,10 +14266,10 @@ }, "swarsel_6": { "inputs": { - "devshell": "devshell_13", + "devshell": "devshell_15", "disko": "disko_7", "emacs-overlay": "emacs-overlay_7", - "flake-parts": "flake-parts_31", + "flake-parts": "flake-parts_32", "fw-fanctrl": "fw-fanctrl_4", "home-manager": "home-manager_13", "impermanence": "impermanence_7", @@ -13520,7 +14281,7 @@ "nixgl": "nixgl_7", "nixos-generators": "nixos-generators_7", "nixos-hardware": "nixos-hardware_7", - "nixpkgs": "nixpkgs_52", + "nixpkgs": "nixpkgs_53", "nixpkgs-dev": "nixpkgs-dev_7", "nixpkgs-kernel": "nixpkgs-kernel_7", "nixpkgs-stable": "nixpkgs-stable_20", @@ -13528,7 +14289,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_7", "nswitch-rcm-nix": "nswitch-rcm-nix_7", "nur": "nur_13", - "pre-commit-hooks": "pre-commit-hooks_14", + "pre-commit-hooks": "pre-commit-hooks_15", "sops-nix": "sops-nix_7", "stylix": "stylix_7", "swarsel": "swarsel_7", @@ -13552,10 +14313,10 @@ }, "swarsel_7": { "inputs": { - "devshell": "devshell_15", + "devshell": "devshell_17", "disko": "disko_8", "emacs-overlay": "emacs-overlay_8", - "flake-parts": "flake-parts_36", + "flake-parts": "flake-parts_37", "fw-fanctrl": "fw-fanctrl_5", "home-manager": "home-manager_15", "impermanence": "impermanence_8", @@ -13567,7 +14328,7 @@ "nixgl": "nixgl_8", "nixos-generators": "nixos-generators_8", "nixos-hardware": "nixos-hardware_8", - "nixpkgs": "nixpkgs_60", + "nixpkgs": "nixpkgs_61", "nixpkgs-dev": "nixpkgs-dev_8", "nixpkgs-kernel": "nixpkgs-kernel_8", "nixpkgs-stable": "nixpkgs-stable_22", @@ -13575,7 +14336,7 @@ "nixpkgs-stable24_11": "nixpkgs-stable24_11_8", "nswitch-rcm-nix": "nswitch-rcm-nix_8", "nur": "nur_15", - "pre-commit-hooks": "pre-commit-hooks_16", + "pre-commit-hooks": "pre-commit-hooks_17", "sops-nix": "sops-nix_8", "stylix": "stylix_8", "systems": "systems_34", @@ -15693,31 +16454,33 @@ "type": "github" } }, - "zjstatus": { + "yants": { "inputs": { - "crane": "crane_9", - "flake-utils": "flake-utils_20", - "nixpkgs": "nixpkgs_65", - "rust-overlay": "rust-overlay_9" + "nixpkgs": [ + "nixos-extra-modules", + "nixt", + "std", + "nixpkgs" + ] }, "locked": { - "lastModified": 1750957292, - "narHash": "sha256-2CYTG+jxP5e7GHAj1t5aMsgb0Rom4jdOb3rsdLKpVNA=", - "owner": "dj95", - "repo": "zjstatus", - "rev": "abd848f23eff00d21ec09278072111d97dfd7fe6", + "lastModified": 1667096281, + "narHash": "sha256-wRRec6ze0gJHmGn6m57/zhz/Kdvp9HS4Nl5fkQ+uIuA=", + "owner": "divnix", + "repo": "yants", + "rev": "d18f356ec25cb94dc9c275870c3a7927a10f8c3c", "type": "github" }, "original": { - "owner": "dj95", - "repo": "zjstatus", + "owner": "divnix", + "repo": "yants", "type": "github" } }, - "zjstatus_2": { + "zjstatus": { "inputs": { "crane": "crane_10", - "flake-utils": "flake-utils_21", + "flake-utils": "flake-utils_22", "nixpkgs": "nixpkgs_66", "rust-overlay": "rust-overlay_10" }, @@ -15735,13 +16498,34 @@ "type": "github" } }, - "zjstatus_3": { + "zjstatus_2": { "inputs": { "crane": "crane_11", - "flake-utils": "flake-utils_22", - "nixpkgs": "nixpkgs_68", + "flake-utils": "flake-utils_23", + "nixpkgs": "nixpkgs_67", "rust-overlay": "rust-overlay_11" }, + "locked": { + "lastModified": 1750957292, + "narHash": "sha256-2CYTG+jxP5e7GHAj1t5aMsgb0Rom4jdOb3rsdLKpVNA=", + "owner": "dj95", + "repo": "zjstatus", + "rev": "abd848f23eff00d21ec09278072111d97dfd7fe6", + "type": "github" + }, + "original": { + "owner": "dj95", + "repo": "zjstatus", + "type": "github" + } + }, + "zjstatus_3": { + "inputs": { + "crane": "crane_12", + "flake-utils": "flake-utils_24", + "nixpkgs": "nixpkgs_69", + "rust-overlay": "rust-overlay_12" + }, "locked": { "lastModified": 1753722377, "narHash": "sha256-L9CujCLS4PmpEhGKqezD4DognRNcYDz/oAL7T8jqCxk=", @@ -15758,10 +16542,10 @@ }, "zjstatus_4": { "inputs": { - "crane": "crane_12", - "flake-utils": "flake-utils_23", - "nixpkgs": "nixpkgs_70", - "rust-overlay": "rust-overlay_12" + "crane": "crane_13", + "flake-utils": "flake-utils_25", + "nixpkgs": "nixpkgs_71", + "rust-overlay": "rust-overlay_13" }, "locked": { "lastModified": 1757256304, @@ -15779,10 +16563,10 @@ }, "zjstatus_5": { "inputs": { - "crane": "crane_13", - "flake-utils": "flake-utils_24", - "nixpkgs": "nixpkgs_72", - "rust-overlay": "rust-overlay_13" + "crane": "crane_14", + "flake-utils": "flake-utils_26", + "nixpkgs": "nixpkgs_73", + "rust-overlay": "rust-overlay_14" }, "locked": { "lastModified": 1757256304, @@ -15800,10 +16584,10 @@ }, "zjstatus_6": { "inputs": { - "crane": "crane_14", - "flake-utils": "flake-utils_25", - "nixpkgs": "nixpkgs_75", - "rust-overlay": "rust-overlay_14" + "crane": "crane_15", + "flake-utils": "flake-utils_27", + "nixpkgs": "nixpkgs_76", + "rust-overlay": "rust-overlay_15" }, "locked": { "lastModified": 1757256304, @@ -15821,10 +16605,10 @@ }, "zjstatus_7": { "inputs": { - "crane": "crane_15", - "flake-utils": "flake-utils_26", - "nixpkgs": "nixpkgs_78", - "rust-overlay": "rust-overlay_15" + "crane": "crane_16", + "flake-utils": "flake-utils_28", + "nixpkgs": "nixpkgs_79", + "rust-overlay": "rust-overlay_16" }, "locked": { "lastModified": 1757256304, @@ -15842,10 +16626,10 @@ }, "zjstatus_8": { "inputs": { - "crane": "crane_16", - "flake-utils": "flake-utils_27", - "nixpkgs": "nixpkgs_81", - "rust-overlay": "rust-overlay_16" + "crane": "crane_17", + "flake-utils": "flake-utils_29", + "nixpkgs": "nixpkgs_82", + "rust-overlay": "rust-overlay_17" }, "locked": { "lastModified": 1761162625, diff --git a/flake.nix b/flake.nix index 543216f..065ad8b 100644 --- a/flake.nix +++ b/flake.nix @@ -94,6 +94,10 @@ url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-extra-modules = { + url = "github:oddlama/nixos-extra-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/home/treehouse/default.nix b/hosts/home/treehouse/default.nix index ca98ce1..459976e 100644 --- a/hosts/home/treehouse/default.nix +++ b/hosts/home/treehouse/default.nix @@ -1,4 +1,4 @@ -{ self, outputs, ... }: +{ self, ... }: { imports = [ @@ -8,12 +8,6 @@ "${self}/modules/nixos/common/meta.nix" ]; - nixpkgs = { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; services.xcape = { enable = true; diff --git a/hosts/nixos/summers/default.nix b/hosts/nixos/summers/default.nix new file mode 100644 index 0000000..43c4b49 --- /dev/null +++ b/hosts/nixos/summers/default.nix @@ -0,0 +1,108 @@ +{ inputs, lib, config, configName, minimal, nodes, globals, ... }: +{ + + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + + # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + + networking = { + inherit (config.repo.secrets.local) hostId; + hostName = configName; + firewall.enable = true; + enableIPv6 = true; + }; + + swarselsystems = { + info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; + flakePath = "/root/.dotfiles"; + isImpermanence = true; + isSecureBoot = true; + isCrypted = true; + isBtrfs = true; + isLinux = true; + isNixos = true; + withMicroVMs = false; + }; + +} // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = true; + }; + + swarselmodules = { + optional = { + microvmHost = true; + }; + server = { + nfs = false; + nginx = false; + kavita = false; + restic = false; + jellyfin = false; + navidrome = false; + spotifyd = false; + mpd = false; + postgresql = false; + matrix = false; + nextcloud = false; + immich = false; + paperless = false; + transmission = false; + syncthing = false; + grafana = false; + emacs = false; + freshrss = false; + jenkins = false; + kanidm = false; + firefly-iii = false; + koillection = false; + radicale = false; + atuin = false; + forgejo = false; + ankisync = false; + homebox = false; + opkssh = false; + garage = false; + }; + }; + + microvm.vms = + let + mkMicrovm = guestName: { + ${guestName} = { + backend = "microvm"; + autostart = true; + modules = [ + ./guests/${guestName}.nix + { + node.secretsDir = ./secrets/${guestName}; + } + ]; + microvm = { + system = "x86_64-linux"; + # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac; + # interfaces.vlan-services = { }; + }; + specialArgs = { + inherit (config) nodes globals; + inherit lib; + inherit inputs minimal; + }; + }; + }; + in + lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) ( + { } + // mkMicrovm "guest1" + ); + +} diff --git a/hosts/nixos/summers/disk-config.nix b/hosts/nixos/summers/disk-config.nix new file mode 100644 index 0000000..a4b5089 --- /dev/null +++ b/hosts/nixos/summers/disk-config.nix @@ -0,0 +1,118 @@ +{ lib, config, ... }: +let + type = "btrfs"; + extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; + }; + "/home" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/home"; + mountOptions = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; + }; + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + }; + "/log" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/var/log"; + mountOptions = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + "/swap" = lib.mkIf config.swarselsystems.isSwap { + mountpoint = "/.swapvol"; + swap.swapfile.size = config.swarselsystems.swapSize; + }; + }; +in +{ + disko.devices = { + disk = { + disk0 = { + type = "disk"; + device = config.swarselsystems.rootDisk; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + root = lib.mkIf (!config.swarselsystems.isCrypted) { + size = "100%"; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + luks = lib.mkIf config.swarselsystems.isCrypted { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh + settings = { + allowDiscards = true; + # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; +} diff --git a/hosts/nixos/summers/guests/guest1/default.nix b/hosts/nixos/summers/guests/guest1/default.nix new file mode 100644 index 0000000..a08c95c --- /dev/null +++ b/hosts/nixos/summers/guests/guest1/default.nix @@ -0,0 +1,25 @@ +{ lib, minimal, ... }: +{ + + swarselsystems = { + info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; + }; + +} // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = false; + }; + + swarselmodules = { + optional = { + microvmGuest = false; + }; + }; + + microvm = { + mem = 1024 * 4; + vcpu = 2; + }; + +} diff --git a/hosts/nixos/summers/hardware-configuration.nix b/hosts/nixos/summers/hardware-configuration.nix new file mode 100644 index 0000000..bef7987 --- /dev/null +++ b/hosts/nixos/summers/hardware-configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + zfs.extraPools = [ "Vault" ]; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/nixos/summers/secrets/guest1/pii.nix.enc b/hosts/nixos/summers/secrets/guest1/pii.nix.enc new file mode 100644 index 0000000..8605563 --- /dev/null +++ b/hosts/nixos/summers/secrets/guest1/pii.nix.enc @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:pGWiWA==,iv:sVpYJiphhvVPEo2MUMnpjlJmvf58/UJTTVVdU9dpqzM=,tag:2AsQRCyN9Pc/hnqviCo43g==,type:str]", + "sops": { + "lastmodified": "2025-11-06T12:11:19Z", + "mac": "ENC[AES256_GCM,data:NBAgy3MNd+p8Ih6v/JuxuMWgh0k9xj5Trg7mggBE/LrxfCZg+BpbhYcmAw/FW9Du5gq3Pcynnql3dqwKlzHEtkEOcI1MJSnBSWexgLxwEtRwbTJVOqEkCxby6dcQ4HWD1ZZnwa9Q7Cg1vcPD/yZuzVUH15mFHic7s5M5Xzdfu/w=,iv:tv8CFuXJ0iqh/Vho7vSoOpfhcGfCElMLWNvjxoE3fMg=,tag:pGP3CjKFFm0UuVgSCnn4RA==,type:str]", + "pgp": [ + { + "created_at": "2025-11-06T12:11:04Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwZd6dmNcZqOWY7Ro6DXCRAD2LJuzR0AA26cRRzPgTPcw\nOwvV+Nh3hBWcZb5qkjKysZKGlIxzs4f02dKI172vUyIWQ6P5skygOOOpbr9g5171\nY0XTrmemesSKNfoUhsMFMCbFUc4HUxkUK7zadLk1AiBUqZMIFtx/riFMUBS2qTpR\nuLWiebt1Dw+rwcR8rBNxXPbeclm7322YOQDLUk4sHfi0vTvn+3sfGkbJ+OcJckoD\ndjVhWFqGUAbbELoR8yHpb+Ps6RYjKRNFNros9Yx9zQ18512gxOpRSzm0MTkKFyrz\n1UYVcv4Oz4W/e4nh1z2/re5X3l/HFUzwBG6AUTrYVuRo580kkZvWYFxHT6R+goVC\n5dhkqZpowrGpDIE/C7hKLenFIcOl1Nw5wgJ4Y9EmfZzorUnjJqT1Et2b2GU0hxvY\nKny+fiDeCfNdLzJejSNNg1/whoVmHbw3Q2aBJP0NL3nmNvaykO8RSA8WmzvQa+MA\nXweflh5G9lXOdH2vwb6EelOXpxlTjI7K/43Nbw/SXf/e1FKYK5l6TscyGEcHpFux\ns4ufYkCqTgxdKZjKwh0vqbdmbPUOCe/jqBOz6s/L/sR1/+8c2iIs0JVZd1VJSvDu\nIdfDfQh4wmso8L0qpjWimmkf0Y9itLWZo/oyioIqjVQ9+Daj2mvMkbKcSa486b2F\nAgwDC9FRLmchgYQBD/9lVmkHkPz5pbJV5U0nL3h/xx0JSyt6YYtLDacW8fw135GT\nojHijHvJAd1MqbNv391LcsZ1jtnUawNf6GAkr649lRuEH/WhNitXq20Z/06v5lwt\nGDhPMMf5uh+Uwgjxbeg/PFeTKILS2VX0tjJ8yeos2jNMOrmmwIg74V6mJk03E85K\nId06e2qNjzWlESyWOCFkfLQfSOTajQWmGyil8vNglmjuZdzLSE8eL6nA0hePnfJW\nOwewWcXEzHeeJsaevKFBBDpimAqi3XbKasQbZNSSFlkmw0vzAWKw5mzcdTMseae1\nLafjem7uw2epr4HIhwCZ47pCFrKcbweZMuUY557SomIGmv93OvglnZC40AYkJuNU\nIAVwNc8W/pd+jyiHh6tMlXfQ5/n25AcylDcacxxalNcKI0emNC90TsFc6wDpLh5D\n+R6kJ7GK8tI5BwIwtGIQmFsRREKE1x+IYATtKwQskb0Rng/D6eqNEvs8pjD1nGO3\nfNTG9G8PgC07TXSKGcNGytZy/GNSW9mnFgDgoiqh29bgfoJfSTWWvwZlzFXdWm0c\nzOiV5JSDRLewaqzhsQ/etms7qJIccRD7WcvM82x7UF0VYGd92EVsZxsq2aSVlMob\nCsxNXxij3qqNHdFgUuYYDzFym3/zmmi2wltPOZl7qYMhZI9P6wCsvDpxlFv16tJc\nAaBkBf1oOnjDvJm5i62KCEcRUmphKOB6Odr9/VHkAtgjPdWCOyge7ktbcwgsPw8L\ndemiSrNAglDX9RnPST5ggShZWn1Ik2mFfocCapvGBi5Hj9I/4xG/oIKREYc=\n=Ty0h\n-----END PGP MESSAGE-----", + "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" + } + ], + "version": "3.11.0" + } +} diff --git a/hosts/nixos/summers/secrets/pii.nix.enc b/hosts/nixos/summers/secrets/pii.nix.enc new file mode 100644 index 0000000..dae95ff --- /dev/null +++ b/hosts/nixos/summers/secrets/pii.nix.enc @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:XTHUIhn7yVn2/EvZBSg1v+EU154Kj0hgvHbUdpnc2W4U+0UNBlqxRvVxw8XFm8uo1en2hXoS,iv:XeEzWY0UB/QqbxoIQJEOkWlaU5nyETl0Aki7iyRq/Y8=,tag:rcNiCc5a6+wLYAzX1pMxxQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET1RmRTM5OUxJMGNyWUZK\nMXFqUWF2ZHhOZ1pxa0RDbkNzWnVzVFFCbTJrCm1oU25haDl5eFg5T1VzOXByai84\ndTR6TGREVnBHNlV4S254dzh2Z1lvK2sKLS0tIGFLaWJFQ2VwaWtxaURqNDU2ekRQ\na09Hbm4vNnVQaEV1aGtqTTVOUWN2b28KQaoPc/UKaeQ72GdlbtWFdALywHcUkewf\nK5pEz41pzDKOjatypm9X8ZEIEarjOHIZgMpazVM4i1PRUUefSE0phw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-06T11:16:16Z", + "mac": "ENC[AES256_GCM,data:rBE1qTiaLme63i23YL16qmDE6rcKaxwWwzzqgsv4SmKCBJonjiyUc4DyRU8JuCbTx6K9+4VtERJzTLlbXhvjXl27LRQtfbNSBXBIyTgdSz0Fo46lDdVUMFSdPDbU97XAx9P3eu425aspkJYxffOJ2lvqinAVuw9U6oBpot5jVaw=,iv:N3mp0DY80UVGa4Vf4ya+5B/9w8iTihAyg/XgStgtHAo=,tag:tKjnbFm0yFddj759OK5Mdw==,type:str]", + "pgp": [ + { + "created_at": "2025-08-24T23:36:17Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAwf7TLx0TR1HBhh57CyIQLw8ztc9oblKAW/V7bSlQM/wR\nIwQTcTi3azdI9yewDRO30rIr++FEapdGVdpXoqQ8zcl49VjwDux6wzF3bsmR5Goc\nlTkDd0bmz8RBfsK+6efXiRqo3C0yP2ZTOh3PSOvsXKbYS6wY3TvNBdGnAYrfOvEw\nmBFRhn6uakw3zjVUngB1di07DH3y0wEb/r6+Mzoswzg4DqT1SAdDkfS9dpn9h3MW\n3NBesYlOukLrNA5Toi6x/fmE2lrPHt5QxPdvfvKe5ye4myZ/gBn1mdejB6U9nOsk\nRCJFMosjBH7jIpwokTjUT6Vs+zs8yrF+gbP82H4RVfZymMfdZoU/pTfYe1Mwg6Yi\ntlHyiRBgSPBY8Doa2hM8/yvmfHVMqSQf8uXltz2VC7JUGD6P0QbDLpqY3URmHg/q\nwN3zYJLlSIkU6Z7oivTjfg0dR32Z80lCdZDQf+OQsRtCUi169Fgxr7+HhdxJyj49\nFIb6CR0DHW4vsEj1GPAa0Q4uMfCxLiSZfesY8myoCtlVo7oeqx787KicJB5PryHr\nyZweKd7tXO9g8LNJtECTZ81y2/sCfSZPBia6M4oz56pIFK4jhYCY3iPnWIS77axu\n5MmqZNOP06obp87nt1ea51BmXkaYxmSPoQ5R29CeYU+m9q+kKvizncgsCl/O7U6F\nAgwDC9FRLmchgYQBEADJo2kPzrxLHptsr6aoIxfYNrQ7JJM3FAZ7do5YvAbQsl5t\ny45qZ4+qWIEMRXwji2TvgSg8/ylnZfN2+rTHdtNJkDdJ2sX+RDr8pm7L3VS2Zhjf\nIp1SdPd5cm/3QupegzUR+kcPa+gPM4asGSytIkAnnpev/DCnLsrqiejdosTDj9dn\nFtPKJKSUBzJSNRxBSpM9L+cTU1qyMT024D5Qvq6vBOjFI1YV3LSfVXQe7OZxxxVX\naChkGR1v3UjndQ4Yv9hamJJ81lRLeIcVEOpOPxLHJX76AJUqP3fR/+m2Poah8bFF\n+yIdSp2jyWOoU60We72fvlEwxsTLl8Zani+xX2ckkUCe+wsiGJLch4Df1pepxpef\nb95wZ9L0msRdHY8vRQYapde/ju8CUHgywVX7+YH3EF1bJSnUOBmyOA76v9ir09am\n49g+VomkWUuzPJ2VYQXXH6d/qn/sm9Z9yxy7e1eh5m+9cd42b4sMdW6ZCTMAtGJF\nPX0SiOMR6S0hjKVBcfcyNoT/wo7wqEl4mYDpoCy10K0nYRn+ggJnIZEJzBWibMYH\nDWUDyuQIYLjOBAchFatXyMtbc8qDorYelLX7amPRDSiDhhj6Y5nYMJtUSwfTLwkN\nrI0Q4bjE+fgNACCqPoq/BDFZotcr1b664ZUJqgnTBPKZ5OnmW/iFkOfzu4fF9tJe\nAcekEPwsFbugu2bZ0Hs5Rl/Dh9p4L9gceuMiwJ3oYGA5cwXFCeVZLNqSDLy4upVX\nnXRaMzBNGgWo4geDq5JL10Mh7/1d4GGVxdts8RGdI8zUFTPV3GOaPEHeNyIO+g==\n=2UMI\n-----END PGP MESSAGE-----", + "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.11.0" + } +} diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 7b1ba8d..0f690f9 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -1,4 +1,4 @@ -{ self, lib, pkgs, config, ... }: +{ self, outputs, lib, pkgs, config, ... }: let inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; in @@ -22,7 +22,7 @@ in }; in '' - plugin-files = ${nix-plugins}/lib/nix/plugins + plugin-files = ${nix-plugins}/lib/nix/plugins extra-builtins-file = ${self + /nix/extra-builtins.nix} ''; settings = { @@ -47,7 +47,13 @@ in }; }; - nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); + # nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); + nixpkgs = lib.mkIf (!isNixos) { + overlays = [ outputs.overlays.default ]; + config = { + allowUnfree = true; + }; + }; programs = { # home-manager.enable = lib.mkIf (!isNixos) true; @@ -78,7 +84,7 @@ in buildInputs = [ pkgs.makeWrapper ]; paths = [ pkgs.home-manager ]; postBuild = '' - wrapProgram $out/bin/home-manager \ + wrapProgram $out/bin/home-manager \ --append-flags '--flake ${flakePath}#$(hostname)' ''; }) diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 38eea3c..0941d5c 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -1,4 +1,4 @@ -{ self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }: +{ self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }: { options.swarselmodules.home-manager = lib.mkEnableOption "home-manager"; config = lib.mkIf config.swarselmodules.home-manager { @@ -29,7 +29,11 @@ home.stateVersion = lib.mkDefault config.system.stateVersion; } ]; - extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; }; + extraSpecialArgs = { + inherit (inputs) self nixgl; + inherit inputs outputs globals nodes minimal configName; + lib = homeLib; + }; }; }; } diff --git a/modules/nixos/optional/microvm-guest.nix b/modules/nixos/optional/microvm-guest.nix index 2eed2f8..8650fbc 100644 --- a/modules/nixos/optional/microvm-guest.nix +++ b/modules/nixos/optional/microvm-guest.nix @@ -7,58 +7,5 @@ # "${self}/modules/nixos" # ]; config = lib.mkIf config.swarselmodules.optional.microvmGuest - { - # imports = [ - # inputs.microvm.nixosModules.microvm - - # "${self}/profiles/nixos" - # "${self}/modules/nixos" - # ]; - - boot.kernelParams = [ "systemd.hostname=${config.networking.hostName}" ]; - - node.name = config; - documentation.enable = lib.mkForce false; - - microvm = { - guest.enable = lib.mkForce true; - hypervisor = lib.mkDefault "qemu"; - mem = lib.mkDefault 1024 * 4; - vcpu = lib.mkDefault 4; - optimize.enable = false; - writableStoreOverlay = "/nix/.rw-store"; - - # interfaces = flip lib.mapAttrsToList guestCfg.microvm.interfaces ( - # _: { mac, hostLink, ...}: - # { - # type = "macvtap"; - # id = "vm-${replaceStrings [ ":" ] [ "" ] mac}"; - # inherit mac; - # macvtap = { - # link = hostLink; - # mode = "bridge"; - # }; - # } - # ); - shares = - [ - { - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "ro-store"; - proto = "virtiofs"; - } - ]; - }; - # systemd.network.networks = lib.flip lib.concatMapAttrs guestCfg.microvm.interfaces ( - # name: - # { mac, ... }: - # { - # "10-${name}".matchConfig = mkForce { - # MACAddress = mac; - # }; - # } - # ); - - }; + { }; } diff --git a/modules/nixos/optional/microvm-host.nix b/modules/nixos/optional/microvm-host.nix index 73dac40..97a9059 100644 --- a/modules/nixos/optional/microvm-host.nix +++ b/modules/nixos/optional/microvm-host.nix @@ -1,15 +1,16 @@ { lib, config, ... }: { - options.swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; + options = { + swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings"; + }; # imports = [ # inputs.microvm.nixosModules.host # ]; - config = lib.mkIf (config.swarselmodules.optional.microvmHost && config.swarselsystems.withMicroVMs) { + config = lib.mkIf (config.guests != { }) { microvm = { hypervisor = lib.mkDefault "qemu"; }; }; - } diff --git a/nix/hosts.nix b/nix/hosts.nix index 0310acf..945182d 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -3,12 +3,29 @@ flake = { config, ... }: let inherit (self) outputs; - inherit (outputs) lib; + inherit (outputs) lib homeLib; # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); mkNixosHost = { minimal }: configName: - lib.nixosSystem { - specialArgs = { inherit inputs outputs lib self minimal configName; inherit (config) globals nodes; }; + let + sys = "x86_64-linux"; + # lib = config.pkgsPre.${sys}.lib // { + # inherit (inputs.home-manager.lib) hm; + # swarselsystems = self.outputs.swarselsystemsLib; + # }; + + # lib = config.pkgsPre.${sys}.lib // { + # inherit (inputs.home-manager.lib) hm; + # swarselsystems = self.outputs.swarselsystemsLib; + # }; + inherit (config.pkgs.${sys}) lib; + in + inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs self minimal configName; + inherit lib homeLib; + inherit (config) globals nodes; + }; modules = [ inputs.disko.nixosModules.disko inputs.sops-nix.nixosModules.sops @@ -23,6 +40,7 @@ inputs.niri-flake.nixosModules.niri inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm + (inputs.nixos-extra-modules + "/modules/guests") "${self}/hosts/nixos/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" @@ -31,7 +49,7 @@ microvm.guest.enable = lib.mkDefault false; node = { - name = configName; + name = lib.mkForce configName; secretsDir = ../hosts/nixos/${configName}/secrets; }; @@ -53,7 +71,7 @@ mkDarwinHost = { minimal }: configName: inputs.nix-darwin.lib.darwinSystem { specialArgs = { - inherit inputs outputs lib self minimal configName; + inherit inputs lib outputs self minimal configName; inherit (config) globals nodes; }; modules = [ @@ -70,7 +88,7 @@ "${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/globals.nix" { - node.name = configName; + node.name = lib.mkForce configName; node.secretsDir = ../hosts/darwin/${configName}/secrets; } @@ -86,7 +104,7 @@ { inherit pkgs; extraSpecialArgs = { - inherit inputs outputs lib self configName; + inherit inputs lib outputs self configName; inherit (config) globals nodes; minimal = false; }; @@ -121,13 +139,31 @@ minimal = true; }); - # TODO: Build these for all architectures - homeConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.x86_64-linux // mkHalfHostConfigs (lib.swarselsystems.readHosts "home") "home" lib.swarselsystems.pkgsFor.aarch64-linux; - nixOnDroidConfigurations = mkHalfHostConfigs (lib.swarselsystems.readHosts "android") "android" lib.swarselsystems.pkgsFor.aarch64-linux; + homeConfigurations = + let + inherit (lib.swarselsystems) pkgsFor readHosts; + in + mkHalfHostConfigs (readHosts "home") "home" pkgsFor.x86_64-linux + // mkHalfHostConfigs (readHosts "home") "home" pkgsFor.aarch64-linux; + + nixOnDroidConfigurations = + let + inherit (lib.swarselsystems) pkgsFor readHosts; + in + mkHalfHostConfigs (readHosts "android") "android" pkgsFor.aarch64-linux; + + guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations ( + _: node: + lib.flip lib.mapAttrs' (node.config.microvm.vms or { }) ( + guestName: guestDef: + lib.nameValuePair guestDef.nodeName node.config.microvm.vms.${guestName}.config + ) + ); diskoConfigurations.default = import "${self}/files/templates/hosts/nixos/disk-config.nix"; - nodes = config.nixosConfigurations // config.darwinConfigurations; - + nodes = config.nixosConfigurations + // config.darwinConfigurations + // config.guestConfigurations; }; } diff --git a/nix/lib.nix b/nix/lib.nix index c12117e..a7b6194 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -57,5 +57,8 @@ in inherit (inputs.home-manager.lib) hm; inherit swarselsystems; }); + + swarselsystemsLib = swarselsystems; + homeLib = self.outputs.lib; }; } diff --git a/nix/overlays.nix b/nix/overlays.nix index fd98db0..828aba2 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -22,6 +22,11 @@ in # withSystemVencord = true; # }; + lib = prev.lib // { + swarselsystems = self.outputs.swarselsystemsLib; + hm = self.outputs.homeLib; + }; + firefox = prev.firefox.override { nativeMessagingHosts = [ prev.tridactyl-native @@ -72,15 +77,19 @@ in (builtins.attrNames nixpkgsInputs)); in - (additions final prev) - // (modifications final prev) - // (nixpkgs-stable-versions final prev) - // (inputs.niri-flake.overlays.niri final prev) - // (inputs.vbc-nix.overlays.default final prev) - // (inputs.nur.overlays.default final prev) - // (inputs.emacs-overlay.overlay final prev) - // (inputs.nix-topology.overlays.default final prev) - // (inputs.nixgl.overlay final prev); + lib.recursiveUpdate + ( + (additions final prev) + // (nixpkgs-stable-versions final prev) + // (inputs.niri-flake.overlays.niri final prev) + // (inputs.vbc-nix.overlays.default final prev) + // (inputs.nur.overlays.default final prev) + // (inputs.emacs-overlay.overlay final prev) + // (inputs.nix-topology.overlays.default final prev) + // (inputs.nixgl.overlay final prev) + // (inputs.nixos-extra-modules.overlays.default final prev) + ) + (modifications final prev); }; }; } diff --git a/nix/packages.nix b/nix/packages.nix index 9b1bade..233747c 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -1,5 +1,17 @@ -{ self, ... }: +{ self, inputs, ... }: { + imports = [ + ( + { lib, flake-parts-lib, ... }: + flake-parts-lib.mkTransposedPerSystemModule { + name = "pkgs"; + file = ./packages.nix; + option = lib.mkOption { + type = lib.types.unspecified; + }; + } + ) + ]; flake = _: let inherit (self.outputs) lib; @@ -7,4 +19,17 @@ { packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); }; + + perSystem = { pkgs, system, ... }: + { + # see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ + self.overlays.default + ]; + }; + inherit pkgs; + }; } From d187cdf35f25e03646cfb6b5a68ac13ccc7b5c13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 8 Nov 2025 03:46:15 +0100 Subject: [PATCH 04/23] fix[wip]: navidrome jukebox --- SwarselSystems.org | 26 ++++++++++++++++++++++++-- modules/nixos/server/navidrome.nix | 26 ++++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index d5ad46a..0afebc4 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -7100,6 +7100,27 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t globals.services.${serviceName}.domain = serviceDomain; + services.snapserver = { + enable = true; + settings = { + stream = { + port = 1704; + source = "pipe:///tmp/snapfifo?name=default"; + bind_to_address = "0.0.0.0"; + }; + }; + }; + + systemd.services = { + ${serviceName}.serviceConfig = { + PrivateDevices = lib.mkForce false; + PrivateUsers = lib.mkForce false; + RestrictRealtime = lib.mkForce false; + SystemCallFilter = lib.mkForce null; + RootDirectory = lib.mkForce null; + }; + }; + services.${serviceName} = { enable = true; openFirewall = true; @@ -7114,8 +7135,9 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t EnableTranscodingConfig = true; Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; - MPVPath = "${pkgs.mpv}/bin/mpv"; - MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f"; + # MPVPath = ""; + # MPVCommandTemplate = "${pkgs.mpv}/bin/mpv --audio-device=%d --input-ipc-server=%s --no-audio-display --log-file=/tmp/mpv.log --pause %f"; + # MPVCmdTemplate = "${pkgs.mpv}/bin/mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapfifo --log-file=/tmp/mpv.log"; ReverseProxyWhitelist = "0.0.0.0/0"; ReverseProxyUserHeader = "X-User"; Jukebox = { diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index f66fa14..30cb8da 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -41,6 +41,27 @@ in globals.services.${serviceName}.domain = serviceDomain; + services.snapserver = { + enable = true; + settings = { + stream = { + port = 1704; + source = "pipe:///tmp/snapfifo?name=default"; + bind_to_address = "0.0.0.0"; + }; + }; + }; + + systemd.services = { + ${serviceName}.serviceConfig = { + PrivateDevices = lib.mkForce false; + PrivateUsers = lib.mkForce false; + RestrictRealtime = lib.mkForce false; + SystemCallFilter = lib.mkForce null; + RootDirectory = lib.mkForce null; + }; + }; + services.${serviceName} = { enable = true; openFirewall = true; @@ -55,8 +76,9 @@ in EnableTranscodingConfig = true; Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; - MPVPath = "${pkgs.mpv}/bin/mpv"; - MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f"; + # MPVPath = ""; + # MPVCommandTemplate = "${pkgs.mpv}/bin/mpv --audio-device=%d --input-ipc-server=%s --no-audio-display --log-file=/tmp/mpv.log --pause %f"; + # MPVCmdTemplate = "${pkgs.mpv}/bin/mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapfifo --log-file=/tmp/mpv.log"; ReverseProxyWhitelist = "0.0.0.0/0"; ReverseProxyUserHeader = "X-User"; Jukebox = { From c3b8102546f5ce1ec8d490dc276179c3f75cf8e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Sat, 8 Nov 2025 13:49:03 +0100 Subject: [PATCH 05/23] feat: build configurations dynamically for arch --- .github/README.md | 2 +- .sops.yaml | 17 +- SwarselSystems.org | 265 ++++++++++-------- files/scripts/swarsel-bootstrap.sh | 23 +- files/scripts/swarsel-install.sh | 15 +- files/scripts/swarsel-rebuild.sh | 19 +- flake.lock | 6 +- .../{ => aarch64-linux}/magicant/default.nix | 0 .../{ => x86_64-darwin}/machpizza/default.nix | 0 .../machpizza/secrets/pii.nix.enc | 0 .../{ => aarch64-linux}/treehouse/default.nix | 0 .../{ => aarch64-linux}/milkywell/default.nix | 0 .../milkywell/disk-config.nix | 0 .../milkywell/hardware-configuration.nix | 0 .../milkywell/secrets/pii.nix.enc | 0 .../{ => aarch64-linux}/moonside/default.nix | 0 .../moonside/disk-config.nix | 0 .../moonside/hardware-configuration.nix | 0 .../moonside/secrets/pii.nix.enc | 0 .../{ => x86_64-linux}/bakery/default.nix | 0 .../{ => x86_64-linux}/bakery/disk-config.nix | 0 .../bakery/hardware-configuration.nix | 0 .../bakery/secrets/pii.nix.enc | 0 .../{ => x86_64-linux}/hotel/default.nix | 0 .../{ => x86_64-linux}/hotel/disk-config.nix | 0 .../hotel/hardware-configuration.nix | 0 .../{ => x86_64-linux}/hotel/options-home.nix | 0 .../{ => x86_64-linux}/hotel/options.nix | 0 .../{ => x86_64-linux}/pyramid/default.nix | 0 .../pyramid/disk-config.nix | 0 .../pyramid/hardware-configuration.nix | 0 .../pyramid/secrets/pii.nix.enc | 0 .../{ => x86_64-linux}/summers/default.nix | 0 .../summers/disk-config.nix | 0 .../summers/guests/guest1/default.nix | 0 .../summers/hardware-configuration.nix | 0 .../summers/secrets/guest1/pii.nix.enc | 0 .../summers/secrets/pii.nix.enc | 0 .../nixos/{ => x86_64-linux}/toto/default.nix | 0 .../{ => x86_64-linux}/toto/disk-config.nix | 0 .../toto/hardware-configuration.nix | 0 .../{ => x86_64-linux}/winters/default.nix | 0 .../winters/hardware-configuration.nix | 0 .../winters/secrets/pii.nix.enc | 0 nix/hosts.nix | 152 +++++----- 45 files changed, 289 insertions(+), 210 deletions(-) rename hosts/android/{ => aarch64-linux}/magicant/default.nix (100%) rename hosts/darwin/{ => x86_64-darwin}/machpizza/default.nix (100%) rename hosts/darwin/{ => x86_64-darwin}/machpizza/secrets/pii.nix.enc (100%) rename hosts/home/{ => aarch64-linux}/treehouse/default.nix (100%) rename hosts/nixos/{ => aarch64-linux}/milkywell/default.nix (100%) rename hosts/nixos/{ => aarch64-linux}/milkywell/disk-config.nix (100%) rename hosts/nixos/{ => aarch64-linux}/milkywell/hardware-configuration.nix (100%) rename hosts/nixos/{ => aarch64-linux}/milkywell/secrets/pii.nix.enc (100%) rename hosts/nixos/{ => aarch64-linux}/moonside/default.nix (100%) rename hosts/nixos/{ => aarch64-linux}/moonside/disk-config.nix (100%) rename hosts/nixos/{ => aarch64-linux}/moonside/hardware-configuration.nix (100%) rename hosts/nixos/{ => aarch64-linux}/moonside/secrets/pii.nix.enc (100%) rename hosts/nixos/{ => x86_64-linux}/bakery/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/bakery/disk-config.nix (100%) rename hosts/nixos/{ => x86_64-linux}/bakery/hardware-configuration.nix (100%) rename hosts/nixos/{ => x86_64-linux}/bakery/secrets/pii.nix.enc (100%) rename hosts/nixos/{ => x86_64-linux}/hotel/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/hotel/disk-config.nix (100%) rename hosts/nixos/{ => x86_64-linux}/hotel/hardware-configuration.nix (100%) rename hosts/nixos/{ => x86_64-linux}/hotel/options-home.nix (100%) rename hosts/nixos/{ => x86_64-linux}/hotel/options.nix (100%) rename hosts/nixos/{ => x86_64-linux}/pyramid/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/pyramid/disk-config.nix (100%) rename hosts/nixos/{ => x86_64-linux}/pyramid/hardware-configuration.nix (100%) rename hosts/nixos/{ => x86_64-linux}/pyramid/secrets/pii.nix.enc (100%) rename hosts/nixos/{ => x86_64-linux}/summers/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/summers/disk-config.nix (100%) rename hosts/nixos/{ => x86_64-linux}/summers/guests/guest1/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/summers/hardware-configuration.nix (100%) rename hosts/nixos/{ => x86_64-linux}/summers/secrets/guest1/pii.nix.enc (100%) rename hosts/nixos/{ => x86_64-linux}/summers/secrets/pii.nix.enc (100%) rename hosts/nixos/{ => x86_64-linux}/toto/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/toto/disk-config.nix (100%) rename hosts/nixos/{ => x86_64-linux}/toto/hardware-configuration.nix (100%) rename hosts/nixos/{ => x86_64-linux}/winters/default.nix (100%) rename hosts/nixos/{ => x86_64-linux}/winters/hardware-configuration.nix (100%) rename hosts/nixos/{ => x86_64-linux}/winters/secrets/pii.nix.enc (100%) diff --git a/.github/README.md b/.github/README.md index 798076e..0661cc1 100644 --- a/.github/README.md +++ b/.github/README.md @@ -79,7 +79,7 @@ #### Remote deployment (recommended if you have at least one running system) - 0) Fork this repo, and write your own host config at `hosts/nixos//default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. + 0) Fork this repo, and write your own host config at `hosts/nixos///default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. 1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo) 2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured) 3) Run `swarsel-bootstrap -n -d ` on your existing system. diff --git a/.sops.yaml b/.sops.yaml index 2626089..1379cf1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -62,7 +62,7 @@ creation_rules: - *swarsel age: - *nbl - - path_regex: hosts/nixos/pyramid/secrets/pii.nix.enc + - path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc key_groups: - pgp: - *swarsel @@ -75,7 +75,7 @@ creation_rules: - *swarsel age: - *moonside - - path_regex: hosts/nixos/moonside/secrets/pii.nix.enc + - path_regex: hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc key_groups: - pgp: - *swarsel @@ -88,7 +88,7 @@ creation_rules: - *swarsel age: - *bakery - - path_regex: hosts/nixos/bakery/secrets/pii.nix.enc + - path_regex: hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc key_groups: - pgp: - *swarsel @@ -101,7 +101,7 @@ creation_rules: - *swarsel age: - *winters - - path_regex: hosts/nixos/winters/secrets/pii.nix.enc + - path_regex: hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc key_groups: - pgp: - *swarsel @@ -115,14 +115,19 @@ creation_rules: - *swarsel age: - *milkywell - - path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc + - path_regex: hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc key_groups: - pgp: - *swarsel age: - *milkywell - - path_regex: hosts/nixos/summers/secrets/ + - path_regex: hosts/nixos/x86_64-linux/summers/secrets/ + key_groups: + - pgp: + - *swarsel + + - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/ key_groups: - pgp: - *swarsel diff --git a/SwarselSystems.org b/SwarselSystems.org index 0afebc4..dbfb7e7 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -906,24 +906,11 @@ The rest of the outputs either define or help define the actual configurations: inherit (outputs) lib homeLib; # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); - mkNixosHost = { minimal }: configName: - let - sys = "x86_64-linux"; - # lib = config.pkgsPre.${sys}.lib // { - # inherit (inputs.home-manager.lib) hm; - # swarselsystems = self.outputs.swarselsystemsLib; - # }; - - # lib = config.pkgsPre.${sys}.lib // { - # inherit (inputs.home-manager.lib) hm; - # swarselsystems = self.outputs.swarselsystemsLib; - # }; - inherit (config.pkgs.${sys}) lib; - in + mkNixosHost = { minimal }: configName: arch: inputs.nixpkgs.lib.nixosSystem { specialArgs = { - inherit inputs outputs self minimal configName; - inherit lib homeLib; + inherit inputs outputs self minimal configName homeLib; + inherit (config.pkgs.${arch}) lib; inherit (config) globals nodes; }; modules = [ @@ -941,7 +928,7 @@ The rest of the outputs either define or help define the actual configurations: inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm (inputs.nixos-extra-modules + "/modules/guests") - "${self}/hosts/nixos/${configName}" + "${self}/hosts/nixos/${arch}/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" { @@ -950,7 +937,7 @@ The rest of the outputs either define or help define the actual configurations: node = { name = lib.mkForce configName; - secretsDir = ../hosts/nixos/${configName}/secrets; + secretsDir = ../hosts/nixos/${arch}/${configName}/secrets; }; swarselprofiles = { @@ -968,7 +955,7 @@ The rest of the outputs either define or help define the actual configurations: ]; }; - mkDarwinHost = { minimal }: configName: + mkDarwinHost = { minimal }: configName: arch: inputs.nix-darwin.lib.darwinSystem { specialArgs = { inherit inputs lib outputs self minimal configName; @@ -982,75 +969,92 @@ The rest of the outputs either define or help define the actual configurations: # inputs.fw-fanctrl.nixosModules.default # inputs.nix-topology.nixosModules.default inputs.home-manager.darwinModules.home-manager - "${self}/hosts/darwin/${configName}" + "${self}/hosts/darwin/${arch}/${configName}" "${self}/modules/nixos/darwin" # needed for infrastructure "${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/globals.nix" { node.name = lib.mkForce configName; - node.secretsDir = ../hosts/darwin/${configName}/secrets; + node.secretsDir = ../hosts/darwin/${arch}/${configName}/secrets; } ]; }; - mkHalfHost = configName: type: pkgs: { - ${configName} = - let - systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; - in - systemFunc - { - inherit pkgs; - extraSpecialArgs = { - inherit inputs lib outputs self configName; - inherit (config) globals nodes; - minimal = false; - }; - modules = [ - inputs.stylix.homeModules.stylix - inputs.niri-flake.homeModules.niri - inputs.nix-index-database.homeModules.nix-index - # inputs.sops-nix.homeManagerModules.sops - inputs.spicetify-nix.homeManagerModules.default - inputs.swarsel-nix.homeModules.default - "${self}/hosts/${type}/${configName}" - "${self}/profiles/home" - ]; - }; - }; + mkHalfHost = configName: type: arch: + let + systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; + pkgs = lib.swarselsystems.pkgsFor.${arch}; + in + systemFunc { + inherit pkgs; + extraSpecialArgs = { + inherit inputs lib outputs self configName; + inherit (config) globals nodes; + minimal = false; + }; + modules = [ + inputs.stylix.homeModules.stylix + inputs.niri-flake.homeModules.niri + inputs.nix-index-database.homeModules.nix-index + # inputs.sops-nix.homeManagerModules.sops + inputs.spicetify-nix.homeManagerModules.default + inputs.swarsel-nix.homeModules.default + "${self}/hosts/${type}/${arch}/${configName}" + "${self}/profiles/home" + ]; + }; + + linuxArches = [ "x86_64-linux" "aarch64-linux" ]; + darwinArches = [ "x86_64-darwin" "aarch64-darwin" ]; + mkArches = type: if (type == "nixos") then linuxArches else if (type == "darwin") then darwinArches else linuxArches ++ darwinArches; + + readHostDirs = hostDir: + if builtins.pathExists hostDir then + builtins.attrNames + ( + lib.filterAttrs (_: type: type == "directory") + (builtins.readDir hostDir) + ) else [ ]; + + mkHalfHostsForArch = type: arch: + let + hostDir = "${self}/hosts/${type}/${arch}"; + hosts = readHostDirs hostDir; + in + lib.genAttrs hosts (host: mkHalfHost host type arch); + + mkHostsForArch = type: arch: minimal: + let + hostDir = "${self}/hosts/${type}/${arch}"; + hosts = readHostDirs hostDir; + in + if (type == "nixos") then + lib.genAttrs hosts (host: mkNixosHost { inherit minimal; } host arch) + else if (type == "darwin") then + lib.genAttrs hosts (host: mkDarwinHost { inherit minimal; } host arch) + else { }; + + mkConfigurationsPerArch = type: minimal: + let + arches = mkArches type; + toMake = if (minimal == null) then (arch: _: mkHalfHostsForArch type arch) else (arch: _: mkHostsForArch type arch minimal); + in + lib.concatMapAttrs toMake + (lib.listToAttrs (map (a: { name = a; value = { }; }) arches)); + + halfConfigurationsPerArch = type: mkConfigurationsPerArch type null; + configurationsPerArch = type: minimal: mkConfigurationsPerArch type minimal; - mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts); - nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos")); - darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin")); in { - nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { - minimal = false; - }); - nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { - minimal = true; - }); - darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = false; - }); - darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = true; - }); - - homeConfigurations = - let - inherit (lib.swarselsystems) pkgsFor readHosts; - in - mkHalfHostConfigs (readHosts "home") "home" pkgsFor.x86_64-linux - // mkHalfHostConfigs (readHosts "home") "home" pkgsFor.aarch64-linux; - - nixOnDroidConfigurations = - let - inherit (lib.swarselsystems) pkgsFor readHosts; - in - mkHalfHostConfigs (readHosts "android") "android" pkgsFor.aarch64-linux; + nixosConfigurations = configurationsPerArch "nixos" false; + nixosConfigurationsMinimal = configurationsPerArch "nixos" true; + darwinConfigurations = configurationsPerArch "darwin" false; + darwinConfigurationsMinimal = configurationsPerArch "darwin" true; + homeConfigurations = halfConfigurationsPerArch "home"; + nixOnDroidConfigurations = halfConfigurationsPerArch "android"; guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations ( _: node: @@ -1995,7 +1999,7 @@ My work machine. Built for more security, this is the gold standard of my config :PROPERTIES: :CUSTOM_ID: h:567c0055-f5f7-4e53-8f13-d767d7166e9d :END: -#+begin_src nix-ts :tangle hosts/nixos/pyramid/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/default.nix { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; @@ -2079,7 +2083,7 @@ My work machine. Built for more security, this is the gold standard of my config :CUSTOM_ID: h:25115a54-c634-4896-9a41-254064ce9fcc :END: -#+begin_src nix-ts :tangle hosts/nixos/pyramid/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix { config, lib, pkgs, modulesPath, ... }: { imports = @@ -2159,7 +2163,7 @@ My work machine. Built for more security, this is the gold standard of my config :CUSTOM_ID: h:e0da04c7-4199-44b0-b525-6cfc64072b45 :END: -#+begin_src nix-ts :tangle hosts/nixos/pyramid/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/pyramid/disk-config.nix { disko.devices = { disk = { @@ -2253,7 +2257,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :PROPERTIES: :CUSTOM_ID: h:6f80d614-d76a-433b-8956-78d7b323b68c :END: -#+begin_src nix-ts :tangle hosts/nixos/bakery/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/bakery/default.nix { self, config, inputs, lib, minimal, ... }: let primaryUser = config.swarselsystems.mainUser; @@ -2319,7 +2323,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :CUSTOM_ID: h:bbba1646-fb5f-4d04-baf0-f606037a8b39 :END: -#+begin_src nix-ts :tangle hosts/nixos/bakery/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/bakery/hardware-configuration.nix # Do not modify this file! It was generated by β€˜nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. @@ -2349,7 +2353,7 @@ My personal laptop. Closely follows the =pyramid= config, but leaves out some se :CUSTOM_ID: h:72444f85-7951-47c0-858f-b51d8299de8c :END: -#+begin_src nix-ts :tangle hosts/nixos/bakery/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/bakery/disk-config.nix { lib, pkgs, config, ... }: let type = "btrfs"; @@ -2485,7 +2489,7 @@ This is my main server that I run at home. It handles most tasks that require bi :PROPERTIES: :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: -#+begin_src nix-ts :tangle hosts/nixos/winters/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/default.nix { lib, config, minimal, ... }: { @@ -2574,7 +2578,7 @@ This is my main server that I run at home. It handles most tasks that require bi :PROPERTIES: :CUSTOM_ID: h:0fdefb4f-ce53-4caf-89ed-5d79646f70f0 :END: -#+begin_src nix-ts :tangle hosts/nixos/winters/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/hardware-configuration.nix { config, lib, modulesPath, ... }: { @@ -2624,7 +2628,7 @@ This is my main server that I run at home. It handles most tasks that require bi **** Summers (Server: ASUS Z10PA-D8) ***** Main Configuration -#+begin_src nix-ts :tangle hosts/nixos/summers/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix { inputs, lib, config, configName, minimal, nodes, globals, ... }: { @@ -2737,7 +2741,7 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src ***** hardware-configuration -#+begin_src nix-ts :tangle hosts/nixos/summers/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/hardware-configuration.nix { config, lib, modulesPath, ... }: { @@ -2769,7 +2773,7 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src ***** disko -#+begin_src nix-ts :tangle hosts/nixos/summers/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/disk-config.nix { lib, config, ... }: let type = "btrfs"; @@ -2891,7 +2895,7 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src ***** Guests ****** Guest 1 -#+begin_src nix-ts :tangle hosts/nixos/summers/guests/guest1/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix { lib, minimal, ... }: { @@ -2927,7 +2931,7 @@ This is my main server that I run at home. It handles most tasks that require bi A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed). -#+begin_src nix-ts :tangle hosts/darwin/machpizza/default.nix +#+begin_src nix-ts :tangle hosts/darwin/x86_64-darwin/machpizza/default.nix { lib, config, ... }: let inherit (config.repo.secrets.local) workUser; @@ -2960,7 +2964,7 @@ A Mac notebook that I have received from work. I use this machine for getting ac My phone. I use only a minimal config for remote debugging here. -#+begin_src nix-ts :tangle hosts/android/magicant/default.nix +#+begin_src nix-ts :tangle hosts/android/aarch64-linux/magicant/default.nix { pkgs, ... }: { environment = { @@ -3012,7 +3016,7 @@ My phone. I use only a minimal config for remote debugging here. **** Treehouse (DGX Spark) -#+begin_src nix-ts :tangle hosts/home/treehouse/default.nix +#+begin_src nix-ts :tangle hosts/home/aarch64-linux/treehouse/default.nix { self, ... }: { @@ -3076,7 +3080,7 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc :CUSTOM_ID: h:922105c3-a604-47d9-918b-db1803784c75 :END: -#+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix +#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/milkywell/default.nix { lib, minimal, ... }: { imports = [ @@ -3134,7 +3138,7 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc :CUSTOM_ID: h:64dddedd-9b13-4b74-baf0-1d54d5a89d3b :END: -#+begin_src nix-ts :tangle hosts/nixos/milkywell/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix { config, lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") @@ -3163,7 +3167,7 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc :CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d :END: -#+begin_src nix-ts :tangle hosts/nixos/milkywell/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/milkywell/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , config @@ -3276,7 +3280,7 @@ This machine mainly acts as my proxy server to stand before my local machines. :CUSTOM_ID: h:a8f20a56-ce92-43d8-8bfe-3edccebf2bf9 :END: -#+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix +#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/default.nix { lib, config, minimal, ... }: let inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; @@ -3446,7 +3450,7 @@ This machine mainly acts as my proxy server to stand before my local machines. :CUSTOM_ID: h:f99c05ab-f047-4350-b80a-4c1ff55b91bf :END: -#+begin_src nix-ts :tangle hosts/nixos/moonside/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/hardware-configuration.nix { lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; @@ -3468,7 +3472,7 @@ This machine mainly acts as my proxy server to stand before my local machines. :CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d :END: -#+begin_src nix-ts :tangle hosts/nixos/moonside/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , config @@ -3610,7 +3614,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :PROPERTIES: :CUSTOM_ID: h:4e53b40b-98b2-4615-b1b0-3696a75edd6e :END: -#+begin_src nix-ts :tangle hosts/nixos/toto/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/toto/default.nix { self, lib, ... }: { @@ -3655,7 +3659,7 @@ This is a slim setup for developing base configuration. I do not track the hardw :CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d :END: -#+begin_src nix-ts :tangle hosts/nixos/toto/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/toto/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , pkgs @@ -3983,7 +3987,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:9f1f3439-b0af-4dcd-a96f-b6aa7b6cd2ab :END: -#+begin_src nix-ts :tangle hosts/nixos/hotel/default.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/default.nix { self, config, pkgs, lib, minimal, ... }: let mainUser = "demo"; @@ -4046,7 +4050,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:849e4233-ba40-4fec-acfe-0d76e1e4371b :END: -#+begin_src nix-ts :tangle hosts/nixos/hotel/disk-config.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/disk-config.nix # NOTE: ... is needed because dikso passes diskoFile { lib , pkgs @@ -4182,7 +4186,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:6f9c1a3b-452e-4944-86e8-cb17603cc3f9 :END: -#+begin_src nix-ts :tangle hosts/nixos/hotel/options.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/options.nix _: { } @@ -4193,7 +4197,7 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :CUSTOM_ID: h:88ccb198-74b9-4269-8e22-af1277f44667 :END: -#+begin_src nix-ts :tangle hosts/nixos/hotel/options-home.nix +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/options-home.nix _: { } @@ -17718,6 +17722,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man target_hostname="" target_destination="" + target_arch="" target_user="swarsel" ssh_port="22" persist_dir="" @@ -17733,6 +17738,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man echo "ARGS:" echo " -n specify target_hostname of the target host to deploy the nixos config on." echo " -d specify ip or url to the target host." + echo " -a specify the architecture of the target host." echo " target during install process." echo echo "OPTIONS:" @@ -17815,6 +17821,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift target_destination=$1 ;; + -a) + shift + target_arch=$1 + ;; -u) shift target_user=$1 @@ -17835,6 +17845,11 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift done + if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" ]]; then + red "error: target_arch, target_destination or target_hostname not set." + help_and_exit + fi + green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -17926,8 +17941,8 @@ This program sets up a new NixOS host remotely. It also takes care of secret man green "Generating hardware-config.nix for $target_hostname and adding it to the nix-config." $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" - mkdir -p "$FLAKE"/hosts/nixos/"$target_hostname" - $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_hostname"/hardware-configuration.nix + mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" + $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -17992,7 +18007,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man fi green "Updating all secrets files to reflect updates .sops.yaml" sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml - sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_hostname"/secrets/pii.nix.enc + sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc # -------------------------- green "Making ssh_host_ed25519_key available to home-manager for user $target_user" sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts @@ -18051,10 +18066,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man green "NixOS was successfully installed!" if yes_or_no "You can now commit and push the nix-config, which includes the hardware-configuration.nix for $target_hostname?"; then cd "${git_root}" - deadnix hosts/nixos/"$target_hostname"/hardware-configuration.nix -qe - nixpkgs--fmt hosts/nixos/"$target_hostname"/hardware-configuration.nix + deadnix hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -qe + nixpkgs--fmt hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix (.pre-commit-config.yaml mit run --all-files 2> /dev/null || true) && - git add "$git_root/hosts/nixos/$target_hostname/hardware-configuration.nix" && + git add "$git_root/hosts/nixos/$target_arch/$target_hostname/hardware-configuration.nix" && git add "$git_root/.sops.yaml" && git add "$git_root/secrets" && (git commit -m "feat: deployed $target_hostname" || true) && git push @@ -18088,6 +18103,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man set -eo pipefail target_config="hotel" + target_arch="" target_user="swarsel" function help_and_exit() { @@ -18097,10 +18113,11 @@ This program sets up a new NixOS host remotely. It also takes care of secret man echo "USAGE: $0 [OPTIONS]" echo echo "ARGS:" - echo " -n specify nixos config to build." + echo " -n specify nixos config to build." echo " Default: hotel" echo " -u specify user to deploy for." echo " Default: swarsel" + echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -18130,6 +18147,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift target_config=$1 ;; + -a) + shift + target_arch=$1 + ;; -u) shift target_user=$1 @@ -18143,6 +18164,11 @@ This program sets up a new NixOS host remotely. It also takes care of secret man shift done + if [[ $target_arch == "" ]]; then + red "error: target_arch not set." + help_and_exit + fi + cd /home/"$target_user" if [ ! -d /home/"$target_user"/.dotfiles ]; then @@ -18170,7 +18196,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/server/restic.nix - rm hosts/nixos/milkywell/default.nix + rm hosts/nixos/aarch64-linux/milkywell/default.nix rm -rf modules/nixos/server rm -rf modules/home/server nix flake update vbc-nix @@ -18178,8 +18204,8 @@ This program sets up a new NixOS host remotely. It also takes care of secret man else green "Valid SSH key found! Continuing with installation" fi - sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ - git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix + sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix green "Installing flake $target_config" sudo nixos-rebuild --show-trace --flake .#"$target_config" boot @@ -18210,6 +18236,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f target_config="hotel" target_hostname="hotel" target_user="swarsel" + target_arch="" persist_dir="" target_disk="/dev/vda" disk_encryption=0 @@ -18227,6 +18254,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f echo " Default: /dev/vda" echo " -u specify user to deploy for." echo " Default: swarsel" + echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -18265,6 +18293,10 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f shift target_disk=$1 ;; + -a) + shift + target_arch=$1 + ;; -h | --help) help_and_exit ;; ,*) echo "Invalid option detected." @@ -18280,6 +18312,11 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } trap cleanup exit + if [[ $target_arch == "" || $target_hostname == "" ]]; then + red "error: target_arch or target_hostname not set." + help_and_exit + fi + green "~SwarselSystems~ local installer" cd /home/"$target_user" @@ -18369,9 +18406,9 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" green "Generating hardware configuration ..." - sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ + sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ - git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix + git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" @@ -25451,7 +25488,7 @@ Here lies defined the readme for GitHub and Forgejo: #### Remote deployment (recommended if you have at least one running system) - 0) Fork this repo, and write your own host config at `hosts/nixos//default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. + 0) Fork this repo, and write your own host config at `hosts/nixos///default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files. 1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo) 2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured) 3) Run `swarsel-bootstrap -n -d ` on your existing system. diff --git a/files/scripts/swarsel-bootstrap.sh b/files/scripts/swarsel-bootstrap.sh index 46ea715..c66b755 100644 --- a/files/scripts/swarsel-bootstrap.sh +++ b/files/scripts/swarsel-bootstrap.sh @@ -3,6 +3,7 @@ set -eo pipefail target_hostname="" target_destination="" +target_arch="" target_user="swarsel" ssh_port="22" persist_dir="" @@ -18,6 +19,7 @@ function help_and_exit() { echo "ARGS:" echo " -n specify target_hostname of the target host to deploy the nixos config on." echo " -d specify ip or url to the target host." + echo " -a specify the architecture of the target host." echo " target during install process." echo echo "OPTIONS:" @@ -100,6 +102,10 @@ while [[ $# -gt 0 ]]; do shift target_destination=$1 ;; + -a) + shift + target_arch=$1 + ;; -u) shift target_user=$1 @@ -120,6 +126,11 @@ while [[ $# -gt 0 ]]; do shift done +if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" ]]; then + red "error: target_arch, target_destination or target_hostname not set." + help_and_exit +fi + green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -211,8 +222,8 @@ fi green "Generating hardware-config.nix for $target_hostname and adding it to the nix-config." $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" -mkdir -p "$FLAKE"/hosts/nixos/"$target_hostname" -$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_hostname"/hardware-configuration.nix +mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" +$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -277,7 +288,7 @@ if yes_or_no "Do you want to manually edit .sops.yaml now?"; then fi green "Updating all secrets files to reflect updates .sops.yaml" sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml -sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_hostname"/secrets/pii.nix.enc +sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc # -------------------------- green "Making ssh_host_ed25519_key available to home-manager for user $target_user" sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts @@ -336,10 +347,10 @@ fi green "NixOS was successfully installed!" if yes_or_no "You can now commit and push the nix-config, which includes the hardware-configuration.nix for $target_hostname?"; then cd "${git_root}" - deadnix hosts/nixos/"$target_hostname"/hardware-configuration.nix -qe - nixpkgs--fmt hosts/nixos/"$target_hostname"/hardware-configuration.nix + deadnix hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -qe + nixpkgs--fmt hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix (.pre-commit-config.yaml mit run --all-files 2> /dev/null || true) && - git add "$git_root/hosts/nixos/$target_hostname/hardware-configuration.nix" && + git add "$git_root/hosts/nixos/$target_arch/$target_hostname/hardware-configuration.nix" && git add "$git_root/.sops.yaml" && git add "$git_root/secrets" && (git commit -m "feat: deployed $target_hostname" || true) && git push diff --git a/files/scripts/swarsel-install.sh b/files/scripts/swarsel-install.sh index c130cc6..537145f 100644 --- a/files/scripts/swarsel-install.sh +++ b/files/scripts/swarsel-install.sh @@ -3,6 +3,7 @@ set -eo pipefail target_config="hotel" target_hostname="hotel" target_user="swarsel" +target_arch="" persist_dir="" target_disk="/dev/vda" disk_encryption=0 @@ -20,6 +21,7 @@ function help_and_exit() { echo " Default: /dev/vda" echo " -u specify user to deploy for." echo " Default: swarsel" + echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -58,6 +60,10 @@ while [[ $# -gt 0 ]]; do shift target_disk=$1 ;; + -a) + shift + target_arch=$1 + ;; -h | --help) help_and_exit ;; *) echo "Invalid option detected." @@ -73,6 +79,11 @@ function cleanup() { } trap cleanup exit +if [[ $target_arch == "" || $target_hostname == "" ]]; then + red "error: target_arch or target_hostname not set." + help_and_exit +fi + green "~SwarselSystems~ local installer" cd /home/"$target_user" @@ -162,9 +173,9 @@ sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user" green "Generating hardware configuration ..." -sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ +sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ -git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix +git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix sudo mkdir -p /root/.local/share/nix/ printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null green "Installing flake $target_config" diff --git a/files/scripts/swarsel-rebuild.sh b/files/scripts/swarsel-rebuild.sh index 106ac84..0a725a1 100644 --- a/files/scripts/swarsel-rebuild.sh +++ b/files/scripts/swarsel-rebuild.sh @@ -1,6 +1,7 @@ set -eo pipefail target_config="hotel" +target_arch="" target_user="swarsel" function help_and_exit() { @@ -10,10 +11,11 @@ function help_and_exit() { echo "USAGE: $0 [OPTIONS]" echo echo "ARGS:" - echo " -n specify nixos config to build." + echo " -n specify nixos config to build." echo " Default: hotel" echo " -u specify user to deploy for." echo " Default: swarsel" + echo " -a specify target architecture." echo " -h | --help Print this help." exit 0 } @@ -43,6 +45,10 @@ while [[ $# -gt 0 ]]; do shift target_config=$1 ;; + -a) + shift + target_arch=$1 + ;; -u) shift target_user=$1 @@ -56,6 +62,11 @@ while [[ $# -gt 0 ]]; do shift done +if [[ $target_arch == "" ]]; then + red "error: target_arch not set." + help_and_exit +fi + cd /home/"$target_user" if [ ! -d /home/"$target_user"/.dotfiles ]; then @@ -83,7 +94,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/server/restic.nix - rm hosts/nixos/milkywell/default.nix + rm hosts/nixos/aarch64-linux/milkywell/default.nix rm -rf modules/nixos/server rm -rf modules/home/server nix flake update vbc-nix @@ -91,8 +102,8 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then else green "Valid SSH key found! Continuing with installation" fi -sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/ -git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix +sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/ +git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix green "Installing flake $target_config" sudo nixos-rebuild --show-trace --flake .#"$target_config" boot diff --git a/flake.lock b/flake.lock index b045d34..10b1bfe 100644 --- a/flake.lock +++ b/flake.lock @@ -7815,11 +7815,11 @@ }, "nixpkgs-dev": { "locked": { - "lastModified": 1761589965, - "narHash": "sha256-ZtypYmGwo7wUOo88UKVAdUZCYCpvFM8O0bEmI7+NW5k=", + "lastModified": 1762578095, + "narHash": "sha256-uW5Ff1H/lVvsKcNXtU7COQifqnRQ5i/YTEPGQwundNQ=", "owner": "Swarsel", "repo": "nixpkgs", - "rev": "ed3254fbd834e5bfbf6bc9586d57307a92f1a269", + "rev": "a99a76ccf7bfbb8c5d6129e6ff69413c6db55c1a", "type": "github" }, "original": { diff --git a/hosts/android/magicant/default.nix b/hosts/android/aarch64-linux/magicant/default.nix similarity index 100% rename from hosts/android/magicant/default.nix rename to hosts/android/aarch64-linux/magicant/default.nix diff --git a/hosts/darwin/machpizza/default.nix b/hosts/darwin/x86_64-darwin/machpizza/default.nix similarity index 100% rename from hosts/darwin/machpizza/default.nix rename to hosts/darwin/x86_64-darwin/machpizza/default.nix diff --git a/hosts/darwin/machpizza/secrets/pii.nix.enc b/hosts/darwin/x86_64-darwin/machpizza/secrets/pii.nix.enc similarity index 100% rename from hosts/darwin/machpizza/secrets/pii.nix.enc rename to hosts/darwin/x86_64-darwin/machpizza/secrets/pii.nix.enc diff --git a/hosts/home/treehouse/default.nix b/hosts/home/aarch64-linux/treehouse/default.nix similarity index 100% rename from hosts/home/treehouse/default.nix rename to hosts/home/aarch64-linux/treehouse/default.nix diff --git a/hosts/nixos/milkywell/default.nix b/hosts/nixos/aarch64-linux/milkywell/default.nix similarity index 100% rename from hosts/nixos/milkywell/default.nix rename to hosts/nixos/aarch64-linux/milkywell/default.nix diff --git a/hosts/nixos/milkywell/disk-config.nix b/hosts/nixos/aarch64-linux/milkywell/disk-config.nix similarity index 100% rename from hosts/nixos/milkywell/disk-config.nix rename to hosts/nixos/aarch64-linux/milkywell/disk-config.nix diff --git a/hosts/nixos/milkywell/hardware-configuration.nix b/hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix similarity index 100% rename from hosts/nixos/milkywell/hardware-configuration.nix rename to hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix diff --git a/hosts/nixos/milkywell/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/milkywell/secrets/pii.nix.enc rename to hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/aarch64-linux/moonside/default.nix similarity index 100% rename from hosts/nixos/moonside/default.nix rename to hosts/nixos/aarch64-linux/moonside/default.nix diff --git a/hosts/nixos/moonside/disk-config.nix b/hosts/nixos/aarch64-linux/moonside/disk-config.nix similarity index 100% rename from hosts/nixos/moonside/disk-config.nix rename to hosts/nixos/aarch64-linux/moonside/disk-config.nix diff --git a/hosts/nixos/moonside/hardware-configuration.nix b/hosts/nixos/aarch64-linux/moonside/hardware-configuration.nix similarity index 100% rename from hosts/nixos/moonside/hardware-configuration.nix rename to hosts/nixos/aarch64-linux/moonside/hardware-configuration.nix diff --git a/hosts/nixos/moonside/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/moonside/secrets/pii.nix.enc rename to hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc diff --git a/hosts/nixos/bakery/default.nix b/hosts/nixos/x86_64-linux/bakery/default.nix similarity index 100% rename from hosts/nixos/bakery/default.nix rename to hosts/nixos/x86_64-linux/bakery/default.nix diff --git a/hosts/nixos/bakery/disk-config.nix b/hosts/nixos/x86_64-linux/bakery/disk-config.nix similarity index 100% rename from hosts/nixos/bakery/disk-config.nix rename to hosts/nixos/x86_64-linux/bakery/disk-config.nix diff --git a/hosts/nixos/bakery/hardware-configuration.nix b/hosts/nixos/x86_64-linux/bakery/hardware-configuration.nix similarity index 100% rename from hosts/nixos/bakery/hardware-configuration.nix rename to hosts/nixos/x86_64-linux/bakery/hardware-configuration.nix diff --git a/hosts/nixos/bakery/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/bakery/secrets/pii.nix.enc rename to hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc diff --git a/hosts/nixos/hotel/default.nix b/hosts/nixos/x86_64-linux/hotel/default.nix similarity index 100% rename from hosts/nixos/hotel/default.nix rename to hosts/nixos/x86_64-linux/hotel/default.nix diff --git a/hosts/nixos/hotel/disk-config.nix b/hosts/nixos/x86_64-linux/hotel/disk-config.nix similarity index 100% rename from hosts/nixos/hotel/disk-config.nix rename to hosts/nixos/x86_64-linux/hotel/disk-config.nix diff --git a/hosts/nixos/hotel/hardware-configuration.nix b/hosts/nixos/x86_64-linux/hotel/hardware-configuration.nix similarity index 100% rename from hosts/nixos/hotel/hardware-configuration.nix rename to hosts/nixos/x86_64-linux/hotel/hardware-configuration.nix diff --git a/hosts/nixos/hotel/options-home.nix b/hosts/nixos/x86_64-linux/hotel/options-home.nix similarity index 100% rename from hosts/nixos/hotel/options-home.nix rename to hosts/nixos/x86_64-linux/hotel/options-home.nix diff --git a/hosts/nixos/hotel/options.nix b/hosts/nixos/x86_64-linux/hotel/options.nix similarity index 100% rename from hosts/nixos/hotel/options.nix rename to hosts/nixos/x86_64-linux/hotel/options.nix diff --git a/hosts/nixos/pyramid/default.nix b/hosts/nixos/x86_64-linux/pyramid/default.nix similarity index 100% rename from hosts/nixos/pyramid/default.nix rename to hosts/nixos/x86_64-linux/pyramid/default.nix diff --git a/hosts/nixos/pyramid/disk-config.nix b/hosts/nixos/x86_64-linux/pyramid/disk-config.nix similarity index 100% rename from hosts/nixos/pyramid/disk-config.nix rename to hosts/nixos/x86_64-linux/pyramid/disk-config.nix diff --git a/hosts/nixos/pyramid/hardware-configuration.nix b/hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix similarity index 100% rename from hosts/nixos/pyramid/hardware-configuration.nix rename to hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix diff --git a/hosts/nixos/pyramid/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/pyramid/secrets/pii.nix.enc rename to hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc diff --git a/hosts/nixos/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix similarity index 100% rename from hosts/nixos/summers/default.nix rename to hosts/nixos/x86_64-linux/summers/default.nix diff --git a/hosts/nixos/summers/disk-config.nix b/hosts/nixos/x86_64-linux/summers/disk-config.nix similarity index 100% rename from hosts/nixos/summers/disk-config.nix rename to hosts/nixos/x86_64-linux/summers/disk-config.nix diff --git a/hosts/nixos/summers/guests/guest1/default.nix b/hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix similarity index 100% rename from hosts/nixos/summers/guests/guest1/default.nix rename to hosts/nixos/x86_64-linux/summers/guests/guest1/default.nix diff --git a/hosts/nixos/summers/hardware-configuration.nix b/hosts/nixos/x86_64-linux/summers/hardware-configuration.nix similarity index 100% rename from hosts/nixos/summers/hardware-configuration.nix rename to hosts/nixos/x86_64-linux/summers/hardware-configuration.nix diff --git a/hosts/nixos/summers/secrets/guest1/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc similarity index 100% rename from hosts/nixos/summers/secrets/guest1/pii.nix.enc rename to hosts/nixos/x86_64-linux/summers/secrets/guest1/pii.nix.enc diff --git a/hosts/nixos/summers/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/summers/secrets/pii.nix.enc rename to hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/x86_64-linux/toto/default.nix similarity index 100% rename from hosts/nixos/toto/default.nix rename to hosts/nixos/x86_64-linux/toto/default.nix diff --git a/hosts/nixos/toto/disk-config.nix b/hosts/nixos/x86_64-linux/toto/disk-config.nix similarity index 100% rename from hosts/nixos/toto/disk-config.nix rename to hosts/nixos/x86_64-linux/toto/disk-config.nix diff --git a/hosts/nixos/toto/hardware-configuration.nix b/hosts/nixos/x86_64-linux/toto/hardware-configuration.nix similarity index 100% rename from hosts/nixos/toto/hardware-configuration.nix rename to hosts/nixos/x86_64-linux/toto/hardware-configuration.nix diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/x86_64-linux/winters/default.nix similarity index 100% rename from hosts/nixos/winters/default.nix rename to hosts/nixos/x86_64-linux/winters/default.nix diff --git a/hosts/nixos/winters/hardware-configuration.nix b/hosts/nixos/x86_64-linux/winters/hardware-configuration.nix similarity index 100% rename from hosts/nixos/winters/hardware-configuration.nix rename to hosts/nixos/x86_64-linux/winters/hardware-configuration.nix diff --git a/hosts/nixos/winters/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc similarity index 100% rename from hosts/nixos/winters/secrets/pii.nix.enc rename to hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc diff --git a/nix/hosts.nix b/nix/hosts.nix index 945182d..2c99f41 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -6,24 +6,11 @@ inherit (outputs) lib homeLib; # lib = (inputs.nixpkgs.lib // inputs.home-manager.lib).extend (_: _: { swarselsystems = import "${self}/lib" { inherit self lib inputs outputs; inherit (inputs) systems; }; }); - mkNixosHost = { minimal }: configName: - let - sys = "x86_64-linux"; - # lib = config.pkgsPre.${sys}.lib // { - # inherit (inputs.home-manager.lib) hm; - # swarselsystems = self.outputs.swarselsystemsLib; - # }; - - # lib = config.pkgsPre.${sys}.lib // { - # inherit (inputs.home-manager.lib) hm; - # swarselsystems = self.outputs.swarselsystemsLib; - # }; - inherit (config.pkgs.${sys}) lib; - in + mkNixosHost = { minimal }: configName: arch: inputs.nixpkgs.lib.nixosSystem { specialArgs = { - inherit inputs outputs self minimal configName; - inherit lib homeLib; + inherit inputs outputs self minimal configName homeLib; + inherit (config.pkgs.${arch}) lib; inherit (config) globals nodes; }; modules = [ @@ -41,7 +28,7 @@ inputs.microvm.nixosModules.host inputs.microvm.nixosModules.microvm (inputs.nixos-extra-modules + "/modules/guests") - "${self}/hosts/nixos/${configName}" + "${self}/hosts/nixos/${arch}/${configName}" "${self}/profiles/nixos" "${self}/modules/nixos" { @@ -50,7 +37,7 @@ node = { name = lib.mkForce configName; - secretsDir = ../hosts/nixos/${configName}/secrets; + secretsDir = ../hosts/nixos/${arch}/${configName}/secrets; }; swarselprofiles = { @@ -68,7 +55,7 @@ ]; }; - mkDarwinHost = { minimal }: configName: + mkDarwinHost = { minimal }: configName: arch: inputs.nix-darwin.lib.darwinSystem { specialArgs = { inherit inputs lib outputs self minimal configName; @@ -82,75 +69,92 @@ # inputs.fw-fanctrl.nixosModules.default # inputs.nix-topology.nixosModules.default inputs.home-manager.darwinModules.home-manager - "${self}/hosts/darwin/${configName}" + "${self}/hosts/darwin/${arch}/${configName}" "${self}/modules/nixos/darwin" # needed for infrastructure "${self}/modules/nixos/common/meta.nix" "${self}/modules/nixos/common/globals.nix" { node.name = lib.mkForce configName; - node.secretsDir = ../hosts/darwin/${configName}/secrets; + node.secretsDir = ../hosts/darwin/${arch}/${configName}/secrets; } ]; }; - mkHalfHost = configName: type: pkgs: { - ${configName} = - let - systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; - in - systemFunc - { - inherit pkgs; - extraSpecialArgs = { - inherit inputs lib outputs self configName; - inherit (config) globals nodes; - minimal = false; - }; - modules = [ - inputs.stylix.homeModules.stylix - inputs.niri-flake.homeModules.niri - inputs.nix-index-database.homeModules.nix-index - # inputs.sops-nix.homeManagerModules.sops - inputs.spicetify-nix.homeManagerModules.default - inputs.swarsel-nix.homeModules.default - "${self}/hosts/${type}/${configName}" - "${self}/profiles/home" - ]; - }; - }; + mkHalfHost = configName: type: arch: + let + systemFunc = if (type == "home") then inputs.home-manager.lib.homeManagerConfiguration else inputs.nix-on-droid.lib.nixOnDroidConfiguration; + pkgs = lib.swarselsystems.pkgsFor.${arch}; + in + systemFunc { + inherit pkgs; + extraSpecialArgs = { + inherit inputs lib outputs self configName; + inherit (config) globals nodes; + minimal = false; + }; + modules = [ + inputs.stylix.homeModules.stylix + inputs.niri-flake.homeModules.niri + inputs.nix-index-database.homeModules.nix-index + # inputs.sops-nix.homeManagerModules.sops + inputs.spicetify-nix.homeManagerModules.default + inputs.swarsel-nix.homeModules.default + "${self}/hosts/${type}/${arch}/${configName}" + "${self}/profiles/home" + ]; + }; + + linuxArches = [ "x86_64-linux" "aarch64-linux" ]; + darwinArches = [ "x86_64-darwin" "aarch64-darwin" ]; + mkArches = type: if (type == "nixos") then linuxArches else if (type == "darwin") then darwinArches else linuxArches ++ darwinArches; + + readHostDirs = hostDir: + if builtins.pathExists hostDir then + builtins.attrNames + ( + lib.filterAttrs (_: type: type == "directory") + (builtins.readDir hostDir) + ) else [ ]; + + mkHalfHostsForArch = type: arch: + let + hostDir = "${self}/hosts/${type}/${arch}"; + hosts = readHostDirs hostDir; + in + lib.genAttrs hosts (host: mkHalfHost host type arch); + + mkHostsForArch = type: arch: minimal: + let + hostDir = "${self}/hosts/${type}/${arch}"; + hosts = readHostDirs hostDir; + in + if (type == "nixos") then + lib.genAttrs hosts (host: mkNixosHost { inherit minimal; } host arch) + else if (type == "darwin") then + lib.genAttrs hosts (host: mkDarwinHost { inherit minimal; } host arch) + else { }; + + mkConfigurationsPerArch = type: minimal: + let + arches = mkArches type; + toMake = if (minimal == null) then (arch: _: mkHalfHostsForArch type arch) else (arch: _: mkHostsForArch type arch minimal); + in + lib.concatMapAttrs toMake + (lib.listToAttrs (map (a: { name = a; value = { }; }) arches)); + + halfConfigurationsPerArch = type: mkConfigurationsPerArch type null; + configurationsPerArch = type: minimal: mkConfigurationsPerArch type minimal; - mkHalfHostConfigs = hosts: type: pkgs: lib.foldl (acc: set: acc // set) { } (lib.map (name: mkHalfHost name type pkgs) hosts); - nixosHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/nixos")); - darwinHosts = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir "${self}/hosts/darwin")); in { - nixosConfigurations = lib.genAttrs nixosHosts (mkNixosHost { - minimal = false; - }); - nixosConfigurationsMinimal = lib.genAttrs nixosHosts (mkNixosHost { - minimal = true; - }); - darwinConfigurations = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = false; - }); - darwinConfigurationsMinimal = lib.genAttrs darwinHosts (mkDarwinHost { - minimal = true; - }); - - homeConfigurations = - let - inherit (lib.swarselsystems) pkgsFor readHosts; - in - mkHalfHostConfigs (readHosts "home") "home" pkgsFor.x86_64-linux - // mkHalfHostConfigs (readHosts "home") "home" pkgsFor.aarch64-linux; - - nixOnDroidConfigurations = - let - inherit (lib.swarselsystems) pkgsFor readHosts; - in - mkHalfHostConfigs (readHosts "android") "android" pkgsFor.aarch64-linux; + nixosConfigurations = configurationsPerArch "nixos" false; + nixosConfigurationsMinimal = configurationsPerArch "nixos" true; + darwinConfigurations = configurationsPerArch "darwin" false; + darwinConfigurationsMinimal = configurationsPerArch "darwin" true; + homeConfigurations = halfConfigurationsPerArch "home"; + nixOnDroidConfigurations = halfConfigurationsPerArch "android"; guestConfigurations = lib.flip lib.concatMapAttrs config.nixosConfigurations ( _: node: From 729defa8b1a43350101264d6565346d39999633a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 10 Nov 2025 01:23:50 +0100 Subject: [PATCH 06/23] fix: bootstrap script not working with nix-plugins --- SwarselSystems.org | 244 ++++++++++++++++------------- files/scripts/swarsel-bootstrap.sh | 1 + justfile | 10 +- modules/nixos/common/pii.nix | 4 +- nix/devshell.nix | 238 +++++++++++++++------------- 5 files changed, 279 insertions(+), 218 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index dbfb7e7..48bf906 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -1340,110 +1340,141 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some }; }; - devshells.default = let - nix-version = "2_30"; - in { - packages = [ - (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - pkgs.nixpkgs-fmt - self.packages.${system}.swarsel-build - self.packages.${system}.swarsel-deploy - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' - wrapProgram $out/bin/home-manager \ - --append-flags '--flake .#$(hostname)' - ''; - }) - ]; + devshells = { + deploy = + let + nix-version = "2_28"; + in { + packages = [ + (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}") + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + ]; - commands = [ + env = + [ + { + name = "NIX_CONFIG"; + value = '' + plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: { + buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost]; + patches = (o.patches or []) ++ [./nix-plugins.patch]; + })}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + } + ]; + }; + default = + let + nix-version = "2_30"; + in { - package = pkgs.statix; - help = "Lint flake"; - } - { - package = pkgs.deadnix; - help = "Check flake for dead code"; - } - { - package = pkgs.nix-tree; - help = "Interactively browse dependency graphs of Nix derivations"; - } - { - package = pkgs.nvd; - help = "Diff two nix toplevels and show which packages were upgraded"; - } - { - package = pkgs.nix-diff; - help = "Explain why two Nix derivations differ"; - } - { - package = pkgs.nix-output-monitor; - help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; - name = "nom \"$@\""; - } - { - name = "hm"; - help = "Manage home-manager config"; - command = "home-manager \"$@\""; - } - { - name = "fmt"; - help = "Format flake"; - command = "nixpkgs-fmt --check \"$FLAKE\""; - } - { - name = "sd"; - help = "Build and deploy this nix config to nodes"; - command = "swarsel-deploy \"$@\""; - } - { - name = "sl"; - help = "Build and deploy a config to nodes"; - command = "swarsel-deploy \${1} switch"; - } - { - name = "sw"; - help = "Build and switch to the host's config locally"; - command = "swarsel-deploy $(hostname) switch"; - } - { - name = "bld"; - help = "Build a number of configurations"; - command = "swarsel-build \"$@\""; - } - { - name = "c"; - help = "Work with the flake git repository"; - command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; - } - ]; + packages = [ + (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + pkgs.nixpkgs-fmt + self.packages.${system}.swarsel-build + self.packages.${system}.swarsel-deploy + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' + wrapProgram $out/bin/home-manager \ + --append-flags '--flake .#$(hostname)' + ''; + }) + ]; - devshell.startup.pre-commit-install.text = "pre-commit install"; + commands = [ + { + package = pkgs.statix; + help = "Lint flake"; + } + { + package = pkgs.deadnix; + help = "Check flake for dead code"; + } + { + package = pkgs.nix-tree; + help = "Interactively browse dependency graphs of Nix derivations"; + } + { + package = pkgs.nvd; + help = "Diff two nix toplevels and show which packages were upgraded"; + } + { + package = pkgs.nix-diff; + help = "Explain why two Nix derivations differ"; + } + { + package = pkgs.nix-output-monitor; + help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; + name = "nom \"$@\""; + } + { + name = "hm"; + help = "Manage home-manager config"; + command = "home-manager \"$@\""; + } + { + name = "fmt"; + help = "Format flake"; + command = "nixpkgs-fmt --check \"$FLAKE\""; + } + { + name = "sd"; + help = "Build and deploy this nix config to nodes"; + command = "swarsel-deploy \"$@\""; + } + { + name = "sl"; + help = "Build and deploy a config to nodes"; + command = "swarsel-deploy \${1} switch"; + } + { + name = "sw"; + help = "Build and switch to the host's config locally"; + command = "swarsel-deploy $(hostname) switch"; + } + { + name = "bld"; + help = "Build a number of configurations"; + command = "swarsel-build \"$@\""; + } + { + name = "c"; + help = "Work with the flake git repository"; + command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; + } + ]; - env = let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + devshell.startup.pre-commit-install.text = "pre-commit install"; + + env = + let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; + in + [ + { + name = "NIX_CONFIG"; + value = '' + plugin-files = ${nix-plugins}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + } + ]; }; - in [ - { - # Additionally configure nix-plugins with our extra builtins file. - # We need this for our repo secrets. - name = "NIX_CONFIG"; - value = '' - plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - } - ]; }; }; } @@ -4801,7 +4832,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I #+begin_src nix-ts :tangle modules/nixos/common/pii.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix - { config, inputs, lib, minimal, ... }: + { config, inputs, lib, ... }: let # If the given expression is a bare set, it will be wrapped in a function, # so that the imported file can always be applied to the inputs, similar to @@ -4867,7 +4898,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I let local = config.node.secretsDir + "/pii.nix.enc"; in - (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { + (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true { common = ../../../secrets/repo/pii.nix.enc; }; }; @@ -17904,6 +17935,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man fi cd "$FLAKE" + rm install/flake.lock || true git_root=$(git rev-parse --show-toplevel) # ------------------------ @@ -23872,12 +23904,9 @@ This file defines a few workflows that I often need to run when working on my co update: nix flake update - iso: + iso CONFIG="live-iso": rm -rf result - nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso - - iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso": - nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}} + nix build --print-out-paths .#live-iso iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync @@ -23888,6 +23917,9 @@ This file defines a few workflows that I often need to run when working on my co sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + bootstrap DEST CONFIG ARCH="x86_64-linux": + nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" + #+end_src ** aspell.conf :PROPERTIES: diff --git a/files/scripts/swarsel-bootstrap.sh b/files/scripts/swarsel-bootstrap.sh index c66b755..7f53755 100644 --- a/files/scripts/swarsel-bootstrap.sh +++ b/files/scripts/swarsel-bootstrap.sh @@ -185,6 +185,7 @@ if [ ! -d "$FLAKE" ]; then fi cd "$FLAKE" + rm install/flake.lock || true git_root=$(git rev-parse --show-toplevel) # ------------------------ diff --git a/justfile b/justfile index f2f9f7f..b13d397 100644 --- a/justfile +++ b/justfile @@ -10,12 +10,9 @@ check-trace: update: nix flake update -iso: +iso CONFIG="live-iso": rm -rf result - nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso - -iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso": - nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}} + nix build --print-out-paths .#live-iso iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync @@ -25,3 +22,6 @@ dd DRIVE ISO: sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ + +bootstrap DEST CONFIG ARCH="x86_64-linux": + nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" diff --git a/modules/nixos/common/pii.nix b/modules/nixos/common/pii.nix index 26b31d0..b39de85 100644 --- a/modules/nixos/common/pii.nix +++ b/modules/nixos/common/pii.nix @@ -1,5 +1,5 @@ # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix -{ config, inputs, lib, minimal, ... }: +{ config, inputs, lib, ... }: let # If the given expression is a bare set, it will be wrapped in a function, # so that the imported file can always be applied to the inputs, similar to @@ -65,7 +65,7 @@ in let local = config.node.secretsDir + "/pii.nix.enc"; in - (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) { + (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true { common = ../../../secrets/repo/pii.nix.enc; }; }; diff --git a/nix/devshell.nix b/nix/devshell.nix index 2969bcf..a1ce6f6 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -46,114 +46,142 @@ }; }; - devshells.default = - let - nix-version = "2_30"; - in - { - packages = [ - (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") - pkgs.git - pkgs.just - pkgs.age - pkgs.ssh-to-age - pkgs.sops - pkgs.nixpkgs-fmt - self.packages.${system}.swarsel-build - self.packages.${system}.swarsel-deploy - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' - wrapProgram $out/bin/home-manager \ - --append-flags '--flake .#$(hostname)' - ''; - }) - ]; + devshells = { + deploy = + let + nix-version = "2_28"; + in + { + packages = [ + (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}") + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + ]; - commands = [ - { - package = pkgs.statix; - help = "Lint flake"; - } - { - package = pkgs.deadnix; - help = "Check flake for dead code"; - } - { - package = pkgs.nix-tree; - help = "Interactively browse dependency graphs of Nix derivations"; - } - { - package = pkgs.nvd; - help = "Diff two nix toplevels and show which packages were upgraded"; - } - { - package = pkgs.nix-diff; - help = "Explain why two Nix derivations differ"; - } - { - package = pkgs.nix-output-monitor; - help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; - name = "nom \"$@\""; - } - { - name = "hm"; - help = "Manage home-manager config"; - command = "home-manager \"$@\""; - } - { - name = "fmt"; - help = "Format flake"; - command = "nixpkgs-fmt --check \"$FLAKE\""; - } - { - name = "sd"; - help = "Build and deploy this nix config to nodes"; - command = "swarsel-deploy \"$@\""; - } - { - name = "sl"; - help = "Build and deploy a config to nodes"; - command = "swarsel-deploy \${1} switch"; - } - { - name = "sw"; - help = "Build and switch to the host's config locally"; - command = "swarsel-deploy $(hostname) switch"; - } - { - name = "bld"; - help = "Build a number of configurations"; - command = "swarsel-build \"$@\""; - } - { - name = "c"; - help = "Work with the flake git repository"; - command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; - } - ]; - - devshell.startup.pre-commit-install.text = "pre-commit install"; - - env = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - [ - { - # Additionally configure nix-plugins with our extra builtins file. - # We need this for our repo secrets. - name = "NIX_CONFIG"; - value = '' - plugin-files = ${nix-plugins}/lib/nix/plugins - extra-builtins-file = ${self + /nix/extra-builtins.nix} + env = + [ + { + name = "NIX_CONFIG"; + value = '' + plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: { + buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost]; + patches = (o.patches or []) ++ [./nix-plugins.patch]; + })}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + } + ]; + }; + default = + let + nix-version = "2_30"; + in + { + packages = [ + (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}") + pkgs.git + pkgs.just + pkgs.age + pkgs.ssh-to-age + pkgs.sops + pkgs.nixpkgs-fmt + self.packages.${system}.swarsel-build + self.packages.${system}.swarsel-deploy + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' + wrapProgram $out/bin/home-manager \ + --append-flags '--flake .#$(hostname)' ''; + }) + ]; + + commands = [ + { + package = pkgs.statix; + help = "Lint flake"; + } + { + package = pkgs.deadnix; + help = "Check flake for dead code"; + } + { + package = pkgs.nix-tree; + help = "Interactively browse dependency graphs of Nix derivations"; + } + { + package = pkgs.nvd; + help = "Diff two nix toplevels and show which packages were upgraded"; + } + { + package = pkgs.nix-diff; + help = "Explain why two Nix derivations differ"; + } + { + package = pkgs.nix-output-monitor; + help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)"; + name = "nom \"$@\""; + } + { + name = "hm"; + help = "Manage home-manager config"; + command = "home-manager \"$@\""; + } + { + name = "fmt"; + help = "Format flake"; + command = "nixpkgs-fmt --check \"$FLAKE\""; + } + { + name = "sd"; + help = "Build and deploy this nix config to nodes"; + command = "swarsel-deploy \"$@\""; + } + { + name = "sl"; + help = "Build and deploy a config to nodes"; + command = "swarsel-deploy \${1} switch"; + } + { + name = "sw"; + help = "Build and switch to the host's config locally"; + command = "swarsel-deploy $(hostname) switch"; + } + { + name = "bld"; + help = "Build a number of configurations"; + command = "swarsel-build \"$@\""; + } + { + name = "c"; + help = "Work with the flake git repository"; + command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\""; } ]; - }; + + devshell.startup.pre-commit-install.text = "pre-commit install"; + + env = + let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; + in + [ + { + name = "NIX_CONFIG"; + value = '' + plugin-files = ${nix-plugins}/lib/nix/plugins + extra-builtins-file = ${self + /nix/extra-builtins.nix} + ''; + } + ]; + }; + }; }; } From 719d92c17870f84d92ef4352e2e3e602f64a3f03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 10 Nov 2025 01:28:25 +0100 Subject: [PATCH 07/23] feat[server]: preparations for router config --- SwarselSystems.org | 388 ++++++++++++++++++++++--- files/scripts/swarsel-bootstrap.sh | 4 + install/installer-config.nix | 36 +-- modules/nixos/common/globals.nix | 121 +++++++- modules/nixos/server/ankisync.nix | 2 +- modules/nixos/server/atuin.nix | 2 +- modules/nixos/server/disk-encrypt.nix | 34 +++ modules/nixos/server/firefly-iii.nix | 2 +- modules/nixos/server/forgejo.nix | 2 +- modules/nixos/server/freshrss.nix | 2 +- modules/nixos/server/garage.nix | 2 +- modules/nixos/server/homebox.nix | 2 +- modules/nixos/server/immich.nix | 2 +- modules/nixos/server/jellyfin.nix | 2 +- modules/nixos/server/jenkins.nix | 2 +- modules/nixos/server/kanidm.nix | 2 +- modules/nixos/server/kavita.nix | 2 +- modules/nixos/server/koillection.nix | 2 +- modules/nixos/server/matrix.nix | 2 +- modules/nixos/server/monitoring.nix | 2 +- modules/nixos/server/navidrome.nix | 2 +- modules/nixos/server/network.nix | 26 ++ modules/nixos/server/nextcloud.nix | 2 +- modules/nixos/server/paperless.nix | 2 +- modules/nixos/server/radicale.nix | 2 +- modules/nixos/server/snipe-it.nix | 2 +- modules/nixos/server/syncthing.nix | 2 +- nix/lib.nix | 16 + profiles/nixos/localserver/default.nix | 2 + profiles/nixos/minimal/default.nix | 1 + secrets/repo/globals.nix.enc | 8 +- 31 files changed, 586 insertions(+), 92 deletions(-) create mode 100644 modules/nixos/server/disk-encrypt.nix create mode 100644 modules/nixos/server/network.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 48bf906..870a41c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -689,6 +689,22 @@ Concerning the =flake = _:= part: inherit (inputs.nixpkgs) lib; in rec { + cidrToSubnetMask = cidr: + let + prefixLength = lib.toInt (lib.last (lib.splitString "/" cidr)); + bits = lib.genList (i: if i < prefixLength then 1 else 0) 32; + octets = lib.genList + (i: + let + octetBits = lib.sublist (i * 8) 8 bits; + octetValue = lib.foldl (acc: bit: acc * 2 + bit) 0 octetBits; + in + octetValue + ) 4; + subnetMask = lib.concatStringsSep "." (map toString octets); + in + subnetMask; + mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) @@ -2533,7 +2549,11 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; - globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + # globals.networks.home.hosts.${config.node.name} = { + # ipv4 = config.repo.secrets.local.home-ipv4; + # mac = config.repo.secrets.local.home-mac; + # }; networking = { inherit (config.repo.secrets.local) hostId; @@ -2673,8 +2693,6 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; - # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; - networking = { inherit (config.repo.secrets.local) hostId; hostName = configName; @@ -3837,36 +3855,32 @@ TODO: cleanup this mess { self, config, pkgs, lib, ... }: let pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh"; - in - { - - config = { - home-manager.users.root.home = { - stateVersion = "23.05"; - file = { + stateVersion = lib.mkDefault "23.05"; + homeFiles = { ".bash_history" = { text = '' swarsel-install -n hotel ''; }; }; + in + { + + config = { + home-manager.users.root.home = { + inherit stateVersion; + file = homeFiles; }; home-manager.users.swarsel = { home = { username = "swarsel"; homeDirectory = lib.mkDefault "/home/swarsel"; - stateVersion = lib.mkDefault "23.05"; + inherit stateVersion; keyboard.layout = "us"; sessionVariables = { FLAKE = "/home/swarsel/.dotfiles"; }; - file = { - ".bash_history" = { - text = '' - swarsel-install -n hotel - ''; - }; - }; + file = homeFiles; }; }; @@ -3884,10 +3898,6 @@ TODO: cleanup this mess nix = { channel.enable = false; package = pkgs.nixVersions.nix_2_28; - # extraOptions = '' - # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins - # extra-builtins-file = ${../nix/extra-builtins.nix} - # ''; extraOptions = '' plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: { buildInputs = [config.nix.package pkgs.boost]; @@ -3939,6 +3949,7 @@ TODO: cleanup this mess environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -3949,6 +3960,7 @@ TODO: cleanup this mess wireless.enable = false; # dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload"; networkmanager.enable = true; + usePredictableInterfaceNames = false; }; services.getty.autologinUser = lib.mkForce "root"; @@ -3975,6 +3987,8 @@ TODO: cleanup this mess programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-kernel-module" = "lspci -k -d"; }; system.activationScripts.cache = { @@ -4363,6 +4377,91 @@ in mkOption types ; + + networkOptions = netSubmod: { + cidrv4 = mkOption { + type = types.nullOr types.net.cidrv4; + description = "The CIDRv4 of this network"; + default = null; + }; + + subnetMask4 = mkOption { + type = types.nullOr types.net.cidrv4; + description = "The dotted decimal form of the subnet mask of this network"; + readOnly = true; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + }; + + cidrv6 = mkOption { + type = types.nullOr types.net.cidrv6; + description = "The CIDRv6 of this network"; + default = null; + }; + + hosts = mkOption { + default = { }; + type = types.attrsOf ( + types.submodule (hostSubmod: { + options = { + id = mkOption { + type = types.int; + description = "The id of this host in the network"; + }; + + mac = mkOption { + type = types.nullOr types.net.mac; + description = "The MAC of the interface on this host that belongs to this network."; + default = null; + }; + + ipv4 = mkOption { + type = types.nullOr types.net.ipv4; + description = "The IPv4 of this host in this network"; + readOnly = true; + default = + if netSubmod.config.cidrv4 == null then + null + else + lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv4; + }; + + ipv6 = mkOption { + type = types.nullOr types.net.ipv6; + description = "The IPv6 of this host in this network"; + readOnly = true; + default = + if netSubmod.config.cidrv6 == null then + null + else + lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv6; + }; + + cidrv4 = mkOption { + type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part + description = "The IPv4 of this host in this network, including CIDR mask"; + readOnly = true; + default = + if netSubmod.config.cidrv4 == null then + null + else + lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv4; + }; + + cidrv6 = mkOption { + type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part + description = "The IPv6 of this host in this network, including CIDR mask"; + readOnly = true; + default = + if netSubmod.config.cidrv6 == null then + null + else + lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6; + }; + }; + }) + ); + }; + }; in { options = { @@ -4398,12 +4497,44 @@ in ); }; + networks = mkOption { + default = { }; + type = types.attrsOf ( + types.submodule (netSubmod: { + options = networkOptions netSubmod // { + vlans = mkOption { + default = { }; + type = types.attrsOf ( + types.submodule (vlanNetSubmod: { + options = networkOptions vlanNetSubmod // { + id = mkOption { + type = types.ints.between 1 4094; + description = "The VLAN id"; + }; + + name = mkOption { + description = "The name of this VLAN"; + default = vlanNetSubmod.config._module.args.name; + type = types.str; + }; + }; + }) + ); + }; + }; + }) + ); + }; + hosts = mkOption { type = types.attrsOf ( types.submodule { options = { - ipv4 = mkOption { - type = types.str; + defaultGateway4 = mkOption { + type = types.nullOr types.net.ipv4; + }; + defaultGateway6 = mkOption { + type = types.nullOr types.net.ipv6; }; }; } @@ -6941,6 +7072,166 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t } #+end_src +**** Network settings + + +#+begin_src nix-ts :tangle modules/nixos/server/network.nix + { lib, config, ... }: + { + options.swarselmodules.server.network = lib.mkEnableOption "enable server network config"; + config = lib.mkIf config.swarselmodules.server.network { + + globals.networks.home.hosts.${config.node.name} = { + inherit (config.repo.secrets.local.networking.networks.home) id; + mac = config.repo.secrets.local.networking.networks.home.mac or null; + }; + + globals.hosts.${config.node.name} = { + inherit (config.repo.secrets.local.networking) defaultGateway4; + }; + + networking = { + inherit (config.repo.secrets.local.networking) hostId; + hostName = config.node.name; + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + enable = lib.mkDefault true; + }; + }; + + }; + } +#+end_src + +**** Disk encryption + +The hostkey can be generated with =ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key=. +Use =lspci -v | grep -iA8 'network\|ethernet'= to supposedly find out which kernel module is needed for networking in initrd. However I prefer a different approach: + +Use =lspci -nn | grep -i network= to find out manufacturer info: + +#+begin_src shell :exports both +lspci -nn | grep -i 'network\|ethernet' +#+end_src + +#+RESULTS: +: 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616] + +From the last bracket, then take the first value to find out the correct kernel module: + +#+begin_src shell :exports both +lspci -k -d 14c3: +#+end_src + +#+RESULTS: +| 04:00.0 | Network | controller: | MEDIATEK | Corp. | MT7922 | 802.11ax | PCI | Express | Wireless | Network | Adapter | +| | Subsystem: | MEDIATEK | Corp. | Device | e616 | | | | | | | +| | Kernel | driver | in | use: | mt7921e | | | | | | | +| | Kernel | modules: | mt7921e | | | | | | | | | + +#+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix + { self, lib, config, globals, ... }: + let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + in + { + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + + boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; + boot.initrd = { + availableKernelModules = [ "r8169" ]; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 22; + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + postCommands = '' + echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + ''; + }; + }; + + }; + } +#+end_src + +**** kavita +:PROPERTIES: +:CUSTOM_ID: h:d33f5982-dfe6-42d0-9cf2-2cd8c7b04295 +:END: + +#+begin_src nix-ts :tangle modules/nixos/server/router.nix + { self, lib, config, pkgs, globals, ... }: + let + serviceName = "router"; + serviceUser = "kavita"; + in + { + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + systemd.network = { + wait-online.anyInterface = true; + networks = { + "30-lan0" = { + matchConfig.Name = "lan0"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "30-lan1" = { + matchConfig.Name = "lan1"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "30-lan2" = { + matchConfig.Name = "lan2"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "30-lan3" = { + matchConfig.Name = "lan3"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "10-wan" = { + matchConfig.Name = "wan"; + networkConfig = { + # start a DHCP Client for IPv4 Addressing/Routing + DHCP = "ipv4"; + DNSOverTLS = true; + DNSSEC = true; + IPv6PrivacyExtensions = false; + IPForward = true; + }; + # make routing on this interface a dependency for network-online.target + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + }; + } +#+end_src + **** kavita :PROPERTIES: :CUSTOM_ID: h:d33f5982-dfe6-42d0-9cf2-2cd8c7b04295 @@ -6955,7 +7246,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7027,7 +7318,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7099,7 +7390,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7453,7 +7744,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; federationPort = 8448; whatsappPort = 29318; @@ -7811,7 +8102,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7891,7 +8182,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -7976,7 +8267,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; tikaPort = 9998; gotenbergPort = 3002; @@ -8304,7 +8595,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; specificServiceName = "syncthing-${configName}"; cfg = config.services.${serviceName}; @@ -8530,7 +8821,7 @@ This section exposes several metrics that I use to check the health of my server serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; @@ -8784,7 +9075,7 @@ This is a WIP Jenkins instance. It is used to automatically build a new system w servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8879,7 +9170,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; inherit (config.swarselsystems) sopsFile; in @@ -8995,7 +9286,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; kanidmDomain = globals.services.kanidm.domain; in @@ -9159,7 +9450,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; ankiUser = globals.user.name; in @@ -9244,7 +9535,7 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -113,6 +106,7 @@ in wireless.enable = false; # dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload"; networkmanager.enable = true; + usePredictableInterfaceNames = false; }; services.getty.autologinUser = lib.mkForce "root"; @@ -139,6 +133,8 @@ in programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-kernel-module" = "lspci -k -d"; }; system.activationScripts.cache = { diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index c42e7ae..8d226d4 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -4,6 +4,91 @@ let mkOption types ; + + networkOptions = netSubmod: { + cidrv4 = mkOption { + type = types.nullOr types.net.cidrv4; + description = "The CIDRv4 of this network"; + default = null; + }; + + subnetMask4 = mkOption { + type = types.nullOr types.net.cidrv4; + description = "The dotted decimal form of the subnet mask of this network"; + readOnly = true; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + }; + + cidrv6 = mkOption { + type = types.nullOr types.net.cidrv6; + description = "The CIDRv6 of this network"; + default = null; + }; + + hosts = mkOption { + default = { }; + type = types.attrsOf ( + types.submodule (hostSubmod: { + options = { + id = mkOption { + type = types.int; + description = "The id of this host in the network"; + }; + + mac = mkOption { + type = types.nullOr types.net.mac; + description = "The MAC of the interface on this host that belongs to this network."; + default = null; + }; + + ipv4 = mkOption { + type = types.nullOr types.net.ipv4; + description = "The IPv4 of this host in this network"; + readOnly = true; + default = + if netSubmod.config.cidrv4 == null then + null + else + lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv4; + }; + + ipv6 = mkOption { + type = types.nullOr types.net.ipv6; + description = "The IPv6 of this host in this network"; + readOnly = true; + default = + if netSubmod.config.cidrv6 == null then + null + else + lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv6; + }; + + cidrv4 = mkOption { + type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part + description = "The IPv4 of this host in this network, including CIDR mask"; + readOnly = true; + default = + if netSubmod.config.cidrv4 == null then + null + else + lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv4; + }; + + cidrv6 = mkOption { + type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part + description = "The IPv6 of this host in this network, including CIDR mask"; + readOnly = true; + default = + if netSubmod.config.cidrv6 == null then + null + else + lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6; + }; + }; + }) + ); + }; + }; in { options = { @@ -39,12 +124,44 @@ in ); }; + networks = mkOption { + default = { }; + type = types.attrsOf ( + types.submodule (netSubmod: { + options = networkOptions netSubmod // { + vlans = mkOption { + default = { }; + type = types.attrsOf ( + types.submodule (vlanNetSubmod: { + options = networkOptions vlanNetSubmod // { + id = mkOption { + type = types.ints.between 1 4094; + description = "The VLAN id"; + }; + + name = mkOption { + description = "The name of this VLAN"; + default = vlanNetSubmod.config._module.args.name; + type = types.str; + }; + }; + }) + ); + }; + }; + }) + ); + }; + hosts = mkOption { type = types.attrsOf ( types.submodule { options = { - ipv4 = mkOption { - type = types.str; + defaultGateway4 = mkOption { + type = types.nullOr types.net.ipv4; + }; + defaultGateway6 = mkOption { + type = types.nullOr types.net.ipv6; }; }; } diff --git a/modules/nixos/server/ankisync.nix b/modules/nixos/server/ankisync.nix index 0447dea..b845ad7 100644 --- a/modules/nixos/server/ankisync.nix +++ b/modules/nixos/server/ankisync.nix @@ -5,7 +5,7 @@ let servicePort = 27701; serviceName = "ankisync"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; ankiUser = globals.user.name; in diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix index 38fe352..d355e6f 100644 --- a/modules/nixos/server/atuin.nix +++ b/modules/nixos/server/atuin.nix @@ -3,7 +3,7 @@ let servicePort = 8888; serviceName = "atuin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix new file mode 100644 index 0000000..dddc1a4 --- /dev/null +++ b/modules/nixos/server/disk-encrypt.nix @@ -0,0 +1,34 @@ +{ self, lib, config, globals, ... }: +let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; +in +{ + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + + boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; + boot.initrd = { + availableKernelModules = [ "r8169" ]; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 22; + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + postCommands = '' + echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + ''; + }; + }; + + }; +} diff --git a/modules/nixos/server/firefly-iii.nix b/modules/nixos/server/firefly-iii.nix index 37aa48a..c0acad1 100644 --- a/modules/nixos/server/firefly-iii.nix +++ b/modules/nixos/server/firefly-iii.nix @@ -5,7 +5,7 @@ let serviceGroup = serviceUser; serviceName = "firefly-iii"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; nginxGroup = "nginx"; diff --git a/modules/nixos/server/forgejo.nix b/modules/nixos/server/forgejo.nix index 886c6aa..a674078 100644 --- a/modules/nixos/server/forgejo.nix +++ b/modules/nixos/server/forgejo.nix @@ -7,7 +7,7 @@ let serviceGroup = serviceUser; serviceName = "forgejo"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; kanidmDomain = globals.services.kanidm.domain; in diff --git a/modules/nixos/server/freshrss.nix b/modules/nixos/server/freshrss.nix index 8e94add..0375e64 100644 --- a/modules/nixos/server/freshrss.nix +++ b/modules/nixos/server/freshrss.nix @@ -5,7 +5,7 @@ let serviceUser = "freshrss"; serviceGroup = serviceName; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; inherit (config.swarselsystems) sopsFile; in diff --git a/modules/nixos/server/garage.nix b/modules/nixos/server/garage.nix index 5ac3673..d537552 100644 --- a/modules/nixos/server/garage.nix +++ b/modules/nixos/server/garage.nix @@ -5,7 +5,7 @@ let serviceName = "garage"; servicePort = 3900; serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}"; - serviceAddress = globals.hosts.${configName}.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; cfg = config.services.${serviceName}; metadata_dir = "/var/lib/garage/meta"; diff --git a/modules/nixos/server/homebox.nix b/modules/nixos/server/homebox.nix index 56adac9..c1b62ab 100644 --- a/modules/nixos/server/homebox.nix +++ b/modules/nixos/server/homebox.nix @@ -3,7 +3,7 @@ let servicePort = 7745; serviceName = "homebox"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/immich.nix b/modules/nixos/server/immich.nix index e3bc4a0..cefa330 100644 --- a/modules/nixos/server/immich.nix +++ b/modules/nixos/server/immich.nix @@ -4,7 +4,7 @@ let serviceUser = "immich"; serviceName = "immich"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/jellyfin.nix b/modules/nixos/server/jellyfin.nix index 420bbb6..552f8bf 100644 --- a/modules/nixos/server/jellyfin.nix +++ b/modules/nixos/server/jellyfin.nix @@ -4,7 +4,7 @@ let serviceName = "jellyfin"; serviceUser = "jellyfin"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/jenkins.nix b/modules/nixos/server/jenkins.nix index 91d94f0..808bcef 100644 --- a/modules/nixos/server/jenkins.nix +++ b/modules/nixos/server/jenkins.nix @@ -3,7 +3,7 @@ let servicePort = 8088; serviceName = "jenkins"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/kanidm.nix b/modules/nixos/server/kanidm.nix index 79b1983..e7ab275 100644 --- a/modules/nixos/server/kanidm.nix +++ b/modules/nixos/server/kanidm.nix @@ -8,7 +8,7 @@ let serviceGroup = serviceUser; serviceName = "kanidm"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; oauth2ProxyDomain = globals.services.oauth2Proxy.domain; immichDomain = globals.services.immich.domain; diff --git a/modules/nixos/server/kavita.nix b/modules/nixos/server/kavita.nix index c93be62..dfa915e 100644 --- a/modules/nixos/server/kavita.nix +++ b/modules/nixos/server/kavita.nix @@ -6,7 +6,7 @@ let serviceName = "kavita"; serviceUser = "kavita"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/koillection.nix b/modules/nixos/server/koillection.nix index 08da2d1..eb45709 100644 --- a/modules/nixos/server/koillection.nix +++ b/modules/nixos/server/koillection.nix @@ -6,7 +6,7 @@ let servicePort = 2282; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceDir = "/Vault/data/koillection"; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres postgresPort = config.services.postgresql.settings.port; # 5432 diff --git a/modules/nixos/server/matrix.nix b/modules/nixos/server/matrix.nix index 24f4530..ba18600 100644 --- a/modules/nixos/server/matrix.nix +++ b/modules/nixos/server/matrix.nix @@ -6,7 +6,7 @@ let serviceName = "matrix"; serviceDomain = config.repo.secrets.common.services.domains.matrix; serviceUser = "matrix-synapse"; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; federationPort = 8448; whatsappPort = 29318; diff --git a/modules/nixos/server/monitoring.nix b/modules/nixos/server/monitoring.nix index 758e63d..d1ee714 100644 --- a/modules/nixos/server/monitoring.nix +++ b/modules/nixos/server/monitoring.nix @@ -5,7 +5,7 @@ let serviceGroup = serviceUser; serviceName = "grafana"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; prometheusPort = 9090; prometheusUser = "prometheus"; diff --git a/modules/nixos/server/navidrome.nix b/modules/nixos/server/navidrome.nix index 30cb8da..34b245a 100644 --- a/modules/nixos/server/navidrome.nix +++ b/modules/nixos/server/navidrome.nix @@ -5,7 +5,7 @@ let serviceUser = "navidrome"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix new file mode 100644 index 0000000..90b8c0e --- /dev/null +++ b/modules/nixos/server/network.nix @@ -0,0 +1,26 @@ +{ lib, config, ... }: +{ + options.swarselmodules.server.network = lib.mkEnableOption "enable server network config"; + config = lib.mkIf config.swarselmodules.server.network { + + globals.networks.home.hosts.${config.node.name} = { + inherit (config.repo.secrets.local.networking.networks.home) id; + mac = config.repo.secrets.local.networking.networks.home.mac or null; + }; + + globals.hosts.${config.node.name} = { + inherit (config.repo.secrets.local.networking) defaultGateway4; + }; + + networking = { + inherit (config.repo.secrets.local.networking) hostId; + hostName = config.node.name; + nftables.enable = lib.mkDefault true; + enableIPv6 = lib.mkDefault true; + firewall = { + enable = lib.mkDefault true; + }; + }; + + }; +} diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 36765d2..50e8b9f 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -8,7 +8,7 @@ let serviceGroup = serviceUser; serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; diff --git a/modules/nixos/server/paperless.nix b/modules/nixos/server/paperless.nix index ca813b1..005bdab 100644 --- a/modules/nixos/server/paperless.nix +++ b/modules/nixos/server/paperless.nix @@ -7,7 +7,7 @@ let serviceGroup = serviceUser; serviceName = "paperless"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; tikaPort = 9998; gotenbergPort = 3002; diff --git a/modules/nixos/server/radicale.nix b/modules/nixos/server/radicale.nix index 7ad9fe2..411a3e6 100644 --- a/modules/nixos/server/radicale.nix +++ b/modules/nixos/server/radicale.nix @@ -7,7 +7,7 @@ let serviceUser = "radicale"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; cfg = config.services.${serviceName}; in diff --git a/modules/nixos/server/snipe-it.nix b/modules/nixos/server/snipe-it.nix index b7a9edd..3ae183e 100644 --- a/modules/nixos/server/snipe-it.nix +++ b/modules/nixos/server/snipe-it.nix @@ -9,7 +9,7 @@ let serviceUser = "snipeit"; serviceGroup = serviceUser; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; mysqlPort = 3306; in diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 6d1ac78..6eb61c6 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -7,7 +7,7 @@ let serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceAddress = globals.hosts.winters.ipv4; + serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; specificServiceName = "syncthing-${configName}"; cfg = config.services.${serviceName}; diff --git a/nix/lib.nix b/nix/lib.nix index a7b6194..c41db61 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -6,6 +6,22 @@ let inherit (inputs.nixpkgs) lib; in rec { + cidrToSubnetMask = cidr: + let + prefixLength = lib.toInt (lib.last (lib.splitString "/" cidr)); + bits = lib.genList (i: if i < prefixLength then 1 else 0) 32; + octets = lib.genList + (i: + let + octetBits = lib.sublist (i * 8) 8 bits; + octetValue = lib.foldl (acc: bit: acc * 2 + bit) 0 octetBits; + in + octetValue + ) 4; + subnetMask = lib.concatStringsSep "." (map toString octets); + in + subnetMask; + mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index c73b619..928e012 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -15,6 +15,8 @@ boot = lib.mkDefault true; server = { general = lib.mkDefault true; + network = lib.mkDefault true; + diskEncryption = lib.mkDefault true; packages = lib.mkDefault true; ssh = lib.mkDefault true; nginx = lib.mkDefault true; diff --git a/profiles/nixos/minimal/default.nix b/profiles/nixos/minimal/default.nix index a224336..c233faa 100644 --- a/profiles/nixos/minimal/default.nix +++ b/profiles/nixos/minimal/default.nix @@ -21,6 +21,7 @@ server = { ssh = lib.mkDefault true; + diskEncryption = lib.mkDefault true; }; }; diff --git a/secrets/repo/globals.nix.enc b/secrets/repo/globals.nix.enc index 64a35db..d6641b4 100644 --- a/secrets/repo/globals.nix.enc +++ b/secrets/repo/globals.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:8qexHpKJg6o1Fb9H50I3H25UOpNFs2sQl2hd3B2hdJRTjc96aVgTgI838Fnn7G6mFBpHqP0SFCU0/CP6SKqbhJ6SucrfpQN/RqZlSCxmuZi3sqv3voNd7/5JzY0D/5XUTfzHkeEA34HS0GcNLLY7m+QskfJdqGSMB5P++88xCNETqv+sRPVegm1ZGttj+tttesLkAcIU0556WiQhyIcpR4ZiO75NWRFerOmb4LxADR+bwBfesfGUfjflsqOSJll17N9SECSWE7o75Ojn+yde/EznK+zQlsCYvPp90d2xU6dpdRNtp9jrjvXvEVCmcwjIqIKXqurc2CU=,iv:xBYgbmjHwhbH+7WR5MLVysrChxr6rERo6WZuu07sUS0=,tag:vMoMu9mrrGRTA3oO2wsnWw==,type:str]", + "data": "ENC[AES256_GCM,data:1nK/JO8sa+N6EXpyIHBnRapOXYbtM38jnNCf/j0wIOG+0uJvQEFc1e9gIFvuvmPUpUjh6XMuEKNxvLTjFlaLiypOX3yJVTn2fiyOWSm244wcye0GRPe+RWIi+1kEPrFDBEG2JFB+9iGSx0Vf2NfBPgaVFnr4Z2TTGH/kvxiTV6KYucWQNHh+jvVKZ6vAsCP2pFWp2yhpov9l5Tj6MwyK7E46Gn7DmCAtlZcA64Nht+99Zrrfuq8byan6w8RMFR830GJvdMAAD/Vsz/6aGQfHhpJwl4L8/4WwvhQq/DuU1umI1Q7r7FosXbos6g8wTWuM3ccD7V//tFDeVkaMKJzkLkQt0JbyzansijadTYjo0I1w15iH2nySBSIrsOJauBcw3XaP6NfAC3fN1lh/fDaj5HWud5v2ginWRfJNYalfMvTkXm2E5m8SXjanGJL1bHBle4TwEDNPT8+LFIJm8gf57rQRcRlh,iv:W3xvnTblM4Aa0dzDKiWqHM6B5zmu5ddk3D4tYAVNBiY=,tag:KelbYP9xbTmDaWiPrkS+Mw==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibGlMSU4vUEF5UlNVZzlr\nMTMyOFY2Zi8rZFdZT1JrelZEUUZkZHFvOFdzCjVPbVovaU9nZklJQWNZeDJZNm0r\nMXBIK2hsZEY0NElxTVVMWmN6WU1Ld28KLS0tIENaallkK05SMllia3prV25hZDR2\nZDBNU0dYYnJESG1JZGpvSGp1WW9UMVEKJgfdLp7BRXvyAekecNJiaBXmxSj1qNxx\nZeHceqEkfWV/PzX+RP4LHjXTQCLEOJijbKxDmxSsYq49hC9xjZASuw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-22T17:19:04Z", - "mac": "ENC[AES256_GCM,data:r1h9ouXb8o8Vk3/l3SX6hxbPApMn4BcCIs52Jhv9s9RYURMGb9qqPipbX7yFIYDBMka2qJJ0BneJz2EI60nTxx+QqATImR2oot2U6iONrelgs+AL3We//xpHOVHSxQ9XMmeEOcVqXEU3u843jV1RElxarRCwB9yM6IWTPx2qNzA=,iv:bS571Ddgz6Fbhyxy2bL/087ZTD7egcvPoLXD9uF8aN0=,tag:HJBI6G6ivRHhJMXYrNhIKw==,type:str]", + "lastmodified": "2025-11-09T22:41:57Z", + "mac": "ENC[AES256_GCM,data:iHmgHvT3yn5ayimvO+miRA3dA/0o4juBvBzWIXwtZyt5gSI4oJizMbRaX5coVJgeDdPsYaiQFqSnEPrPmrMIR16jdmscQLvz7X1gtdanMP++5q13jWOkiUHPC2nZy47M+36bzC2P/BHqKE782ERTGnD70VZO4a1lOa7pB32NutY=,iv:oOn9x/xf5g82GXdZ9fDxgEiUScXXfzSdEZccqFQLF4w=,tag:iEhx2Hm0yP6G/1w6cIgHIg==,type:str]", "pgp": [ { "created_at": "2025-07-02T12:10:18Z", @@ -37,6 +37,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "version": "3.11.0" } } From cea15be44d534044efd75b71d264cba240e4d53c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 10 Nov 2025 01:30:18 +0100 Subject: [PATCH 08/23] feat[server]: add initial router config --- SwarselSystems.org | 210 +++++++++++++++++- .../nixos/x86_64-linux/hintbooth/default.nix | 29 +++ .../x86_64-linux/hintbooth/disk-config.nix | 118 ++++++++++ .../hintbooth/hardware-configuration.nix | 24 ++ .../hintbooth/secrets/pii.nix.enc | 16 ++ hosts/nixos/x86_64-linux/summers/default.nix | 2 - .../x86_64-linux/summers/secrets/pii.nix.enc | 6 +- hosts/nixos/x86_64-linux/winters/default.nix | 6 +- .../x86_64-linux/winters/secrets/pii.nix.enc | 6 +- modules/nixos/server/router.nix | 56 +++++ profiles/nixos/router/default.nix | 12 + 11 files changed, 470 insertions(+), 15 deletions(-) create mode 100644 hosts/nixos/x86_64-linux/hintbooth/default.nix create mode 100644 hosts/nixos/x86_64-linux/hintbooth/disk-config.nix create mode 100644 hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix create mode 100644 hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc create mode 100644 modules/nixos/server/router.nix create mode 100644 profiles/nixos/router/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 870a41c..656b149 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2973,6 +2973,191 @@ This is my main server that I run at home. It handles most tasks that require bi #+end_src +**** Hintbooth (Router: HUNSN RM02) + +***** Main Configuration +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/default.nix + { lib, minimal, ... }: + { + + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + swarselsystems = { + info = "HUNSN RM02, 8GB RAM"; + flakePath = "/root/.dotfiles"; + isImpermanence = true; + isSecureBoot = true; + isCrypted = true; + isBtrfs = true; + isLinux = true; + isNixos = true; + rootDisk = "/dev/sda"; + swapSize = "8G"; + }; + + } // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = true; + router = false; + }; + + } + +#+end_src + +***** hardware-configuration +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix + { config, lib, modulesPath, ... }: + + { + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + } +#+end_src +***** disko + +#+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hintbooth/disk-config.nix + { lib, config, ... }: + let + type = "btrfs"; + extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; + }; + "/home" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/home"; + mountOptions = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; + }; + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + }; + "/log" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/var/log"; + mountOptions = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + "/swap" = lib.mkIf config.swarselsystems.isSwap { + mountpoint = "/.swapvol"; + swap.swapfile.size = config.swarselsystems.swapSize; + }; + }; + in + { + disko.devices = { + disk = { + disk0 = { + type = "disk"; + device = config.swarselsystems.rootDisk; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + root = lib.mkIf (!config.swarselsystems.isCrypted) { + size = "100%"; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + luks = lib.mkIf config.swarselsystems.isCrypted { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh + settings = { + allowDiscards = true; + # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + } +#+end_src **** machpizza (MacBook Pro) :PROPERTIES: :CUSTOM_ID: h:28e1a7eb-356b-4015-83f7-9c552c8c0e9d @@ -7167,16 +7352,12 @@ lspci -k -d 14c3: } #+end_src -**** kavita -:PROPERTIES: -:CUSTOM_ID: h:d33f5982-dfe6-42d0-9cf2-2cd8c7b04295 -:END: +**** Router #+begin_src nix-ts :tangle modules/nixos/server/router.nix - { self, lib, config, pkgs, globals, ... }: + { lib, config, ... }: let serviceName = "router"; - serviceUser = "kavita"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -19738,6 +19919,23 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a } +#+end_src +**** Router + +#+begin_src nix-ts :tangle profiles/nixos/router/default.nix :mkdirp yes + { lib, config, ... }: + { + options.swarselprofiles.router = lib.mkEnableOption "enable the router profile"; + config = lib.mkIf config.swarselprofiles.router { + swarselmodules = { + server = { + router = lib.mkDefault true; + }; + }; + }; + + } + #+end_src *** home-manager :PROPERTIES: diff --git a/hosts/nixos/x86_64-linux/hintbooth/default.nix b/hosts/nixos/x86_64-linux/hintbooth/default.nix new file mode 100644 index 0000000..b7a9049 --- /dev/null +++ b/hosts/nixos/x86_64-linux/hintbooth/default.nix @@ -0,0 +1,29 @@ +{ lib, minimal, ... }: +{ + + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; + + swarselsystems = { + info = "HUNSN RM02, 8GB RAM"; + flakePath = "/root/.dotfiles"; + isImpermanence = true; + isSecureBoot = true; + isCrypted = true; + isBtrfs = true; + isLinux = true; + isNixos = true; + rootDisk = "/dev/sda"; + swapSize = "8G"; + }; + +} // lib.optionalAttrs (!minimal) { + + swarselprofiles = { + server = true; + router = false; + }; + +} diff --git a/hosts/nixos/x86_64-linux/hintbooth/disk-config.nix b/hosts/nixos/x86_64-linux/hintbooth/disk-config.nix new file mode 100644 index 0000000..a4b5089 --- /dev/null +++ b/hosts/nixos/x86_64-linux/hintbooth/disk-config.nix @@ -0,0 +1,118 @@ +{ lib, config, ... }: +let + type = "btrfs"; + extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; + }; + "/home" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/home"; + mountOptions = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; + }; + "/persist" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/persist"; + mountOptions = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + }; + "/log" = lib.mkIf config.swarselsystems.isImpermanence { + mountpoint = "/var/log"; + mountOptions = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + "/swap" = lib.mkIf config.swarselsystems.isSwap { + mountpoint = "/.swapvol"; + swap.swapfile.size = config.swarselsystems.swapSize; + }; + }; +in +{ + disko.devices = { + disk = { + disk0 = { + type = "disk"; + device = config.swarselsystems.rootDisk; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "defaults" ]; + }; + }; + root = lib.mkIf (!config.swarselsystems.isCrypted) { + size = "100%"; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + luks = lib.mkIf config.swarselsystems.isCrypted { + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh + settings = { + allowDiscards = true; + # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36 + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + inherit type subvolumes extraArgs; + postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' + MNTPOINT=$(mktemp -d) + mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5 + trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT + btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank + ''; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; + fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; +} diff --git a/hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix b/hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix new file mode 100644 index 0000000..21725ec --- /dev/null +++ b/hosts/nixos/x86_64-linux/hintbooth/hardware-configuration.nix @@ -0,0 +1,24 @@ +{ config, lib, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc new file mode 100644 index 0000000..e9aa129 --- /dev/null +++ b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc @@ -0,0 +1,16 @@ +{ + "data": "ENC[AES256_GCM,data:dXhWlutdXYLxq7pAWK77lK1mz1y/lh0nl4mHa/jf4ABaQxkB9or1/ceEGwzUoFZAP+EmCuz35UpGYuT4jdti/BPDFsg3273NjVxfPBdV3Mr75FpEG56tMZKafUwARtwsBGQcIduPUgymOxKxUzy5YJokbdFThAa9Y25OFKDwOtN33NSG5QT8tEtBOFzeUx5K+9Kt1YDFCgl8dOOFtA==,iv:wZ1VY7IcK2dFjgrGZrUg+Oz3id8DZKzVgPMkjBrp1GE=,tag:F0SH8w32ec09P3NaMLcuTA==,type:str]", + "sops": { + "lastmodified": "2025-11-09T23:30:30Z", + "mac": "ENC[AES256_GCM,data:odBcMskVn/ag12j/sDxqD7/8q3GD+LPfoRQ4UcwiFAdRWIRyLKdG3HUJzt1yEVQnpvaHHOq3QmGC34FPA+GT6zw6TC9EacibmigX5uT+n6hYdVgXy97T/nD9ITtq6gVy8VjWugKpqMwTDta1HV037DKTf7LDmrTUaFhzFmtzNyA=,iv:CjkjUwCzACzuUI/TceDeopRsT9xiIZxciGq7UeBEVTw=,tag:ySF9Dxha7it2F2g81NZ+EQ==,type:str]", + "pgp": [ + { + "created_at": "2025-11-09T11:20:20Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAgiGGUn4Dhw6aB34J+332lw/CMPnZb3apThxgKjAVLKDz\neEeG+iD3iOJ3m+xg0KhgV5m2nykw0LXcXlErNIxnBmPm91DiQuW2Nzgz2J9FYF+J\nMHZ65JG+9nEt6dUplEKTBS492hiKrfD6a3BR/WFy9qrv0uY8DutAeUbkXVXqY+Sn\nxTTu2DK9Yy6lps2gmaZ1nJwLffaILyZuwYqMKtv1d1tEQFsBbkwh1chj0857nldD\n4t+bDYpMa1eFBQ/vi4YfMrw19Qq0xEWo7nKdT/pj8qAW9c4D7pHf7rm4t0T+H3tN\nfk1dJKuZuITXRrIth1zhq5bLepsIWtk/hG9fNKPbYj+xThhbCWEpH18FVVJsPCtv\nksZ3i70uz6FvyMYxyNANTMIxVa+SI+dhx6bCGQ/I9xFxK2Yju/yL6Gt4av3GhyjK\ncd8B5AlIKzxDvhWBMakjf+R/I63a7AlI9QliZhEFrpNOdcBu78ZvtKKplJ6fG8SZ\nExCFFf/qtqHtM0rvl8wyyVntD2r9WLKwDF7+tlygxbexqCaVs8CPtuiswOEGldc3\nZkG+zYsXSvBmyyfwrVYoIKRjJ1QiYys+EE5OdfI9kZ/I+kByiwr6PRHDnIkuc7jj\n8odeSq/KVMwS3d0u3c6qTPWbnSvAa6KM91dnMaXb0ws/B0eNE22USNk//KVfdKKF\nAgwDC9FRLmchgYQBD/99q4jpY7LnuV12/KxqZvbSHkBlO3HlBDYfmAYUn1gYS83T\ni+eGlWqHlXAwaqDnz5hGKe/yHRBVZjUO8Ic61ujHH28dPC++hMDkfq9sBH9mXeXA\nfovVEQJOiF65K40Lel9FAa9E5yjGSvcocqBrsh4usS6jTrFJmnat4poCnJDG+Ova\n7S2kD2FEwQxRRFlWX8I7nsmdxgATIIVhLgvCImJKAb2GEBmXx/Vpj6UTG5H+dvtP\niYtHxq0QOpeR47wNc5nUTaHTP0Lsj9hB4SS7rTdKHptXEtHCEznM7SEarNCt+MQY\nQd5O/x3cItJKADxV2JO2XPL96hqlX/e6+CWcsW89nAbuIID651b7ZWBw19F+62dt\nxlVrehcsYWLz+GuGBYysx+/0EVuZ422AEi/v9ft5YdigXrxq0ddJKRtFvcQFMh0G\n2w12fADrzX2ExzTWWc7FIwBmCr5XcwLVtmwU2bOD8mX36B7UPybBDsZ5J7/fr3TP\nYIz5ApQI5ewNsBhVoyJxSJQ6IoEBC5udrGNBMKOgZEYW+1MTWPojDU9eIg0Mew1D\n7PkXYEDrHBUccbaePLViUPcEeGkE7gB/FAWsIIfjRFzR8GDJpf/RnEK7G4mvPrIw\nlH8ARzgA93gtGOyx0DVOg+zIeplbARgZoIhyX3QCpsOTPz/CmBZIwMikRZfag9Je\nAfBikUXA2MBcIDAocQAKFILnFLyY7qgNKhvqhiCc+j04GmP7mjtAiZXP7lyUauRM\nt2PUcec90jfk0wsT1DXfeJKuWVa1hkv4/2Ejz5/PXa6ZQbrmBtZG9ZIDk2VveQ==\n=k0BA\n-----END PGP MESSAGE-----", + "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.11.0" + } +} diff --git a/hosts/nixos/x86_64-linux/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix index 43c4b49..3b6051b 100644 --- a/hosts/nixos/x86_64-linux/summers/default.nix +++ b/hosts/nixos/x86_64-linux/summers/default.nix @@ -11,8 +11,6 @@ loader.efi.canTouchEfiVariables = true; }; - # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; - networking = { inherit (config.repo.secrets.local) hostId; hostName = configName; diff --git a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc index dae95ff..6f72187 100644 --- a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:XTHUIhn7yVn2/EvZBSg1v+EU154Kj0hgvHbUdpnc2W4U+0UNBlqxRvVxw8XFm8uo1en2hXoS,iv:XeEzWY0UB/QqbxoIQJEOkWlaU5nyETl0Aki7iyRq/Y8=,tag:rcNiCc5a6+wLYAzX1pMxxQ==,type:str]", + "data": "ENC[AES256_GCM,data:PFtZdHoWzYmrHio52kBZ7LDthUI+qAPBfCqkY/ubTIwVJoaZixXbuzJdJuA84YH5YBZ/umTYG/9Ocs4hNbCYoPcG6VdreIcqwVxD6PgCEtqtTK0qxOfBqdIXQ1Gl2EzyMuxQm3pFFEx1zzueJ3KvdZEZRtzvytLlw/pKkETLECAxqAoZ5fSVApzIczGI053046v7ItdulGLOZGc=,iv:0EhqmcDH8yFC78H2tuhGbu49ZzVaMtdvf/7XuNU9hyo=,tag:/8rHZKR6CLH7HNAaK5EDOg==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-06T11:16:16Z", - "mac": "ENC[AES256_GCM,data:rBE1qTiaLme63i23YL16qmDE6rcKaxwWwzzqgsv4SmKCBJonjiyUc4DyRU8JuCbTx6K9+4VtERJzTLlbXhvjXl27LRQtfbNSBXBIyTgdSz0Fo46lDdVUMFSdPDbU97XAx9P3eu425aspkJYxffOJ2lvqinAVuw9U6oBpot5jVaw=,iv:N3mp0DY80UVGa4Vf4ya+5B/9w8iTihAyg/XgStgtHAo=,tag:tKjnbFm0yFddj759OK5Mdw==,type:str]", + "lastmodified": "2025-11-09T23:30:06Z", + "mac": "ENC[AES256_GCM,data:/af6vMgOLZ6bqLdwhmCg9lX+S1afi3HoKeVhrEgxtjrob3IIHMoD2YqP+PhXazGTyArBPEHxojZ9ew8SqedosID61nE8H45gMV6jz8g4hF9sm7c5CRavEk7Lgy4kO4Xw6LyUEO379RUa3OOrhKrOI2+zWf+NkCQf8Hy79Cc56Ds=,iv:BDuCygDtMYdYfd8p3xZSNN4ZaFiN9WbNRD+3LSluwlY=,tag:+S01XGwLZcCa9c8IDDjjGg==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/hosts/nixos/x86_64-linux/winters/default.nix b/hosts/nixos/x86_64-linux/winters/default.nix index cbe391e..c50b4a7 100644 --- a/hosts/nixos/x86_64-linux/winters/default.nix +++ b/hosts/nixos/x86_64-linux/winters/default.nix @@ -10,7 +10,11 @@ loader.efi.canTouchEfiVariables = true; }; - globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4; + # globals.networks.home.hosts.${config.node.name} = { + # ipv4 = config.repo.secrets.local.home-ipv4; + # mac = config.repo.secrets.local.home-mac; + # }; networking = { inherit (config.repo.secrets.local) hostId; diff --git a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc index 053a465..cdcc63e 100644 --- a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:i8kqmycc80NLcOirK7D20hxsWWFGNMx5d1SDueaSTmymvTb0rNMFiRoLf44c9Bc5yBySg9zRNCJ8lyc1SZH5YAqIYGN8y4nzOTxyPxT1R+Igtzm49sBdp1dK6MVCW1/xIsjDE/niV19l9LTptN7neCIEuDjB22bSMRhfVOxOiSwd2FKBeH61XACFLAz3AuVC4a+FhqsBkmLOAg7SIG0xdsyi2tjuTOCiMci9eQk8q9XkmLQC3z6vBaIBxPErkIG/fyhNBYt0Hv+37b/TFVbBL9qnGK369Ln9EUm0IarInaq9haxE18DkI5bzlJH5hw4JNjMGFz8av6rOJT5oW52yPor1RBodwUtP6YDQCQsdINIbjmAM9C0HGBY31nyy07fVT+QDcNydjT1fEXLSJTseO5E/MrRCVBioorBpG+5kBBQhRMihGeT8htVGVQpiJC7peARRfSQTUqjNH/esWTPCk0xPOXgApgPIbXBIJFj4RiH2erzN1PKPpuGZfuqbEr63VXCp6t0jttZKDEEjob1ZJMKfiqRubaz+ycg/sxFb1p+l9O21ihW8jM9huiBpVTc+mHU0ENTSstC4uB5LG6HMqV9vmqrKP4OM13vifggpQ6K9VRXebpI/t4tdRETcwWIMo/LRCmhGO4o0+1tNG+ayVDVmY/ORJu/Nrl61TtmUXxGc74Vd1sea+60LuqDHdIEs06thxFLSCVXaxa70gTlQIlVSEJBz9yaAMm7Iw4CSvLbYTXrRg6P/jIZx7rGSyC7I/kFMAPsa2KYxUUkBNd8zSoHyf8paxbgocb3yNcMtHIyNYiOXaLgr56DasJKsXTdjnuic6PLBCd9+U9o9R4wdBw4CGHZ3+3P+LexImkK9InVTm3QD9gyWtgDe66jrQMJxicixtx6hKvP0P0nmjhE6UjhfMMYV2Qu7vx1APhE62KF9y+axIlKju4kYkRhC9BHi2FuZUCFkPiPd/RRWzBTuChnKud9TWTixBtzpBI39/5e3i8f55hcG0XkUT+rMolq/hCObIczq7M2TVrZK4vUGByHXi1Vljk+K2tUZLVGq+Vpa7JUfmyp/qdUBG5FFXBBLUmAA0yjR+XxTtuZ4+M7JdgoYlzXEN8AbyBTEfVps4HJVPfwWMZaXEWqc7fwSVNlkRpIGSkbF8+tzBd0M66FtjbC9hs1P/SwwUr/ZTwJW0D8EXDUOJo2VCGpGtzHZpg5wd7qPTKL20fLVrpdfKIMeBrPtpCkv2YAzSXClAMQqMJ1DtrFr9WNeTAv0ROwkfnGIYwFpDnK3Xy3Z9V1HlZY3K/UYybzb43Dvtl0qWcSmXxKWLK0rqe3r4sWKA/gpOi8UIyCssAv5At0JO2e0yBJv7tXi+WGNZIBEy559EYdnfHty2KZTR5M/PiP5t1PMbuzUkee3voybnAioCZfGsh5Ln04ZihUHbtbxocM4yieaqBd7nryO81b1ZARoZKbASaGMc7y65pgsA1MiNnbtGIZUwlNyg1q3iZxdtkG6qgG2vCY9Z6JNXXl6RoBmbDbCaIzvid8OXvK8z0z4t0BpYQCFVb3/sEAqweUnQffstEFB,iv:+cS1MmSlZWLdRt5Ey31y6WrDAudgjHxsUbfCBUK0/Sg=,tag:byOqNWWPQmlrDWQO1tRRJQ==,type:str]", + "data": "ENC[AES256_GCM,data:4SiiMDgtS3KPoG/fuYnfzaxVycaQsSycTODMQQS9a4ICcZFY21LdKCRQs8N908ndBrdjMIHMhG6LDI1RVRs6m5EBZLYho3dzvf3YlpztnypaGrAkXfTnCuvP15vvAOgHnJYF3PQ41XcKoQ9yKRJGv3E/1lt2bkGkZsH43aDizz/BfRXpKKOezLkzumi6IYiwrVrdPHf0yQj7qeMBfPi9WBicf+/daonOOssa1JMqZ8B+Uy8tG0qi6JlL2eQa18njDfV7rcmGyQGUYBkVoc2E+YYrAUbB7KDYSwe3Gqzo75Ls6IjH8O0KemYnqPbOIPrlrAsGPen+ZAT6tdCQ9QCNwXlGLERRidVcSWjjk32VthlLzXGrhXoChidwui7ff8SwUXIf9OyV1E4wREdPJPBkOBVKOhaCEZfEavREHRTlftmE0KHi6k4CXKi2HPvOvOt4HvHALSFJCKkmrn+8THv01niHS0X3iQfIJCzPpXFCkKVYB+2t/NOPeB6qJsI3+eLpd7jhU9p4q6Ny/OmSpYRFgqqF4TXg+npYQm7L1bqSkpRqbzfQmS9MdEl/h79K2x2GYBmTOAR6fs7c7kUFiXoxrP56Sh3sLyTuhzD3VGJ6HxHFlaIXAi3tZ9VObSCa3zpLWv7j6e3vNp01Z0O0UfJ5ZNNHOe+IIyUtEAA9ywLxU+uRuCsBe7PZeT95WpfDkiQVY3LPXxFr92dE4w6Ex6CZyneUF3wOwDqxVi+J2FXAJkYXDi6uE3kyBhn77FsaEVx5H/GxxsT8cFXEa6EjhQ0/eQTw7DYZ11urgN7iNDKrhh4oPnkI9HRrIaqbtaW3H8Rzx01/JkkfOdhiXHxYILm4W6YnLt0kTPI+nNgUEX2/H5h12xXPCF4isK6oHe+DExbP+5Ccz0AOEueNMn0LxH/zhG/f6k7sdOs05PIC0p56v1yRrhYtaVemFdfSWI4dgaXpygR5h2YtrGDHKq8vlsafIa8olrjbgMMpeXjrnpDSC8MgQ55wLHAEIVWPdKmr74704gGKz7PL6L0DAqh8YMTIHaOdf5h520qqiFm0bJWttrPhi0LvHlZUsumgGJ+MqQdRpxbnjo3q8rY0pwyVNxCHieKdchjdCeH9+xhoMpVvjwudrbsycyeF2Bm/TY5emoSTKWq8ucnkpTqXUpuRpi6kaqQRZIMoSR4BjsfGDcNrT+SWqjVnkOOx5EL7B0cJUt9QGaWeSsTj3JK7InnhfyKr44f4e0T2RHjwarZoW9OnPFJnwnsvUarQ5U8LRdRfY0H74XoMdfpZhlTgV1sS37MdKjgakQzVRY5ANA3H4VmaTeJxjPelSnve/Vtkp3SPIuhacfBkMCkoDGPqjR8nmJ1vZdqM9RlLyZcNnZxqsQHT0/wqHSAImfZiLiTHIpkBucYOvt1/OuFrnUTz8XtHFZU6f3tMTM5pCZS5/X2nA+LXiW7+uoIcYpowPb5iVfkFc0T/rSWbqqZoR+kAWFllGK+k9h8brlGyKdwBWF45xWmpl4CSwvngzKKW14f3Ljlf7NyrcUXOxHfrL3wzIoYMFcqNWLh6D4qPt3cqJDihYzF4GYu73VJhUK6sn2GqZ/XCttfBd5MfrvSqLv4iHmrYC3oXl0JS+J7LuZudWIJSEDGhv1ZUdUKahKWsfMvmmVnk28AczdE/rBiAJ+9POeRmGYJ743PSua0k+tBIUbdQ+xkuruenII4pK37yd5H0Ic4ATtcVg0Bg4se5JBXmEoHodO5t2Vg8gUXVI+Xc,iv:C/7cgdkpNmOIeb8cdYI0rbyxebJLgpqIU8ezO+zRqCA=,tag:NywhkBzKpQrJ3H7ZKxvYgQ==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-04T09:26:35Z", - "mac": "ENC[AES256_GCM,data:T8GqsMxfFB9s1EOeLHNzxoz23FCOnlNsBsbvMxiLq7a78xt5Xw3dVN/IWfkyiCDwfSjo+fVx2yEd5tP/B3fSN7S8WJNSe5ZywLpal/RlsCzv7ARvbVCaBx22S4az97JsR1qQUcGSvoiTH5e/0t2tBtimGJ1witbvbiGkTBp8taw=,iv:Qs26cjeMLtRhTDO91yfBo93wUKJ9zVfUbJ8o6myHGUo=,tag:FbT8emz6q1QnXdxoX6hsYQ==,type:str]", + "lastmodified": "2025-11-09T23:29:33Z", + "mac": "ENC[AES256_GCM,data:UU9a1Yg8Inmcht6gc2pTi3GpV945YAMdVN08Q2/yjg5850N3VhVcD0dsu/bn+4fOSvOiDtWzkoqq1PquRWJbfDjZJxl0aivU7UHN3st64nxIc/mKKZp7VwavMDTVDQScRlpaPZoC0zZ5CDQtBQisfY2AiDtfUVBKZLfuvI3Kjsc=,iv:RPcSwZHVlTo8laro1bCAaJT8KXXCtLHJk1iH4zaZbgk=,tag:qOhN4DNr+d1/34R6L78PLg==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/modules/nixos/server/router.nix b/modules/nixos/server/router.nix new file mode 100644 index 0000000..fb8112a --- /dev/null +++ b/modules/nixos/server/router.nix @@ -0,0 +1,56 @@ +{ lib, config, ... }: +let + serviceName = "router"; +in +{ + options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + config = lib.mkIf config.swarselmodules.server.${serviceName} { + + systemd.network = { + wait-online.anyInterface = true; + networks = { + "30-lan0" = { + matchConfig.Name = "lan0"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "30-lan1" = { + matchConfig.Name = "lan1"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "30-lan2" = { + matchConfig.Name = "lan2"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "30-lan3" = { + matchConfig.Name = "lan3"; + linkConfig.RequiredForOnline = "enslaved"; + networkConfig = { + ConfigureWithoutCarrier = true; + }; + }; + "10-wan" = { + matchConfig.Name = "wan"; + networkConfig = { + # start a DHCP Client for IPv4 Addressing/Routing + DHCP = "ipv4"; + DNSOverTLS = true; + DNSSEC = true; + IPv6PrivacyExtensions = false; + IPForward = true; + }; + # make routing on this interface a dependency for network-online.target + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + }; +} diff --git a/profiles/nixos/router/default.nix b/profiles/nixos/router/default.nix new file mode 100644 index 0000000..256cfa0 --- /dev/null +++ b/profiles/nixos/router/default.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + options.swarselprofiles.router = lib.mkEnableOption "enable the router profile"; + config = lib.mkIf config.swarselprofiles.router { + swarselmodules = { + server = { + router = lib.mkDefault true; + }; + }; + }; + +} From 31447d9a3f947cd02aea5b6904011035dda08318 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 11 Nov 2025 00:57:47 +0100 Subject: [PATCH 09/23] chore: decomission milkywell --- SwarselSystems.org | 495 ++++++------------ .../nixos/aarch64-linux/milkywell/default.nix | 50 -- .../aarch64-linux/milkywell/disk-config.nix | 97 ---- .../milkywell/hardware-configuration.nix | 22 - .../milkywell/secrets/pii.nix.enc | 22 - 5 files changed, 148 insertions(+), 538 deletions(-) delete mode 100644 hosts/nixos/aarch64-linux/milkywell/default.nix delete mode 100644 hosts/nixos/aarch64-linux/milkywell/disk-config.nix delete mode 100644 hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix delete mode 100644 hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc diff --git a/SwarselSystems.org b/SwarselSystems.org index 656b149..ed74492 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3301,207 +3301,6 @@ I have removed most of the machines from this section. What remains are some hos - =MilkyWell=: cloud server used for very lightweight sync tasks of non-critical data - =Moonside=: Proxy server + some lightweight services -**** MilkyWell (OCI) -:PROPERTIES: -:CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf -:END: - -For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways. - - -***** Main configuration -:PROPERTIES: -:CUSTOM_ID: h:922105c3-a604-47d9-918b-db1803784c75 -:END: - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/milkywell/default.nix - { lib, minimal, ... }: - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; - - boot = { - loader.systemd-boot.enable = true; - tmp.cleanOnBoot = true; - }; - - networking = { - nftables.enable = lib.mkForce false; - hostName = "milkywell"; - enableIPv6 = true; - domain = "subnet03112148.vcn03112148.oraclevcn.com"; - }; - - topology.self = { - icon = "devices.cloud-server"; - }; - - hardware = { - enableAllFirmware = lib.mkForce false; - }; - - swarselsystems = { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - isBtrfs = true; - isLinux = true; - isNixos = true; - }; - - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; - }; - } - -#+end_src -***** hardware-configuration -:PROPERTIES: -:CUSTOM_ID: h:64dddedd-9b13-4b74-baf0-1d54d5a89d3b -:END: - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix - { config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot = { - initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - } -#+end_src -***** disko -:PROPERTIES: -:CUSTOM_ID: h:cec82b06-39ca-4c0e-b4f5-c1fda9b14e6d -:END: - -#+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/milkywell/disk-config.nix - # NOTE: ... is needed because dikso passes diskoFile - { lib - , config - , ... - }: - let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; - in - { - disko.devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - } - - -#+end_src **** Moonside (OCI) :PROPERTIES: :CUSTOM_ID: h:f547ed16-5e6e-4744-9e33-af090e0a175b @@ -3515,168 +3314,166 @@ This machine mainly acts as my proxy server to stand before my local machines. :END: #+begin_src nix-ts :tangle hosts/nixos/aarch64-linux/moonside/default.nix - { lib, config, minimal, ... }: - let - inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; - inherit (config.swarselsystems) sopsFile; - in - { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; + { lib, config, minimal, ... }: + let + inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; + inherit (config.swarselsystems) sopsFile; + in + { + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + ]; - sops = { - age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; - # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; - secrets = { - wireguard-private-key = { inherit sopsFile; }; - wireguard-home-preshared-key = { inherit sopsFile; }; - }; - }; + sops = { + age.sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = lib.mkForce "/home/swarsel/.dotfiles/secrets/moonside/secrets.yaml"; + secrets = { + wireguard-private-key = { inherit sopsFile; }; + wireguard-home-preshared-key = { inherit sopsFile; }; + }; + }; - boot = { - loader.systemd-boot.enable = true; - tmp.cleanOnBoot = true; - }; + boot = { + loader.systemd-boot.enable = true; + tmp.cleanOnBoot = true; + }; - environment = { - etc."issue".text = "\4"; - }; + environment = { + etc."issue".text = "\4"; + }; - topology.self = { - icon = "devices.cloud-server"; - interfaces.wg = { - addresses = [ "192.168.3.4" ]; - renderer.hidePhysicalConnections = true; - virtual = true; - type = "wireguard"; - }; - }; + topology.self = { + icon = "devices.cloud-server"; + interfaces.wg = { + addresses = [ "192.168.3.4" ]; + renderer.hidePhysicalConnections = true; + virtual = true; + type = "wireguard"; + }; + }; - networking = { - nftables.enable = lib.mkForce false; - hostName = "moonside"; - enableIPv6 = false; - domain = "subnet03291956.vcn03291956.oraclevcn.com"; - firewall = { - allowedTCPPorts = [ 80 443 8384 ]; - }; - wireguard = { - enable = true; - interfaces = { - home-vpn = { - privateKeyFile = config.sops.secrets.wireguard-private-key.path; - # ips = [ "192.168.3.4/32" ]; - ips = [ "192.168.178.201/24" ]; - peers = [ - { - # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; - publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; - presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; - name = "moonside"; - persistentKeepalive = 25; - # endpoint = "${config.repo.secrets.common.ipv4}:51820"; - endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; - # allowedIPs = [ - # "192.168.3.0/24" - # "192.168.1.0/24" - # ]; - allowedIPs = [ - "192.168.178.0/24" - ]; - } + networking = { + domain = "subnet03291956.vcn03291956.oraclevcn.com"; + firewall = { + allowedTCPPorts = [ 8384 ]; + }; + wireguard = { + enable = true; + interfaces = { + home-vpn = { + privateKeyFile = config.sops.secrets.wireguard-private-key.path; + # ips = [ "192.168.3.4/32" ]; + ips = [ "192.168.178.201/24" ]; + peers = [ + { + # publicKey = "NNGvakADslOTCmN9HJOW/7qiM+oJ3jAlSZGoShg4ZWw="; + publicKey = "PmeFInoEJcKx+7Kva4dNnjOEnJ8lbudSf1cbdo/tzgw="; + presharedKeyFile = config.sops.secrets.wireguard-home-preshared-key.path; + name = "moonside"; + persistentKeepalive = 25; + # endpoint = "${config.repo.secrets.common.ipv4}:51820"; + endpoint = "${config.repo.secrets.common.wireguardEndpoint}"; + # allowedIPs = [ + # "192.168.3.0/24" + # "192.168.1.0/24" + # ]; + allowedIPs = [ + "192.168.178.0/24" ]; - }; - }; + } + ]; }; }; + }; + }; - hardware = { - enableAllFirmware = lib.mkForce false; - }; + hardware = { + enableAllFirmware = lib.mkForce false; + }; - system.stateVersion = "23.11"; + system.stateVersion = "23.11"; - services.syncthing = { - dataDir = lib.mkForce "/sync"; - settings = { - devices = config.swarselsystems.syncthing.devices // { - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; - }; - }; - folders = { - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "pyramid" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; - }; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; }; }; - - swarselsystems = { - flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = false; - isSwap = false; - rootDisk = "/dev/sda"; - isBtrfs = true; - isNixos = true; - isLinux = true; - syncthing = { - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; - serviceIP = "localhost"; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; + }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; + }; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; + }; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; + }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; + }; + }; - swarselmodules.server = { - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; - }; - } + swarselsystems = { + flakePath = "/root/.dotfiles"; + info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; + isImpermanence = true; + isSecureBoot = false; + isCrypted = false; + isSwap = false; + rootDisk = "/dev/sda"; + isBtrfs = true; + isNixos = true; + isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; + }; + }; + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + server = true; + }; + + swarselmodules.server = { + oauth2-proxy = true; + croc = true; + microbin = true; + shlink = true; + slink = true; + syncthing = true; + diskEncryption = lib.mkForce false; + }; + } #+end_src ***** hardware-configuration @@ -3866,6 +3663,10 @@ This is a slim setup for developing base configuration. I do not track the hardw minimal = lib.mkForce true; }; + swarselmodules = { + servevr.network = lib.mkForce false; + }; + swarselsystems = { info = "~SwarselSystems~ remote install helper"; wallpaper = self + /files/wallpaper/lenovowp.png; diff --git a/hosts/nixos/aarch64-linux/milkywell/default.nix b/hosts/nixos/aarch64-linux/milkywell/default.nix deleted file mode 100644 index 3dda192..0000000 --- a/hosts/nixos/aarch64-linux/milkywell/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ lib, minimal, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - ]; - - boot = { - loader.systemd-boot.enable = true; - tmp.cleanOnBoot = true; - }; - - networking = { - nftables.enable = lib.mkForce false; - hostName = "milkywell"; - enableIPv6 = true; - domain = "subnet03112148.vcn03112148.oraclevcn.com"; - }; - - topology.self = { - icon = "devices.cloud-server"; - }; - - hardware = { - enableAllFirmware = lib.mkForce false; - }; - - swarselsystems = { - info = "VM.Standard.E2.1.Micro"; - isImpermanence = true; - isSecureBoot = false; - isCrypted = true; - isSwap = true; - rootDisk = "/dev/sda"; - swapSize = "4G"; - isBtrfs = true; - isLinux = true; - isNixos = true; - }; - -} // lib.optionalAttrs (!minimal) { - swarselprofiles = { - server = true; - }; - - swarselmodules.server = { - forgejo = lib.mkDefault false; - ankisync = lib.mkDefault false; - }; -} diff --git a/hosts/nixos/aarch64-linux/milkywell/disk-config.nix b/hosts/nixos/aarch64-linux/milkywell/disk-config.nix deleted file mode 100644 index 4dac343..0000000 --- a/hosts/nixos/aarch64-linux/milkywell/disk-config.nix +++ /dev/null @@ -1,97 +0,0 @@ -# NOTE: ... is needed because dikso passes diskoFile -{ lib -, config -, ... -}: -let - type = "btrfs"; - extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - "/home" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/home"; - mountOptions = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - "/persist" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/persist"; - mountOptions = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - "/log" = lib.mkIf config.swarselsystems.isImpermanence { - mountpoint = "/var/log"; - mountOptions = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - "/swap" = lib.mkIf config.swarselsystems.isSwap { - mountpoint = "/.swapvol"; - swap.swapfile.size = config.swarselsystems.swapSize; - }; - }; -in -{ - disko.devices = { - disk = { - disk0 = { - type = "disk"; - device = config.swarselsystems.rootDisk; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - root = { - size = "100%"; - content = { - inherit type subvolumes extraArgs; - postCreateHook = lib.mkIf config.swarselsystems.isImpermanence '' - MNTPOINT=$(mktemp -d) - mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5 - trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT - btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank - ''; - }; - }; - }; - }; - }; - }; - }; - - fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; - fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true; -} diff --git a/hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix b/hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix deleted file mode 100644 index 7e5e589..0000000 --- a/hosts/nixos/aarch64-linux/milkywell/hardware-configuration.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot = { - initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc deleted file mode 100644 index ee0fd44..0000000 --- a/hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:4mDIWJ+WBn4c3US7Gby15hCtYYS6gYR1asm3SafO6/qyPKrcfKN42d2iIZEIPEq5yVj6OKt7ccFjQI2q3p8Dpb+HNYzHeGRcwBXKPL5hbVziP7Ik8pAYib7klUSmMelqOkc0aS1kyRyQzpvQoA6T7vNqEdm8kBR4SRs=,iv:7ZTbZh7TnCnfZ33g88Bsk3TISfhxz3+4cB1KiFucCMM=,tag:QgPChPUmZiB4AhH2xXturA==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZWxybEZUcjlIdmtOS3Az\nbGt2czliWHBlUWNsNDA0cTJLeXdFOXE1NHh3CllaWGh1ZEZINDhPMUdCZUQ3Ritj\ncTdpRFRHaFdBa3NPWk40WjVlaTlrQmMKLS0tIEZnYkc3Z2hzZXV1eGlsaktyckVT\nbTIrZ3BvZDNkRGpoZ2ZncVlwZysxMW8KU0vsVA9gG63M1ecqk918QHh7P+MSbKaM\nRv/HVAvCzNcMFwPUC7zF0jN0FpAl7eNGkniUMCzGyXHty4anSDyt1g==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-06-11T13:01:41Z", - "mac": "ENC[AES256_GCM,data:urkp4cEP8fzSvroewVTbVfFK4O03qKnd+Ch3ASJAo1xu++y+fuFFyRcvrY57xU32H+mK2ipSkl2FkeTYB2fNDpXzTIyCWGQPZ4i3doqmFkV1UPjjov8Cc/LY7eRQYj84pF9sFRMdAwtaUL3Kd4Ab45mO1fy7KYAW57zuUeZks/o=,iv:efnEEPHFu2EtRSyob3ozjHz4L1YHJ0AqzLb566pg5ZQ=,tag:VnrO5QFhdQFe9/7aJ9C/qw==,type:str]", - "pgp": [ - { - "created_at": "2025-06-11T12:59:00Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAvlrXaui4wqN1kgpfcZMf53RsJYbZp6//miZzas2xKVW3\nyvtubrrYBrHGPEnUuoHexsN4xiQ0zayOn+eLrbv5+8/jhjL6cxtv894+iHYcgkD7\nDc9M4f57Lf7qF9lGTo1pgPKRf2GbHbHfDgUjz5XcIUD0WAz0PCkGQqutP5daw7wV\nMo+fKm6yOxb+e89rlOUY26/LSy+5WMIoQ03tcWu92UZeVRvtEL2LIDQJ3+gCEBrL\nPI0SU84tIl1At1TkKhJkcZ9axn0vOc+LzhcdZ3K5AkAlvnx6/+KdFiVj7xQNQyfN\nJJs3U1HKDca0R6efTRveEoi5nWew2FPGmRfOD34DorokM46Ol0l1c4gL+2LjvPUj\ntEG3slBFoKYbPuj6GSA2H3U2LcgVbPtZggr7VN7d4bLiqT/PkUa2jjAcsqyb+Twc\ng9nmCiWFvrGR76dpvSdx6oO6O/etMcWT9A4fYMPStXcnT32N4q+qrV/+nFZm4BLp\nWvDYkgVWmiAwYTcwuAHS12yH9ymEQMRanSNyzRqjax+GVN70B5nNU5sn8Ch0ex7Q\n6qJZq1j+i/OtNITvnnCdOxefntM4UZzyeyqvU+rZx40KepyVD2XFWkp+9abev0iL\nVbJK5PmNRRxqLaRWxJu2f/Jb86hy60XjCcsWGxuo67ZReRWOHIuyQB15tr3DdReF\nAgwDC9FRLmchgYQBD/49wGPgfs1G4Y0qcAoqZWbdpbcqCwYEzlRK1DJdjFTtE8LO\n+IpA03seoy7qCAp3v86qg7YwjydA+vCJUk7FRFbLiesKDxS1ZRwZSWHuM/v46rj4\nJoTqOPjuJDzed8dFdl4082PrQ0z+dXjsK/ua6d6eQRw6JEgpTLbv7f6Ru4RyM93h\n3wUodncoqcyZ/Wy7qLKCy10CTaD/RRpVrKt18J0L17Qbevmap6tqRZI11GWBnb+R\nqChAvuBQnhN19+MxgJ9AC20SqUht2pBvUXAhWf9vEGoygWR2kXuxyxK2XYu26zXa\nBb33xNAd2BZ/zr7fDnwjROkhRJ0YWk4GqaUCfo3zmT/OtHUzoyIvi0um7obOPzUk\n6RJw3q3siiUXavvTvgJMhCySwzHLtrPGYzCiHfkQc555yRqoz1XrdZOoQyba288y\niMFVzrIp+jlN+shNfsumGIgtogiYl3yI+Ecib7ozwIXDyOmBfsGUFLZkleGXWoH+\n/ZU3stAVFsSzOVkw656NWgsAEnqP1T7TGBMP1vibDPNZBp9aExA+1XLyVbr7sFJG\nWT9ypYorj7hF3UW1Ep/1fmcYovXICieKPR8sLVdWrPxRXArezfoqMAFhxdw6y87n\nQUrOTy8XOwsERmMOWhcU54NgdU21MDI3/sgh20KznNUU1iIOPQgfeobJ0rR/htJe\nAYaaMHhkJvSkiuXBKJIaz125xQrKvwLpB+OsuezPhT5Qn4MZUEoUa5Ft1GhiDqWM\nSB8o70nlAcw0CFvNlsYRZdVY5FACj81B1H6JH5eNUx6f2FVhcO61kc60LJvzug==\n=zX1v\n-----END PGP MESSAGE-----", - "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -} From 9252e9c546d82c11fd404c874bfae420756cbfc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 13 Nov 2025 23:40:41 +0100 Subject: [PATCH 10/23] chore: fix typos; build niri less eagerly --- SwarselSystems.org | 20 +- modules/home/common/kanshi.nix | 2 +- modules/home/common/niri.nix | 387 ++++++++++++++-------------- modules/nixos/client/niri.nix | 29 ++- profiles/home/personal/default.nix | 2 +- profiles/nixos/personal/default.nix | 2 +- 6 files changed, 232 insertions(+), 210 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index ed74492..a7f9baa 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3664,7 +3664,7 @@ This is a slim setup for developing base configuration. I do not track the hardw }; swarselmodules = { - servevr.network = lib.mkForce false; + server.network = lib.mkForce false; }; swarselsystems = { @@ -6794,12 +6794,16 @@ Auto login for the initial session. xwayland-satellite-unstable ]; - niri-flake.cache.enable = true; programs.niri = { enable = true; package = pkgs.niri-unstable; # the actual niri that will be installed and used }; + } // { + niri-flake.cache.enable = true; + programs.niri = { + package = null; + }; }; } #+end_src @@ -15353,6 +15357,12 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; }; + } // { + programs.niri = lib.mkIf (!config.swarselmodules.niri) { + package = null; + config = null; + settings = null; + }; }; } #+end_src @@ -15405,7 +15415,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { - criteria = "eDP-2"; + criteria = config.swarselsystems.sharescreen; status = "enable"; scale = 1.0; } @@ -19445,7 +19455,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a lowBattery = lib.mkDefault false; network = lib.mkDefault true; networkDevices = lib.mkDefault true; - niri = lib.mkDefault true; + niri = lib.mkDefault false; nix-ld = lib.mkDefault true; nvd = lib.mkDefault true; packages = lib.mkDefault true; @@ -19792,7 +19802,7 @@ This holds modules that are to be used on most hosts. These are also the most im kitty = lib.mkDefault true; mail = lib.mkDefault true; mako = lib.mkDefault true; - niri = lib.mkDefault true; + niri = lib.mkDefault false; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; diff --git a/modules/home/common/kanshi.nix b/modules/home/common/kanshi.nix index d2a0488..770d95a 100644 --- a/modules/home/common/kanshi.nix +++ b/modules/home/common/kanshi.nix @@ -39,7 +39,7 @@ exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { - criteria = "eDP-2"; + criteria = config.swarselsystems.sharescreen; status = "enable"; scale = 1.0; } diff --git a/modules/home/common/niri.nix b/modules/home/common/niri.nix index 6e3814a..699881f 100644 --- a/modules/home/common/niri.nix +++ b/modules/home/common/niri.nix @@ -1,206 +1,213 @@ { config, pkgs, lib, vars, ... }: { options.swarselmodules.niri = lib.mkEnableOption "niri settings"; - config = lib.mkIf config.swarselmodules.niri { + config = lib.mkIf config.swarselmodules.niri + { - programs.niri = { - package = pkgs.niri-unstable; # which package to use for niri validation - settings = { - xwayland-satellite = { - enable = true; - path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; - }; - prefer-no-csd = true; - layer-rules = [ - { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } - { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } - ]; - window-rules = [ - { - matches = [{ app-id = ".*"; }]; - opacity = 0.95; - default-column-width = { proportion = 0.5; }; - shadow = { + programs.niri = { + package = pkgs.niri-unstable; # which package to use for niri validation + settings = { + xwayland-satellite = { + enable = true; + path = "${lib.getExe pkgs.xwayland-satellite-unstable}"; + }; + prefer-no-csd = true; + layer-rules = [ + { matches = [{ namespace = "^notifications$"; }]; block-out-from = "screencast"; } + { matches = [{ namespace = "^wallpaper$"; }]; place-within-backdrop = true; } + ]; + window-rules = [ + { + matches = [{ app-id = ".*"; }]; + opacity = 0.95; + default-column-width = { proportion = 0.5; }; + shadow = { + enable = true; + draw-behind-window = true; + }; + geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; + } + { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } + { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } + { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } + { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } + { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } + { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } + { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } + { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } + { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } + { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } + # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } + { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } + { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } + { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } + { matches = [{ title = "^Add$"; }]; open-floating = true; } + { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } + { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } + { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } + { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } + ]; + environment = { + DISPLAY = ":0"; + } // vars.waylandSessionVariables; + screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; + input = { + mod-key = "Super"; + keyboard = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; + }; + mouse = { + natural-scroll = false; + }; + touchpad = { enable = true; - draw-behind-window = true; - }; - geometry-corner-radius = { top-left = 2.0; top-right = 2.0; bottom-left = 2.0; bottom-right = 2.0; }; - } - { matches = [{ app-id = "at.yrlf.wl_mirror"; }]; opacity = 1.0; } - { matches = [{ app-id = "Gimp"; }]; opacity = 1.0; } - { matches = [{ app-id = "firefox"; }]; opacity = 0.99; } - { matches = [{ app-id = "^special.*"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; } - { matches = [{ app-id = "chromium-browser"; }]; opacity = 0.99; } - { matches = [{ app-id = "^qalculate-gtk$"; }]; open-floating = true; } - { matches = [{ app-id = "^blueman$"; }]; open-floating = true; } - { matches = [{ app-id = "^pavucontrol$"; }]; open-floating = true; } - { matches = [{ app-id = "^syncthingtray$"; }]; open-floating = true; } - { matches = [{ app-id = "^Element$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } - # { matches = [{ app-id = "^Element$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } - { matches = [{ app-id = "^vesktop$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; block-out-from = "screencast"; } - # { matches = [{ app-id = "^vesktop$"; }]; default-column-width = { proportion = 0.9; }; open-on-workspace = "Scratchpad"; block-out-from = "screencast"; } - { matches = [{ app-id = "^com.nextcloud.desktopclient.nextcloud$"; }]; open-floating = true; } - { matches = [{ title = ".*1Password.*"; }]; excludes = [{ app-id = "^firefox$"; } { app-id = "^emacs$"; } { app-id = "^kitty$"; }]; open-floating = true; block-out-from = "screencast"; } - { matches = [{ title = "(?:Open|Save) (?:File|Folder|As)"; }]; open-floating = true; } - { matches = [{ title = "^Add$"; }]; open-floating = true; } - { matches = [{ title = "^Picture-in-Picture$"; }]; open-floating = true; } - { matches = [{ title = "Syncthing Tray"; }]; open-floating = true; } - { matches = [{ title = "^Emacs Popup Frame$"; }]; open-floating = true; } - { matches = [{ title = "^Emacs Popup Anchor$"; }]; open-floating = true; } - { matches = [{ app-id = "^spotifytui$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } - { matches = [{ app-id = "^kittyterm$"; }]; open-floating = true; default-column-width = { proportion = 0.5; }; } - ]; - environment = { - DISPLAY = ":0"; - } // vars.waylandSessionVariables; - screenshot-path = "~/Pictures/Screenshots/screenshot_%Y-%m-%d-%H%M%S.png"; - input = { - mod-key = "Super"; - keyboard = { - xkb = { - layout = "us"; - variant = "altgr-intl"; + tap = true; + tap-button-map = "left-right-middle"; + natural-scroll = true; + scroll-method = "two-finger"; + click-method = "clickfinger"; + disabled-on-external-mouse = true; + drag = true; + drag-lock = false; + dwt = true; + dwtp = true; }; }; - mouse = { - natural-scroll = false; + cursor = { + hide-after-inactive-ms = 2000; + hide-when-typing = true; }; - touchpad = { - enable = true; - tap = true; - tap-button-map = "left-right-middle"; - natural-scroll = true; - scroll-method = "two-finger"; - click-method = "clickfinger"; - disabled-on-external-mouse = true; - drag = true; - drag-lock = false; - dwt = true; - dwtp = true; + layout = { + background-color = "transparent"; + border = { + enable = true; + width = 1; + }; + focus-ring = { + enable = false; + }; + gaps = 5; }; - }; - cursor = { - hide-after-inactive-ms = 2000; - hide-when-typing = true; - }; - layout = { - background-color = "transparent"; - border = { - enable = true; - width = 1; + binds = with config.lib.niri.actions; let + sh = spawn "sh" "-c"; + in + { + + # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; + "Mod+Shift+t".action = toggle-window-rule-opacity; + # "Mod+Escape".action = "mode $exit"; + "Mod+m".action = focus-workspace-previous; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Shift+f".action = toggle-windowed-fullscreen; + "Mod+q".action = close-window; + "Mod+f".action = spawn "firefox"; + "Mod+Space".action = spawn "fuzzel"; + "Mod+Shift+c".action = spawn "qalculate-gtk"; + "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; + "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; + "Mod+h".action = sh ''hyprpicker | wl-copy''; + # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; + # "Mod+s".action = screenshot { show-pointer = false; }; + "Mod+s".action.screenshot = { show-pointer = false; }; + # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + # "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; + "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; + # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + + "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; + "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; + "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; + "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; + "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; + + "Mod+a".action = spawn "swarselcheck-niri" "-s"; + "Mod+x".action = spawn "swarselcheck-niri" "-k"; + "Mod+d".action = spawn "swarselcheck-niri" "-d"; + "Mod+w".action = spawn "swarselcheck-niri" "-e"; + + "Mod+p".action = spawn "pass-fuzzel"; + "Mod+o".action = spawn "pass-fuzzel" "--otp"; + "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; + "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; + + "Mod+Left".action = focus-column-or-monitor-left; + "Mod+Right".action = focus-column-or-monitor-right; + "Mod+Down".action = focus-window-or-workspace-down; + "Mod+Up".action = focus-window-or-workspace-up; + "Mod+Shift+Left".action = move-column-left; + "Mod+Shift+Right".action = move-column-right; + "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; + "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; + # "Mod+Ctrl+Shift+c".action = "reload"; + # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; + # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + # "Mod+r".action = "mode resize"; + # "Mod+Return".action = "exec kitty"; + "Mod+Return".action = spawn "swarselzellij"; + "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; + "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; + "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; + "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; + "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; + "XF86Display".action = spawn "wl-mirror" "eDP-1"; + "Mod+Escape".action = spawn "wlogout"; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+0".action = focus-workspace 0; + + "Mod+Shift+1".action = move-column-to-index 1; + "Mod+Shift+2".action = move-column-to-index 2; + "Mod+Shift+3".action = move-column-to-index 3; + "Mod+Shift+4".action = move-column-to-index 4; + "Mod+Shift+5".action = move-column-to-index 5; + "Mod+Shift+6".action = move-column-to-index 6; + "Mod+Shift+7".action = move-column-to-index 7; + "Mod+Shift+8".action = move-column-to-index 8; + "Mod+Shift+9".action = move-column-to-index 9; + "Mod+Shift+0".action = move-column-to-index 0; }; - focus-ring = { - enable = false; - }; - gaps = 5; - }; - binds = with config.lib.niri.actions; let - sh = spawn "sh" "-c"; - in - { - - # "Mod+Super_L" = spawn "killall -SIGUSR1 .waybar-wrapped"; - "Mod+z".action = spawn "killall -SIGUSR1 .waybar-wrapped"; - "Mod+Shift+t".action = toggle-window-rule-opacity; - # "Mod+Escape".action = "mode $exit"; - "Mod+m".action = focus-workspace-previous; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Shift+f".action = toggle-windowed-fullscreen; - "Mod+q".action = close-window; - "Mod+f".action = spawn "firefox"; - "Mod+Space".action = spawn "fuzzel"; - "Mod+Shift+c".action = spawn "qalculate-gtk"; - "Mod+Ctrl+p".action = spawn "1password" "--quick-acces"; - "Mod+Shift+Escape".action = spawn "kitty" "-o" "confirm_os_window_close=0" "btm"; - "Mod+h".action = sh ''hyprpicker | wl-copy''; - # "Mod+s".action = spawn "grim" "-g" "\"$(slurp)\"" "-t" "png" "-" "|" "wl-copy" "-t" "image/png"; - # "Mod+s".action = screenshot { show-pointer = false; }; - "Mod+s".action.screenshot = { show-pointer = false; }; - # "Mod+Shift+s".action = spawn "slurp" "|" "grim" "-g" "-" "Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - # "Mod+Shift+s".action = screenshot-window { write-to-disk = true; }; - "Mod+Shift+s".action.screenshot-window = { write-to-disk = true; }; - # "Mod+Shift+v".action = spawn "wf-recorder" "-g" "'$(slurp -f %o -or)'" "-f" "~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - - "Mod+e".action = sh "emacsclient -nquc -a emacs -e '(dashboard-open)'"; - "Mod+c".action = sh "emacsclient -ce '(org-capture)'"; - "Mod+t".action = sh "emacsclient -ce '(org-agenda)'"; - "Mod+Shift+m".action = sh "emacsclient -ce '(mu4e)'"; - "Mod+Shift+a".action = sh "emacsclient -ce '(swarsel/open-calendar)'"; - - "Mod+a".action = spawn "swarselcheck-niri" "-s"; - "Mod+x".action = spawn "swarselcheck-niri" "-k"; - "Mod+d".action = spawn "swarselcheck-niri" "-d"; - "Mod+w".action = spawn "swarselcheck-niri" "-e"; - - "Mod+p".action = spawn "pass-fuzzel"; - "Mod+o".action = spawn "pass-fuzzel" "--otp"; - "Mod+Shift+p".action = spawn "pass-fuzzel" "--type"; - "Mod+Shift+o".action = spawn "pass-fuzzel" "--otp" "--type"; - - "Mod+Left".action = focus-column-or-monitor-left; - "Mod+Right".action = focus-column-or-monitor-right; - "Mod+Down".action = focus-window-or-workspace-down; - "Mod+Up".action = focus-window-or-workspace-up; - "Mod+Shift+Left".action = move-column-left; - "Mod+Shift+Right".action = move-column-right; - "Mod+Shift+Down".action = move-window-down-or-to-workspace-down; - "Mod+Shift+Up".action = move-window-up-or-to-workspace-up; - # "Mod+Ctrl+Shift+c".action = "reload"; - # "Mod+Ctrl+Shift+r".action = "exec swarsel-displaypower"; - # "Mod+Shift+e".action = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - # "Mod+r".action = "mode resize"; - # "Mod+Return".action = "exec kitty"; - "Mod+Return".action = spawn "swarselzellij"; - "XF86AudioRaiseVolume".action = spawn "swayosd-client" "--output-volume" "raise"; - "XF86AudioLowerVolume".action = spawn "swayosd-client" "--output-volume" "lower"; - "XF86AudioMute".action = spawn "swayosd-client" "--output-volume" "mute-toggle"; - "XF86MonBrightnessUp".action = spawn "swayosd-client" "--brightness raise"; - "XF86MonBrightnessDown".action = spawn "swayosd-client" "--brightness lower"; - "XF86Display".action = spawn "wl-mirror" "eDP-1"; - "Mod+Escape".action = spawn "wlogout"; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - - "Mod+1".action = focus-workspace 1; - "Mod+2".action = focus-workspace 2; - "Mod+3".action = focus-workspace 3; - "Mod+4".action = focus-workspace 4; - "Mod+5".action = focus-workspace 5; - "Mod+6".action = focus-workspace 6; - "Mod+7".action = focus-workspace 7; - "Mod+8".action = focus-workspace 8; - "Mod+9".action = focus-workspace 9; - "Mod+0".action = focus-workspace 0; - - "Mod+Shift+1".action = move-column-to-index 1; - "Mod+Shift+2".action = move-column-to-index 2; - "Mod+Shift+3".action = move-column-to-index 3; - "Mod+Shift+4".action = move-column-to-index 4; - "Mod+Shift+5".action = move-column-to-index 5; - "Mod+Shift+6".action = move-column-to-index 6; - "Mod+Shift+7".action = move-column-to-index 7; - "Mod+Shift+8".action = move-column-to-index 8; - "Mod+Shift+9".action = move-column-to-index 9; - "Mod+Shift+0".action = move-column-to-index 0; - }; - spawn-at-startup = [ - # { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } - # { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } - # { command = [ "anki" ]; } - # { command = [ "obsidian" ]; } - # { command = [ "nm-applet" ]; } - { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } - ]; - workspaces = { - # "01-Main" = { - # name = "Scratchpad"; - # }; - "99-Scratchpad" = { - name = "ο‹’"; + spawn-at-startup = [ + # { command = [ "vesktop" "--start-minimized" "--enable-speech-dispatcher" "--ozone-platform-hint=auto" "--enable-features=WaylandWindowDecorations" "--enable-wayland-ime" ]; } + # { command = [ "element-desktop" "--hidden" "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" "--disable-gpu-driver-bug-workarounds" ]; } + # { command = [ "anki" ]; } + # { command = [ "obsidian" ]; } + # { command = [ "nm-applet" ]; } + { command = [ "niri" "msg" "action" "focus-workspace" "2" ]; } + ]; + workspaces = { + # "01-Main" = { + # name = "Scratchpad"; + # }; + "99-Scratchpad" = { + name = "ο‹’"; + }; }; }; }; - }; + } // { + programs.niri = lib.mkIf (!config.swarselmodules.niri) { + package = null; + config = null; + settings = null; + }; }; } diff --git a/modules/nixos/client/niri.nix b/modules/nixos/client/niri.nix index 2ea4472..4724319 100644 --- a/modules/nixos/client/niri.nix +++ b/modules/nixos/client/niri.nix @@ -4,22 +4,27 @@ let in { options.swarselmodules.${moduleName} = lib.mkEnableOption "${moduleName} settings"; - config = lib.mkIf config.swarselmodules.${moduleName} { + config = lib.mkIf config.swarselmodules.${moduleName} + { - environment.systemPackages = with pkgs; [ - wl-clipboard - wayland-utils - libsecret - cage - gamescope - xwayland-satellite-unstable - ]; + environment.systemPackages = with pkgs; [ + wl-clipboard + wayland-utils + libsecret + cage + gamescope + xwayland-satellite-unstable + ]; + + programs.niri = { + enable = true; + package = pkgs.niri-unstable; # the actual niri that will be installed and used + }; + } // { niri-flake.cache.enable = true; - programs.niri = { - enable = true; - package = pkgs.niri-unstable; # the actual niri that will be installed and used + package = null; }; }; } diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index ec37f9d..2ba5287 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -29,7 +29,7 @@ kitty = lib.mkDefault true; mail = lib.mkDefault true; mako = lib.mkDefault true; - niri = lib.mkDefault true; + niri = lib.mkDefault false; nix-index = lib.mkDefault true; nixgl = lib.mkDefault true; nix-your-shell = lib.mkDefault true; diff --git a/profiles/nixos/personal/default.nix b/profiles/nixos/personal/default.nix index 1dadd06..1d8f99a 100644 --- a/profiles/nixos/personal/default.nix +++ b/profiles/nixos/personal/default.nix @@ -26,7 +26,7 @@ lowBattery = lib.mkDefault false; network = lib.mkDefault true; networkDevices = lib.mkDefault true; - niri = lib.mkDefault true; + niri = lib.mkDefault false; nix-ld = lib.mkDefault true; nvd = lib.mkDefault true; packages = lib.mkDefault true; From 4a6cbd763fd1ae87e61ec7e9dcdcb04ba24a6574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Thu, 13 Nov 2025 23:41:56 +0100 Subject: [PATCH 11/23] feat[client]: initialize syncthingtray on install --- SwarselSystems.org | 187 +++++++++++++++++- files/emacs/init.el | 4 + .../nixos/aarch64-linux/moonside/default.nix | 20 +- hosts/nixos/x86_64-linux/toto/default.nix | 4 + modules/home/common/syncthing-tray.nix | 120 +++++++++++ modules/nixos/client/syncthing.nix | 3 + nix/devshell.nix | 5 +- profiles/home/dgxspark/default.nix | 1 + profiles/home/personal/default.nix | 1 + 9 files changed, 326 insertions(+), 19 deletions(-) create mode 100644 modules/home/common/syncthing-tray.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index a7f9baa..b61752f 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -318,6 +318,44 @@ Here I give a brief overview over the hostmachines that I am using. This is held <> #+end_src +#+RESULTS: +#+begin_export html +These steps are required when setting up a normal NixOS host: + +- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): + - `systemd-cryptenroll --fido2-device=auto /dev/` + +If the new machine is a work machine, these steps are additionally needed: + +- setup the work VPN: + - using the laptop certificate `.pem` as User cert and private key (CA cert: none) + - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway` +- setup gpgsm for signing of mails using S/MIME: + - `gpgsm --import ~/Certificates/.p12` + - `gpgsm --import ~/Certificates/harica-root.pem` + - `gpgsm --import ~/Certificates/harica-intermediate.pem` + - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` + - trust the certificate and set passphrase +- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): + - `pizauth auth ` + - `pizauth dump > ~/.pizauth.state` + +If the new machine is home-manager only, perform these steps: + +- (Optional) Install openssh-server +- Set hostname to the name specified in the home-manager configuration +- Install nix, either: + - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` + - (or installing nix freshly): + - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install + - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` +- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` +- For the first build: + 1) Clone dotfile repo & change into it + 2) `nix --extra-experimental-features 'nix-command flakes' develop` + 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace` +#+end_export + ** Current issues #+begin_src markdown :noweb yes :exports both :results html @@ -1315,7 +1353,7 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some inputs.pre-commit-hooks.flakeModule ]; - perSystem = { pkgs, system, ... }: + perSystem = { pkgs, config, system, ... }: { pre-commit = { check.enable = true; @@ -1473,7 +1511,8 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some } ]; - devshell.startup.pre-commit-install.text = "pre-commit install"; + # devshell.startup.pre-commit-install.text = "pre-commit install"; + devshell.startup.pre-commit.text = config.pre-commit.installationScript; env = let @@ -5949,12 +5988,15 @@ Here I disable global completion to prevent redundant compinit calls and cache i let inherit (config.swarselsystems) mainUser homeDir; devices = config.swarselsystems.syncthing.syncDevices; + servicePort = 8384; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; + systemService = true; + guiAddress = "127.0.0.1:${builtins.toString servicePort}"; package = pkgs.syncthing; user = mainUser; dataDir = homeDir; @@ -11909,7 +11951,6 @@ The general structure here is the same as in the [[#h:6da812f5-358c-49cb-aff2-0a Steps to get a home-manager only setup up and running: #+begin_src markdown :noweb-ref homemanageronlysetup :exports both :results html - - (Optional) Install openssh-server - Set hostname to the name specified in the home-manager configuration - Install nix, either: @@ -11922,7 +11963,6 @@ Steps to get a home-manager only setup up and running: 1) Clone dotfile repo & change into it 2) `nix --extra-experimental-features 'nix-command flakes' develop` 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace` - #+end_src *** TODO Common @@ -14707,6 +14747,131 @@ Sets up a systemd user service for anki that does not stall the shutdown process } #+end_src +***** syncthing service for tray + +#+begin_src nix-ts :tangle modules/home/common/syncthing-tray.nix + { lib, config, pkgs, ... }: + { + options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray"; + config = lib.mkIf config.swarselmodules.syncthing-tray { + + home.activation.setupSyncthingIni = + let + syncthingApiEnvVarName = "SYNCTHING_API_KEY"; + syncthingIni = { + file = "${config.home.homeDirectory}/.config/syncthingtray.ini"; + content = '' + [General] + v=2.0.2 + + [qt] + customfont=false + customicontheme=false + customlocale=false + custompalette=false + customstylesheet=false + customwidgetstyle=false + font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1" + icontheme=hicolor + iconthemepath= + locale=en_US + palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)" + plugindir= + stylesheetpath= + trpath= + widgetstyle= + + [startup] + considerForReconnect=false + considerLauncherForReconnect=false + showButton=false + showLauncherButton=false + stopOnMetered=false + stopServiceOnMetered=false + syncthingArgs="serve --no-browser --logflags=3" + syncthingAutostart=false + syncthingPath=syncthing + syncthingUnit=syncthing.service + systemUnit=false + useLibSyncthing=false + + [tray] + connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName}) + connections\1\authEnabled=falsex + connections\1\autoConnect=true + connections\1\devStatsPollInterval=60000 + connections\1\diskEventLimit=200 + connections\1\errorsPollInterval=30000 + connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem + connections\1\label=Primary instance + connections\1\localPath= + connections\1\longPollingTimeout=0 + connections\1\password= + connections\1\pauseOnMetered=false + connections\1\reconnectInterval=30000 + connections\1\requestTimeout=0 + connections\1\statusComputionFlags=123 + connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress} + connections\1\trafficPollInterval=5000 + connections\1\userName= + connections\size=1 + dbusNotifications=true + distinguishTrayIcons=false + frameStyle=16 + ignoreInavailabilityAfterStart=15 + notifyOnDisconnect=true + notifyOnErrors=true + notifyOnLauncherErrors=true + notifyOnLocalSyncComplete=false + notifyOnNewDeviceConnects=false + notifyOnNewDirectoryShared=false + notifyOnRemoteSyncComplete=false + positioning\assumedIconPos=@Point(0 0) + positioning\useAssumedIconPosition=false + positioning\useCursorPos=true + preferIconsFromTheme=false + showDownloads=false + showSyncthingNotifications=true + showTabTexts=true + showTraffic=true + statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + statusIconsRenderSize=@Size(32 32) + statusIconsStrokeWidth=0 + tabPos=1 + trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + trayIconsRenderSize=@Size(32 32) + trayIconsStrokeWidth=0 + trayMenuSize=@Size(575 475) + usePaletteForStatusIcons=false + usePaletteForTrayIcons=false + windowType=0 + + [webview] + customCommand= + disabled=false + mode=0 + + ''; + }; + in + lib.hm.dag.entryAfter [ "writeBoundary" ] '' + set -eu + + if [ ! -f ${syncthingIni.file} ]; then + cat >${syncthingIni.file} <<'EOF' + ${syncthingIni.content} + EOF + export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key) + ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file} + unset ${syncthingApiEnvVarName} + fi + ''; + + }; + + } +#+end_src + **** Sway :PROPERTIES: :CUSTOM_ID: h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20 @@ -15487,7 +15652,7 @@ Settings that are needed for the gpg-agent. Also we are enabling emacs support f When setting up a new machine: -#+begin_src markdown :noweb-ref setup :exports both :results html +#+begin_src markdown :noweb-ref worksetup :exports both :results html - setup gpgsm for signing of mails using S/MIME: - `gpgsm --import ~/Certificates/.p12` - `gpgsm --import ~/Certificates/harica-root.pem` @@ -16337,7 +16502,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] When setting up a new machine: -#+begin_src markdown :noweb-ref setup :exports both :results html +#+begin_src markdown :noweb-ref worksetup :exports both :results html - setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): - `pizauth auth ` - `pizauth dump > ~/.pizauth.state` @@ -19829,6 +19994,7 @@ This holds modules that are to be used on most hosts. These are also the most im tmux = lib.mkDefault true; vesktop = lib.mkDefault true; vesktop-tray = lib.mkDefault true; + syncthing-tray = lib.mkDefault true; waybar = lib.mkDefault true; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault true; @@ -19901,6 +20067,7 @@ This holds modules that are to be used on most hosts. These are also the most im tmux = lib.mkDefault true; vesktop = lib.mkDefault false; vesktop-tray = lib.mkDefault false; + syncthing-tray = lib.mkDefault false; waybar = lib.mkDefault false; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault false; @@ -22091,6 +22258,14 @@ Recently I have grown fond of holding presentations using Emacs :) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) #+end_src + +**** Render markdown blocks as body to expand noweb blocks + +#+begin_src emacs-lisp +(defun org-babel-execute:markdown (body params) + "Just return BODY unchanged, allowing noweb expansion." + body) +#+end_src *** Nix Mode :PROPERTIES: :CUSTOM_ID: h:406c2ecc-0e3e-4d9f-9ae3-3eb1f8b87d1b diff --git a/files/emacs/init.el b/files/emacs/init.el index b947bff..5a013e3 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -1040,6 +1040,10 @@ create a new one." (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) +(defun org-babel-execute:markdown (body params) + "Just return BODY unchanged, allowing noweb expansion." + body) + (use-package nix-mode :after lsp-mode :ensure t diff --git a/hosts/nixos/aarch64-linux/moonside/default.nix b/hosts/nixos/aarch64-linux/moonside/default.nix index 323109f..692c684 100644 --- a/hosts/nixos/aarch64-linux/moonside/default.nix +++ b/hosts/nixos/aarch64-linux/moonside/default.nix @@ -38,12 +38,9 @@ in }; networking = { - nftables.enable = lib.mkForce false; - hostName = "moonside"; - enableIPv6 = false; domain = "subnet03291956.vcn03291956.oraclevcn.com"; firewall = { - allowedTCPPorts = [ 80 443 8384 ]; + allowedTCPPorts = [ 8384 ]; }; wireguard = { enable = true; @@ -132,7 +129,7 @@ in swarselsystems = { flakePath = "/root/.dotfiles"; - info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM"; + info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM"; isImpermanence = true; isSecureBoot = false; isCrypted = false; @@ -152,11 +149,12 @@ in }; swarselmodules.server = { - oauth2-proxy = lib.mkDefault true; - croc = lib.mkDefault true; - microbin = lib.mkDefault true; - shlink = lib.mkDefault true; - slink = lib.mkDefault true; - syncthing = lib.mkDefault true; + oauth2-proxy = true; + croc = true; + microbin = true; + shlink = true; + slink = true; + syncthing = true; + diskEncryption = lib.mkForce false; }; } diff --git a/hosts/nixos/x86_64-linux/toto/default.nix b/hosts/nixos/x86_64-linux/toto/default.nix index 9bb9e39..635a1e8 100644 --- a/hosts/nixos/x86_64-linux/toto/default.nix +++ b/hosts/nixos/x86_64-linux/toto/default.nix @@ -15,6 +15,10 @@ minimal = lib.mkForce true; }; + swarselmodules = { + server.network = lib.mkForce false; + }; + swarselsystems = { info = "~SwarselSystems~ remote install helper"; wallpaper = self + /files/wallpaper/lenovowp.png; diff --git a/modules/home/common/syncthing-tray.nix b/modules/home/common/syncthing-tray.nix new file mode 100644 index 0000000..e0b5898 --- /dev/null +++ b/modules/home/common/syncthing-tray.nix @@ -0,0 +1,120 @@ +{ lib, config, pkgs, ... }: +{ + options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray"; + config = lib.mkIf config.swarselmodules.syncthing-tray { + + home.activation.setupSyncthingIni = + let + syncthingApiEnvVarName = "SYNCTHING_API_KEY"; + syncthingIni = { + file = "${config.home.homeDirectory}/.config/syncthingtray.ini"; + content = '' + [General] + v=2.0.2 + + [qt] + customfont=false + customicontheme=false + customlocale=false + custompalette=false + customstylesheet=false + customwidgetstyle=false + font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1" + icontheme=hicolor + iconthemepath= + locale=en_US + palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)" + plugindir= + stylesheetpath= + trpath= + widgetstyle= + + [startup] + considerForReconnect=false + considerLauncherForReconnect=false + showButton=false + showLauncherButton=false + stopOnMetered=false + stopServiceOnMetered=false + syncthingArgs="serve --no-browser --logflags=3" + syncthingAutostart=false + syncthingPath=syncthing + syncthingUnit=syncthing.service + systemUnit=false + useLibSyncthing=false + + [tray] + connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName}) + connections\1\authEnabled=falsex + connections\1\autoConnect=true + connections\1\devStatsPollInterval=60000 + connections\1\diskEventLimit=200 + connections\1\errorsPollInterval=30000 + connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem + connections\1\label=Primary instance + connections\1\localPath= + connections\1\longPollingTimeout=0 + connections\1\password= + connections\1\pauseOnMetered=false + connections\1\reconnectInterval=30000 + connections\1\requestTimeout=0 + connections\1\statusComputionFlags=123 + connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress} + connections\1\trafficPollInterval=5000 + connections\1\userName= + connections\size=1 + dbusNotifications=true + distinguishTrayIcons=false + frameStyle=16 + ignoreInavailabilityAfterStart=15 + notifyOnDisconnect=true + notifyOnErrors=true + notifyOnLauncherErrors=true + notifyOnLocalSyncComplete=false + notifyOnNewDeviceConnects=false + notifyOnNewDirectoryShared=false + notifyOnRemoteSyncComplete=false + positioning\assumedIconPos=@Point(0 0) + positioning\useAssumedIconPosition=false + positioning\useCursorPos=true + preferIconsFromTheme=false + showDownloads=false + showSyncthingNotifications=true + showTabTexts=true + showTraffic=true + statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + statusIconsRenderSize=@Size(32 32) + statusIconsStrokeWidth=0 + tabPos=1 + trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff" + trayIconsRenderSize=@Size(32 32) + trayIconsStrokeWidth=0 + trayMenuSize=@Size(575 475) + usePaletteForStatusIcons=false + usePaletteForTrayIcons=false + windowType=0 + + [webview] + customCommand= + disabled=false + mode=0 + + ''; + }; + in + lib.hm.dag.entryAfter [ "writeBoundary" ] '' + set -eu + + if [ ! -f ${syncthingIni.file} ]; then + cat >${syncthingIni.file} <<'EOF' + ${syncthingIni.content} + EOF + export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key) + ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file} + unset ${syncthingApiEnvVarName} + fi + ''; + + }; + +} diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 4d53550..407379d 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -2,12 +2,15 @@ let inherit (config.swarselsystems) mainUser homeDir; devices = config.swarselsystems.syncthing.syncDevices; + servicePort = 8384; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; config = lib.mkIf config.swarselmodules.syncthing { services.syncthing = { enable = true; + systemService = true; + guiAddress = "127.0.0.1:${builtins.toString servicePort}"; package = pkgs.syncthing; user = mainUser; dataDir = homeDir; diff --git a/nix/devshell.nix b/nix/devshell.nix index a1ce6f6..a32661b 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -5,7 +5,7 @@ inputs.pre-commit-hooks.flakeModule ]; - perSystem = { pkgs, system, ... }: + perSystem = { pkgs, config, system, ... }: { pre-commit = { check.enable = true; @@ -164,7 +164,8 @@ } ]; - devshell.startup.pre-commit-install.text = "pre-commit install"; + # devshell.startup.pre-commit-install.text = "pre-commit install"; + devshell.startup.pre-commit.text = config.pre-commit.installationScript; env = let diff --git a/profiles/home/dgxspark/default.nix b/profiles/home/dgxspark/default.nix index ace298c..a0d261a 100644 --- a/profiles/home/dgxspark/default.nix +++ b/profiles/home/dgxspark/default.nix @@ -55,6 +55,7 @@ tmux = lib.mkDefault true; vesktop = lib.mkDefault false; vesktop-tray = lib.mkDefault false; + syncthing-tray = lib.mkDefault false; waybar = lib.mkDefault false; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault false; diff --git a/profiles/home/personal/default.nix b/profiles/home/personal/default.nix index 2ba5287..e04e2af 100644 --- a/profiles/home/personal/default.nix +++ b/profiles/home/personal/default.nix @@ -56,6 +56,7 @@ tmux = lib.mkDefault true; vesktop = lib.mkDefault true; vesktop-tray = lib.mkDefault true; + syncthing-tray = lib.mkDefault true; waybar = lib.mkDefault true; yubikey = lib.mkDefault false; yubikeytouch = lib.mkDefault true; From 47377f7a9656abc39645e5aee3beb1a17d74c53f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Fri, 14 Nov 2025 00:29:55 +0100 Subject: [PATCH 12/23] feat: improve formatting --- SwarselSystems.org | 30 +++++++++++++++++++++++++++--- flake.lock | 37 ++++++++++++++++++++++++++++++++++++- flake.nix | 1 + nix/devshell.nix | 1 + nix/formatter.nix | 26 ++++++++++++++++++++++++-- 5 files changed, 89 insertions(+), 6 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index b61752f..5acc547 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -561,6 +561,7 @@ A short overview over each input and what it does: url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = @@ -1375,6 +1376,7 @@ Lastly, in the =perSystem= attribute set, we see that it is actually passed some nixpkgs-fmt.enable = true; statix.enable = true; trim-trailing-whitespace.enable = true; + treefmt.enable = true; destroyed-symlinks = { enable = true; @@ -1583,10 +1585,32 @@ Otherwise, I define the function =mkTemplates= here which builds a named attribu Defines a formatter that can be called using =nix flake format=. While a nice utility, I have stronger tools to perform this job. #+begin_src nix-ts :tangle nix/formatter.nix - _: + { inputs, ... }: { + imports = [ + inputs.treefmt-nix.flakeModule + ]; + perSystem = { pkgs, ... }: { - formatter = pkgs.nixpkgs-fmt; + # formatter = pkgs.nixpkgs-fmt; + # formatter is set by treefmt to: + # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper); + treefmt = { + projectRootFile = "flake.nix"; + programs = { + nixfmt = { + enable = true; + package = pkgs.nixpkgs-fmt; + }; + deadnix.enable = true; + statix.enable = true; + shellcheck.enable = true; + }; + settings.formatter.shellcheck.options = [ + "--shell" + "bash" + ]; + }; }; } @@ -22386,7 +22410,7 @@ This adds support for Terraform configuration files. I need this at work. (add-hook 'terraform-mode-hook #'outline-minor-mode) #+end_src -*** nixpkgs-fmt +*** nix formatting :PROPERTIES: :CUSTOM_ID: h:5ca7484b-b9d6-4023-88d1-a1e37d5df249 :END: diff --git a/flake.lock b/flake.lock index 10b1bfe..2c8ba1c 100644 --- a/flake.lock +++ b/flake.lock @@ -10577,6 +10577,22 @@ } }, "nixpkgs_82": { + "locked": { + "lastModified": 1761236834, + "narHash": "sha256-+pthv6hrL5VLW2UqPdISGuLiUZ6SnAXdd2DdUE+fV2Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d5faa84122bc0a1fd5d378492efce4e289f8eac1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_83": { "locked": { "lastModified": 1754800730, "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", @@ -12582,6 +12598,7 @@ "swarsel-modules": "swarsel-modules_6", "swarsel-nix": "swarsel-nix_3", "systems": "systems_64", + "treefmt-nix": "treefmt-nix_3", "vbc-nix": "vbc-nix_8", "zjstatus": "zjstatus_8" } @@ -16052,6 +16069,24 @@ "type": "github" } }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": "nixpkgs_82" + }, + "locked": { + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "vbc-nix": { "inputs": { "nixpkgs": [ @@ -16628,7 +16663,7 @@ "inputs": { "crane": "crane_17", "flake-utils": "flake-utils_29", - "nixpkgs": "nixpkgs_82", + "nixpkgs": "nixpkgs_83", "rust-overlay": "rust-overlay_17" }, "locked": { diff --git a/flake.nix b/flake.nix index 065ad8b..363b431 100644 --- a/flake.nix +++ b/flake.nix @@ -102,6 +102,7 @@ url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = diff --git a/nix/devshell.nix b/nix/devshell.nix index a32661b..8d8274c 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -27,6 +27,7 @@ nixpkgs-fmt.enable = true; statix.enable = true; trim-trailing-whitespace.enable = true; + treefmt.enable = true; destroyed-symlinks = { enable = true; diff --git a/nix/formatter.nix b/nix/formatter.nix index c00f3f2..cf3ce6a 100644 --- a/nix/formatter.nix +++ b/nix/formatter.nix @@ -1,6 +1,28 @@ -_: +{ inputs, ... }: { + imports = [ + inputs.treefmt-nix.flakeModule + ]; + perSystem = { pkgs, ... }: { - formatter = pkgs.nixpkgs-fmt; + # formatter = pkgs.nixpkgs-fmt; + # formatter is set by treefmt to: + # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper); + treefmt = { + projectRootFile = "flake.nix"; + programs = { + nixfmt = { + enable = true; + package = pkgs.nixpkgs-fmt; + }; + deadnix.enable = true; + statix.enable = true; + shellcheck.enable = true; + }; + settings.formatter.shellcheck.options = [ + "--shell" + "bash" + ]; + }; }; } From 8838f9865847478b43d4f79b8858337ce62a23a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Fri, 14 Nov 2025 01:32:53 +0100 Subject: [PATCH 13/23] feat[client]: automatically create emacs org files --- SwarselSystems.org | 41 ++++++++++++++++++++++++++------- modules/home/common/emacs.nix | 27 +++++++++++++++++++++- modules/nixos/server/shlink.nix | 10 ++++---- modules/nixos/server/slink.nix | 4 ++-- 4 files changed, 66 insertions(+), 16 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 5acc547..a572bdd 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -10873,11 +10873,11 @@ To get other URLs (token, etc.), use https:///oauth2/openid/ Date: Mon, 17 Nov 2025 22:43:34 +0100 Subject: [PATCH 14/23] feat[client]: manage zellij using nix --- SwarselSystems.org | 1310 ++++++++++++++++- .../{default.kdl.nix => swarsel.kdl.nix} | 0 modules/home/common/kitty.nix | 18 +- modules/home/common/zellij-keybinds.nix | 1233 ++++++++++++++++ modules/home/common/zellij.nix | 53 +- 5 files changed, 2604 insertions(+), 10 deletions(-) rename files/zellij/layouts/{default.kdl.nix => swarsel.kdl.nix} (100%) create mode 100644 modules/home/common/zellij-keybinds.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index a572bdd..6be1f72 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -13304,11 +13304,23 @@ The theme is handled by stylix. config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = { }; + keybindings = let + bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); + in bindWithModifier { + "page_up" = "scroll_page_up"; + "up" = "scroll_page_up"; + "page_down" = "scroll_page_down"; + "down" = "scroll_page_down"; + "w" = "no_op"; + }; settings = { - scrollback_lines = 10000; + cursor_blink_interval = 0; + disable_ligatures = "cursor"; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; + open_url_with = "xdg-open"; + scrollback_lines = 100000; + scrollback_pager_history_size = 512; }; }; }; @@ -13489,6 +13501,7 @@ Currently I only use it as before with =initExtra= though. #+end_src **** zellij +***** Main config :PROPERTIES: :CUSTOM_ID: h:00de4901-631c-4b4c-86ce-d9d6e62ed8c7 :END: @@ -13500,6 +13513,55 @@ Currently I only use it as before with =initExtra= though. programs.zellij = { enable = true; enableZshIntegration = true; + settings = { + pane_frames = false; + simplified_ui = false; + default_shell = "zsh"; + copy_on_select = true; + on_force_close = "detach"; + show_startup_tips = false; + support_kitty_keyboard_protocol = true; + default_layout = "swarsel"; + layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; + theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; + scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; + session_serialization = true; + + copy_command = + if pkgs.stdenv.hostPlatform.isLinux then + "wl-copy" + else if pkgs.stdenv.hostPlatform.isDarwin then + "pbcopy" + else + ""; + ui.pane_frames = { + rounded_corners = true; + hide_session_name = true; + }; + plugins = { + tab-bar.path = "tab-bar"; + status-bar.path = "status-bar"; + strider.path = "strider"; + compact-bar.path = "compact-bar"; + }; + # configuration = { + # _props.location = "zellij:configuration"; + # }; + # filepicker = { + # _props.location = "zellij:strider"; + # cwd = "/"; + # }; + # plugin-manager = { + # _props.location = "zellij:plugin-manager"; + # }; + # session-manager = { + # _props.location = "zellij:session-manager"; + # }; + # welcome-screen = { + # _props.location = "zellij:session-manager"; + # welcome_screen = true; + # }; + }; }; home.packages = with pkgs; [ @@ -13507,8 +13569,1244 @@ Currently I only use it as before with =initExtra= though. ]; xdg.configFile = { - "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; + }; + }; + + } +#+end_src +***** Keybinds +#+begin_src nix-ts :tangle modules/home/common/zellij-keybinds.nix + { lib, config, ... }: + { + config = lib.mkIf config.swarselmodules.zellij { + programs.zellij = { + settings.keybinds = { + _props.clear-defaults = true; + + locked = { + _children = [ + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + pane = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { SwitchToMode._args = [ "renamepane" ]; } + { PaneNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "e" ]; + _children = [ + { TogglePaneEmbedOrFloating = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "f" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ SwitchFocus = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { ToggleFloatingPanes = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { TogglePaneFrames = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + tab = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "1" ]; + _children = [ + { GoToTab._args = [ 1 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "2" ]; + _children = [ + { GoToTab._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "3" ]; + _children = [ + { GoToTab._args = [ 3 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "4" ]; + _children = [ + { GoToTab._args = [ 4 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "5" ]; + _children = [ + { GoToTab._args = [ 5 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "6" ]; + _children = [ + { GoToTab._args = [ 6 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "7" ]; + _children = [ + { GoToTab._args = [ 7 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "8" ]; + _children = [ + { GoToTab._args = [ 8 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "9" ]; + _children = [ + { GoToTab._args = [ 9 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [ + { BreakPaneLeft = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "]" ]; + _children = [ + { BreakPaneRight = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "b" ]; + _children = [ + { BreakPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { SwitchToMode._args = [ "renametab" ]; } + { TabNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { ToggleActiveSyncTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ ToggleTab = { }; }]; + }; + } + ]; + }; + + resize = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "+" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "-" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "=" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "H" ]; + _children = [{ Resize._args = [ "Decrease left" ]; }]; + }; + } + { + bind = { + _args = [ "J" ]; + _children = [{ Resize._args = [ "Decrease down" ]; }]; + }; + } + { + bind = { + _args = [ "K" ]; + _children = [{ Resize._args = [ "Decrease up" ]; }]; + }; + } + { + bind = { + _args = [ "L" ]; + _children = [{ Resize._args = [ "Decrease right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + move = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ MovePane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ MovePaneBackwards = { }; }]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ MovePane = { }; }]; + }; + } + ]; + }; + + scroll = { + _children = [ + { + bind = { + _args = [ "e" ]; + _children = [ + { EditScrollback = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { SwitchToMode._args = [ "entersearch" ]; } + { SearchInput._args = [ 0 ]; } + ]; + }; + } + ]; + }; + + search = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ Search._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ Search._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; + }; + } + ]; + }; + + session = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "configuration" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "plugin-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "session-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_except \"locked\"" = { + _children = [ + { + bind = { + _args = [ "Alt left" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt right" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt +" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt -" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "Alt =" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt [" ]; + _children = [{ PreviousSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt ]" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt f" ]; + _children = [{ ToggleFloatingPanes = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "locked" ]; }]; + }; + } + { + bind = { + _args = [ "Alt h" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt i" ]; + _children = [{ MoveTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt l" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt n" ]; + _children = [{ NewPane = { }; }]; + }; + } + { + bind = { + _args = [ "Alt o" ]; + _children = [{ MoveTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl q" ]; + _children = [{ Quit = { }; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"move\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "move" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"session\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "session" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ SwitchToMode._args = [ "tmux" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"tab\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "tab" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"pane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "pane" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"resize\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "resize" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\"" = { + _children = [ + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_among \"pane\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseFocus = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "PageDown" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "PageUp" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "left" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl c" ]; + _children = [ + { ScrollToBottom = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [{ HalfPageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl f" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "u" ]; + _children = [{ HalfPageScrollUp = { }; }]; + }; + } + ]; + }; + + entersearch = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "search" ]; }]; + }; + } + ]; + }; + + renametab = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenameTab = { }; } + { SwitchToMode._args = [ "tab" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + renamepane = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenamePane = { }; } + { SwitchToMode._args = [ "pane" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"session\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "d" ]; + _children = [{ Detach = { }; }]; + }; + } + ]; + }; + + tmux = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "space" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "\"" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "%" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "," ]; + _children = [{ SwitchToMode._args = [ "renametab" ]; }]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [ + { Write._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { GoToNextTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ FocusNextPane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { GoToPreviousTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + }; }; }; @@ -24488,12 +25786,12 @@ index 3a0f90e..bb10f8b 100644 #include "nix-plugins-config.h" #+end_src -** Zellij layout default.kdl.nix +** Zellij layout swarsel.kdl.nix :PROPERTIES: :CUSTOM_ID: h:bed316c9-47ed-494f-8375-998ef1315d7b :END: -#+begin_src shell :tangle files/zellij/layouts/default.kdl.nix +#+begin_src shell :tangle files/zellij/layouts/swarsel.kdl.nix { config, pkgs }: let inherit (config.lib.stylix) colors; diff --git a/files/zellij/layouts/default.kdl.nix b/files/zellij/layouts/swarsel.kdl.nix similarity index 100% rename from files/zellij/layouts/default.kdl.nix rename to files/zellij/layouts/swarsel.kdl.nix diff --git a/modules/home/common/kitty.nix b/modules/home/common/kitty.nix index 2b57e93..2778a54 100644 --- a/modules/home/common/kitty.nix +++ b/modules/home/common/kitty.nix @@ -4,11 +4,25 @@ config = lib.mkIf config.swarselmodules.kitty { programs.kitty = { enable = true; - keybindings = { }; + keybindings = + let + bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key)); + in + bindWithModifier { + "page_up" = "scroll_page_up"; + "up" = "scroll_page_up"; + "page_down" = "scroll_page_down"; + "down" = "scroll_page_down"; + "w" = "no_op"; + }; settings = { - scrollback_lines = 10000; + cursor_blink_interval = 0; + disable_ligatures = "cursor"; enable_audio_bell = false; notify_on_cmd_finish = "always 20"; + open_url_with = "xdg-open"; + scrollback_lines = 100000; + scrollback_pager_history_size = 512; }; }; }; diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix new file mode 100644 index 0000000..8ff17b9 --- /dev/null +++ b/modules/home/common/zellij-keybinds.nix @@ -0,0 +1,1233 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.swarselmodules.zellij { + programs.zellij = { + settings.keybinds = { + _props.clear-defaults = true; + + locked = { + _children = [ + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + pane = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { SwitchToMode._args = [ "renamepane" ]; } + { PaneNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "e" ]; + _children = [ + { TogglePaneEmbedOrFloating = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "f" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ SwitchFocus = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { ToggleFloatingPanes = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { TogglePaneFrames = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + tab = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "1" ]; + _children = [ + { GoToTab._args = [ 1 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "2" ]; + _children = [ + { GoToTab._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "3" ]; + _children = [ + { GoToTab._args = [ 3 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "4" ]; + _children = [ + { GoToTab._args = [ 4 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "5" ]; + _children = [ + { GoToTab._args = [ 5 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "6" ]; + _children = [ + { GoToTab._args = [ 6 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "7" ]; + _children = [ + { GoToTab._args = [ 7 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "8" ]; + _children = [ + { GoToTab._args = [ 8 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "9" ]; + _children = [ + { GoToTab._args = [ 9 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [ + { BreakPaneLeft = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "]" ]; + _children = [ + { BreakPaneRight = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "b" ]; + _children = [ + { BreakPane = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ GoToPreviousTab = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ GoToNextTab = { }; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "r" ]; + _children = [ + { SwitchToMode._args = [ "renametab" ]; } + { TabNameInput._args = [ 0 ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { ToggleActiveSyncTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ ToggleTab = { }; }]; + }; + } + ]; + }; + + resize = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "+" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "-" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "=" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "H" ]; + _children = [{ Resize._args = [ "Decrease left" ]; }]; + }; + } + { + bind = { + _args = [ "J" ]; + _children = [{ Resize._args = [ "Decrease down" ]; }]; + }; + } + { + bind = { + _args = [ "K" ]; + _children = [{ Resize._args = [ "Decrease up" ]; }]; + }; + } + { + bind = { + _args = [ "L" ]; + _children = [{ Resize._args = [ "Decrease right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ Resize._args = [ "Increase left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ Resize._args = [ "Increase down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ Resize._args = [ "Increase up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ Resize._args = [ "Increase right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + move = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ MovePane._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MovePane._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MovePane._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MovePane._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ MovePane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ MovePaneBackwards = { }; }]; + }; + } + { + bind = { + _args = [ "tab" ]; + _children = [{ MovePane = { }; }]; + }; + } + ]; + }; + + scroll = { + _children = [ + { + bind = { + _args = [ "e" ]; + _children = [ + { EditScrollback = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "s" ]; + _children = [ + { SwitchToMode._args = [ "entersearch" ]; } + { SearchInput._args = [ 0 ]; } + ]; + }; + } + ]; + }; + + search = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [{ Search._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [{ Search._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [{ SearchToggleOption._args = [ "Wrap" ]; }]; + }; + } + ]; + }; + + session = { + _children = [ + { + bind = { + _args = [ "c" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "configuration" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "plugin-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "w" ]; + _children = [ + { + LaunchOrFocusPlugin._args = [ "session-manager" ]; + LaunchOrFocusPlugin._children = [ + { floating._args = [ true ]; } + { move_to_focused_tab._args = [ true ]; } + ]; + } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_except \"locked\"" = { + _children = [ + { + bind = { + _args = [ "Alt left" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt down" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt up" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt right" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt +" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt -" ]; + _children = [{ Resize._args = [ "Decrease" ]; }]; + }; + } + { + bind = { + _args = [ "Alt =" ]; + _children = [{ Resize._args = [ "Increase" ]; }]; + }; + } + { + bind = { + _args = [ "Alt [" ]; + _children = [{ PreviousSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt ]" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "Alt f" ]; + _children = [{ ToggleFloatingPanes = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl g" ]; + _children = [{ SwitchToMode._args = [ "locked" ]; }]; + }; + } + { + bind = { + _args = [ "Alt h" ]; + _children = [{ MoveFocusOrTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt i" ]; + _children = [{ MoveTab._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "Alt j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "Alt k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "Alt l" ]; + _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Alt n" ]; + _children = [{ NewPane = { }; }]; + }; + } + { + bind = { + _args = [ "Alt o" ]; + _children = [{ MoveTab._args = [ "right" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl q" ]; + _children = [{ Quit = { }; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"move\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "move" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"session\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "session" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ SwitchToMode._args = [ "tmux" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"tab\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "tab" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"pane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "pane" ]; }]; + }; + } + ]; + }; + + "shared_except \"locked\" \"resize\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "resize" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\"" = { + _children = [ + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + "shared_among \"pane\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "x" ]; + _children = [ + { CloseFocus = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"scroll\" \"search\"" = { + _children = [ + { + bind = { + _args = [ "PageDown" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "PageUp" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "left" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl c" ]; + _children = [ + { ScrollToBottom = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "d" ]; + _children = [{ HalfPageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl f" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [{ PageScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ ScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ ScrollUp = { }; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ PageScrollDown = { }; }]; + }; + } + { + bind = { + _args = [ "Ctrl s" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + { + bind = { + _args = [ "u" ]; + _children = [{ HalfPageScrollUp = { }; }]; + }; + } + ]; + }; + + entersearch = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "esc" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "enter" ]; + _children = [{ SwitchToMode._args = [ "search" ]; }]; + }; + } + ]; + }; + + renametab = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenameTab = { }; } + { SwitchToMode._args = [ "tab" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"renametab\" \"renamepane\"" = { + _children = [ + { + bind = { + _args = [ "Ctrl c" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } + ]; + }; + + renamepane = { + _children = [ + { + bind = { + _args = [ "esc" ]; + _children = [ + { UndoRenamePane = { }; } + { SwitchToMode._args = [ "pane" ]; } + ]; + }; + } + ]; + }; + + "shared_among \"session\" \"tmux\"" = { + _children = [ + { + bind = { + _args = [ "d" ]; + _children = [{ Detach = { }; }]; + }; + } + ]; + }; + + tmux = { + _children = [ + { + bind = { + _args = [ "left" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "down" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "up" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "right" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "space" ]; + _children = [{ NextSwapLayout = { }; }]; + }; + } + { + bind = { + _args = [ "\"" ]; + _children = [ + { NewPane._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "%" ]; + _children = [ + { NewPane._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "," ]; + _children = [{ SwitchToMode._args = [ "renametab" ]; }]; + }; + } + { + bind = { + _args = [ "[" ]; + _children = [{ SwitchToMode._args = [ "scroll" ]; }]; + }; + } + { + bind = { + _args = [ "Ctrl b" ]; + _children = [ + { Write._args = [ 2 ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "c" ]; + _children = [ + { NewTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "h" ]; + _children = [ + { MoveFocus._args = [ "left" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [ + { MoveFocus._args = [ "down" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [ + { MoveFocus._args = [ "up" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [ + { MoveFocus._args = [ "right" ]; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "n" ]; + _children = [ + { GoToNextTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "o" ]; + _children = [{ FocusNextPane = { }; }]; + }; + } + { + bind = { + _args = [ "p" ]; + _children = [ + { GoToPreviousTab = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + { + bind = { + _args = [ "z" ]; + _children = [ + { ToggleFocusFullscreen = { }; } + { SwitchToMode._args = [ "normal" ]; } + ]; + }; + } + ]; + }; + }; + }; + }; + +} diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 92d4507..47492ff 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -5,6 +5,55 @@ programs.zellij = { enable = true; enableZshIntegration = true; + settings = { + pane_frames = false; + simplified_ui = false; + default_shell = "zsh"; + copy_on_select = true; + on_force_close = "detach"; + show_startup_tips = false; + support_kitty_keyboard_protocol = true; + default_layout = "swarsel"; + layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts"; + theme_dir = "${config.home.homeDirectory}/.config/zellij/themes"; + scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines; + session_serialization = true; + + copy_command = + if pkgs.stdenv.hostPlatform.isLinux then + "wl-copy" + else if pkgs.stdenv.hostPlatform.isDarwin then + "pbcopy" + else + ""; + ui.pane_frames = { + rounded_corners = true; + hide_session_name = true; + }; + plugins = { + tab-bar.path = "tab-bar"; + status-bar.path = "status-bar"; + strider.path = "strider"; + compact-bar.path = "compact-bar"; + }; + # configuration = { + # _props.location = "zellij:configuration"; + # }; + # filepicker = { + # _props.location = "zellij:strider"; + # cwd = "/"; + # }; + # plugin-manager = { + # _props.location = "zellij:plugin-manager"; + # }; + # session-manager = { + # _props.location = "zellij:session-manager"; + # }; + # welcome-screen = { + # _props.location = "zellij:session-manager"; + # welcome_screen = true; + # }; + }; }; home.packages = with pkgs; [ @@ -12,8 +61,8 @@ ]; xdg.configFile = { - "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; - "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; + # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; + "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; }; }; }; From 56c1f3554807eff7ca8dce03279647fdbe9136db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:45:08 +0100 Subject: [PATCH 15/23] feat[server]: improve nginx config --- SwarselSystems.org | 97 +++++++++++++++++++++++++++++++++- modules/nixos/server/nginx.nix | 97 +++++++++++++++++++++++++++++++++- 2 files changed, 192 insertions(+), 2 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 6be1f72..b049beb 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -7049,9 +7049,60 @@ Here we just define some aliases for rebuilding the system, and we allow some in inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; + serviceUser = "nginx"; + serviceGroup = serviceUser; + + sslBasePath = "/etc/ssl"; + dhParamsPathBase = "${sslBasePath}/dhparams.pem"; + dhParamsPath = + if config.swarselsystems.isImpermanence then + "/persist/${dhParamsPathBase}" + else + "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + options.services.nginx = { + recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; + virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options.locations = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule (submod: { + options = { + recommendedSecurityHeaders = lib.mkOption { + type = lib.types.bool; + default = config.services.nginx.recommendedSecurityHeaders; + description = "Whether to add additional security headers to this location."; + }; + + X-Frame-Options = lib.mkOption { + type = lib.types.str; + default = "DENY"; + description = "The value to use for X-Frame-Options"; + }; + }; + config = lib.mkIf submod.config.recommendedSecurityHeaders { + extraConfig = lib.mkBefore '' + # Enable HTTP Strict Transport Security (HSTS) + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + # Minimize information leaked to other domains + add_header Referrer-Policy "origin-when-cross-origin"; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options "${submod.config.X-Frame-Options}"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; + }) + ); + }; + } + ); + }; + }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -7064,24 +7115,68 @@ Here we just define some aliases for rebuilding the system, and we allow some in ''; }; + users.groups.acme.members = [ "nginx" ]; + security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; + reloadServices = [ "nginx" ]; + dnsPropagationCheck = true; }; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ dhParamsPathBase ]; + }; + services.nginx = { enable = true; + user = serviceUser; + group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections + recommendedBrotliSettings = true; + recommendedSecurityHeaders = true; + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; + sslDhparam = dhParamsPathBase; + virtualHosts.fallback = { + default = true; + rejectSSL = true; + locations."/".extraConfig = '' + deny all; + ''; + }; }; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; + }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu + + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} + + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } #+end_src diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix index bccbcc0..cfe9330 100644 --- a/modules/nixos/server/nginx.nix +++ b/modules/nixos/server/nginx.nix @@ -3,9 +3,60 @@ let inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common.mail) address3; + serviceUser = "nginx"; + serviceGroup = serviceUser; + + sslBasePath = "/etc/ssl"; + dhParamsPathBase = "${sslBasePath}/dhparams.pem"; + dhParamsPath = + if config.swarselsystems.isImpermanence then + "/persist/${dhParamsPathBase}" + else + "${dhParamsPathBase}"; in { options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; + options.services.nginx = { + recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block."; + virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + options.locations = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule (submod: { + options = { + recommendedSecurityHeaders = lib.mkOption { + type = lib.types.bool; + default = config.services.nginx.recommendedSecurityHeaders; + description = "Whether to add additional security headers to this location."; + }; + + X-Frame-Options = lib.mkOption { + type = lib.types.str; + default = "DENY"; + description = "The value to use for X-Frame-Options"; + }; + }; + config = lib.mkIf submod.config.recommendedSecurityHeaders { + extraConfig = lib.mkBefore '' + # Enable HTTP Strict Transport Security (HSTS) + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + + # Minimize information leaked to other domains + add_header Referrer-Policy "origin-when-cross-origin"; + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options "${submod.config.X-Frame-Options}"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; + }) + ); + }; + } + ); + }; + }; config = lib.mkIf config.swarselmodules.server.nginx { environment.systemPackages = with pkgs; [ lego @@ -18,23 +69,67 @@ in ''; }; + users.groups.acme.members = [ "nginx" ]; + security.acme = { acceptTerms = true; defaults = { inherit dnsProvider; email = address3; environmentFile = "${config.sops.templates."certs.secret".path}"; + reloadServices = [ "nginx" ]; + dnsPropagationCheck = true; }; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence { + files = [ dhParamsPathBase ]; + }; + services.nginx = { enable = true; + user = serviceUser; + group = serviceGroup; statusPage = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; - # virtualHosts are defined in the respective sections + recommendedBrotliSettings = true; + recommendedSecurityHeaders = true; + sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL"; + sslDhparam = dhParamsPathBase; + virtualHosts.fallback = { + default = true; + rejectSSL = true; + locations."/".extraConfig = '' + deny all; + ''; + }; }; + system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { + deps = [ "generateDHParams" "users" "groups" ]; + }; + system.activationScripts."generateDHParams" = + { + text = '' + set -eu + + ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath} + ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""} + + if [ ! -f "${dhParamsPathBase}" ]; then + ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096 + chmod 0644 ${dhParamsPath} + chown ${serviceUser}:${serviceGroup} ${dhParamsPath} + fi + ''; + deps = [ + "etc" + (lib.mkIf config.swarselsystems.isImpermanence "specialfs") + ]; + }; }; } From ddd3dbf2673ae3e293bf32145d1a560449746273 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:45:44 +0100 Subject: [PATCH 16/23] feat[server]: improve kanidm config --- SwarselSystems.org | 39 +++++++++++++++++++++++++++------ modules/nixos/server/kanidm.nix | 39 +++++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 14 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index b049beb..906a325 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -9694,8 +9694,18 @@ To get other URLs (token, etc.), use https:///oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid//oauth2/openid/ Date: Mon, 17 Nov 2025 22:46:46 +0100 Subject: [PATCH 17/23] chore[client]: better pii management --- SwarselSystems.org | 40 ++----------------------------------- modules/home/common/ssh.nix | 40 ++----------------------------------- secrets/repo/pii.nix.enc | 6 +++--- 3 files changed, 7 insertions(+), 79 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 906a325..6230f85 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -12630,7 +12630,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. #+begin_src nix-ts :tangle modules/home/common/ssh.nix - { lib, config, ... }: + { lib, config, nixosConfig ? config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -12654,43 +12654,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "bakery" = { - hostname = "192.168.1.136"; - user = "root"; - }; - "dgx" = { - hostname = "192.168.48.200"; - user = "swarsel"; - }; - "winters" = { - hostname = "192.168.178.24"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "milkywell" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "moonside" = { - hostname = "130.61.238.239"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - }; + } // nixosConfig.repo.secrets.common.ssh.hosts; }; }; } diff --git a/modules/home/common/ssh.nix b/modules/home/common/ssh.nix index c5fac9b..562f68a 100644 --- a/modules/home/common/ssh.nix +++ b/modules/home/common/ssh.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, config, nixosConfig ? config, ... }: { options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; config = lib.mkIf config.swarselmodules.ssh { @@ -22,43 +22,7 @@ controlPath = "~/.ssh/master-%r@%n:%p"; controlPersist = "no"; }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "bakery" = { - hostname = "192.168.1.136"; - user = "root"; - }; - "dgx" = { - hostname = "192.168.48.200"; - user = "swarsel"; - }; - "winters" = { - hostname = "192.168.178.24"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "milkywell" = { - hostname = "193.122.53.173"; - user = "root"; - }; - "moonside" = { - hostname = "130.61.238.239"; - user = "root"; - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - }; + } // nixosConfig.repo.secrets.common.ssh.hosts; }; }; } diff --git a/secrets/repo/pii.nix.enc b/secrets/repo/pii.nix.enc index 85d15f6..48ee1ff 100644 --- a/secrets/repo/pii.nix.enc +++ b/secrets/repo/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:FMhv0WezQAH1OX7F2WlgdAEn54aAZtCXyFNP+8CboukwlL1+VzzcsjQK7/KJqXiHfIFHfn7N0P/y8tk2P+A2Ucbl1NYxj5IgfL7ohAACDhAVkofCM5CD4KcE1DoL4Ja56K6qkjlAi/t7NRv6tUYIr+NZqr2g70F0RQbgF1dkdpxW1JUNmreF5CnXDYtqz6+iMpekNXkj+wt/Zc9lQ/zW1fP4IH0C64SG+lFucpseOwP3YhvjFpzyT/11+uiStc6l2r+luNT8eJsaCYmcSqK5+1lJglIph1k4H+Xy1ccRHHeesy9+ySaGBP3h5uY9+JOdYe5fO9SYZt0cKO4Oic32Yq+uZ0Ldu0hPzDN4MMHsBP6lYidSXqs/kVgxEbPJ7T0RnQmFCVDhWE346HquZBfrGuxBOu2ifkxAFVHJyGaItOk2wlxcPDbU0P+t584CXlVIdGRS/mvW4xxXBCVlEi+QM8a4JcM7y1RJZV6S6R1DGC1nXgdscpcRGIfp6BcKPmSB2vZO8rx2qOMdUPS0FEOEVnHsvnwczGZHJuq6WjxvLNnzBH4gZtc30OKimlxXhQA6qyjupH7P65ayiFt9vvT/fFnYZr9aABc2xbSmqyJZS1wfvl5JMQWnUayigxfzYMdxuMC9+8SCykqXmy7hDlJeBBobSxdQUVhHAprY/sn+FOBzK5ZYb0wsavXI9w9sUSdQiU4XIxDb/FXJgs89FZ8p+uWQ1vFglF6XYR299LScIN7CsvLyGdk1idr08WCc92+9DSnSv9onM1UGD6IkSjMB3SoexuGa6Kj5yi5qyAOtvmMl8NwJn8Xh+gEE+FSUi+GAhh+aLvNbiIVPPmNXgI2+slUn6bzGDLk3NQMMeQ+JrX/SdT7q9Awxe9jtdsej4CGINrrTYKHsaPocVQkK6wpiQh8XbvxKoOV3UU3x9ouEVUjHrN06UbXWFXQSjEz5QXdtjpyTqxi6AaoL8M/yFTL4uB2ahPZ8bC17ZVq9eXwUtHIyKwClbTHTzlkJzr7lR7I1zWLtZIKy0pr8Si5DEkIuT7YCo5w5Pa3Z9DCkdAAL2t7TNTdrQo3H/iid7YKupfCeQxYYf836toX1Ff7jTCLtTEbfk3fOcbpu4uD0geWx4vI6V5lolJJ950ETnx+pq8EFVEk5D6VSfGo+Hl9c2xZ9UraYo9I0HzSSe12FSEVF/anKMVhBZGxdIxqCQQuu/FSNhkaFpmYpcEgodmFGQbAY0OworSg9ZnFWVMgQ33T/cna9Ene4AZ93DJaNrlzT8Jk0QIqCQjIIiZwUqPxABk0epNMLMZzZBJ/8nwN28YU5/pp4c+53RYPjMD4NlC/P+JXMxF+bidSOSYHb4Ucs1vIRljDSWumb46ZXoV+4sCBSdG0LjNVLkyx9P2vYhcw5G1KduSrUMY9VVOePcVQGYfsWjyi0nLyWadu9UUASafUwkOo2JoEjIdKWqg3zQRYIMr0GYp0Kf1EGVTPRPOApnbyLezDQsSnSZzakcJ1qDSFyLjlBMwoE5Rmndp+TS5kUEQaNeJQb56tTbDLWxlpgCoDgtfL5q+gjuVsjwkvUA9o9usBF+hndDl/fzs/ajR9q8V+hBS4j1AQROFRQhQv7vYdGA+Q3z18nTBheY2MgzpGBUwOEFuJJ+ndPANtVC7EIMz/rwKg7g777cwYLHyiJG1Rtj+45w1DmktS7sIyD0/RUt7ApF/v6PeMY+lVjXCKUfgNDaeiHQzKQpCF4+O4CThKa7Tg0keKI4fuJMoFEqZcfEr1TVEFg8AKcBzqdHMyUeUDyLIf2Sp7GJQXTbNA7TlCI5iABJ9McCK01RMqf/1Ew6NJfNDp1yjMd3NpozvAvMXIunmjUjKHzraW+gw/+z4XCq9ifALcKes3Y1R/tQmVfymnMGGoB3bErSIRIDA47IeR5OnrNVwrTM+l2Ew6jFBoWXH6pfaPj6SkdNgOEPp1mHlHf/x9YDBp2ZmtLAG3vlf4bXk0PQhNIb4bm71WyqqFiYwrI82o0Q+UocSxo/lNnLuvO3OxL1P9tp7OPi8kiB7G/D65qvE653xgXmo1OLk+RBJjhqSxBrPJTNbEcPhp36xjg4QtE9alC0XvzKaGUR9GawD6ZEmgE5payDSRXMPD1ZHx8dxr4wdJmxYFpwXFH8UheiKk2dhoGLkMoIempdsmteyaBh+qbeomXaq0+ihHAHkCtzQOc83cr5OS1tmcU1LbsHQ6ZMfBtpig/yWUdpGzFFTPPVKKx2+bWOkOW44IfkLsnAVjo0fvofnL6wuFBKVVF0bfQmlWBheR/VeVrwEjbxTfVOqRmBsliBSxzr5A5FsK5LGfzsyll/8IegLuE+412Kj3EZLVx3c+xq15oAh66/5JaiZ2C69azvb3gPr5NryLFqW0a5gxw1o3SiOA/L5mgzhqvFpf2+dfXLebahVpAYCpP+XLbYTuDiIbCJouUxBMWZgsmaIcwrGKecixLa0LtESsfLSi7F7jk37OlrOaR1gW0PHhYDfmXq0fqHPulthCWEbm76xSCbuLc9L5FI4Kc648WkxXXR8388mv4xIFAURcorse7DObygZSOx+BW8zynUs7NexXnT9OGa9vTB0OTWadOGXNSIL3LNCmoGNtxjfMCfl+CgAWFQxC2OkajkLxu2g0Ff9eEBNUQGrs8EzMB4wKPDHvtnNrezq0NMFsA7NDyl24taCXZ9jNtk6wsq2mWPW+BjvmlwK5Q8VgMXGLhxDXn4322s5NXDZc2GrafflDgAz8cdMWD1kwj7I+V1YRR4BjXikON3ZeDc3IkvW/ZPbIklr1IfAz5dZ6/pxo1TOHbfkxeS1/xW4+QnCBNznoxMH8QpPnm35Ch++Hl5raSegQ1iDGcGaTu7cG3f3E9sAI8J/x9xzps0kybF1B9ngyvLP+Y+sQ6plqaiWhrAtOtSvQIuZwIqJ6CLTVvGGN0CJVxWz/GU2cxL4ierNmSmni9MroSWz6U+M5K9P2rAQdskIwv0pcZ/esk0C/IHRZEs4DbaFBTVJoPk/8eMKBhxXmomAOm7SFRTp6LMD7OrD/ext2S4cWXbcnXY7WX4+R2GT4yCIo0au3/CLX6znK0o4ml8dH6FzClJCiWL9pc3tFbCh5iCiIGaCXFZmAM3NStD8XLKvqatFxgmK9I2jSN98eSSMU8MexiRtTttzza/7Nqj3/3nCM1Qw4sIEC+a8TWjHJeE/6tJ9JyAHEYZuhE9P3AbECwa7nIQB5NbKF/IDrHUN+fw7mKEPMgbMBQ1ITWg8Glmb2trzms2WlxIm071j+9jYEs/F/n9/mzX6/iyCRegmXUhN9rcPr34GQiw4uLrWKnRhHMQNwOMPVOG6MgPm9+eYBExY7Avl/Evscidd6uewc/+z1soTNIh0qjWS5R5ubgET+Y1G6B68dVrqLE9rA9Z3yIfcp8q/mal+qlkiSv9Vx8285CcM1H2nmXN40zGO3Ad9kVwsgzoHknIW9woUNly9GZeeSx6m5GCqAR7RFsNh6G0xYE7gtWoNs5xhGOyY7Dp+6XhYUPJQJF/kJkKmfFr/0nzXDjCqC2Fdc+OO5ao2nMod3uXFFUZBZzms0+RM0fcTwDLdaEkTw2q63ik4yRcBL7k5uMb7YTeZTitKFmaqPfq9DNgs+hItzDDAUBiJxbww40Z7O1kByg5J2PHU0Z0QJR5pXdMIwakLsKBIWZ7vVWGTmiPM46uRQSrdmjLUVCpanXk4OnRp2JA/Enhe76eASIN0rmHNLAPgzY5H8uhdAnlZ83RZ9qacOgQbjQ9s+rvUl+LpbxnZOolWcVnGUHZj/u11AVIz4VS6AB4g2rFpxSpt0welvuvngshOW+qpzIiw1k0oXsX4WkvxG4s7dwlfAUuYpJCU92EtSkF3z8qBSG35J6k156nXul/zIrxsYv8iuj7Oc5YwceqPhWNaysdRfueEgarfTdJiLisKqeWB8JTEFLDQCHDrbT8krWbbxe1e948grStUpx86BhQIB9bY3lleGgb8J3NNbU1qIltoVwxegECm2CyoA5NHJG5pLaaYBRlWlQC/VZMoo385DQL3k/Vsrn31qdNc50aPisQnqrKbqCdIcdG26VnXkJC9gyhHefzXwu+VkvJJ4eGBmRZF+eB7enzyjHaqjLXJJuk2drsDzWnuAGGA8Ys1KN/mJY4tF741Ba8rZmr/4BcPPRzR47PDOtBQsaI7RsdX+DoVsdgX6P8b3iVIuEm3DHjZlaeQDqFqrp/Q9gHEAjUmpa+zAk1wZ1XU5fw8YiKj3xP+/9pQ5QHqU+IkeZK7306b7rywI7PJf32QOfaSFPBiPI1NhQsBRoVbR5VKNiwK9nKA6fhxiWjvHqcCI8+MoxWhXbq2TwSfQLg91+NwzAUaH61xR1dQw55UAAUS0HfoZTSKqyyIffTNvF6ulRJITMtr6h1q0N8cVdZln0zTBT2k8uMvt5z5RFc58XpRhm8FXXx9LYtlMSdshVhYYyqepMOnhn/4UU25aqQ6swVmsyoJgFYM9ABXbMlFIGVivGEptHDEA5EFhfb6uPUHFmMKkT4rV4Uy8h0h2P8vEitCRZLW/VM3t14/2CN7IT5EQqmKyei+CdKHXiqJlb+Oi7bAATLiroIRoRdF9Ydp1nDRgU6XMxfv+60o2Cxkal2lSmM9YsCByLXY0Zefen0TNca/wndhuRkSJ/GVu2+E6OZtx9zfC0I/GDV4g8TfK3GLGINXBwifOrTcPTyaRgGmAO7OmhNES1pgEvebbeTJipVvq6PCGzVMARsQMF10eHvZQpgMjSq0mSSyccW4BF7PVF4013hgZuT3ZzHHN8zPUyRPifqyLYc3grL0ZOrY6zM+HWM0WvtE3T0u7psdxdxkqHWIxaCnbn3w8H/pqjBb5f6xWjC0auzM6lPtJ6zZ28TBuwSm2ovcOpeGVUx0iYMGLrRty6Iu02,iv:0rzvTEH041voxTfHnSlAfQx7SyBvcY6fUQxbmfqyGmA=,tag:CmyhGqlyXqI5o2H3T+otpw==,type:str]", + "data": "ENC[AES256_GCM,data:AmILjmXaYip12IA3T3duZIb7Us6FSby/gdbumUJ69y9cU5CK84W8A5zNIv/pNorvbI/d4d4cwcIWOQJdb0vMnTx97ftaPJl5rK1TaboL+CbbZviIE6HTTnkZlutdFjjqzkv9TCcJ1Cm/Krf+/AiSX2bYujzggBMhrOpkb3Wt7iTvxpSahUZkyRLJTDkY8OJdc4uXTpZIoPEEWOF/ZXOdEYOuNvES0dGwzCLhmYBf/yWsRgr7ICRSH0k14lsQRmRa2ZGq07jNlu/f+zXtIR4UMQC732ERLFBKTdqcvFffhKYuy9xL2FNJFuCZ+FXsFtV1Y0YQYeR3B/30EHxLrqiRzF/orkA4mdFgdBqiOcTJKnOeanGF2Im0XiZj6XjoAftHINpX6SGVZOk2mgd8e5giNcMew7izQyQdwQBnG0FKaZvLFO/5YLUdRN1kdtNaDlJ634L1y5lu78TWrXlAQxor9mS5nUQEoW3i6KDOA8OQRsU4xcWAfMTOTRS9Qdgo4fBupo+kTuztRHjv9Tyb8UvMtjyqngDSsmKcURNQWM5mO48g/tP9rtRY23g1B2no//LR+NmhutR8mHjG65GbH+eqF81fI/kqMVZrbXIkZbkh8W6Hg22CZHKQMWTGP+T/25XhnE1qEFs7VlYWHdIZr2c4bMHhNmI5DqEinn2qEe/5YtQ1de+rQC/3X4Oh0+6VRaJvJ7RKkqbUFMUNrgsrrRgnmSwqlvVOykppWdHxtnbUfmjuhXM/Fk5yUWgDA0qPofmcSNAfxzCDkpc5YaNXERe+20xD98VyRvYZS+OTywes5ComCXh1vfO5NpHbPoI2NbJqgJj2Kg8QsJBCRqAMECMAK/rm/adnmCAMGqHzd0gCWyWQr+sxXQSnst+9SXKFB7hsUQYm78hO9Tj+0CJJ8gZFc9GD4RimDbxu27hDcf5ycPqTJ1PqHqHJkGXT810bT1ArGv2udWaz88PONfYmfL2kvdcZuJtYCKRVLqZnjl6MKee3HN9O/MTCxqrE7ZWhZhHTwkgqWcrKFmUMedReUdcVqn8bNkeo2jlgHKHuilRIt0nuQtSNlm1CEBzjCS+c9sE60inlJ+HOnI7ZppiiXBadI6i7MZ5+EUYibjck0vApxm1MRPonZg7j9VHJB7aXkNn2YwtDo4ihjlmCt6AZRgoBYJ+jIwaLGpM2UYEX16E8QFdSWqE1ncFH2Gz5TswqDbztLGVRplRs1Ayn9XmHSkh9mfK+SDAEFy16rnBY6QuI3Xw9g6sQ5x4Usw2m5qoJ8qxTJzzCjDndqYWMeSV4z9Q2x13EB75sK4wBlN1oLn2ubxSiunHss/4nIARDsTGHYO2ilPM5ekajN/v5J5IH5dYwE9HT2pqtbtjo5Zk3JvL8fQiWBQDufjDfYnaLn26E/iu0Xl30uYLI1NwAxvGEPOOZ6fndBPkNYz8KNq2E0A7zv4pyDqA44/uPkfWJnWeVQXoYHOGj74Cc11+bVm6s0mjv35mLTg1EadWJZgQG9I+NHMXL+uvP6RGkX4oXnVT7rQHItv0jz27MlxK8/fm+UrOgFGYX+Pq2Rwam8HN0IprzH9QAqODhuNwTe4CwWS+cIk223/5t+M2NWems2p6JKxuZ08KkPseUQnwl0Wxu9pFKYSBctlgTrJ7Dp83rwbGHKDgB5ZBimsp/uT83dJrFCp7Rpks1AnLSXo5rn6p60Do8P3JfzXhLJqi3jHp4Wl3Qu9Sejq0Z6JVPfNkf24eIbQ0rNoSi7ruybSryXPSH5EPgmN/Sx36etCJ7/3XPmSkCRg0/o7gVRjbHvuNdexyzfR2UIHvm2qzWQDiggQyj3m/JWvgsqNBBAhcIiuv6eCznRDEjOUHXLqTYiz9NUJN8H1rxCg8dCBIsLfNwDE89edU7NsIGCqepbpos5dFzOPHrr8sCYwA5Xv2amQ4PJtULHrymz/SYwkVG60UWo0rl332a7bi1CQTa+MyGjbD8OTOMvr/itUrthND81oD+q6cK6B74qtrj8E6HG24yl8vJHIO4un1ZxZkkjUGP0pIRT0vd31sxQxUU2REeq+7Q1B3N9apbr49wYK+8EVBFwyxK+Ok72BIBVvZY82kNmUhBtyIOsqhT4e+c5VQ6YqKO5W8b4F7vSCGhzkbCyddcdhxWzoSKcFv5/mAxBVqnk9aXWMs1+x8lyfANRE89qYgjmw5hONloCL2hZVL28ykGt7wGTVFL6bOjpLaa0xUrfhraEiZCHyrOlqwYz9QDjmDmsURdW4plUwJa+8J5QVu73kC0c0WZ5xwoQppw8eUS3rGt+e1PaKByNfEPD5LLd17QFBdWzdiCMlVCl9M7+gblPbSMCTfcNNnB3MoBzD/znN2pEyNlwdJaMN/+kCQKSNlRh3U4oPAutK0/S7n4A5V4ZylRVFQ/j8digntEzr64wixLfy4L4hEVXroraY9/asciAS52+kXWSdPKqWPbzPsZBTVw7+aYXlwYzHtbhN16LbNSOS79lKbS1E2vSOzwtq1iKkB9ckjdAZebgIaL6wSGQDP6MESDqsgpPwwpr0faOjOz2tc0Bh+FUA0qIHP2WUSZUmws+gurPJfsLgm9OrK8YvzClZIG4Jw0BYHE9PPYfColMic5mFVIGGEALFcc9xx4G8Mh0lqTaDbVaJONQbQ2kzbJ70TiqISlaHxCpkeyH7Hg1kHuBCOUZUUe1Nh9vyxkQoW6qzqZa2H0+j1xqMmy8tw/sB55oUOkC0SzqQkS+7HPgoD/fMB+VVsrvOJX/YCSNip9NX1u5Yf+R91LiYAWnlT5CYnseSBbwyOQgF3ud1jN1QE/tnvjj3ASy2OoQbOnNhJUnoShxMGi8PRDv4tNHDFY/FbEmmiyH4q+D8j4FYkyxZorNMfxXVdDewRQNO5ZVyoIv6PFcKPEKHRqFrCGN46yT6MvjjeLqGAHanZkGBG766bg285gWRfXnR12ZV7g3mzbet8oWkL0W2os/LPjeMjSbEgtXVTFc+nHJajPKXDxQxx2N6kYopudyNgweBILLgbeLlCSZhJhyAWLpIOvlJ1PGNnbDyY2CR+SK4XH+8S+G3RwvOSW/4dJA6GUFv+Lweqa0j+JzrhSIZnE616IlhA5AlkVHySJKbFKBV7aQqu5WtWZz0uQRZdf+xQbPhMcKOh8L6OrMCJjDibJYgHLlf5yR2MawMpX2pkzUFpheah74+V7QQd6gBq6aqvLc/GpweOaxQ3h927EuiUOC+kkr2vT/lu/25/lfhpGzbL5sT0dxPbtVhymImMBaQz7tZpf/gUUu56LJfyp/Ct7XJEKOsN7tJtuJYsLL7NcqxB4X/fZz5wPfMr4SbJMCz+0AilZCRvXfJ38/LI33phb2RNE89WbO/PSTfphNBTgO1tAouIk1bvvILz3ObHM6bmjdb7FaFuP5PpzzS17OP3Yregz02STonGg/Gwx4Bw49Je535nZShuuhbuDdW20g1Af5mYXfTusLDMorddn0G13aNPpoOxEB8vFosnJsq8gi4Bei1WMTTaeTemNEbsdqFn3/7AYbzVtIGm2JjQScZ98RNM/j0zPE6u7tCd8YOStdAtK3aHtIm6lTvYb5eP6a9kpgVHGHaqdLey4F7RQE2Q7TNWH0A0NIsSEncvxTFUuqY2ERxN5WITBhPoUyPIvyXNkdgt1iwAMeSYs+emEQFrJ8uMb+gZ2WNusCMSU4IdnlA/ndAf+0hM2giaiWZ8xMDX0CzVxjye9ijId+XXJQqpxlsLHjc+ZD6sqYFE3nQrx6YRoa0eV3qBQCnse7aWbIqt5+Y+lG6GNQRIcwC7TzOxRY/d/iorFl2lw/KbkClb3LDlaz+wyTtBB6CEggPtdGebuM/9SGzn8waMx/m3vlRgGriJSyuDlqhQAyuaBDm56/hVc1/YhByL08zYgsUtLg7Dn0Q7JmpdKs3p35fz/9IhGNa423BrMHxo+ga/nsBU9U59jZm7aBfJ1LFbA5Akls6BUi9QFE37Z9Vm8u2bS1TGPAptvIVkGN6cmhJJsNApYr0g1gPUY/bNOfE9rTat4rF2bolXLf+sf8UHK1gTJ/HOCehJqoLf/VVS4NEpmWAeP0Hjw2/4t8/e9qH/xYyNzkSqhTkUI5BHPOJo1CtjiV/0k8MxkPo2yVpfIG3gDajg7lsSrlGi+ORwJOOYWxC/IEZZz31+NbUFMl7SC+ZXWIvftZF1y3noOksT+wHYxnRXQGe1OvuyaAj6Txniq6zTwy1dieHiCjSv46JRyygGw08xexERE1n7bLtIWSZ18OsYF5gf2dc4QIYSlNXG3di+MQPbjH6P0VeI2rznXyp4AaIYIGxfT1fUP24S50HUID8M+67gtaCrrJgfW9Hy9m+HlRO2EjNgDdlyh7hFNflGJeWUZZ6alFN72lVjuWEgsI+HCodNT57CSyiYJ/FtrIQaw7FNt/XQADCz+0yM8vJB5JR9EiVjSHYsaO9Xn9KqfJyt+timVw9HdfTT49lXQn8U1qtxS3uGMkHmmcnV5Ogacjt9Y4IhUaWP58pAe2l2lEyC4MRt1LMOrPVmuYWb4zkBS0rvwpoLx8rN3ijcetpJukRIGGivXDXy+6cnGkAHx52fIPdyGC6rx2KCIPdFfUzZC3wYRoTe/liub82wZXk1ZACcGv4+myBcwE4GtPJV0gctxzryUJ0eaAxkGxvklUMGYfgeoYKYUk9YZGFhQ/HxgB7LqJnDQjKVNlpFzWxyMkYqqLAC+owj1uJ0WuMs704AjE352/73bqwgYbYnD7p7wejEYHPofqjI6RoBIJRtWREVYHdsGCdmuyLbMDA9tY/z7nA2ei6nnUG3hyb5S5M9GL9tQxWFpCFeYBJEyl9S1COmoBSqy6n5Yhk6R3N+d0rkSqGb3z+uT03IjXmKJAfcwvWZWuUWTmQ8wJsUOsCrPOx/5sbsynyvkoJWtdgZjuia2gZS50qpMJFTUUKbNkp/wx5QT9z+tMjviC8JWFXB+iBLnKiWRA38AO2a5KtyGVy39+urMApJD9/Cem3NMyKTzY8OqFreZsH4XOBa45yXNo2psEY6gfjtD9Apn3dLUMSWcjRGXq5qKMgX40KhpWgWNCc2IlBGTQ8XFN40g4sDAQ/GxBQeik3CNMMERBxTCeNEx1P2Ju502Iwt5GiHtDedy2Y5HXrUKV0GYIn15uuhPGdPTErAc1QKgKxFq9b0yC4IVzkrnKRVbqI0BSCaswAzf4TUyzkYSf8Zfs9BSb5bzu9o6eN/x1cWGJdJlI8ATZebOcMBKkooDOhZ0T+b2bW7zvZdnj4IKqklvZlnmBvGnn55QiwpvCkhmGrg5+j9Q9QiTGai9h3Xt2Y8SVZXfltwXITeW20rJfWn0s4DoyfPWqunApWv4TH6/6uF6OgJNGOM7gLnH49K7MMVs3nCAmjkE7Gggmt+zzJsuX7gI9eZF8iavga0sRTSiF635pr24wiJL6tsUFzvJ/A960hhhC+Yt19E6AmdtTn9pPIk36O27G4qwLWOehueMpmQhzG07eWiY446iJByaDztM6WoYlqPAS/uaswYUEAUwHb4eZDsRwAgSCwi/djCxKWXqAoFzVftj7dsiljLvxqN+U39EM7pWBmnPGC5fLQ==,iv:jyofVBu/fxKmEnJPR5e81m8nnbcXf9i944mGH3rbcrQ=,tag:ILjy6UClUAyJmut255ZsKg==,type:str]", "sops": { "age": [ { @@ -27,8 +27,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtU240VjVRZmJ5TGsrclJF\nRXRLbTRCZURtR0Z3d2E2eDNNeGRDODlXVEY4CllTeVFYbDJQWlRSS1RFLzAxSnlM\nZi9NU1c3cWo3YWRLcUJ2U2ZFWFBBVEEKLS0tIGtmZU9qSWdBT3RDeStaaFFDSWtk\ndkUzZXJwZUl4LzVxYXdidmxXRnNnclUKyAMZqCKSY/RQvTR4bbjLaPnGKwdBcHXc\nvtiVSrLdIdzMa6id/J07TJH5UesUmcp0wjU41MDa4aMBLy+cXhuBHA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-21T17:52:25Z", - "mac": "ENC[AES256_GCM,data:SNsmzPknGzx9H7baoKo8gKSac/86sW5em3MKyhYFUxfRhZEtkUwkzz6KwDgZ4YCBzUlLrToiLUICA6KPnkXDHhKBh+8dyyVlB8ISU3gDbozjwRNA78oatLlA4h5sa5RADLha9j7Fr9euy4rcrCmk6jpL26RmsiFZhzaAxhkal4s=,iv:hmRyoG9tW5Wl9AKxWDW4Hv9Qvb5zlM4Ktrk0Q8jsVxg=,tag:ofsjndQpjLmnCMvz1NTsCA==,type:str]", + "lastmodified": "2025-11-12T21:23:26Z", + "mac": "ENC[AES256_GCM,data:YX01kVU0XeEFDtZokPcpZ0rkFWFqY29L8/vEEtBv8JuooEC8+P9GArK1yrOlAh80UnQb3aJC76lVLFJIToeUmSImvJzD3YBril9YQs5NsBKCxwyroMNOMaKmR7Lzn15rfXhBCtjzeLe8ILyzTtUrW/VqwPuO4bqpqd2fdKSAVzk=,iv:QDixQGXUITr9SlQs4kJ/daUt/THafb5UB81xmw4eZIs=,tag:vC+H/fBJ7CcwL+n60QMu1Q==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:13:06Z", From 66a543abf72947b7035e80dd3cd6ec464864d347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:48:33 +0100 Subject: [PATCH 18/23] feat: add quickpass --- SwarselSystems.org | 26 ++++++++++++++++++++++++++ files/scripts/quickpass.sh | 12 ++++++++++++ pkgs/quickpass/default.nix | 6 ++++++ 3 files changed, 44 insertions(+) create mode 100644 files/scripts/quickpass.sh create mode 100644 pkgs/quickpass/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 6230f85..4fb954e 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -19069,6 +19069,32 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w #+end_src +*** quickpass +#+begin_src shell :tangle files/scripts/quickpass.sh :mkdirp yes + shopt -s nullglob globstar + + notify-send "$(env | grep -E 'WAYLAND|SWAY')" + + password="$1" + + pass show "$password" | { + IFS= read -r pass + printf %s "$pass" + } | wtype - + + notify-send -u critical -a pass -t 1000 "Typed Password" +#+end_src + +#+begin_src nix-ts :tangle pkgs/quickpass/default.nix + { self, name, writeShellApplication, libnotify, pass, wtype }: + writeShellApplication { + inherit name; + runtimeInputs = [ libnotify pass wtype ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; + } + +#+end_src + *** cura5 :PROPERTIES: :CUSTOM_ID: h:799579f3-ddd3-4f76-928a-a8c665980476 diff --git a/files/scripts/quickpass.sh b/files/scripts/quickpass.sh new file mode 100644 index 0000000..3f95abf --- /dev/null +++ b/files/scripts/quickpass.sh @@ -0,0 +1,12 @@ +shopt -s nullglob globstar + +notify-send "$(env | grep -E 'WAYLAND|SWAY')" + +password="$1" + +pass show "$password" | { + IFS= read -r pass + printf %s "$pass" +} | wtype - + +notify-send -u critical -a pass -t 1000 "Typed Password" diff --git a/pkgs/quickpass/default.nix b/pkgs/quickpass/default.nix new file mode 100644 index 0000000..c13b8c0 --- /dev/null +++ b/pkgs/quickpass/default.nix @@ -0,0 +1,6 @@ +{ self, name, writeShellApplication, libnotify, pass, wtype }: +writeShellApplication { + inherit name; + runtimeInputs = [ libnotify pass wtype ]; + text = builtins.readFile "${self}/files/scripts/${name}.sh"; +} From 3391febda2c83e5814d1161c3b4d5e3afef1ca92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:51:14 +0100 Subject: [PATCH 19/23] feat: add remote disk decryption over ssh --- SwarselSystems.org | 125 ++++++++++++++++++-------- modules/nixos/common/globals.nix | 4 +- modules/nixos/common/home-manager.nix | 1 + modules/nixos/server/disk-encrypt.nix | 88 +++++++++++++----- modules/nixos/server/network.nix | 2 +- nix/globals.nix | 6 +- 6 files changed, 162 insertions(+), 64 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 4fb954e..8d0fd08 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -866,7 +866,7 @@ Lastly, in order make this actually available to my configurations, i use the =i #+begin_src nix-ts :tangle nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix - { inputs, ... }: + { self, inputs, ... }: { flake = { config, lib, ... }: { @@ -875,7 +875,8 @@ Lastly, in order make this actually available to my configurations, i use the =i globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit lib; + inherit (inputs.self.pkgs.x86_64-linux ) lib; # fuck + # inherit (self.outputs) lib; inherit inputs; inherit (config) nodes; }; @@ -921,6 +922,7 @@ Lastly, in order make this actually available to my configurations, i use the =i inherit (globalsSystem.config.globals) domains services + networks hosts user root @@ -2600,7 +2602,7 @@ This is my main server that I run at home. It handles most tasks that require bi :CUSTOM_ID: h:8ad68406-4a75-45ba-97ad-4c310b921124 :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/winters/default.nix - { lib, config, minimal, ... }: + { lib, minimal, ... }: { imports = [ @@ -2652,6 +2654,7 @@ This is my main server that I run at home. It handles most tasks that require bi }; swarselmodules.server = { + diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; @@ -4435,10 +4438,10 @@ in }; subnetMask4 = mkOption { - type = types.nullOr types.net.cidrv4; + type = types.nullOr types.net.ipv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; }; cidrv6 = mkOption { @@ -7244,7 +7247,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault true; + nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; @@ -7282,40 +7285,86 @@ lspci -k -d 14c3: | | Kernel | modules: | mt7921e | | | | | | | | | #+begin_src nix-ts :tangle modules/nixos/server/disk-encrypt.nix - { self, lib, config, globals, ... }: - let - localIp = globals.networks.home.hosts.${config.node.name}.ipv4; - subnetMask = globals.networks.home.subnetMask4; - gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - in - { - options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; - config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { + { self, pkgs, lib, config, globals, minimal, ... }: + let + localIp = globals.networks.home.hosts.${config.node.name}.ipv4; + subnetMask = globals.networks.home.subnetMask4; + gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; - boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; - }; + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; + in + { + options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - }; - } + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; + }; + + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; + + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + description = "Unlock LUKS encrypted root device"; + wantedBy = [ "initrd.target" ]; + after = [ "network-online.target" ]; + before = [ "sysroot.mount" ]; + path = [ "/bin" ]; + + # Configure how the service behaves + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + # The actual commands to unlock the drive + script = '' + echo "systemctl default >> /root/.profile" + ''; + }; + }; + }; + }; + }; + }; + + } #+end_src **** Router diff --git a/modules/nixos/common/globals.nix b/modules/nixos/common/globals.nix index 8d226d4..c33aa95 100644 --- a/modules/nixos/common/globals.nix +++ b/modules/nixos/common/globals.nix @@ -13,10 +13,10 @@ let }; subnetMask4 = mkOption { - type = types.nullOr types.net.cidrv4; + type = types.nullOr types.net.ipv4; description = "The dotted decimal form of the subnet mask of this network"; readOnly = true; - default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; + default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4; }; cidrv6 = mkOption { diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix index 0941d5c..3b2d332 100644 --- a/modules/nixos/common/home-manager.nix +++ b/modules/nixos/common/home-manager.nix @@ -7,6 +7,7 @@ useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; + overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix index dddc1a4..8c569c0 100644 --- a/modules/nixos/server/disk-encrypt.nix +++ b/modules/nixos/server/disk-encrypt.nix @@ -1,34 +1,80 @@ -{ self, lib, config, globals, ... }: +{ self, pkgs, lib, config, globals, minimal, ... }: let localIp = globals.networks.home.hosts.${config.node.name}.ipv4; subnetMask = globals.networks.home.subnetMask4; gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; + + hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key"; in { options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; + options.swarselsystems.networkKernelModules = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { - boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 22; - authorizedKeyFiles = [ - (self + /secrets/keys/ssh/yubikey.pub) - (self + /secrets/keys/ssh/magicant.pub) - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile - ''; - }; + system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) { + text = '' + [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath} + ''; + deps = [ "users" ]; }; + environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) { + files = [ hostKeyPath ]; + }; + + boot = lib.mkIf (config.swarselprofiles.server || minimal) { + kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ + "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" + ]; + initrd = { + availableKernelModules = config.swarselsystems.networkKernelModules; + network = { + enable = true; + udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; # avoid hostkey changed nag + authorizedKeyFiles = [ + (self + /secrets/keys/ssh/yubikey.pub) + (self + /secrets/keys/ssh/magicant.pub) + ]; + hostKeys = [ hostKeyPath ]; + }; + # postCommands = '' + # echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile + # ''; + }; + systemd = { + initrdBin = with pkgs; [ + cryptsetup + ]; + services = { + unlock-luks = { + description = "Unlock LUKS encrypted root device"; + wantedBy = [ "initrd.target" ]; + after = [ "network-online.target" ]; + before = [ "sysroot.mount" ]; + path = [ "/bin" ]; + + # Configure how the service behaves + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + # The actual commands to unlock the drive + script = '' + echo "systemctl default >> /root/.profile" + ''; + }; + }; + }; + }; + }; }; + } diff --git a/modules/nixos/server/network.nix b/modules/nixos/server/network.nix index 90b8c0e..661e76b 100644 --- a/modules/nixos/server/network.nix +++ b/modules/nixos/server/network.nix @@ -15,7 +15,7 @@ networking = { inherit (config.repo.secrets.local.networking) hostId; hostName = config.node.name; - nftables.enable = lib.mkDefault true; + nftables.enable = lib.mkDefault false; enableIPv6 = lib.mkDefault true; firewall = { enable = lib.mkDefault true; diff --git a/nix/globals.nix b/nix/globals.nix index 1b534d3..912f24c 100644 --- a/nix/globals.nix +++ b/nix/globals.nix @@ -1,5 +1,5 @@ # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix -{ inputs, ... }: +{ self, inputs, ... }: { flake = { config, lib, ... }: { @@ -8,7 +8,8 @@ globalsSystem = lib.evalModules { prefix = [ "globals" ]; specialArgs = { - inherit lib; + inherit (inputs.self.pkgs.x86_64-linux) lib; # fuck + # inherit (self.outputs) lib; inherit inputs; inherit (config) nodes; }; @@ -54,6 +55,7 @@ inherit (globalsSystem.config.globals) domains services + networks hosts user root From b78c83b5754fa145db90a03033abda539be00935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:52:05 +0100 Subject: [PATCH 20/23] chore[client]: reorganize sway keybinds --- SwarselSystems.org | 151 ++++++++++++++++++--------------- modules/home/common/sway.nix | 134 ++++++++++++++--------------- modules/home/optional/work.nix | 17 ++++ 3 files changed, 168 insertions(+), 134 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 8d0fd08..9ce93d1 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -16489,83 +16489,83 @@ Currently, I am too lazy to explain every option here, but most of it is very se in lib.recursiveUpdate { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - # "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:δΈ€"; - "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:δΈ‰"; - "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; - "${modifier}+4" = "workspace 4:ε››"; - "${modifier}+Shift+4" = "move container to workspace 4:ε››"; - "${modifier}+5" = "workspace 5:δΊ”"; - "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; - "${modifier}+6" = "workspace 6:ε…­"; - "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; - "${modifier}+7" = "workspace 7:δΈƒ"; - "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; - "${modifier}+8" = "workspace 8:ε…«"; - "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+1" = "workspace 1:δΈ€"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+3" = "workspace 3:δΈ‰"; + "${modifier}+4" = "workspace 4:ε››"; + "${modifier}+5" = "workspace 5:δΊ”"; + "${modifier}+6" = "workspace 6:ε…­"; + "${modifier}+7" = "workspace 7:δΈƒ"; + "${modifier}+8" = "workspace 8:ε…«"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+t" = "workspace 14:T"; "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Left" = "focus left"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Right" = "focus right"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; + "${modifier}+Shift+4" = "move container to workspace 4:ε››"; + "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; + "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; + "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; + "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Up" = "focus up"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+f" = "exec firefox"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+x" = "exec swarselcheck -k"; + # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; @@ -18096,6 +18096,23 @@ When setting up a new machine: # }; # }; + wayland.windowManager.sway = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; + in + { + config = { + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; + }; + }; + stylix = { targets.firefox.profileNames = let diff --git a/modules/home/common/sway.nix b/modules/home/common/sway.nix index 7f24286..12ebb83 100644 --- a/modules/home/common/sway.nix +++ b/modules/home/common/sway.nix @@ -125,83 +125,83 @@ in in lib.recursiveUpdate { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - # "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:δΈ€"; - "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:δΈ‰"; - "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; - "${modifier}+4" = "workspace 4:ε››"; - "${modifier}+Shift+4" = "move container to workspace 4:ε››"; - "${modifier}+5" = "workspace 5:δΊ”"; - "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; - "${modifier}+6" = "workspace 6:ε…­"; - "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; - "${modifier}+7" = "workspace 7:δΈƒ"; - "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; - "${modifier}+8" = "workspace 8:ε…«"; - "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+1" = "workspace 1:δΈ€"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+3" = "workspace 3:δΈ‰"; + "${modifier}+4" = "workspace 4:ε››"; + "${modifier}+5" = "workspace 5:δΊ”"; + "${modifier}+6" = "workspace 6:ε…­"; + "${modifier}+7" = "workspace 7:δΈƒ"; + "${modifier}+8" = "workspace 8:ε…«"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+t" = "workspace 14:T"; "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Left" = "focus left"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Right" = "focus right"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; + "${modifier}+Shift+4" = "move container to workspace 4:ε››"; + "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; + "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; + "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; + "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Up" = "focus up"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+f" = "exec firefox"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+x" = "exec swarselcheck -k"; + # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index 3e8c36e..ad74838 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -105,6 +105,23 @@ in # }; # }; + wayland.windowManager.sway = + let + inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress; + in + { + config = { + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; + }; + }; + stylix = { targets.firefox.profileNames = let From 6abf5ce39bf9a06e0ccd77ab069e32ff083b5756 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 17 Nov 2025 22:53:00 +0100 Subject: [PATCH 21/23] chore: update flake; rename hosts; setup hintbooth --- .sops.yaml | 6 + SwarselSystems.org | 158 ++++++++++-------- files/scripts/swarsel-bootstrap.sh | 7 +- .../moonside/secrets/pii.nix.enc | 8 +- .../nixos/x86_64-linux/hintbooth/default.nix | 7 + .../hintbooth/secrets/pii.nix.enc | 16 +- hosts/nixos/x86_64-linux/hotel/default.nix | 7 + hosts/nixos/x86_64-linux/summers/default.nix | 10 +- .../x86_64-linux/summers/secrets/pii.nix.enc | 6 +- hosts/nixos/x86_64-linux/toto/default.nix | 5 +- hosts/nixos/x86_64-linux/winters/default.nix | 15 +- .../x86_64-linux/winters/secrets/pii.nix.enc | 6 +- install/installer-config.nix | 4 +- modules/home/common/zsh.nix | 1 + modules/nixos/server/nextcloud.nix | 6 +- modules/nixos/server/settings.nix | 1 + profiles/nixos/localserver/default.nix | 1 + secrets/certs/secrets.yaml | 121 +++++++------- secrets/general/secrets.yaml | 131 ++++++++------- 19 files changed, 283 insertions(+), 233 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 1379cf1..f828b47 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,6 +7,7 @@ keys: - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &hosts - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 + - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg @@ -20,6 +21,7 @@ creation_rules: - *swarsel age: - *winters + - *hintbooth - *bakery - *toto - *surface @@ -32,6 +34,7 @@ creation_rules: - *swarsel age: - *winters + - *hintbooth - *bakery - *toto - *surface @@ -44,6 +47,7 @@ creation_rules: - *swarsel age: - *nbl + - *hintbooth - *bakery - *toto - *surface @@ -131,6 +135,8 @@ creation_rules: key_groups: - pgp: - *swarsel + age: + - *hintbooth - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc key_groups: diff --git a/SwarselSystems.org b/SwarselSystems.org index 9ce93d1..40b6879 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2620,20 +2620,12 @@ This is my main server that I run at home. It handles most tasks that require bi # mac = config.repo.secrets.local.home-mac; # }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = "winters"; - firewall.enable = true; - enableIPv6 = false; - firewall.allowedTCPPorts = [ 80 443 ]; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = true; - isCrypted = true; + isSecureBoot = false; + isCrypted = false; isBtrfs = false; isLinux = true; isNixos = true; @@ -2746,7 +2738,7 @@ This is my main server that I run at home. It handles most tasks that require bi ***** Main Configuration #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/summers/default.nix - { inputs, lib, config, configName, minimal, nodes, globals, ... }: + { inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ @@ -2759,13 +2751,6 @@ This is my main server that I run at home. It handles most tasks that require bi loader.efi.canTouchEfiVariables = true; }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = configName; - firewall.enable = true; - enableIPv6 = true; - }; - swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; flakePath = "/root/.dotfiles"; @@ -2789,6 +2774,7 @@ This is my main server that I run at home. It handles most tasks that require bi microvmHost = true; }; server = { + diskEncryption = lib.mkForce false; # TODO: disable nfs = false; nginx = false; kavita = false; @@ -3062,6 +3048,7 @@ This is my main server that I run at home. It handles most tasks that require bi isNixos = true; rootDisk = "/dev/sda"; swapSize = "8G"; + networkKernelModules = [ "igb" ]; }; } // lib.optionalAttrs (!minimal) { @@ -3071,6 +3058,12 @@ This is my main server that I run at home. It handles most tasks that require bi router = false; }; + swarselmodules = { + server = { + nginx = lib.mkForce false; # we get this from the server profile + }; + }; + } #+end_src @@ -3730,7 +3723,10 @@ This is a slim setup for developing base configuration. I do not track the hardw }; swarselmodules = { - server.network = lib.mkForce false; + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; }; swarselsystems = { @@ -4001,7 +3997,7 @@ TODO: cleanup this mess environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -4039,7 +4035,7 @@ TODO: cleanup this mess programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; @@ -4085,59 +4081,66 @@ I also set the =WLR_RENDERER_ALLOW_SOFTWARE=1= to allow this configuration to ru :END: #+begin_src nix-ts :tangle hosts/nixos/x86_64-linux/hotel/default.nix - { self, config, pkgs, lib, minimal, ... }: - let - mainUser = "demo"; - in - { + { self, config, pkgs, lib, minimal, ... }: + let + mainUser = "demo"; + in + { - imports = [ - ./hardware-configuration.nix - ./disk-config.nix - { - _module.args.diskDevice = config.swarselsystems.rootDisk; - } - ]; + imports = [ + ./hardware-configuration.nix + ./disk-config.nix + { + _module.args.diskDevice = config.swarselsystems.rootDisk; + } + ]; - environment.variables = { - WLR_RENDERER_ALLOW_SOFTWARE = 1; - }; + environment.variables = { + WLR_RENDERER_ALLOW_SOFTWARE = 1; + }; - services.qemuGuest.enable = true; + services.qemuGuest.enable = true; - boot = { - loader.systemd-boot.enable = lib.mkForce true; - loader.efi.canTouchEfiVariables = true; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; - }; + boot = { + loader.systemd-boot.enable = lib.mkForce true; + loader.efi.canTouchEfiVariables = true; + kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + }; - networking = { - hostName = "hotel"; - firewall.enable = true; - }; + networking = { + hostName = "hotel"; + firewall.enable = true; + }; - swarselsystems = { - info = "~SwarselSystems~ demo host"; - wallpaper = self + /files/wallpaper/lenovowp.png; - isImpermanence = true; - isCrypted = true; - isSecureBoot = false; - isSwap = true; - swapSize = "4G"; - rootDisk = "/dev/vda"; - isBtrfs = false; - inherit mainUser; - isLinux = true; - isPublic = true; - isNixos = true; - }; + swarselmodules = { + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; + }; - } // lib.optionalAttrs (!minimal) { - swarselprofiles = { - hotel = true; - minimal = true; - }; - } + swarselsystems = { + info = "~SwarselSystems~ demo host"; + wallpaper = self + /files/wallpaper/lenovowp.png; + isImpermanence = true; + isCrypted = true; + isSecureBoot = false; + isSwap = true; + swapSize = "4G"; + rootDisk = "/dev/vda"; + isBtrfs = false; + inherit mainUser; + isLinux = true; + isPublic = true; + isNixos = true; + }; + + } // lib.optionalAttrs (!minimal) { + swarselprofiles = { + hotel = true; + minimal = true; + }; + } #+end_src @@ -4876,6 +4879,7 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the useUserPackages = true; verbose = true; backupFileExtension = "hm-bak"; + overwriteBackup = true; users.${config.swarselsystems.mainUser}.imports = [ inputs.nix-index-database.homeModules.nix-index inputs.sops-nix.homeManagerModules.sops @@ -6931,6 +6935,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } @@ -7272,10 +7277,10 @@ lspci -nn | grep -i 'network\|ethernet' #+RESULTS: : 04:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI Express Wireless Network Adapter [14c3:0616] -From the last bracket, then take the first value to find out the correct kernel module: +From the last bracket you then find out the correct kernel module: #+begin_src shell :exports both -lspci -k -d 14c3: +lspci -k -d 14c3:0616 #+end_src #+RESULTS: @@ -8299,6 +8304,8 @@ lspci -k -d 14c3: serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -8319,7 +8326,7 @@ lspci -k -d 14c3: trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs.nextcloud31; + package = pkgs."nextcloud${nextcloudVersion}"; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -8327,7 +8334,7 @@ lspci -k -d 14c3: configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { @@ -13517,6 +13524,7 @@ Currently I only use it as before with =initExtra= though. hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; @@ -19947,9 +19955,10 @@ This program sets up a new NixOS host remotely. It also takes care of secret man mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix # ------------------------ - green "Generating hostkey for ssh initrd" - $ssh_root_cmd "mkdir -p /mnt/etc/secrets/initrd" - $ssh_root_cmd "ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key" + # green "Generating hostkey for ssh initrd" + # $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" + # $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" + # $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -21396,6 +21405,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; + lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/files/scripts/swarsel-bootstrap.sh b/files/scripts/swarsel-bootstrap.sh index 3bc9432..a59ae37 100644 --- a/files/scripts/swarsel-bootstrap.sh +++ b/files/scripts/swarsel-bootstrap.sh @@ -226,9 +226,10 @@ $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix # ------------------------ -green "Generating hostkey for ssh initrd" -$ssh_root_cmd "mkdir -p /mnt/etc/secrets/initrd" -$ssh_root_cmd "ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key" +# green "Generating hostkey for ssh initrd" +# $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" +# $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" +# $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" # ------------------------ green "Deploying minimal NixOS installation on $target_destination" diff --git a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc index 05564b0..086c4d7 100644 --- a/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc +++ b/hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:Wk3OGKwcuY72VLL+SBYXZUqxTQ8SlYroF4H81YDGMUZu6gt6ialXNvAsZSmYyFNh+3p+ejvzqMO5mxbvAI9tKAvbdamtfO4Pi3A+sNvJ9XSLE9iLAdfWeoT2qLqGPgkXI1SGDof+FP5yIb36C8Um9P4hE3zaE+UdJBk0qgzlc1Zlq2Pdg0TGU6wwJQkRhZIDun1wabeqGWjLrBqUa9VPfNB1El63q/1rhP5v3m6tI7dXt0SQArTtbPWkkHHYPehObG6Q5s4Cm2QrWGpbK+R6xe5F+nEv4+dOuSkZgOB2HsOjzenjp/slqoZTCJYnKT5IDkFQaj5G8YftySyNE/OguMW6atCgulSygwaeuFsnjMNxxsHssrTndNe22jpTTrh2Odp9BT7oRiZPPR8zj/Z3hpLYca24X4oSlZLD0PFEExQNir6V7eT0gH6Paj7wz2rYeYKB8focatLNAwug7L6lWxnr/pw8IXCrfx4ZHw7VYn4hf/KF4isrPju6XW0u2wuiIVlJfOUXZXONmJULB6biftgZapveIMy1oHaabyuIIxkKGParhSUfj6/8/qPVftVFYotdlAy9oNRpZ8JG8z8Sf34etu9Fi7uzcZySKU9e8cU43o6kAo+r39RHRDuhUmYP0ocN2bdlTAkhPoFccK2A1Qx+W/+EwQr55mb5NCH95AVh2QX0SwWgD79FV7EYGN7iVEc+duV5YH8Qy37f6ebehQy+mZGFqCZ5s7Cqy7ChypB476qDqh82qp4K5Uv2NwoF7TT9REzjU0cbRseFbC77AgEUNvfHpHvLBTsw5Y4963GefSKltNHxKROboBfLkaGFHNOlQ8sHIY+vd5Y=,iv:g9iNn/sH7CtxcT4SeI8/DFG8BPIIoseYTuprGEQPqJ8=,tag:SuV+seYm30JAMN7QbdDl9g==,type:str]", + "data": "ENC[AES256_GCM,data:RTj0FFJudZusWh2SuAPBHhpYEU20GmWbeZZSCG/vKCz83iUEJxpZ0lSDm71BN1Di7sz+VchcbWxkUjc+SV9paFOtuRKMPynW5n/HTyp/ub3y8oPUN4AjxiRnvfzh8Qxd/vnmxd6lSh2HxMlOqJURN0JY3D3g+tpHyTIvFUWef6HgzLNZCXDnP3HJzbIY53VPj9f+DsdxtFwU5OHkWd8gH2D4XuPPetN0Iv2HaR9+dvlVrbKEXgElgdENkU+ED78TFxvabk1hqPZqXhsfORF/5RpwF15ip5iSlVWPTwMdBREqCsHRiA+u5F9nwJ5C70U1wz39J40CJoa9oihIxyAmN3dktD0JuY0jiqyxwTRFZXYh7Ioe4CksaET0P7LbTa7+BpctgoBqvmnhM3ZDNcSZMNcCbtX98V30UqEPBoTn3kRYvg/1C1SycR96bVW/AiHMiIzD93dNw2gUWdyQX9xtHvgdxLo3U20pJhjMEcsk9V98H6lPiLp3lltrjAX35RsG5R629W8/WVOGoUQn9nX/y6m9VFKoUPf8/M7tvlxDT9A/QBQQvShdA4AM0K8mdNzb85ac5In+43gWDRXWQPPf72e5gL5nPIqPcZvAcoLHsYFH5ebr7VUaUbHm890jQDoNvtezZ1w9nRlZNGVTwdvwWB3rfzorzwCAKLhkFv6ATUYimP0tiHPOz0MxTQKXg12rtyPXbh8bwjhg0kdIlwljAYnYUKiX7SVSeYq7TQksQIiH83JwxCGrL4xjMWZhNkrg3KQUrEMHHaMbNCZvb5M2nMceBo6eA2zi5qYA9sLVnLTrlwx+3Wl7uFBv+9Z+8qvGg3adpGrtJTJjVf+cig01gzao5WrJtT9q4YD1tOHnWfBhwI9/3ny2A0WlyjlY/fS8WUiOmyhl/6N+ukdffzDZQOcTGf1QD0zO+9FYPqYhxr8eGKRHAB0R81Q5y+ORTLwXJ7EhRIK2f45FJisRIsiR+VTsI2cqy7n9HtubY8jQPxLMLnxuUqTu/OjtUMCcbJO8iqYDxWf6NlCZuTaLsQuUPWvO5uUelQpDmN6HhxSGKD9XG4M7/zCuCWNhKWoH0Z9xfw==,iv:Bs1fdmD4jbM/9hiPHxu+yENrVrwFsmhJ5J38W5+4PtM=,tag:UBpHq3ldgdVORaRxuswzVQ==,type:str]", "sops": { "age": [ { @@ -7,8 +7,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YjdYNFF5Q1VzQTZ0WU1z\nN2R6cEVObU9RMXdpd2x0Mjh2cmpvY0VvNjE4CmF5Sm1vZWRoOTFIY2pkQUVRQ3FY\nVEd3eGpCbGQ3cUpvTE9JdjJMWnQvckEKLS0tIFRpZDZ1ZGZKaXpObFhZVlNqV0hB\nT20rRGV6S3gvWkZLUzQzVVNGQWNGVkUK0bAeRuI0vb7MJTtpxuD56nwZAk39sHAa\njEhntqsV9ts1Vbw2f0mZEqDdzd64NTtDm/YIwygZ2udV27mXNhVUVw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-07-08T00:23:59Z", - "mac": "ENC[AES256_GCM,data:Db2w9giZy+TyXp2hpMN1h7ZgBaJ4WiAN2P6IFaoXufOlxT2uwulbzDMYFoUm9jcdFc8zqnYCvttosJIzyjevY5up9gDarzTu+43XFrTxYqPdgRBzzvxSeXmKqDnngAvv/qOWfzt7TG1IzpyytHX/DEPHvPM9dWgut/1K6Eq94Hs=,iv:WoWAAjse1kyn9IGX4kqCl3zvq4kXEMkfTjAi2j5OCFs=,tag:xco/8fudn2kCLnFa8mUIsA==,type:str]", + "lastmodified": "2025-11-10T23:16:52Z", + "mac": "ENC[AES256_GCM,data:CuwVt8/XKRMUHs1rh7Yf4Bk5tWXqTz0HXUiEEjuLhj1TRuMWs6aTC1h9uTMoybP+FmjKeRTar1E8dgUmoheFUGaBFqxd1Kx/FmNeJVLhUOPgmT9XOIjEjTNnzOoaMsYvfhP+AnLKgx+CfOsLnLMOqdKEggx1t5jNfiI2rXqOdfI=,iv:4Mc3WcgMg3z99dERJk+EF4hPpgGZo4mfMt6X45zgp5I=,tag:MP0YDtR1Wq3088WVzXS+8A==,type:str]", "pgp": [ { "created_at": "2025-06-13T20:12:55Z", @@ -17,6 +17,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" + "version": "3.11.0" } } diff --git a/hosts/nixos/x86_64-linux/hintbooth/default.nix b/hosts/nixos/x86_64-linux/hintbooth/default.nix index b7a9049..dbb6c6b 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/default.nix +++ b/hosts/nixos/x86_64-linux/hintbooth/default.nix @@ -17,6 +17,7 @@ isNixos = true; rootDisk = "/dev/sda"; swapSize = "8G"; + networkKernelModules = [ "igb" ]; }; } // lib.optionalAttrs (!minimal) { @@ -26,4 +27,10 @@ router = false; }; + swarselmodules = { + server = { + nginx = lib.mkForce false; # we get this from the server profile + }; + }; + } diff --git a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc index e9aa129..46aaa21 100644 --- a/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc @@ -1,12 +1,18 @@ { - "data": "ENC[AES256_GCM,data:dXhWlutdXYLxq7pAWK77lK1mz1y/lh0nl4mHa/jf4ABaQxkB9or1/ceEGwzUoFZAP+EmCuz35UpGYuT4jdti/BPDFsg3273NjVxfPBdV3Mr75FpEG56tMZKafUwARtwsBGQcIduPUgymOxKxUzy5YJokbdFThAa9Y25OFKDwOtN33NSG5QT8tEtBOFzeUx5K+9Kt1YDFCgl8dOOFtA==,iv:wZ1VY7IcK2dFjgrGZrUg+Oz3id8DZKzVgPMkjBrp1GE=,tag:F0SH8w32ec09P3NaMLcuTA==,type:str]", + "data": "ENC[AES256_GCM,data:RwbQZyqU0OjA/wD3o0HppPWFjfHNAHsGF8DzdJrXZLlE5RPUigHWtMLcX+2bNd0DpS3r7WHCSyiu+mmg6GWFiE6wAOBU1Q19BpQ8k3oTt8sP3N4/5PfzYcXlHRfwxmB9/pv8YCi5+cOU5ExWiQ+kC767UbgPIC2ugUD6tkP14KkhW0EGgEhF3elBfOGrSHGgjltgIFMYm/WKZjM=,iv:EBpghMcCGd/wow68V3zoDfzwywDGwmlqn3btNHrfxbk=,tag:jvSZyRIQ7BmQdKc6YEBIZQ==,type:str]", "sops": { - "lastmodified": "2025-11-09T23:30:30Z", - "mac": "ENC[AES256_GCM,data:odBcMskVn/ag12j/sDxqD7/8q3GD+LPfoRQ4UcwiFAdRWIRyLKdG3HUJzt1yEVQnpvaHHOq3QmGC34FPA+GT6zw6TC9EacibmigX5uT+n6hYdVgXy97T/nD9ITtq6gVy8VjWugKpqMwTDta1HV037DKTf7LDmrTUaFhzFmtzNyA=,iv:CjkjUwCzACzuUI/TceDeopRsT9xiIZxciGq7UeBEVTw=,tag:ySF9Dxha7it2F2g81NZ+EQ==,type:str]", + "age": [ + { + "recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VHAxaWdiV1VlWEY2UktF\ncE96UHJnWGNpY0ZFUmZVSi9xSXpBMmI2S1VFCjB6cWtDTTJrNFhZRC9yUHRYdUpS\naytwOUJ4NTRxTmJmc0R0Wmh5dFVKbzQKLS0tIHQ2NUtqRjh6MVF6VHJFSHVFTFFD\nNWh0MDVjekFDUWZvTUZNK0Z4M0lJbVEKGZk1BvZsNTkIor5rTcpi2UE4W/BqNMWU\nIAe3irNN6p1si2zebrCEyiaJYuaVn7uYVwXcscJlNTfkr9szm8TjSA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-11-10T01:10:14Z", + "mac": "ENC[AES256_GCM,data:NSUKiOFGZyTb9U6e8cJoOJPAMfnk5iuw7pLK0JJzdwf4pI1aMSqjSDylQ5EqqbdFKZKRmaIjjHSpcJep6q0TRFA6wOznHWyv/UCECGwqZrS3EXgcQF5lZl7NVXPPSsMZgPReEVQcMtMivatPrfksEeCaam4WC/M+dqd2d2RrOXI=,iv:KnBNepDoaQeQ9MSrSN6dkrbS6YqkMYMpmXFd5v+oWoI=,tag:vPhsazyi8d3ugGoW8Z1Asg==,type:str]", "pgp": [ { - "created_at": "2025-11-09T11:20:20Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAgiGGUn4Dhw6aB34J+332lw/CMPnZb3apThxgKjAVLKDz\neEeG+iD3iOJ3m+xg0KhgV5m2nykw0LXcXlErNIxnBmPm91DiQuW2Nzgz2J9FYF+J\nMHZ65JG+9nEt6dUplEKTBS492hiKrfD6a3BR/WFy9qrv0uY8DutAeUbkXVXqY+Sn\nxTTu2DK9Yy6lps2gmaZ1nJwLffaILyZuwYqMKtv1d1tEQFsBbkwh1chj0857nldD\n4t+bDYpMa1eFBQ/vi4YfMrw19Qq0xEWo7nKdT/pj8qAW9c4D7pHf7rm4t0T+H3tN\nfk1dJKuZuITXRrIth1zhq5bLepsIWtk/hG9fNKPbYj+xThhbCWEpH18FVVJsPCtv\nksZ3i70uz6FvyMYxyNANTMIxVa+SI+dhx6bCGQ/I9xFxK2Yju/yL6Gt4av3GhyjK\ncd8B5AlIKzxDvhWBMakjf+R/I63a7AlI9QliZhEFrpNOdcBu78ZvtKKplJ6fG8SZ\nExCFFf/qtqHtM0rvl8wyyVntD2r9WLKwDF7+tlygxbexqCaVs8CPtuiswOEGldc3\nZkG+zYsXSvBmyyfwrVYoIKRjJ1QiYys+EE5OdfI9kZ/I+kByiwr6PRHDnIkuc7jj\n8odeSq/KVMwS3d0u3c6qTPWbnSvAa6KM91dnMaXb0ws/B0eNE22USNk//KVfdKKF\nAgwDC9FRLmchgYQBD/99q4jpY7LnuV12/KxqZvbSHkBlO3HlBDYfmAYUn1gYS83T\ni+eGlWqHlXAwaqDnz5hGKe/yHRBVZjUO8Ic61ujHH28dPC++hMDkfq9sBH9mXeXA\nfovVEQJOiF65K40Lel9FAa9E5yjGSvcocqBrsh4usS6jTrFJmnat4poCnJDG+Ova\n7S2kD2FEwQxRRFlWX8I7nsmdxgATIIVhLgvCImJKAb2GEBmXx/Vpj6UTG5H+dvtP\niYtHxq0QOpeR47wNc5nUTaHTP0Lsj9hB4SS7rTdKHptXEtHCEznM7SEarNCt+MQY\nQd5O/x3cItJKADxV2JO2XPL96hqlX/e6+CWcsW89nAbuIID651b7ZWBw19F+62dt\nxlVrehcsYWLz+GuGBYysx+/0EVuZ422AEi/v9ft5YdigXrxq0ddJKRtFvcQFMh0G\n2w12fADrzX2ExzTWWc7FIwBmCr5XcwLVtmwU2bOD8mX36B7UPybBDsZ5J7/fr3TP\nYIz5ApQI5ewNsBhVoyJxSJQ6IoEBC5udrGNBMKOgZEYW+1MTWPojDU9eIg0Mew1D\n7PkXYEDrHBUccbaePLViUPcEeGkE7gB/FAWsIIfjRFzR8GDJpf/RnEK7G4mvPrIw\nlH8ARzgA93gtGOyx0DVOg+zIeplbARgZoIhyX3QCpsOTPz/CmBZIwMikRZfag9Je\nAfBikUXA2MBcIDAocQAKFILnFLyY7qgNKhvqhiCc+j04GmP7mjtAiZXP7lyUauRM\nt2PUcec90jfk0wsT1DXfeJKuWVa1hkv4/2Ejz5/PXa6ZQbrmBtZG9ZIDk2VveQ==\n=k0BA\n-----END PGP MESSAGE-----", + "created_at": "2025-11-11T17:51:27Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cwoYXkjChyIyDP0dmqquRMAv7AsLz2IVVKcdGzqKWR/z\nx7owbhfGFaNCU/x8TWs3mUFBNnLIUQmuSWUuI30VMmFVjXQ9sybCZUCk5oFLD53+\nVPPb/KsAO06it8T0NxAlsXqe7n9fz1P16mFpMx8N1yb5s+GYG/C3UGATwJTJQn8+\nwob0NHfN/6qsZP5PzMgKlUiqc3YF+eB71KTHNDmT3l5sGsoNi0erZwNZc4VA0zn8\nPsFYodW9Mya1XUanJvrYKo9eRfrlpaUKGzn6GVlMJsZU0gNpKZepMubbev3+B1GR\nn6V+ViYWd8U9UTatuHy+aRcwEZfpXq7uKTTTdihECjNkHYSfXmUF9mjq6u5U0Lck\nykhElFADx+YEBJuavQabvYGu8fJx9DfJseNVwIv0M6hqLdg2CNMUQ1l1Q9weizeZ\nxLjme1LTlCUinJGN07CE0J9qP8syWRJYD9seP9Qc/b1IY2D8dGdgOTzO8Fx8vI+M\nOV+Q3T0Chn/f0lw2Xzu40MphB3eamt5cq0JeLQuwQHjUml0rGpi7bIj8PxeAgMkX\nXFzSokYTHGRJz2UblLnITfMaVYcu9HYHXxXIsZliaRBs2AlscyCCSQFjnEAEywlo\n9kvh49sjWztb0yGqHRAxdmJ+Sm5fCqP0huaTMXkC3zy4h0oeJte36Us0VxKk1HqF\nAgwDC9FRLmchgYQBD/oCYXtBTr276kjOMWs3WqDYMLUDbWM8d6b86HYgYvtwQy0z\nXgASNtWQsMMyIEiReSqv2H9jtTTqbUK93ALW2X7GmEvUIvmW64g1AfHKhmPw//Li\nKMxtK6sFVS/WSEYoaZarkZDwOpNx3+BnriQEHiMi21vWxCqluZFSDdls0ca2oXvF\nK9GpBUD8v5+l2EWhq5+4nxHKrDx0g+mjtZPJPRsJ1u0tisdkhRXauOvRHEymZ3mX\nRTee3FNR1t6YpXY811lX9yemXkdsSB4pzKWNQgk6U7WDkGcVaGNw0R8pS7F3YnRE\nFSJhKnhb9Bd6CX/zEV+IwEgY1yPfiEMX0bvIrcEJYgUg618YQbQPushxVk10+c66\nZJ+99g06tdyt+u8E9GpoujnoRjRWsEqElkZntd66fPuDm99qx+RHlF/1Likp/nPL\n4oIknDJu8wwoIBCtoQcWyaiNCa0Fo/HR6txyOt6tTqpwhnDGJP9UfYlKWt07CFar\nQLgZfJbHhetjXoRHMAs+WargN8KV7QGMGbQdPE+VwlZI4bKRSipH+rdDn+v50FQG\ndvFd7WRnWmTaG2W3cOLFH4pWc2MPnnxj0IHDI3U9olcCyuWAF12yC1HYuFuWeG+K\nokxmS1T1E0jIP9u8NTJBmLdjC+6U5y1ZvSZlIWB12OzBEpP7jl8uOVbD/AR4GtJe\nAf4EdsxTBocS50aRxxAOq5t3kaoTu36n1dbGDfb8k10bsBiQb6zJ+xtNQgWxNEeO\nb6YGIyglD06Wmm6C5LOyQ46KIzuFXB8irMJexApopLwIZ+jCnn0Nb1mO6DXHUw==\n=kTmR\n-----END PGP MESSAGE-----", "fp": "4BE7925262289B476DBBC17B76FD3810215AE097" } ], diff --git a/hosts/nixos/x86_64-linux/hotel/default.nix b/hosts/nixos/x86_64-linux/hotel/default.nix index b499f10..7d32053 100644 --- a/hosts/nixos/x86_64-linux/hotel/default.nix +++ b/hosts/nixos/x86_64-linux/hotel/default.nix @@ -29,6 +29,13 @@ in firewall.enable = true; }; + swarselmodules = { + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; + }; + swarselsystems = { info = "~SwarselSystems~ demo host"; wallpaper = self + /files/wallpaper/lenovowp.png; diff --git a/hosts/nixos/x86_64-linux/summers/default.nix b/hosts/nixos/x86_64-linux/summers/default.nix index 3b6051b..ebc92ff 100644 --- a/hosts/nixos/x86_64-linux/summers/default.nix +++ b/hosts/nixos/x86_64-linux/summers/default.nix @@ -1,4 +1,4 @@ -{ inputs, lib, config, configName, minimal, nodes, globals, ... }: +{ inputs, lib, config, minimal, nodes, globals, ... }: { imports = [ @@ -11,13 +11,6 @@ loader.efi.canTouchEfiVariables = true; }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = configName; - firewall.enable = true; - enableIPv6 = true; - }; - swarselsystems = { info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; flakePath = "/root/.dotfiles"; @@ -41,6 +34,7 @@ microvmHost = true; }; server = { + diskEncryption = lib.mkForce false; # TODO: disable nfs = false; nginx = false; kavita = false; diff --git a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc index 6f72187..c7afa8c 100644 --- a/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:PFtZdHoWzYmrHio52kBZ7LDthUI+qAPBfCqkY/ubTIwVJoaZixXbuzJdJuA84YH5YBZ/umTYG/9Ocs4hNbCYoPcG6VdreIcqwVxD6PgCEtqtTK0qxOfBqdIXQ1Gl2EzyMuxQm3pFFEx1zzueJ3KvdZEZRtzvytLlw/pKkETLECAxqAoZ5fSVApzIczGI053046v7ItdulGLOZGc=,iv:0EhqmcDH8yFC78H2tuhGbu49ZzVaMtdvf/7XuNU9hyo=,tag:/8rHZKR6CLH7HNAaK5EDOg==,type:str]", + "data": "ENC[AES256_GCM,data:umKGtD7jTa+ex3ADPs1zR2o9YU2j3y3zCEupCGOsdJyicM7u0efXDI0g755RdPeNJiB/z1DPy+mAkePPq/m93CCppTq0BYyt0JJw53/j3ghCMJj7N3wUVstMUB01jewDSUc7SLay0lkhMCWbrTKsR1pwnfFRAG8C3rWXQB2EkU9FViCo8VaOfEF6Cq9ev/r+SEepT85wvoMxxIg=,iv:bgJXEoj7nRUsi4fA+bYVYvJYavS+BoDuQt2SCrX/2W8=,tag:lmOjPU0J0Qf/vcnO0owTZg==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-09T23:30:06Z", - "mac": "ENC[AES256_GCM,data:/af6vMgOLZ6bqLdwhmCg9lX+S1afi3HoKeVhrEgxtjrob3IIHMoD2YqP+PhXazGTyArBPEHxojZ9ew8SqedosID61nE8H45gMV6jz8g4hF9sm7c5CRavEk7Lgy4kO4Xw6LyUEO379RUa3OOrhKrOI2+zWf+NkCQf8Hy79Cc56Ds=,iv:BDuCygDtMYdYfd8p3xZSNN4ZaFiN9WbNRD+3LSluwlY=,tag:+S01XGwLZcCa9c8IDDjjGg==,type:str]", + "lastmodified": "2025-11-10T01:10:33Z", + "mac": "ENC[AES256_GCM,data:4vPX9TdAGGBwzEc3W6pQj+BVKjp2kSAMB/L3QVXZbDHfvyKFWUOqwG8u8P7XDcuIrrpx65YuJp6zwexpJjg5zkU4favJt+uHD1wWC3TZcCpda6v3hGW3RduQAwVy+18JJ+PdSxHzrC4jmj+t/HIKp6Bt7qB0Z1ynrt/CdGIVxh0=,iv:zQQrl19jK823UynE3EXLgazehpWW5ltRCWKdnElVh5k=,tag:zIIgbyXSw6f6xW2CaVW88g==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/hosts/nixos/x86_64-linux/toto/default.nix b/hosts/nixos/x86_64-linux/toto/default.nix index 635a1e8..3d02f5b 100644 --- a/hosts/nixos/x86_64-linux/toto/default.nix +++ b/hosts/nixos/x86_64-linux/toto/default.nix @@ -16,7 +16,10 @@ }; swarselmodules = { - server.network = lib.mkForce false; + server = { + network = lib.mkForce false; + diskEncryption = lib.mkForce false; + }; }; swarselsystems = { diff --git a/hosts/nixos/x86_64-linux/winters/default.nix b/hosts/nixos/x86_64-linux/winters/default.nix index c50b4a7..b991df4 100644 --- a/hosts/nixos/x86_64-linux/winters/default.nix +++ b/hosts/nixos/x86_64-linux/winters/default.nix @@ -1,4 +1,4 @@ -{ lib, config, minimal, ... }: +{ lib, minimal, ... }: { imports = [ @@ -16,20 +16,12 @@ # mac = config.repo.secrets.local.home-mac; # }; - networking = { - inherit (config.repo.secrets.local) hostId; - hostName = "winters"; - firewall.enable = true; - enableIPv6 = false; - firewall.allowedTCPPorts = [ 80 443 ]; - }; - swarselsystems = { info = "ASRock J4105-ITX, 32GB RAM"; flakePath = "/root/.dotfiles"; isImpermanence = false; - isSecureBoot = true; - isCrypted = true; + isSecureBoot = false; + isCrypted = false; isBtrfs = false; isLinux = true; isNixos = true; @@ -50,6 +42,7 @@ }; swarselmodules.server = { + diskEncryption = lib.mkForce false; nfs = lib.mkDefault true; nginx = lib.mkDefault true; kavita = lib.mkDefault true; diff --git a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc index cdcc63e..0c94b81 100644 --- a/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc +++ b/hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:4SiiMDgtS3KPoG/fuYnfzaxVycaQsSycTODMQQS9a4ICcZFY21LdKCRQs8N908ndBrdjMIHMhG6LDI1RVRs6m5EBZLYho3dzvf3YlpztnypaGrAkXfTnCuvP15vvAOgHnJYF3PQ41XcKoQ9yKRJGv3E/1lt2bkGkZsH43aDizz/BfRXpKKOezLkzumi6IYiwrVrdPHf0yQj7qeMBfPi9WBicf+/daonOOssa1JMqZ8B+Uy8tG0qi6JlL2eQa18njDfV7rcmGyQGUYBkVoc2E+YYrAUbB7KDYSwe3Gqzo75Ls6IjH8O0KemYnqPbOIPrlrAsGPen+ZAT6tdCQ9QCNwXlGLERRidVcSWjjk32VthlLzXGrhXoChidwui7ff8SwUXIf9OyV1E4wREdPJPBkOBVKOhaCEZfEavREHRTlftmE0KHi6k4CXKi2HPvOvOt4HvHALSFJCKkmrn+8THv01niHS0X3iQfIJCzPpXFCkKVYB+2t/NOPeB6qJsI3+eLpd7jhU9p4q6Ny/OmSpYRFgqqF4TXg+npYQm7L1bqSkpRqbzfQmS9MdEl/h79K2x2GYBmTOAR6fs7c7kUFiXoxrP56Sh3sLyTuhzD3VGJ6HxHFlaIXAi3tZ9VObSCa3zpLWv7j6e3vNp01Z0O0UfJ5ZNNHOe+IIyUtEAA9ywLxU+uRuCsBe7PZeT95WpfDkiQVY3LPXxFr92dE4w6Ex6CZyneUF3wOwDqxVi+J2FXAJkYXDi6uE3kyBhn77FsaEVx5H/GxxsT8cFXEa6EjhQ0/eQTw7DYZ11urgN7iNDKrhh4oPnkI9HRrIaqbtaW3H8Rzx01/JkkfOdhiXHxYILm4W6YnLt0kTPI+nNgUEX2/H5h12xXPCF4isK6oHe+DExbP+5Ccz0AOEueNMn0LxH/zhG/f6k7sdOs05PIC0p56v1yRrhYtaVemFdfSWI4dgaXpygR5h2YtrGDHKq8vlsafIa8olrjbgMMpeXjrnpDSC8MgQ55wLHAEIVWPdKmr74704gGKz7PL6L0DAqh8YMTIHaOdf5h520qqiFm0bJWttrPhi0LvHlZUsumgGJ+MqQdRpxbnjo3q8rY0pwyVNxCHieKdchjdCeH9+xhoMpVvjwudrbsycyeF2Bm/TY5emoSTKWq8ucnkpTqXUpuRpi6kaqQRZIMoSR4BjsfGDcNrT+SWqjVnkOOx5EL7B0cJUt9QGaWeSsTj3JK7InnhfyKr44f4e0T2RHjwarZoW9OnPFJnwnsvUarQ5U8LRdRfY0H74XoMdfpZhlTgV1sS37MdKjgakQzVRY5ANA3H4VmaTeJxjPelSnve/Vtkp3SPIuhacfBkMCkoDGPqjR8nmJ1vZdqM9RlLyZcNnZxqsQHT0/wqHSAImfZiLiTHIpkBucYOvt1/OuFrnUTz8XtHFZU6f3tMTM5pCZS5/X2nA+LXiW7+uoIcYpowPb5iVfkFc0T/rSWbqqZoR+kAWFllGK+k9h8brlGyKdwBWF45xWmpl4CSwvngzKKW14f3Ljlf7NyrcUXOxHfrL3wzIoYMFcqNWLh6D4qPt3cqJDihYzF4GYu73VJhUK6sn2GqZ/XCttfBd5MfrvSqLv4iHmrYC3oXl0JS+J7LuZudWIJSEDGhv1ZUdUKahKWsfMvmmVnk28AczdE/rBiAJ+9POeRmGYJ743PSua0k+tBIUbdQ+xkuruenII4pK37yd5H0Ic4ATtcVg0Bg4se5JBXmEoHodO5t2Vg8gUXVI+Xc,iv:C/7cgdkpNmOIeb8cdYI0rbyxebJLgpqIU8ezO+zRqCA=,tag:NywhkBzKpQrJ3H7ZKxvYgQ==,type:str]", + "data": "ENC[AES256_GCM,data:dwoz+/DxlUbk05hmg/EwtmUkuD759sQ4iVbjHqcPpY9y2l/gzuPSJT2CMI2GbZs5SKhtlqoqZ5jHG3LwcQjgulmYHB2ThJR4ALi7usJm08q0UfMirnm6mPxjnhdhJXdO6YQ4LaRyP81txSphrl28eJwp2efz3rkUp8nAA3keL6MLZsBkdOXujOJhpreTr1mprWTA6U8aRWFBW7Y1vWvxAH3dtQ03XhYXM88pY6k+HKMvcXSsiDhvwnxG/+UYvSIHcanmboCJDYbgXZECnIGsar7ZOmbsZ3GM6X37qPJpxNmUjc4OoRaJJCcn6saH8kOJkx2rxMyzgMryuGdBq4R/m2JsvDoCPDh+gKO+luCI+hH/iduxnDgYjZAQ2gv3Q14MGNe9nvPWVfiRXXzqRf/8vDXjpnD2FFKmMSqiCvPJHRL52uwO3R2zYUrUfQgDN0Jk6nII8B64l+l69Q8Mod1J5nEMwoUOihhOsjaz6TMIUo6b0GKvxZG04Noyd7S+KuxZe1BsrxSnn7REt6qyQKqAHnMYVXpBmOxOpzhAhOrBIOz6LuqHPzmooQukuBDH/Ej2rC5hLBAFW7mvHIcTqo9sJFbnT3lYYtwLSlHBE3R26vud9pG8K2SuVdy2MWJMpLscR48V9r3nAbWsXKXLZALW38z33/UMfzTJ4g4L7Eo/4E5RXlihyL5/p8ISsoQdf6Uj718pVPTToBRBbIEMOSoJ4ntPoVxQbcpdrGO9zrqqPeZWQSE1JM8anGeZVqeMEVmZJxIbfquX8eMKJrkTroa/9HysuIi0O311F/kntoCtDOYCd3mYPcT8UnZHW3wuG7lqYRd15i/eaMhj3z1eTWoZ40R8w+2TaQB+TjyoLoGGzHvyktI5UkYiaMwa2FoFz40tz5YdZ8aODLQhwJc1mv3Fm0VLudXm7NUcfc4tr35EKbDg1wKtUS13VMSHjbi8ANbTB3nBvpBsPKtD12BTqaP4Q0HJipdnDbcwas/MoG27rFO5+q8+cb82IgjSpCeekrIgUY1wsnOyR3j3ByITp8jfmCRMF1vjKifKr0pgREF1dW59VQ33TvUyjfveQV0ixeV+vM9QueQsUVFzeqYTagsPSM/Czx/UNo8hyG1ze0p+acoOb257Q/Um8nkj3iNPAzx3WN6IdjJkpN1Ldp1SvU5qd3o3DDcSw2ztz8usBkH91BrBaV9MYGH/FSM/HL2CfTZoZodP1VqKFi1Hl3pHHyPEagvoJp1ayUZqmymKu4x1wFxC5FMUXjWUwWZZx1PIOwOtf8pLqVd6FySJlwG/MA4Bfxcnc+eSZ1EYcuHU3ziGbtGiB0eqWXA0fhUwIHHUFnV7H8NoRaJnbDS+kviFdTQKvoF3OmymEwhaq/Oak0ZQk8NLHC7KTQ6xVCb7bBtLpkBdXFE3YB5ltXvEYvSL02qX9i6oBf8GRi4Tl+k6zca6QVJzHG4hU8Nh3cxXBmF2IIY4JiKy0YlsVXCg7OHEWMEl4qT09dAsrDcKQC205YRF7XO8AXimENFQM2Nr/moadk2SF3D2DuJEE2HnSBk4H2tVlMNns32MpTFBZwbf3JOIHJV9CFyVSjhjuNjVjMK4vVdpnEzhmnaKjDqMnuRGNZmrl6p8gKM26KlWcYpIclQkPxy1pY1iFINxGH4YEGdAztpx1YhBkQNkQT492InrPA/PE5XFStP4WsKsLW72lhSVgH8D27S76yGihXyaVXXfd0VF5Fx/gUnbd7fph4Vi1VtFonhfK+ctHg==,iv:aQoC+pr7OoTyTT0FE4MbENfzfJ0Beq1Lsz9G1jnFQPs=,tag:JuYmfDP2foCVDH8CwfL4fQ==,type:str]", "sops": { "age": [ { @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-11-09T23:29:33Z", - "mac": "ENC[AES256_GCM,data:UU9a1Yg8Inmcht6gc2pTi3GpV945YAMdVN08Q2/yjg5850N3VhVcD0dsu/bn+4fOSvOiDtWzkoqq1PquRWJbfDjZJxl0aivU7UHN3st64nxIc/mKKZp7VwavMDTVDQScRlpaPZoC0zZ5CDQtBQisfY2AiDtfUVBKZLfuvI3Kjsc=,iv:RPcSwZHVlTo8laro1bCAaJT8KXXCtLHJk1iH4zaZbgk=,tag:qOhN4DNr+d1/34R6L78PLg==,type:str]", + "lastmodified": "2025-11-10T01:10:47Z", + "mac": "ENC[AES256_GCM,data:2gKEGIYctY7g7mL7lay1T7XmxGdsRzz/dIC1p98zDTnIoBrq5mf5CV/FjAGi5jDsmEMoCSUTWFaT/0Wq3nmRC+OyjL3/Hsit+HJDBVbyf/mY+zs2UQd3KVYoxmpDeAJ1E9s8ygxEu5lJGzacWbJ9BggKUUnywXYfNg0fS7ntjUw=,iv:5xedOuJ3VFm4pEjXyVBM9Iwe5pK1dYP4nTRkk7exrvo=,tag:sEVygcLMqkI9CWQDjoaEqQ==,type:str]", "pgp": [ { "created_at": "2025-08-24T23:36:17Z", diff --git a/install/installer-config.nix b/install/installer-config.nix index 942440e..435fd70 100644 --- a/install/installer-config.nix +++ b/install/installer-config.nix @@ -95,7 +95,7 @@ in environment.etc."issue".text = '' ~SwarselSystems~ IP of primary interface: \4 - These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} + These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0} The Password for all users & root is 'setup'. Install the system remotely by running 'bootstrap -n -d ' on a machine with deployed secrets. Alternatively, run 'swarsel-install -n ' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). @@ -133,7 +133,7 @@ in programs.bash.shellAliases = { "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; - "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; + "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'"; "swarsel-kernel-module" = "lspci -k -d"; }; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index b941eb1..7813983 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -23,6 +23,7 @@ in hg = "history | grep"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; magit = "emacsclient -nc -e \"(magit-status)\""; diff --git a/modules/nixos/server/nextcloud.nix b/modules/nixos/server/nextcloud.nix index 50e8b9f..c2d5af0 100644 --- a/modules/nixos/server/nextcloud.nix +++ b/modules/nixos/server/nextcloud.nix @@ -9,6 +9,8 @@ let serviceName = "nextcloud"; serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; + + nextcloudVersion = "32"; in { options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; @@ -29,7 +31,7 @@ in trusted_proxies = [ "0.0.0.0" ]; overwriteprotocol = "https"; }; - package = pkgs.nextcloud31; + package = pkgs."nextcloud${nextcloudVersion}"; hostName = serviceDomain; home = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}"; @@ -37,7 +39,7 @@ in configureRedis = true; maxUploadSize = "4G"; extraApps = { - inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; + inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; }; extraAppsEnable = true; config = { diff --git a/modules/nixos/server/settings.nix b/modules/nixos/server/settings.nix index 00ee47e..37354db 100644 --- a/modules/nixos/server/settings.nix +++ b/modules/nixos/server/settings.nix @@ -16,6 +16,7 @@ in environment.shellAliases = lib.recursiveUpdate { nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; + ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; } diff --git a/profiles/nixos/localserver/default.nix b/profiles/nixos/localserver/default.nix index 928e012..31bb1af 100644 --- a/profiles/nixos/localserver/default.nix +++ b/profiles/nixos/localserver/default.nix @@ -4,6 +4,7 @@ config = lib.mkIf config.swarselprofiles.server { swarselmodules = { general = lib.mkDefault true; + lanzaboote = lib.mkDefault true; pii = lib.mkDefault true; home-manager = lib.mkDefault true; xserver = lib.mkDefault true; diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml index 3f54024..6f70d30 100644 --- a/secrets/certs/secrets.yaml +++ b/secrets/certs/secrets.yaml @@ -7,89 +7,98 @@ sops: - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieGlsd0NScm5WYldITTJ2 - cG9mcnBKSGo2eXlFaURNa2FxNkZ1MGNVTjJZCldROGZiWGp0dXlMc3cwbFh0cG5H - RDNPNUtWNFBlTG1lOUo5QVJMdncxYUEKLS0tIDNJKzc1WExlTW5ycTQyVFlXQVAz - cTRDK1h5Z3NjK0h1QnhNSm51YjA4VUkKUlshWYOQLs1z8AOsFvjfl+RJBvmJWU39 - oVVvBEkCF6pw/yZp7Zp6ejLpVQojqT0JvLzSMA0tJBt9QvNmdTT1xQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH + TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm + NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw + anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI + Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr + WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3 + NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv + S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX + SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcEh3MGxWRGJPeEQvNGlh - bEc5T3ZRYkhkdkZFQy9zRHBNeksrRG56T1R3CjUxMUxhbDduRWo0N3FwaUYrUFpu - S0t6bGdXYTZGMmcyeElXcDJ1Z3QzVGMKLS0tIGRUWG9GYi9vT3dzSFh1aFRKNWhH - M2pGTzR6T29tcVltS21RMkNCcFpPc0kKkXGoVCNU72f8efjJvtz7cbUpPcfVG3Dl - puffE6poAyeevdSW5cAFGNgJMMWzyweUf5QvX0lu9i0CpuLFFTdacQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR + VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE + WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1 + dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/ + gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZzFNdmJpTDVFTlJPN3ZV - cWNNaGE1bzNmbjQ0TUh3bVJXZm85R1hDOEh3Cm1GQmxsTWJxWWl5eDUvUk9DTkRP - L3pNVEovc2FLSFgxZHQ5L051VlptSlUKLS0tIHVUSUZsMm9SRE1INDExR3djMmR5 - dlJMc1ladVduUExXZVdHNlY4TU9UOHcKh9lzumXbRm2lkNPw39EQ990cNznX6Hj2 - s2dMmqHIbanQ0VCGW2Bwi542sII7qT4YW87EX+0LpUN+6bHKCR/YhQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU + RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ + TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU + MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F + UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cHpkZFBES3B0bGNUYjU3 - Yi9kTVNNNDNSTG4xK3NMMmxFSTd3VEJtdEVJCnFYengyY291ZFNyNE1hQ3ZVSDA1 - SXVkNDdVUjRDNHorZGlOQWM3V1QzcUkKLS0tIDZmekswRXB3OWRDVi9icUw1ZVFs - NytRZVZXTzhhRmZqeGxRZ1lQdVBYMzgKs8tR6IlB84pbS9/T4fixD43hDIrHeDIY - Bk0d64w2bkUJk7xKjxY+SNk9RHqLYmaHSudLVSlbSZ96exNBt/L9jA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu + cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj + VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ + UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P + wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ== -----END AGE ENCRYPTED FILE----- - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUFqYVFHcnM0ZllNYUR5 - a09mZVA0OWhNSnI0aUw5WFZlaHUzN2lRR0NvCkhaaUVSWUxuQU9qRHpSdTROSVJi - SS9YQTdtdzdWNnhRd2FSdFpVTHVvWlEKLS0tIGVkN3Q1UE9NSXZGWHRGRGwzZGRh - Ni8rbWRWSkdtc1BwdGlaVGlNZExBWWcKbHXUCrg7c1Ekq2bQs/m22TwBijcG+3WP - vNp6a5V0wDgoDP49W4AodMarygePJzW/NgndlUXqIWuIbm6VFUEHRQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy + VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq + L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4 + aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5 + a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdlF3bzF4d004VS9NcHNH - ZnBEa2xHd3ZUYW5NUlVGd2JxRGJPcW9lT2tRCnVSUWx4Z1g2U2pyNjhaWnVxdDEx - SGtSNTdrMmtHeUtuL1lWQi9FUTZyZW8KLS0tIE1tNTdoOFdQV1p4MGNUYWtRQ0N5 - bFNpdm00MXJIMCtxelVIMXVtNG5XWlUKtkL3P6x2rafYSTCW5zv/54tgU20FYwhi - RFc5sZRkgXhoXw+zrKkhDc28Xn+Aby2pUth9ihs1ngVB8OUqAZbrXg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy + cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx + T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91 + bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0 + OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-07-05T11:01:02Z" mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] pgp: - - created_at: "2025-07-10T23:51:25Z" + - created_at: "2025-11-11T17:51:25Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ//R2fMRdWshY0+/feMDAF7t/Z0YwwAT63gzfqKG8aKC3cf - skGJtXBZ4CFW/tK0J62nS0qUIYrkWokACJk72luYg61u1KX1wUaEEqnRcEzZsxQC - Ib6hYXyKl87WYv99QUDaItBBBoSd9BhiDCnWv5nrstZSDy+RwlIYPhQy9KgeDt0H - 6pRnPEL3VU41AYt6YKl4yLBOjweftLwZkDgKyaJalwbLmFHWOvmvESL0kBj83hyX - Lw/XZlh9KUi+xEeYmHUCjO9xDgvJsMGTUY7m52U0W0faarzy59yYWnENROwm9jCK - XoYDu903CtxqSybKJ2AtGHWx2cuOmTjsHPEefqmK7M3XsVpsHgvx1Jo1eQYO1mPI - ZiryTsN1YMYXUkgGfFePmqA9X2iC/meboCWPcRt8lUIfmWx7uMGsv+mGXT37lWyu - wYl9Y2x0qwfAOyg3wNdojE5t4rlr/XaQ+k8Ep1ud37pgXFryQtnNhwgtYuPVWiFK - jnnUDCZrbsWbMmL88ZGYPNIcrBGAgmfYWzkWrU6fICYWIzJdgiWg91ANRHX9vnwG - 5YjZHoHnBRMQg32MInjBJrm/4r38DFQBm67bI1Ol6RMDp/wD5hLrbC6gnq0hGRJt - GzsRPphwrecifIBtck5/vs/f134Y+6BIADJHNEHTA/LnJC8K1VYRW5aBiFvyUWqF - AgwDC9FRLmchgYQBEADKxwFZHBejt2dr2w83XZcLCV/0Mf64DOk7I16VKZ5gBNXA - 4N4W8Q/of2/EH1a8eZ5A8DZPkVZMavdXkQnww8+if6yx0e4moBusUAzeKP0XtY7T - ABUueS7B9Ou3yhdVynpOfmU+EBwQXEuYhVsOlWUJGpfESoOBRyQv12P7ToOS4pz+ - panGeOMo5tzU/8vfkbRIF+9WWKPy/JfsufXGNQkdErgnTAdRCUegPO8kVpwZ5hE/ - 7IGtddUUnwC+kIlkv4N4eM9QabjWmU70L+THveJ4q7JJCmsimYPocbikVhPK7pb0 - mqU9hUMxJbBq6sPjLIq4QaSkSSipbiUUdZjoWuKuIbMjm6M7oWR2uGfQO3d5R+VZ - 3N3xkWPVnzoChq3zB35gkF6RniMhFMCjhYOPidYQ8QH68zN7pe3YzE0HkXgirjs1 - Zux8KlR/Vmh7wQjzWEfv3yK7Rjj8ePt4cdAfozFf7YMUPQWSr+BJ+1CVfI3X5Gb0 - RrWwJm59MicK7mONCDB59LMKUYciQc9JGlpl6oSkbdsy49OToPtuShsoBN/nmgVE - yU8BWhJt02KFLKvs+v+HXuxXgrUfl1zNAtzH0PrB40nuyoCFuvomUExCJiTTEMgs - YBwXdecgwcRta0/Q368DZqJzxiiYIy5xlZxFFMkA62JfJLUFy9/Suy+mReWBLdJc - Acr8AJq92TiCmHED4Rc78SaFDYjJYfvc6JLJDHxU0r2ucoMwKAR15gDDOaARt3B5 - Af7fxGWQ40sY56YgjgpBRaoXYDySuQ9Ylegd33hUzEOfOqKHFNAE+aH54QM= - =Enyz + hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1 + 3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu + AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn + dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD + 0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p + 4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763 + wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5 + zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH + HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr + hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0 + NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF + AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU + zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6 + H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm + +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT + iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD + Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm + kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq + eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r + tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ + RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5 + FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc + AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0 + YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc= + =R1dw -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index f11e9d5..52b8c15 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -34,98 +34,107 @@ sops: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhU2M0UFVMOXFONzN5WVU5 - TExjNEkxbnhEOWJPemtqcW92WDVJTXlNRDNBCnVoMTFreXBZVjdFMWpxUzZhaU5j - d0xZYUQxdUx4ZFZteHlsM2pJZXZQQ28KLS0tIEJjdjlHdklmalRUUGhLSEFDTmkx - cjZNZnRVSmcxNnFCRzgrWnhOMlYzc2sKK13rGMFVsXQkNERYQLrhgYHbDn0jPYbl - H1pQPZdWw+LXw1Z+Y9nj74KTPPLnPckVTwETUfvs9EFkcFIyhzGK6w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz + THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4 + ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F + T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh + EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ + YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO + UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z + Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF + MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg== -----END AGE ENCRYPTED FILE----- - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM01DeFcvQjM2bW5DcFM4 - YzF5TTlURkxRYVdVbjdReG9LbUdYNjMwMFNBCmZJckdBM1YyZEFDT2RhT3g5bHJo - eVVISmhqQUZJTm1WQjNvOUE5MytiTU0KLS0tIEwrVGFwVEE2ODQwb2RyNzdselJa - b2tiTzZCcHB1NVJWS3Z6VTdMelcvTlEKdW6kkCiI1YhV7Da6SrCQxP0zdUc2ICSC - voGlNOnPb5iACvgLnX/a6EBKKO7PScKIFAzsWROC9MlLoF7ERnZdSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl + ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz + aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr + QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9 + c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g== -----END AGE ENCRYPTED FILE----- - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNnF1N25qMUkyL0N1RSt4 - ZlRPVGpsY2hkbWZKREg4cU92Y2MwM0twaXdJCmJwTWl2NjlETXJ6WFNwN2JpT3Fm - WjRqVlc4SW9DejV0Q0JGNkJpQm1NOGMKLS0tIHpQRGc5eHQ3bHFnRzBNRGx0ckFV - czdKU1p0WXQ0enRyWXpaT0k2NHBzZkEKqLRezUd0z2PF0wakJe39NAz/MkpXIRAl - hvIqWsWyXHUU4a+mXwX8XWgs/uejuyXmHa7TgavqkHs9s4/p+KtNnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5 + cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n + ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo + cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH + rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw== -----END AGE ENCRYPTED FILE----- - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWTFhTlMyVkZpeFRqaG4y - RDBhMEtpSXYyMGFnN3pkVGljSGN6MVlTaFMwCjlJd1UwbXVDT2M2R0hsQStqeEQ1 - YmNTNjdTRkU5aDZZd01DYjNaOWhKMFEKLS0tIFFKS1dXc2ZjVWlRR2ppSDRaRHRJ - cGwzMUFNTHZzcjZVTFNCcmp6VmdFNDQKNVeV1BGVuaUbSHHBOZzb/RJP4umX45RR - 14RInoF9i1ByEzY6KS2nyP83EQzbAgfdaUkPKkIpzytj+3gvlnI/RQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s + YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ + d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D + RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP + OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA== -----END AGE ENCRYPTED FILE----- - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWk81ZXFRQnRnMjhVZmZL - N1p0eTRSQWt5akJ2ZjZid2VUNW1ndFNWeFQ4CjBlZndkV0pKeFpZUjlzdHJsQTlR - VXE1K0p3TlhJdkdPMFRTL29BaUd5bmMKLS0tIDVlS0FmRUFjTTBpd3pGRVZMbWxF - cjlaR0xvUmZvdlFlZlFwam5IU1hYZ2MKOMW/ZsXOLtYnYCVf0JIxlfXNTDjSuscn - l1p2HspWo7J1RfJbOQgScy6rmUB/9HRMHlnwpnjgOYWE4EmuKcMYSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r + cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr + RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK + RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0 + MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA== -----END AGE ENCRYPTED FILE----- - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOUhETXZpTWs5dWw1VVhX - Zi85OU9PekJQSHBIbHpNMVh6b2doa0wvSHc0CitvanJBOFgwb3V1TEpjQ2xXa2Fq - UGtzdTB1OEwxSWJKVkZJWjBDV2MwMncKLS0tIERpTlE1cWRaemZFZDAvcGx6QTNK - amtUQkgvTEJFblFUWTE0RWg1cUVUbmsKx35Yu+wpJwlVd2JrXCT/qybmLjCmT+/0 - v99LzVDWiiAPx8ryU2FeAZ/umDDIQfkzyLbi2f460ATKZhVfqhNDDw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj + bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX + T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj + ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn + /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A== -----END AGE ENCRYPTED FILE----- - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEx1eUR0TnRVL0tsN1lV - amN2M0VlUHVpNjJvM0x3UVVhUzY5QTRObG5VCndkblVGdExHZDBMbVZmU3J4K2JI - dHZoVDZHTHJldTFLMDdlMUFTNGtjbEUKLS0tIExKVVd1UGtvelRsQldnMTBXTll3 - SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP - wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr + RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0 + ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz + Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ + X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-11-03T15:12:52Z" mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str] pgp: - - created_at: "2025-07-10T23:51:26Z" + - created_at: "2025-11-11T17:51:26Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMAwDh3VI7VctTAQ/+OG92tnH/dwXLTdqlvN6sEPREG/oZTLGvjPiM0Ipqyrcz - rgTrso9MjBf0xZkxjH49CWqBpTBoOsxopdSU2cvte2IdQEQCgCJcqff3okBsT/Cm - 3yz10DNTdI17cc2tLFJtvcWubf+amRXTM8IbDozkc4ttuhCbCRcFMaJ0NTVMz+rV - pff9UQWGmAWBKK/u26prf6NeCU2C/v3vLAxAxVjuPBxNpXFZEuu88DdE0lIMy1rO - ZAsYz7O6/flf3qbl74HXhNUhWwDTUJtU0beGSv/sziAPSEV0lpScZbq5HdFvNUk6 - rH8Tf1IdV6n0lvDqVdnY7XbmXlF0neSLJedWf6eAmcvnedCTVzMGSNAIVhiW9Y2f - IURsyK8NXnZTw2G5J4BOwx082Z1wroH0cJgQz1IcfU/I78DUaysH87mYfUQAGPV7 - cLICS/2n+olgkC9nAz9ZQO7+98Ylk1n4EKkhW2hzR5av8LSu5rs9uTkO1KWz5mTT - QjsWNlD8+1OvEFxELJtdMLnTpMTZqPouwRhDhJLoh6to2/HT48xCpUu4sMyj1AY+ - ECGsXzNbfb6dlAvuloNq9DoEP3nP4KJ6DKv7gnsbS1WVT6LoG9Yg6s00YnWiMomd - 0ByLH5KZdlBkZFV0K/WGWpj3c3H0IIM32+w2yYSCVQEY8UeSTQ54bI0ao+ISPLCF - AgwDC9FRLmchgYQBEAC2x72z23cpRyfiQD32Pzb4cDheSawiXSolOZMAExsRDmYl - IhMyMOwWmetg4HOwfGhq1PuM7t1k7maVa8ulWQcmD7eSmehiaMzYpA/gctf8GFQ6 - 4mmQ1siBC1qArfMgFgd9yS126NUGqXAWsrnptnlIbYuY/OsiS7W2JKLQUcx8TZqx - 6NC2zIi5+h+ZbRugpz4ZG8OjFnUwbLdZeDJ1M6i/TVuDJjGC1JkEePjY3IvcmB7P - QTzGCsYKwYSeUuAKel9ueqvznNqACQ78/NC/mYy8xTMiyjnhOqOFvmlHLZLy8cFs - m0eLlEfQycwGOIPZa7xo98AZ0Ohvykqy8SBcp6JSEoWcXi//lLfG2z5agfd7bEUP - X0rOKwmFL1l3w1sAUzmKTa29G8b2+rrCoKCHyByDQXyhgLa3aCx7tKS1iNwGdXmc - emvV15+jf/xQ8FrDDZFJGRuCVyuCGphEN8VxFR2BWRjEHEsy9gRMaJlo8gIw54Oe - ciMEBRjT+3l9B4Qipvm8V+okrdHQ56k9AbpbsAnpyHQ6A8AN7oJ19uzBq1nzRU9p - yE4lKNIjOIJmghvUcL8jwld6+w6iMkk7Ss0ClavTA06hWld6mDoRvfrQl+t4nogT - xypUidp/KtILrorNEVwaCsuXrqe5AspOcr8SqA77t9+Yj6b9x8gdJNZwvcMIB9Je - AXC4iun4BpIMdbg2beONi0Iwq+IeYOTdvpo8HKk1qrQCN4zHGaO6iZLrDFqN01DA - IyppFwRhJ60d5TjKweEn03KAT9oVsjN4nwpazd4JkLANXrxXX2wDYOVlnfYyng== - =jNoq + hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw + OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9 + brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf + G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ + KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8 + nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu + cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D + 0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi + 6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio + 2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j + GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF + AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD + PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+ + ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi + R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J + I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy + EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/ + 24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN + fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL + yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k + PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl + XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B + u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH + +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z + =s+4A -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted From 46f2ec8b961ee450570c57c0b371bffa445778ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Tue, 18 Nov 2025 17:08:23 +0100 Subject: [PATCH 22/23] wip --- SwarselSystems.org | 241 ++++++------------------ modules/home/common/zellij-keybinds.nix | 210 ++++++--------------- modules/home/common/zellij.nix | 22 +-- modules/nixos/server/disk-encrypt.nix | 9 +- 4 files changed, 124 insertions(+), 358 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 40b6879..22247d7 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -7346,21 +7346,18 @@ lspci -k -d 14c3:0616 ]; services = { unlock-luks = { - description = "Unlock LUKS encrypted root device"; wantedBy = [ "initrd.target" ]; - after = [ "network-online.target" ]; - before = [ "sysroot.mount" ]; + after = [ "network.target" ]; + before = [ "systemd-cryptsetup@cryptroot.service" ]; path = [ "/bin" ]; - # Configure how the service behaves serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; - # The actual commands to unlock the drive script = '' - echo "systemctl default >> /root/.profile" + echo "systemctl default" >> /root/.profile ''; }; }; @@ -13684,24 +13681,12 @@ Currently I only use it as before with =initExtra= though. status-bar.path = "status-bar"; strider.path = "strider"; compact-bar.path = "compact-bar"; + # configuration.path = "configuration"; + # filepicker.path = "strider"; + # plugin-manager.path = "plugin-manager"; + # session-manager.path = "session-manager"; + # welcome-screen.path = "session-manager"; }; - # configuration = { - # _props.location = "zellij:configuration"; - # }; - # filepicker = { - # _props.location = "zellij:strider"; - # cwd = "/"; - # }; - # plugin-manager = { - # _props.location = "zellij:plugin-manager"; - # }; - # session-manager = { - # _props.location = "zellij:session-manager"; - # }; - # welcome-screen = { - # _props.location = "zellij:session-manager"; - # welcome_screen = true; - # }; }; }; @@ -13739,6 +13724,12 @@ Currently I only use it as before with =initExtra= though. pane = { _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -13765,11 +13756,26 @@ Currently I only use it as before with =initExtra= though. } { bind = { - _args = [ "c" ]; - _children = [ - { SwitchToMode._args = [ "renamepane" ]; } - { PaneNameInput._args = [ 0 ]; } - ]; + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; }; } { @@ -13799,30 +13805,6 @@ Currently I only use it as before with =initExtra= though. ]; }; } - { - bind = { - _args = [ "h" ]; - _children = [{ MoveFocus._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ MoveFocus._args = [ "right" ]; }]; - }; - } { bind = { _args = [ "n" ]; @@ -13840,42 +13822,24 @@ Currently I only use it as before with =initExtra= though. } { bind = { - _args = [ "Ctrl p" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "r" ]; - _children = [ - { NewPane._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "w" ]; + _args = [ "f12" ]; _children = [ { ToggleFloatingPanes = { }; } { SwitchToMode._args = [ "normal" ]; } ]; }; } - { - bind = { - _args = [ "z" ]; - _children = [ - { TogglePaneFrames = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } ]; }; tab = { _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -13981,33 +13945,6 @@ Currently I only use it as before with =initExtra= though. ]; }; } - { - bind = { - _args = [ "[" ]; - _children = [ - { BreakPaneLeft = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "]" ]; - _children = [ - { BreakPaneRight = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "b" ]; - _children = [ - { BreakPane = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } { bind = { _args = [ "h" ]; @@ -14059,12 +13996,6 @@ Currently I only use it as before with =initExtra= though. ]; }; } - { - bind = { - _args = [ "Ctrl t" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } { bind = { _args = [ "x" ]; @@ -14074,17 +14005,17 @@ Currently I only use it as before with =initExtra= though. ]; }; } - { - bind = { - _args = [ "tab" ]; - _children = [{ ToggleTab = { }; }]; - }; - } ]; }; resize = { _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -14175,17 +14106,17 @@ Currently I only use it as before with =initExtra= though. _children = [{ Resize._args = [ "Increase right" ]; }]; }; } - { - bind = { - _args = [ "Ctrl n" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } ]; }; move = { _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -14216,12 +14147,6 @@ Currently I only use it as before with =initExtra= though. _children = [{ MovePane._args = [ "left" ]; }]; }; } - { - bind = { - _args = [ "Ctrl h" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } { bind = { _args = [ "j" ]; @@ -14240,24 +14165,6 @@ Currently I only use it as before with =initExtra= though. _children = [{ MovePane._args = [ "right" ]; }]; }; } - { - bind = { - _args = [ "n" ]; - _children = [{ MovePane = { }; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ MovePaneBackwards = { }; }]; - }; - } - { - bind = { - _args = [ "tab" ]; - _children = [{ MovePane = { }; }]; - }; - } ]; }; @@ -14321,6 +14228,12 @@ Currently I only use it as before with =initExtra= though. session = { _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "c" ]; @@ -14336,12 +14249,6 @@ Currently I only use it as before with =initExtra= though. ]; }; } - { - bind = { - _args = [ "Ctrl o" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } { bind = { _args = [ "p" ]; @@ -14419,18 +14326,6 @@ Currently I only use it as before with =initExtra= though. _children = [{ Resize._args = [ "Increase" ]; }]; }; } - { - bind = { - _args = [ "Alt [" ]; - _children = [{ PreviousSwapLayout = { }; }]; - }; - } - { - bind = { - _args = [ "Alt ]" ]; - _children = [{ NextSwapLayout = { }; }]; - }; - } { bind = { _args = [ "Alt f" ]; @@ -14469,26 +14364,14 @@ Currently I only use it as before with =initExtra= though. } { bind = { - _args = [ "Alt l" ]; - _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Alt n" ]; + _args = [ "Alt p" ]; _children = [{ NewPane = { }; }]; }; } { bind = { - _args = [ "Alt o" ]; - _children = [{ MoveTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl q" ]; - _children = [{ Quit = { }; }]; + _args = [ "Alt n" ]; + _children = [{ NewTab = { }; }]; }; } ]; diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix index 8ff17b9..b9ce4d4 100644 --- a/modules/home/common/zellij-keybinds.nix +++ b/modules/home/common/zellij-keybinds.nix @@ -18,6 +18,12 @@ pane = { _children = [ + { + bind = { + _args = [ "Ctrl p" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -44,11 +50,26 @@ } { bind = { - _args = [ "c" ]; - _children = [ - { SwitchToMode._args = [ "renamepane" ]; } - { PaneNameInput._args = [ 0 ]; } - ]; + _args = [ "h" ]; + _children = [{ MoveFocus._args = [ "left" ]; }]; + }; + } + { + bind = { + _args = [ "j" ]; + _children = [{ MoveFocus._args = [ "down" ]; }]; + }; + } + { + bind = { + _args = [ "k" ]; + _children = [{ MoveFocus._args = [ "up" ]; }]; + }; + } + { + bind = { + _args = [ "l" ]; + _children = [{ MoveFocus._args = [ "right" ]; }]; }; } { @@ -78,30 +99,6 @@ ]; }; } - { - bind = { - _args = [ "h" ]; - _children = [{ MoveFocus._args = [ "left" ]; }]; - }; - } - { - bind = { - _args = [ "j" ]; - _children = [{ MoveFocus._args = [ "down" ]; }]; - }; - } - { - bind = { - _args = [ "k" ]; - _children = [{ MoveFocus._args = [ "up" ]; }]; - }; - } - { - bind = { - _args = [ "l" ]; - _children = [{ MoveFocus._args = [ "right" ]; }]; - }; - } { bind = { _args = [ "n" ]; @@ -119,42 +116,24 @@ } { bind = { - _args = [ "Ctrl p" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } - { - bind = { - _args = [ "r" ]; - _children = [ - { NewPane._args = [ "right" ]; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "w" ]; + _args = [ "f12" ]; _children = [ { ToggleFloatingPanes = { }; } { SwitchToMode._args = [ "normal" ]; } ]; }; } - { - bind = { - _args = [ "z" ]; - _children = [ - { TogglePaneFrames = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } ]; }; tab = { _children = [ + { + bind = { + _args = [ "Ctrl t" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -260,33 +239,6 @@ ]; }; } - { - bind = { - _args = [ "[" ]; - _children = [ - { BreakPaneLeft = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "]" ]; - _children = [ - { BreakPaneRight = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } - { - bind = { - _args = [ "b" ]; - _children = [ - { BreakPane = { }; } - { SwitchToMode._args = [ "normal" ]; } - ]; - }; - } { bind = { _args = [ "h" ]; @@ -338,12 +290,6 @@ ]; }; } - { - bind = { - _args = [ "Ctrl t" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } { bind = { _args = [ "x" ]; @@ -353,17 +299,17 @@ ]; }; } - { - bind = { - _args = [ "tab" ]; - _children = [{ ToggleTab = { }; }]; - }; - } ]; }; resize = { _children = [ + { + bind = { + _args = [ "Ctrl n" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -454,17 +400,17 @@ _children = [{ Resize._args = [ "Increase right" ]; }]; }; } - { - bind = { - _args = [ "Ctrl n" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } ]; }; move = { _children = [ + { + bind = { + _args = [ "Ctrl h" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "left" ]; @@ -495,12 +441,6 @@ _children = [{ MovePane._args = [ "left" ]; }]; }; } - { - bind = { - _args = [ "Ctrl h" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } { bind = { _args = [ "j" ]; @@ -519,24 +459,6 @@ _children = [{ MovePane._args = [ "right" ]; }]; }; } - { - bind = { - _args = [ "n" ]; - _children = [{ MovePane = { }; }]; - }; - } - { - bind = { - _args = [ "p" ]; - _children = [{ MovePaneBackwards = { }; }]; - }; - } - { - bind = { - _args = [ "tab" ]; - _children = [{ MovePane = { }; }]; - }; - } ]; }; @@ -600,6 +522,12 @@ session = { _children = [ + { + bind = { + _args = [ "Ctrl o" ]; + _children = [{ SwitchToMode._args = [ "normal" ]; }]; + }; + } { bind = { _args = [ "c" ]; @@ -615,12 +543,6 @@ ]; }; } - { - bind = { - _args = [ "Ctrl o" ]; - _children = [{ SwitchToMode._args = [ "normal" ]; }]; - }; - } { bind = { _args = [ "p" ]; @@ -698,18 +620,6 @@ _children = [{ Resize._args = [ "Increase" ]; }]; }; } - { - bind = { - _args = [ "Alt [" ]; - _children = [{ PreviousSwapLayout = { }; }]; - }; - } - { - bind = { - _args = [ "Alt ]" ]; - _children = [{ NextSwapLayout = { }; }]; - }; - } { bind = { _args = [ "Alt f" ]; @@ -748,26 +658,14 @@ } { bind = { - _args = [ "Alt l" ]; - _children = [{ MoveFocusOrTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Alt n" ]; + _args = [ "Alt p" ]; _children = [{ NewPane = { }; }]; }; } { bind = { - _args = [ "Alt o" ]; - _children = [{ MoveTab._args = [ "right" ]; }]; - }; - } - { - bind = { - _args = [ "Ctrl q" ]; - _children = [{ Quit = { }; }]; + _args = [ "Alt n" ]; + _children = [{ NewTab = { }; }]; }; } ]; diff --git a/modules/home/common/zellij.nix b/modules/home/common/zellij.nix index 47492ff..a33a646 100644 --- a/modules/home/common/zellij.nix +++ b/modules/home/common/zellij.nix @@ -35,24 +35,12 @@ status-bar.path = "status-bar"; strider.path = "strider"; compact-bar.path = "compact-bar"; + # configuration.path = "configuration"; + # filepicker.path = "strider"; + # plugin-manager.path = "plugin-manager"; + # session-manager.path = "session-manager"; + # welcome-screen.path = "session-manager"; }; - # configuration = { - # _props.location = "zellij:configuration"; - # }; - # filepicker = { - # _props.location = "zellij:strider"; - # cwd = "/"; - # }; - # plugin-manager = { - # _props.location = "zellij:plugin-manager"; - # }; - # session-manager = { - # _props.location = "zellij:session-manager"; - # }; - # welcome-screen = { - # _props.location = "zellij:session-manager"; - # welcome_screen = true; - # }; }; }; diff --git a/modules/nixos/server/disk-encrypt.nix b/modules/nixos/server/disk-encrypt.nix index 8c569c0..c1531dd 100644 --- a/modules/nixos/server/disk-encrypt.nix +++ b/modules/nixos/server/disk-encrypt.nix @@ -54,21 +54,18 @@ in ]; services = { unlock-luks = { - description = "Unlock LUKS encrypted root device"; wantedBy = [ "initrd.target" ]; - after = [ "network-online.target" ]; - before = [ "sysroot.mount" ]; + after = [ "network.target" ]; + before = [ "systemd-cryptsetup@cryptroot.service" ]; path = [ "/bin" ]; - # Configure how the service behaves serviceConfig = { Type = "oneshot"; RemainAfterExit = true; }; - # The actual commands to unlock the drive script = '' - echo "systemctl default >> /root/.profile" + echo "systemctl default" >> /root/.profile ''; }; }; From ec6ae25e9b78ba0612a0a32bab8f5a5f15d987e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Wed, 19 Nov 2025 15:22:48 +0100 Subject: [PATCH 23/23] fix[work]: fix aws,cdr commands, easier git switch in emacs --- SwarselSystems.org | 488 +- files/emacs/init.el | 17 +- index.html | 5315 +++++++++++++---- modules/home/common/custom-packages.nix | 3 +- modules/home/common/settings.nix | 15 +- modules/home/common/zellij-keybinds.nix | 13 + modules/home/common/zsh.nix | 3 +- modules/home/optional/work.nix | 51 +- modules/nixos/common/home-manager-secrets.nix | 6 +- modules/nixos/common/settings.nix | 14 +- nix/overlays.nix | 2 +- nix/packages.nix | 2 +- pkgs/config/cdr/default.nix | 13 + pkgs/config/default.nix | 11 + pkgs/{ => flake}/bak/default.nix | 0 pkgs/{ => flake}/cdb/default.nix | 0 pkgs/{ => flake}/cdw/default.nix | 0 pkgs/{ => flake}/cura5/default.nix | 0 pkgs/{ => flake}/default.nix | 4 +- pkgs/{ => flake}/e/default.nix | 0 pkgs/{ => flake}/endme/default.nix | 0 pkgs/{ => flake}/eontimer/default.nix | 0 pkgs/{ => flake}/fhs/default.nix | 0 pkgs/{ => flake}/fs-diff/default.nix | 0 pkgs/{ => flake}/git-replace/default.nix | 0 .../github-notifications/default.nix | 0 .../{ => flake}/hm-specialisation/default.nix | 0 pkgs/{ => flake}/kanshare/default.nix | 0 pkgs/{ => flake}/opacitytoggle/default.nix | 0 pkgs/{ => flake}/pass-fuzzel/default.nix | 0 pkgs/{ => flake}/project/default.nix | 0 pkgs/{ => flake}/quickpass/default.nix | 0 pkgs/{ => flake}/sshrm/default.nix | 0 .../{ => flake}/swarsel-bootstrap/default.nix | 0 pkgs/{ => flake}/swarsel-build/default.nix | 0 pkgs/{ => flake}/swarsel-deploy/default.nix | 0 .../swarsel-displaypower/default.nix | 0 pkgs/{ => flake}/swarsel-install/default.nix | 0 .../swarsel-instantiate/default.nix | 0 pkgs/{ => flake}/swarsel-mgba/default.nix | 0 .../swarsel-postinstall/default.nix | 0 pkgs/{ => flake}/swarsel-rebuild/default.nix | 0 .../{ => flake}/swarselcheck-niri/default.nix | 0 pkgs/{ => flake}/swarselcheck/default.nix | 0 pkgs/{ => flake}/swarselzellij/default.nix | 0 pkgs/{ => flake}/t2ts/default.nix | 0 pkgs/{ => flake}/timer/default.nix | 0 pkgs/{ => flake}/ts2t/default.nix | 0 pkgs/{ => flake}/vershell/default.nix | 0 pkgs/{ => flake}/waybarupdate/default.nix | 0 pkgs/fullscreen/default.nix | 10 - secrets/certs/secrets.yaml | 7 +- 52 files changed, 4610 insertions(+), 1364 deletions(-) create mode 100644 pkgs/config/cdr/default.nix create mode 100644 pkgs/config/default.nix rename pkgs/{ => flake}/bak/default.nix (100%) rename pkgs/{ => flake}/cdb/default.nix (100%) rename pkgs/{ => flake}/cdw/default.nix (100%) rename pkgs/{ => flake}/cura5/default.nix (100%) rename pkgs/{ => flake}/default.nix (54%) rename pkgs/{ => flake}/e/default.nix (100%) rename pkgs/{ => flake}/endme/default.nix (100%) rename pkgs/{ => flake}/eontimer/default.nix (100%) rename pkgs/{ => flake}/fhs/default.nix (100%) rename pkgs/{ => flake}/fs-diff/default.nix (100%) rename pkgs/{ => flake}/git-replace/default.nix (100%) rename pkgs/{ => flake}/github-notifications/default.nix (100%) rename pkgs/{ => flake}/hm-specialisation/default.nix (100%) rename pkgs/{ => flake}/kanshare/default.nix (100%) rename pkgs/{ => flake}/opacitytoggle/default.nix (100%) rename pkgs/{ => flake}/pass-fuzzel/default.nix (100%) rename pkgs/{ => flake}/project/default.nix (100%) rename pkgs/{ => flake}/quickpass/default.nix (100%) rename pkgs/{ => flake}/sshrm/default.nix (100%) rename pkgs/{ => flake}/swarsel-bootstrap/default.nix (100%) rename pkgs/{ => flake}/swarsel-build/default.nix (100%) rename pkgs/{ => flake}/swarsel-deploy/default.nix (100%) rename pkgs/{ => flake}/swarsel-displaypower/default.nix (100%) rename pkgs/{ => flake}/swarsel-install/default.nix (100%) rename pkgs/{ => flake}/swarsel-instantiate/default.nix (100%) rename pkgs/{ => flake}/swarsel-mgba/default.nix (100%) rename pkgs/{ => flake}/swarsel-postinstall/default.nix (100%) rename pkgs/{ => flake}/swarsel-rebuild/default.nix (100%) rename pkgs/{ => flake}/swarselcheck-niri/default.nix (100%) rename pkgs/{ => flake}/swarselcheck/default.nix (100%) rename pkgs/{ => flake}/swarselzellij/default.nix (100%) rename pkgs/{ => flake}/t2ts/default.nix (100%) rename pkgs/{ => flake}/timer/default.nix (100%) rename pkgs/{ => flake}/ts2t/default.nix (100%) rename pkgs/{ => flake}/vershell/default.nix (100%) rename pkgs/{ => flake}/waybarupdate/default.nix (100%) delete mode 100644 pkgs/fullscreen/default.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 22247d7..5dd1d8c 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -832,7 +832,7 @@ More information on the actual packages build can be found in [[#h:64a5cc16-6b16 inherit (self.outputs) lib; in { - packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); + packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs/flake" { inherit self lib pkgs; }); }; perSystem = { pkgs, system, ... }: @@ -1725,7 +1725,7 @@ On the structure of overlays: as you notice, all of the attributes within overla overlays = { default = final: prev: let - additions = final: _: import "${self}/pkgs" { pkgs = final; inherit self lib; } + additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } // { swarsel-nix = import inputs.swarsel-nix { pkgs = prev; @@ -4646,11 +4646,13 @@ in :END: #+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix - { lib, config, globals, ... }: + { self, lib, config, globals, ... }: let inherit (config.swarselsystems) mainUser homeDir; inherit (config.repo.secrets.common.emacs) radicaleUser; modules = config.home-manager.users.${mainUser}.swarselmodules; + + certsSopsFile = self + /secrets/certs/secrets.yaml; in { config = lib.mkIf config.swarselsystems.withHomeManager { @@ -4670,6 +4672,8 @@ in github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.optional.work { + harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; @@ -4851,7 +4855,19 @@ A breakdown of the flags being set: system.stateVersion = lib.mkDefault "23.05"; nixpkgs = { - overlays = [ outputs.overlays.default ]; + overlays = [ + outputs.overlays.default + (final: prev: + let + additions = final: _: import "${self}/pkgs/config" { + inherit self config lib; + pkgs = final; + homeConfig = config.home-manager.users.${config.swarselsystems.mainUser}; + }; + in + additions final prev + ) + ]; config = { allowUnfree = true; }; @@ -12220,97 +12236,108 @@ Again, we adapt =nix= to our needs, enable the home-manager command for non-NixO let inherit (config.swarselsystems) mainUser flakePath isNixos isLinux; in - { - options.swarselmodules.general = lib.mkEnableOption "general nix settings"; - config = - let - nix-version = "2_30"; - in - lib.mkIf config.swarselmodules.general { - nix = lib.mkIf (!config.swarselsystems.isNixos) { - package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; - # extraOptions = '' - # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins - # extra-builtins-file = ${self + /nix/extra-builtins.nix} - # ''; - extraOptions = - let - nix-plugins = pkgs.nix-plugins.override { - nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; - }; - in - '' + { + options.swarselmodules.general = lib.mkEnableOption "general nix settings"; + config = + let + nix-version = "2_30"; + in + lib.mkIf config.swarselmodules.general { + nix = lib.mkIf (!config.swarselsystems.isNixos) { + package = lib.mkForce pkgs.nixVersions."nix_${nix-version}"; + # extraOptions = '' + # plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins + # extra-builtins-file = ${self + /nix/extra-builtins.nix} + # ''; + extraOptions = + let + nix-plugins = pkgs.nix-plugins.override { + nixComponents = pkgs.nixVersions."nixComponents_${nix-version}"; + }; + in + '' plugin-files = ${nix-plugins}/lib/nix/plugins extra-builtins-file = ${self + /nix/extra-builtins.nix} - ''; - settings = { - experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - "cgroups" - "pipe-operators" - ]; - trusted-users = [ "@wheel" "${mainUser}" ]; - connect-timeout = 5; - bash-prompt-prefix = "$SHLVL:\\w "; - bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)Ξ» "; - fallback = true; - min-free = 128000000; - max-free = 1000000000; - auto-optimise-store = true; - warn-dirty = false; - max-jobs = 1; - use-cgroups = lib.mkIf isLinux true; - }; - }; + ''; + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + "cgroups" + "pipe-operators" + ]; + trusted-users = [ "@wheel" "${mainUser}" ]; + connect-timeout = 5; + bash-prompt-prefix = "$SHLVL:\\w "; + bash-prompt = "$(if [[ $? -gt 0 ]]; then printf \"\"; else printf \"\"; fi)Ξ» "; + fallback = true; + min-free = 128000000; + max-free = 1000000000; + auto-optimise-store = true; + warn-dirty = false; + max-jobs = 1; + use-cgroups = lib.mkIf isLinux true; + }; + }; - # nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); - nixpkgs = lib.mkIf (!isNixos) { - overlays = [ outputs.overlays.default ]; - config = { - allowUnfree = true; - }; - }; + nixpkgs = lib.mkIf (!isNixos) { + overlays = [ + outputs.overlays.default + (final: prev: + let + additions = final: _: import "${self}/pkgs/config" { + inherit self config lib; + pkgs = final; + homeConfig = config; + }; + in + additions final prev + ) + ]; + config = { + allowUnfree = true; + }; + }; - programs = { - # home-manager.enable = lib.mkIf (!isNixos) true; - man = { - enable = true; - generateCaches = true; - }; - }; + programs = { + # home-manager.enable = lib.mkIf (!isNixos) true; + man = { + enable = true; + generateCaches = true; + }; + }; - targets.genericLinux.enable = lib.mkIf (!isNixos) true; + targets.genericLinux.enable = lib.mkIf (!isNixos) true; - home = { - username = lib.mkDefault mainUser; - homeDirectory = lib.mkDefault "/home/${mainUser}"; - stateVersion = lib.mkDefault "23.05"; - keyboard.layout = "us"; - sessionVariables = { - FLAKE = "/home/${mainUser}/.dotfiles"; - }; - extraOutputsToInstall = [ - "doc" - "info" - "devdoc" - ]; - packages = lib.mkIf (!isNixos) [ - (pkgs.symlinkJoin { - name = "home-manager"; - buildInputs = [ pkgs.makeWrapper ]; - paths = [ pkgs.home-manager ]; - postBuild = '' + home = { + username = lib.mkDefault mainUser; + homeDirectory = lib.mkDefault "/home/${mainUser}"; + stateVersion = lib.mkDefault "23.05"; + keyboard.layout = "us"; + sessionVariables = { + FLAKE = "/home/${mainUser}/.dotfiles"; + }; + extraOutputsToInstall = [ + "doc" + "info" + "devdoc" + ]; + packages = lib.mkIf (!isNixos) [ + (pkgs.symlinkJoin { + name = "home-manager"; + buildInputs = [ pkgs.makeWrapper ]; + paths = [ pkgs.home-manager ]; + postBuild = '' wrapProgram $out/bin/home-manager \ --append-flags '--flake ${flakePath}#$(hostname)' - ''; - }) - ]; - }; - }; + ''; + }) + ]; + }; + }; - } + } #+end_src **** nixGL @@ -12583,6 +12610,7 @@ This is just a separate container for derivations defined in [[#h:64a5cc16-6b16- pass-fuzzel cdw cdb + cdr bak timer e @@ -12607,8 +12635,6 @@ This is just a separate container for derivations defined in [[#h:64a5cc16-6b16- sshrm endme git-replace - - rustdesk-vbc ]; }; } @@ -13533,7 +13559,8 @@ Currently I only use it as before with =initExtra= though. hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; youtube-dl = "yt-dlp"; cat-orig = "cat"; - cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; + # cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; + cdr = "source cdr"; nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd-locate = "nix-locate --minimal --top-level -w "; @@ -14326,6 +14353,19 @@ Currently I only use it as before with =initExtra= though. _children = [{ Resize._args = [ "Increase" ]; }]; }; } + { + bind = { + _args = [ "Alt r" ]; + _children = [ + { + WriteChars._args = [ "source cdr" ]; + } + { + WriteChars._args = [ "\n" ]; + } + ]; + }; + } { bind = { _args = [ "Alt f" ]; @@ -17880,31 +17920,39 @@ When setting up a new machine: #+end_src #+begin_src nix-ts :tangle modules/home/optional/work.nix :noweb yes - { self, config, pkgs, lib, vars, nixosConfig ? config, ... }: + { self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }: let - inherit (config.swarselsystems) homeDir; + inherit (config.swarselsystems) homeDir mainUser; inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses; inherit (nixosConfig.repo.secrets.local.work) mailAddress; + + certsSopsFile = self + /secrets/certs/secrets.yaml; in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; config = lib.mkIf config.swarselmodules.optional.work - { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - # rclone - libguestfs-with-appliance - prometheus.cli - tigervnc - # openstackclient + ({ + home = { + packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + # rclone + libguestfs-with-appliance + prometheus.cli + tigervnc + # openstackclient - vscode - ]; + vscode + rustdesk-vbc + ]; + sessionVariables = { + AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path; + }; + }; systemd.user.sessionVariables = { DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; } // lib.optionalAttrs (!config.swarselsystems.isPublic) { @@ -17997,10 +18045,10 @@ When setting up a new machine: let inherit (config.wayland.windowManager.sway.config) modifier; in - { - "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; - "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; - }; + { + "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}"; + "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}"; + }; }; }; @@ -18526,7 +18574,16 @@ When setting up a new machine: }; }; - }; + } // lib.optionalAttrs (inputs ? sops) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + harica-root-ca = { + sopsFile = certsSopsFile; + path = "${homeDir}/.aws/certs/harica-root.pem"; + owner = mainUser; + }; + }; + + }); } @@ -18930,7 +18987,7 @@ In short, the options defined here are passed to the modules systems using =_mod } #+end_src -** Packages +*** Packages :PROPERTIES: :CUSTOM_ID: h:64a5cc16-6b16-4802-b421-c67ccef853e1 :END: @@ -18939,23 +18996,25 @@ This is the central station for self-defined packages. These are all referenced Note: The structure of generating the packages was changed in commit =2cf03a3 refactor: package and module generation=. That commit can be checked out in order to see a simpler version of achieving the same thing. -#+begin_src nix-ts :tangle pkgs/default.nix +*** Packages (flake) + +#+begin_src nix-ts :tangle pkgs/flake/default.nix { self, lib, pkgs, ... }: let mkPackages = names: pkgs: builtins.listToAttrs (map (name: { inherit name; - value = pkgs.callPackage "${self}/pkgs/${name}" { inherit self name; }; + value = pkgs.callPackage "${self}/pkgs/flake/${name}" { inherit self name; }; }) names); - packageNames = lib.swarselsystems.readNix "pkgs"; + packageNames = lib.swarselsystems.readNix "pkgs/flake"; in mkPackages packageNames pkgs #+end_src -*** pass-fuzzel +**** pass-fuzzel :PROPERTIES: :CUSTOM_ID: h:4fce458d-7c9c-4bcd-bd90-76b745fe5ce3 :END: @@ -19016,7 +19075,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w notify-send -u critical -a pass -t 1000 "Copied/Typed Password" #+end_src -#+begin_src nix-ts :tangle pkgs/pass-fuzzel/default.nix +#+begin_src nix-ts :tangle pkgs/flake/pass-fuzzel/default.nix { self, name, writeShellApplication, libnotify, pass, fuzzel, wtype }: writeShellApplication { inherit name; @@ -19026,7 +19085,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w #+end_src -*** quickpass +**** quickpass #+begin_src shell :tangle files/scripts/quickpass.sh :mkdirp yes shopt -s nullglob globstar @@ -19042,7 +19101,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w notify-send -u critical -a pass -t 1000 "Typed Password" #+end_src -#+begin_src nix-ts :tangle pkgs/quickpass/default.nix +#+begin_src nix-ts :tangle pkgs/flake/quickpass/default.nix { self, name, writeShellApplication, libnotify, pass, wtype }: writeShellApplication { inherit name; @@ -19052,7 +19111,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w #+end_src -*** cura5 +**** cura5 :PROPERTIES: :CUSTOM_ID: h:799579f3-ddd3-4f76-928a-a8c665980476 :END: @@ -19060,7 +19119,7 @@ This app allows me, in conjunction with my Yubikey, to quickly enter passwords w The version of =cura= used to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead. -#+begin_src nix-ts :tangle pkgs/cura5/default.nix +#+begin_src nix-ts :tangle pkgs/flake/cura5/default.nix # taken from https://github.com/NixOS/nixpkgs/issues/186570#issuecomment-1627797219 { appimageTools, fetchurl, writeScriptBin, pkgs, ... }: @@ -19093,7 +19152,7 @@ The version of =cura= used to be quite outdated in nixpkgs. I am fetching a newe #+end_src -*** hm-specialisation +**** hm-specialisation :PROPERTIES: :CUSTOM_ID: h:e6612cff-0804-47ef-9f2b-d2cc6d81a896 :END: @@ -19101,7 +19160,7 @@ The version of =cura= used to be quite outdated in nixpkgs. I am fetching a newe This script allows for quick git home-manager specialisation switching. -#+begin_src nix-ts :tangle pkgs/hm-specialisation/default.nix +#+begin_src nix-ts :tangle pkgs/flake/hm-specialisation/default.nix { name, writeShellApplication, fzf, findutils, home-manager, ... }: writeShellApplication { @@ -19117,7 +19176,7 @@ This script allows for quick git home-manager specialisation switching. #+end_src -*** cdw +**** cdw :PROPERTIES: :CUSTOM_ID: h:73b14c7a-5444-4fed-b7ac-d65542cdeda3 :END: @@ -19125,7 +19184,7 @@ This script allows for quick git home-manager specialisation switching. This script allows for quick git worktree switching. -#+begin_src nix-ts :tangle pkgs/cdw/default.nix +#+begin_src nix-ts :tangle pkgs/flake/cdw/default.nix { name, writeShellApplication, fzf, ... }: writeShellApplication { @@ -19139,14 +19198,14 @@ This script allows for quick git worktree switching. #+end_src -*** cdb +**** cdb :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: This script allows for quick git branch switching. -#+begin_src nix-ts :tangle pkgs/cdb/default.nix +#+begin_src nix-ts :tangle pkgs/flake/cdb/default.nix { name, writeShellApplication, fzf, ... }: writeShellApplication { @@ -19159,7 +19218,7 @@ This script allows for quick git branch switching. #+end_src -*** bak +**** bak :PROPERTIES: :CUSTOM_ID: h:03b1b77b-3ca8-4a8f-8e28-9f29004d96d3 :END: @@ -19167,7 +19226,7 @@ This script allows for quick git branch switching. This script lets me quickly backup files by appending =.bak= to the filename. -#+begin_src nix-ts :tangle pkgs/bak/default.nix +#+begin_src nix-ts :tangle pkgs/flake/bak/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -19180,7 +19239,7 @@ This script lets me quickly backup files by appending =.bak= to the filename. #+end_src -*** timer +**** timer :PROPERTIES: :CUSTOM_ID: h:3c72d263-411c-44f0-90ff-55f14d4d9d49 :END: @@ -19188,7 +19247,7 @@ This script lets me quickly backup files by appending =.bak= to the filename. This app starts a configuratble timer and uses TTS to say something once the timer runs out. -#+begin_src nix-ts :tangle pkgs/timer/default.nix +#+begin_src nix-ts :tangle pkgs/flake/timer/default.nix { name, writeShellApplication, speechd, ... }: writeShellApplication { @@ -19201,7 +19260,7 @@ This app starts a configuratble timer and uses TTS to say something once the tim #+end_src -*** e +**** e :PROPERTIES: :CUSTOM_ID: h:1834df06-9238-4efa-9af6-851dafe66c68 :END: @@ -19234,7 +19293,7 @@ This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm fi #+end_src -#+begin_src nix-ts :tangle pkgs/e/default.nix +#+begin_src nix-ts :tangle pkgs/flake/e/default.nix { self, name, writeShellApplication, emacs30-pgtk, sway, jq }: writeShellApplication { inherit name; @@ -19244,7 +19303,7 @@ This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm #+end_src -*** command-not-found +**** command-not-found :PROPERTIES: :CUSTOM_ID: h:10268005-a9cd-4a00-967c-cbe975c552fa :END: @@ -19288,7 +19347,7 @@ The normal =command-not-found.sh= uses the outdated =nix-shell= commands as sugg } #+end_src -*** swarselcheck +**** swarselcheck :PROPERTIES: :CUSTOM_ID: h:82f4f414-749b-4d5a-aaaa-6e3ec15fbc3d :END: @@ -19360,7 +19419,7 @@ This app checks for different apps that I keep around in the scratchpad for quic fi #+end_src -#+begin_src nix-ts :tangle pkgs/swarselcheck/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarselcheck/default.nix { self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: writeShellApplication { inherit name; @@ -19370,7 +19429,7 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src -*** swarselcheck-niri +**** swarselcheck-niri :PROPERTIES: :CUSTOM_ID: h:96da8360-2d23-4e86-9602-415fbdb972af :END: @@ -19414,7 +19473,7 @@ This app checks for different apps that I keep around in the scratchpad for quic fi #+end_src -#+begin_src nix-ts :tangle pkgs/swarselcheck-niri/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarselcheck-niri/default.nix { self, name, writeShellApplication, kitty, element-desktop, vesktop, spotify-player, jq }: writeShellApplication { inherit name; @@ -19424,7 +19483,7 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src -*** swarselzellij +**** swarselzellij :PROPERTIES: :CUSTOM_ID: h:564c102c-e335-4f17-a613-c5a436bb4864 :END: @@ -19440,7 +19499,7 @@ This app checks for different apps that I keep around in the scratchpad for quic exec kitty -o confirm_os_window_close=0 zellij #+end_src -#+begin_src nix-ts :tangle pkgs/swarselzellij/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarselzellij/default.nix { self, name, writeShellApplication, kitty }: writeShellApplication { inherit name; @@ -19450,7 +19509,7 @@ This app checks for different apps that I keep around in the scratchpad for quic #+end_src -*** waybarupdate +**** waybarupdate :PROPERTIES: :CUSTOM_ID: h:f93f66f9-6b8b-478e-b139-b2f382c1f25e :END: @@ -19484,7 +19543,7 @@ This scripts checks if there are uncommited changes in either my dotfile repo, m echo "$OUT" #+end_src -#+begin_src nix-ts :tangle pkgs/waybarupdate/default.nix +#+begin_src nix-ts :tangle pkgs/flake/waybarupdate/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -19494,7 +19553,7 @@ This scripts checks if there are uncommited changes in either my dotfile repo, m #+end_src -*** opacitytoggle +**** opacitytoggle :PROPERTIES: :CUSTOM_ID: h:a1d94db2-837a-40c4-bbd8-81ce847440ee :END: @@ -19509,7 +19568,7 @@ This app quickly toggles between 5% and 0% transparency. fi #+end_src -#+begin_src nix-ts :tangle pkgs/opacitytoggle/default.nix +#+begin_src nix-ts :tangle pkgs/flake/opacitytoggle/default.nix { self, name, writeShellApplication, sway }: writeShellApplication { inherit name; @@ -19518,7 +19577,7 @@ This app quickly toggles between 5% and 0% transparency. } #+end_src -*** fs-diff +**** fs-diff :PROPERTIES: :CUSTOM_ID: h:7c4e41b3-8c1e-4f71-87a6-30d40baed6a0 :END: @@ -19548,7 +19607,7 @@ This utility is used to compare the current state of the root directory with the done #+end_src -#+begin_src nix-ts :tangle pkgs/fs-diff/default.nix +#+begin_src nix-ts :tangle pkgs/flake/fs-diff/default.nix { self, name, writeShellApplication }: writeShellApplication { inherit name; @@ -19556,7 +19615,7 @@ This utility is used to compare the current state of the root directory with the } #+end_src -*** github-notifications +**** github-notifications :PROPERTIES: :CUSTOM_ID: h:a9398c4e-4d3b-4942-b03c-192f9c0517e5 :END: @@ -19564,7 +19623,7 @@ This utility is used to compare the current state of the root directory with the This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version. -#+begin_src nix-ts :tangle pkgs/github-notifications/default.nix +#+begin_src nix-ts :tangle pkgs/flake/github-notifications/default.nix { name, writeShellApplication, jq, ... }: writeShellApplication { @@ -19580,7 +19639,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s } #+end_src -*** kanshare +**** kanshare :PROPERTIES: :CUSTOM_ID: h:3981cd16-00c0-4ea8-95e2-c6d8c04ec4e5 :END: @@ -19588,7 +19647,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version. -#+begin_src nix-ts :tangle pkgs/kanshare/default.nix +#+begin_src nix-ts :tangle pkgs/flake/kanshare/default.nix { name, writeShellApplication, wlr-randr, busybox, wl-mirror, mako, ... }: writeShellApplication { @@ -19602,7 +19661,7 @@ This utility checks if there are updated packages in nixpkgs-unstable. It does s } #+end_src -*** swarsel-bootstrap +**** swarsel-bootstrap :PROPERTIES: :CUSTOM_ID: h:74db57ae-0bb9-4257-84be-eddbc85130dd :END: @@ -19984,7 +20043,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man | [ | Babel | evaluation | exited | with | code | 1 | ] | -#+begin_src nix-ts :tangle pkgs/swarsel-bootstrap/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-bootstrap/default.nix { self, name, writeShellApplication, openssh }: writeShellApplication { inherit name; @@ -19993,7 +20052,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man } #+end_src -*** swarsel-rebuild +**** swarsel-rebuild :PROPERTIES: :CUSTOM_ID: h:1eabdc59-8832-44ca-a22b-11f848ab150a :END: @@ -20113,7 +20172,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man -#+begin_src nix-ts :tangle pkgs/swarsel-rebuild/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-rebuild/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -20122,7 +20181,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man } #+end_src -*** swarsel-install +**** swarsel-install :PROPERTIES: :CUSTOM_ID: h:fbd8aaf2-9dca-4ca3-aca1-19d0d188a435 :END: @@ -20327,7 +20386,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f -#+begin_src nix-ts :tangle pkgs/swarsel-install/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-install/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -20336,7 +20395,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } #+end_src -*** swarsel-postinstall +**** swarsel-postinstall :PROPERTIES: :CUSTOM_ID: h:c98a7615-e5da-4f47-8ed1-2b2ea65519e9 :END: @@ -20418,7 +20477,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f -#+begin_src nix-ts :tangle pkgs/swarsel-postinstall/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-postinstall/default.nix { self, name, writeShellApplication, git }: writeShellApplication { inherit name; @@ -20427,12 +20486,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } #+end_src -*** t2ts +**** t2ts :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: -#+begin_src nix-ts :tangle pkgs/t2ts/default.nix +#+begin_src nix-ts :tangle pkgs/flake/t2ts/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -20445,12 +20504,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -*** ts2t +**** ts2t :PROPERTIES: :CUSTOM_ID: h:5ad99997-e54c-4f0b-9ab7-15f76b1e16e1 :END: -#+begin_src nix-ts :tangle pkgs/ts2t/default.nix +#+begin_src nix-ts :tangle pkgs/flake/ts2t/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -20463,12 +20522,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -*** vershell +**** vershell :PROPERTIES: :CUSTOM_ID: h:7806b129-a4a5-4d10-af27-6cbeafbcb294 :END: -#+begin_src nix-ts :tangle pkgs/vershell/default.nix +#+begin_src nix-ts :tangle pkgs/flake/vershell/default.nix { name, writeShellApplication, ... }: writeShellApplication { @@ -20481,12 +20540,12 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -*** eontimer +**** eontimer :PROPERTIES: :CUSTOM_ID: h:9fda7829-09a4-4b8f-86f6-08b078ab2874 :END: -#+begin_src nix-ts :tangle pkgs/eontimer/default.nix +#+begin_src nix-ts :tangle pkgs/flake/eontimer/default.nix { lib , python3 , fetchFromGitHub @@ -20585,7 +20644,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f #+end_src -*** project +**** project :PROPERTIES: :CUSTOM_ID: h:154b6df4-dd50-4f60-9794-05a140d02994 :END: @@ -20600,7 +20659,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f direnv allow #+end_src -#+begin_src nix-ts :tangle pkgs/project/default.nix +#+begin_src nix-ts :tangle pkgs/flake/project/default.nix { self, name, writeShellApplication }: writeShellApplication { inherit name; @@ -20608,13 +20667,13 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f } #+end_src -*** fhs +**** fhs :PROPERTIES: :CUSTOM_ID: h:36d6c17c-6d91-4297-b76d-9d7feab6c1a0 :END: -#+begin_src nix-ts :tangle pkgs/fhs/default.nix +#+begin_src nix-ts :tangle pkgs/flake/fhs/default.nix { name, pkgs, ... }: let base = pkgs.appimageTools.defaultFhsEnvArgs; @@ -20628,7 +20687,7 @@ Autoformatting always puts the =EOF= with indentation, which makes shfmt check f }) #+end_src -*** swarsel-displaypower +**** swarsel-displaypower :PROPERTIES: :CUSTOM_ID: h:814d5e7f-4b95-412d-b246-33f888514ec6 :END: @@ -20640,7 +20699,7 @@ A crude script to power on all displays that might be attached. Needed because s swaymsg "output * dpms on" > /dev/null 2>&1 || true #+end_src -#+begin_src nix-ts :tangle pkgs/swarsel-displaypower/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-displaypower/default.nix { self, name, writeShellApplication, sway }: writeShellApplication { inherit name; @@ -20650,7 +20709,7 @@ A crude script to power on all displays that might be attached. Needed because s #+end_src -*** swarsel-mgba +**** swarsel-mgba :PROPERTIES: :CUSTOM_ID: h:799579f3-ddd3-4f76-928a-a8c665980476 :END: @@ -20658,7 +20717,7 @@ A crude script to power on all displays that might be attached. Needed because s AppImage version of mgba in which the lua scripting works. -#+begin_src nix-ts :tangle pkgs/swarsel-mgba/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-mgba/default.nix { appimageTools, fetchurl, ... }: let pname = "mgba"; @@ -20682,12 +20741,12 @@ AppImage version of mgba in which the lua scripting works. #+end_src -*** swarsel-deploy +**** swarsel-deploy :PROPERTIES: :CUSTOM_ID: h:c3362d4e-d3a8-43e8-9ef7-272b6de0572e :END: -#+begin_src nix-ts :tangle pkgs/swarsel-deploy/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-deploy/default.nix # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix { name, bc, nix-output-monitor, writeShellApplication, ... }: writeShellApplication { @@ -20814,12 +20873,12 @@ AppImage version of mgba in which the lua scripting works. #+end_src -*** swarsel-build +**** swarsel-build :PROPERTIES: :CUSTOM_ID: h:c3362d4e-d3a8-43e8-9ef7-272b6de0572e :END: -#+begin_src nix-ts :tangle pkgs/swarsel-build/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-build/default.nix { name, nix-output-monitor, writeShellApplication, ... }: writeShellApplication { runtimeInputs = [ nix-output-monitor ]; @@ -20838,14 +20897,14 @@ AppImage version of mgba in which the lua scripting works. #+end_src -*** swarsel-instantiate +**** swarsel-instantiate :PROPERTIES: :CUSTOM_ID: h:95ebfd13-1f6b-427f-950d-e30c1ed6f9fa :END: This is a convenience function that calls =nix-instantiate= with a number of flags that I need in order to evaluate nix expressions in org-src blocks. -#+begin_src nix-ts :tangle pkgs/swarsel-instantiate/default.nix +#+begin_src nix-ts :tangle pkgs/flake/swarsel-instantiate/default.nix { name, writeShellApplication, ... }: writeShellApplication { inherit name; @@ -20857,7 +20916,7 @@ This is a convenience function that calls =nix-instantiate= with a number of fla #+end_src -*** sshrm +**** sshrm :PROPERTIES: :CUSTOM_ID: h:02842543-caca-4d4c-a4d2-7ac749b5c136 :END: @@ -20878,7 +20937,7 @@ This programs simply runs ssh-keygen on the last host that I tried to ssh into. fi #+end_src -#+begin_src nix-ts :tangle pkgs/sshrm/default.nix +#+begin_src nix-ts :tangle pkgs/flake/sshrm/default.nix { self, name, writeShellApplication, openssh }: writeShellApplication { inherit name; @@ -20886,11 +20945,11 @@ This programs simply runs ssh-keygen on the last host that I tried to ssh into. text = builtins.readFile "${self}/files/scripts/${name}.sh"; } #+end_src -*** endme +**** endme Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session. -#+begin_src nix-ts :tangle pkgs/endme/default.nix +#+begin_src nix-ts :tangle pkgs/flake/endme/default.nix { name, writeShellApplication, ... }: writeShellApplication { inherit name; @@ -20903,12 +20962,12 @@ Sometimes my DE crashes after putting it to suspend - to be precise, it happens #+end_src -*** git-replace +**** git-replace This script allows for quick git replace of a string. -#+begin_src nix-ts :tangle pkgs/git-replace/default.nix +#+begin_src nix-ts :tangle pkgs/flake/git-replace/default.nix { name, writeShellApplication, git, gnugrep, findutils, ... }: writeShellApplication { @@ -20974,6 +21033,43 @@ This script allows for quick git replace of a string. } +#+end_src + +*** Packages (config) + +#+begin_src nix-ts :tangle pkgs/config/default.nix + { self, homeConfig, lib, pkgs, ... }: + let + mkPackages = names: pkgs: builtins.listToAttrs (map + (name: { + inherit name; + value = pkgs.callPackage "${self}/pkgs/config/${name}" { inherit self name homeConfig; }; + }) + names); + packageNames = lib.swarselsystems.readNix "pkgs/config"; + in + mkPackages packageNames pkgs +#+end_src + +**** cdr + + +#+begin_src nix-ts :tangle pkgs/config/cdr/default.nix + { name, homeConfig, writeShellApplication, fzf, ... }: + + writeShellApplication { + inherit name; + runtimeInputs = [ fzf ]; + text = '' + DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""} + DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV} + FLAKE=${homeConfig.home.sessionVariables.FLAKE} + + cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" + ''; + } + + #+end_src ** Profiles @@ -22117,6 +22213,22 @@ This function was found here: [[https://www.reddit.com/r/emacs/comments/re31i6/h (define-key minibuffer-local-filename-completion-map [C-backspace] #'up-directory) +#+end_src +**** Magit: List directories using vertico/consult + +#+begin_src emacs-lisp + + (defun swarsel/consult-magit-repos () + (interactive) + (require 'magit) + (let* ((repos (magit-list-repos)) + (repo (consult--read repos + :prompt "Magit repo: " + :require-match t + :history 'my/consult-magit-repos-history + :sort t))) + (magit-status repo))) + #+end_src **** org-mode: General setup :PROPERTIES: @@ -22321,6 +22433,7 @@ I also define some keybinds to some combinations directly. Those are used mostly "l" '(:ignore l :which-key "links") "lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org") "le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org") + "lr" '(swarsel/consult-magit-repos :which-key "List repos") "ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org") "lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project") "lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos") @@ -22370,6 +22483,7 @@ I also define some keybinds to some combinations directly. Those are used mostly "C-c D" 'crux-duplicate-and-comment-current-line-or-region "" 'swarsel/last-buffer "M-\\" 'indent-region + "M-r" 'swarsel/consult-magit-repos "" 'yank "" 'kill-region "" 'kill-ring-save @@ -24083,8 +24197,8 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. (use-package magit :config - (setq magit-repository-directories `((,swarsel-work-projects-directory . 1) - (,swarsel-private-projects-directory . 1) + (setq magit-repository-directories `((,swarsel-work-projects-directory . 3) + (,swarsel-private-projects-directory . 3) ("~/.dotfiles/" . 0))) :custom (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window diff --git a/files/emacs/init.el b/files/emacs/init.el index 5a013e3..5ada956 100644 --- a/files/emacs/init.el +++ b/files/emacs/init.el @@ -162,6 +162,17 @@ create a new one." (define-key minibuffer-local-filename-completion-map [C-backspace] #'up-directory) +(defun swarsel/consult-magit-repos () + (interactive) + (require 'magit) + (let* ((repos (magit-list-repos)) + (repo (consult--read repos + :prompt "Magit repo: " + :require-match t + :history 'my/consult-magit-repos-history + :sort t))) + (magit-status repo))) + (defun swarsel/org-mode-setup () (variable-pitch-mode 1) (add-hook 'org-tab-first-hook 'org-end-of-line) @@ -272,6 +283,7 @@ create a new one." "l" '(:ignore l :which-key "links") "lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org") "le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org") + "lr" '(swarsel/consult-magit-repos :which-key "List repos") "ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org") "lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project") "lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos") @@ -321,6 +333,7 @@ create a new one." "C-c D" 'crux-duplicate-and-comment-current-line-or-region "" 'swarsel/last-buffer "M-\\" 'indent-region + "M-r" 'swarsel/consult-magit-repos "" 'yank "" 'kill-region "" 'kill-ring-save @@ -1241,8 +1254,8 @@ create a new one." (use-package magit :config - (setq magit-repository-directories `((,swarsel-work-projects-directory . 1) - (,swarsel-private-projects-directory . 1) + (setq magit-repository-directories `((,swarsel-work-projects-directory . 3) + (,swarsel-private-projects-directory . 3) ("~/.dotfiles/" . 0))) :custom (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window diff --git a/index.html b/index.html index 6583879..73a386f 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configurationo @@ -209,8 +209,8 @@
  • 1.4. Hosts
  • 1.5. Programs
  • 1.6. Services
    • -
  • 1.7. Manual steps when setting up a new machine
    • -
  • 1.8. Current issues
    • +
  • 1.7. Manual steps when setting up a new machine
    • +
  • 1.8. Current issues
  • 2. flake.nix @@ -263,33 +263,45 @@
  • 3.1.2.2.3. disko
    • -
  • 3.1.2.3. Winters (Server) +
  • 3.1.2.3. Winters (Server: ASRock J4105-ITX)
    • -
  • 3.1.2.4. machpizza (MacBook Pro)
    • -
  • 3.1.2.5. Magicant (Phone)
    • -
  • 3.1.2.6. Treehouse (DGX Spark)
    • +
  • 3.1.2.4. Summers (Server: ASUS Z10PA-D8) + +
    • +
  • 3.1.2.5. Hintbooth (Router: HUNSN RM02) + +
    • +
  • 3.1.2.6. machpizza (MacBook Pro)
    • +
  • 3.1.2.7. Magicant (Phone)
    • +
  • 3.1.2.8. Treehouse (DGX Spark)
  • 3.1.3. Virtual hosts
  • 3.1.4. Utility hosts @@ -301,7 +313,7 @@
  • 3.1.4.2. TODO Drugstore (ISO installer config)
    • -
  • 3.1.4.3. ChaosTheatre (Demo Physical/VM) +
  • 3.1.4.3. Hotel (Demo Physical/VM)
  • 3.2.4. Darwin @@ -445,15 +462,15 @@
  • 3.2.5.8. Hibernation
  • 3.2.5.9. BTRFS
  • 3.2.5.10. work
    • -
  • 3.2.5.11. microvm-host
    • -
  • 3.2.5.12. microvm-guest
    • +
  • 3.2.5.11. microvm-host
    • +
  • 3.2.5.12. microvm-guest
  • 3.3. Home-manager
  • 3.3.3. Server @@ -550,73 +574,81 @@
  • 4.4.2. Nix Mode
    • @@ -735,7 +769,7 @@
  • 4.4.5. Ansible
  • 4.4.6. Dockerfile
  • 4.4.7. Terraform Mode
    • -
  • 4.4.8. nixpkgs-fmt
    • +
  • 4.4.8. nix formatting
  • 4.4.9. shfmt
  • 4.4.10. Markdown Mode @@ -1153,16 +1187,21 @@ Here I give a brief overview over the hostmachines that I am using. This is held 
    | Name               | Hardware                                            | Use                                                  |
 |--------------------|-----------------------------------------------------|------------------------------------------------------|
 |πŸ’» **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
-|πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal lapto                                       |
-|πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS sandbox                                        |
-|πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Main homeserver and data storgae                     |
-|πŸ–₯️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
-|πŸ–₯️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+|πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                      |
+|πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS reference and build sandbox                    |
+|🏠 **treehouse**    | NVIDIA DGX Spark                                    | Workstation, AI playground and home-manager reference|
+|πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Secondary homeserver and data storgae                |
+|πŸ–₯️ **summers**      | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Main homeserver running microvms, data storage       |
+|πŸ–₯️ **hintbooth**    | HUNSN RM02, 8GB RAM                                 | Router                                               |
+|☁️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+|☁️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+|☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache                   |
+|☁️ **monkeycave**   | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server                                        |
+|☁️ **eagleland**    | Hetzner Cloud: CX23                                 | Mail server                                          |
 |πŸ“± **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
 |πŸ’Ώ **drugstore**    | -                                                   | ISO installer configuration                          |
 |❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
 |❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
-|🏠 **treehouse**    | -                                                   | Reference configuration for a home-manager only host |
    @@ -1219,12 +1258,20 @@ Here I give a brief overview over the hostmachines that I am using. This is held -
    -

    1.7. Manual steps when setting up a new machine

    +
    +

    1.7. Manual steps when setting up a new machine

    These steps are required when setting up a normal NixOS host:
 
+- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`):
+  - `systemd-cryptenroll --fido2-device=auto /dev/<device, e.g. 'nvme0n1p2'>`
+
+If the new machine is a work machine, these steps are additionally needed:
+
+- setup the work VPN:
+  - using the laptop certificate `.pem` as User cert and private key (CA cert: none)
+  - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway`
 - setup gpgsm for signing of mails using S/MIME:
   - `gpgsm --import ~/Certificates/<certname>.p12`
   - `gpgsm --import ~/Certificates/harica-root.pem`
@@ -1234,18 +1281,9 @@ Here I give a brief overview over the hostmachines that I am using. This is held
 - setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`):
   - `pizauth auth <account name, e.g. 'work'>`
   - `pizauth dump > ~/.pizauth.state`
-- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`):
-  - `systemd-cryptenroll --fido2-device=auto /dev/<device, e.g. 'nvme0n1p2'>`
-
-If the new machine is a work machine, these steps are additionally needed:
-
-- setup the work VPN:
-  - using the laptop certificate `.pem` as User cert and private key (CA cert: none)
-  - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway`
 
 If the new machine is home-manager only, perform these steps:
 
-
 - (Optional) Install openssh-server
 - Set hostname to the name specified in the home-manager configuration
 - Install nix, either:
@@ -1258,13 +1296,47 @@ If the new machine is home-manager only, perform these steps:
   1) Clone dotfile repo & change into it
   2) `nix --extra-experimental-features 'nix-command flakes' develop`
   3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
-
    + +These steps are required when setting up a normal NixOS host: + +- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): + - `systemd-cryptenroll --fido2-device=auto /dev/` + +If the new machine is a work machine, these steps are additionally needed: + +- setup the work VPN: + - using the laptop certificate `.pem` as User cert and private key (CA cert: none) + - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway` +- setup gpgsm for signing of mails using S/MIME: + - `gpgsm --import ~/Certificates/.p12` + - `gpgsm --import ~/Certificates/harica-root.pem` + - `gpgsm --import ~/Certificates/harica-intermediate.pem` + - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` + - trust the certificate and set passphrase +- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): + - `pizauth auth ` + - `pizauth dump > ~/.pizauth.state` + +If the new machine is home-manager only, perform these steps: + +- (Optional) Install openssh-server +- Set hostname to the name specified in the home-manager configuration +- Install nix, either: + - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` + - (or installing nix freshly): + - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install + - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` +- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` +- For the first build: + 1) Clone dotfile repo & change into it + 2) `nix --extra-experimental-features 'nix-command flakes' develop` + 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
    -
    -

    1.8. Current issues

    +
    +

    1.8. Current issues

    Currently, these adaptions are made to the configuration to account for bugs in upstream repos:
@@ -1289,6 +1361,27 @@ If the new machine is home-manager only, perform these steps:
       - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)
    + +Currently, these adaptions are made to the configuration to account for bugs in upstream repos: + +- 202501102: + - flake: + - emacs-overlay: + - : version pinned because emacsclient is currently broken on latest + - niri-flake: + - currently not using the sugared version of screenshot-[,window], as it is currently broken + - home-manager: + - emacs-tramp: + - using stable version in extraPackages (broken in unstable) + - :ensure nil in emacs tramp settings to use package in extraPackages + - emacs-calfwL + - pinned to version not in nixpkgs (is in latest emacs-overlay, but that is broken) + - vesktop: + - running stable version (broken in unstable) + - batgrep: + - running stable version (broken in unstable) + - swayosd: + - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)
    @@ -1436,8 +1529,8 @@ This provides devshell support for flake-parts
    • swarsel-modules.url = "github:Swarsel/swarsel-modules/main"; swarsel-nix.url = "github:Swarsel/swarsel-nix/main"; home-manager = { - url = "github:nix-community/home-manager"; - # url = "github:Swarsel/home-manager/main"; + # url = "github:nix-community/home-manager"; + url = "github:Swarsel/home-manager/main"; inputs.nixpkgs.follows = "nixpkgs"; }; swarsel.url = "github:Swarsel/.dotfiles"; @@ -1509,10 +1602,15 @@ This provides devshell support for flake-parts url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-extra-modules = { + url = "github:oddlama/nixos-extra-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + }; microvm = { url = "github:astro/microvm.nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + treefmt-nix.url = "github:numtide/treefmt-nix"; }; outputs = @@ -1565,7 +1663,7 @@ a separate repo containing my secrets

    -As for the second approach, I actually used this up to some point (see for example 7e11641: feat: add initial oauth2-proxy and freshrss oidc as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration (ChaosTheatre (Demo Physical/VM)) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by this blog article and large parts of it are adapted from oddlama's nix-config. +As for the second approach, I actually used this up to some point (see for example 7e11641: feat: add initial oauth2-proxy and freshrss oidc as one of the lasts commits still using this system). However, it is quite bothersome to constantly have to keep two repositories up to date and in sync. Also, having a repo that every configuration relied upon that was also a private repo led to the problem that my demo configuration (Hotel (Demo Physical/VM)) would fail to build with that present, and I had to take several extra steps to make it buildable. Ever since deleting that dependency I also got rid of that problem. The whole system is inspired by this blog article and large parts of it are adapted from oddlama's nix-config.

    @@ -1717,6 +1815,22 @@ let inherit (inputs.nixpkgs) lib; in rec { + cidrToSubnetMask = cidr: + let + prefixLength = lib.toInt (lib.last (lib.splitString "/" cidr)); + bits = lib.genList (i: if i < prefixLength then 1 else 0) 32; + octets = lib.genList + (i: + let + octetBits = lib.sublist (i * 8) 8 bits; + octetValue = lib.foldl (acc: bit: acc * 2 + bit) 0 octetBits; + in + octetValue + ) 4; + subnetMask = lib.concatStringsSep "." (map toString octets); + in + subnetMask; + mkIfElseList = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) @@ -1768,6 +1882,9 @@ in inherit (inputs.home-manager.lib) hm; inherit swarselsystems; }); + + swarselsystemsLib = swarselsystems; + homeLib = self.outputs.lib; }; } @@ -1790,14 +1907,39 @@ More information on the actual packages build can be found in -
    { self, ... }:
+
    { self, inputs, ... }:
 {
+  imports = [
+    (
+      { lib, flake-parts-lib, ... }:
+      flake-parts-lib.mkTransposedPerSystemModule {
+        name = "pkgs";
+        file = ./packages.nix;
+        option = lib.mkOption {
+          type = lib.types.unspecified;
+        };
+      }
+    )
+  ];
   flake = _:
     let
       inherit (self.outputs) lib;
     in
     {
-      packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; });
+      packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs/flake" { inherit self lib pkgs; });
+    };
+
+  perSystem = { pkgs, system, ... }:
+    {
+      # see https://flake.parts/module-arguments.html?highlight=modulewith#persystem-module-parameters
+      _module.args.pkgs = import inputs.nixpkgs {
+        inherit system;
+        config.allowUnfree = true;
+        overlays = [
+          self.overlays.default
+        ];
+      };
+      inherit pkgs;
     };
 }
 
    
@@ -1827,7 +1969,7 @@ Lastly, in order make this actually available to my configurations, i use the 
 
    # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix
-{ inputs, ... }:
+{ self, inputs, ... }:
 {
   flake = { config, lib, ... }:
     {
@@ -1836,7 +1978,8 @@ Lastly, in order make this actually available to my configurations, i use the 
@@ -2115,11 +2299,11 @@ Another note concerning flake-parts:
               (mkConnection "milkywell" "wan")
               (mkConnection "magicant" "wifi")
               (mkConnection "toto" "bootstrapper")
-              (mkConnection "chaostheatre" "demo host")
+              (mkConnection "hotel" "demo host")
             ];
           };
 
-          chaostheatre.interfaces."demo host" = { };
+          hotel.interfaces."demo host" = { };
           toto.interfaces."bootstrapper" = { };
           milkywell.interfaces.wan = { };
           moonside.interfaces.wan = { };
@@ -2297,7 +2481,7 @@ Lastly, in the perSystem attribute set, we see that it is actually
     inputs.pre-commit-hooks.flakeModule
   ];
 
-  perSystem = { pkgs, system, ... }:
+  perSystem = { pkgs, config, system, ... }:
     {
       pre-commit = {
         check.enable = true;
@@ -2319,6 +2503,7 @@ Lastly, in the perSystem attribute set, we see that it is actually
             nixpkgs-fmt.enable = true;
             statix.enable = true;
             trim-trailing-whitespace.enable = true;
+            treefmt.enable = true;
 
             destroyed-symlinks = {
               enable = true;
@@ -2338,110 +2523,142 @@ Lastly, in the perSystem attribute set, we see that it is actually
         };
       };
 
-      devshells.default = let
-        nix-version = "2_30";
-      in {
-        packages = [
-          (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
-          pkgs.git
-          pkgs.just
-          pkgs.age
-          pkgs.ssh-to-age
-          pkgs.sops
-          pkgs.nixpkgs-fmt
-          self.packages.${system}.swarsel-build
-          self.packages.${system}.swarsel-deploy
-          (pkgs.symlinkJoin {
-            name = "home-manager";
-            buildInputs = [ pkgs.makeWrapper ];
-            paths = [ pkgs.home-manager ];
-            postBuild = ''
-              wrapProgram $out/bin/home-manager \
-              --append-flags '--flake .#$(hostname)'
-              '';
-          })
-        ];
+      devshells = {
+        deploy =
+          let
+            nix-version = "2_28";
+          in {
+          packages = [
+            (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.stable25_05.nixVersions."nix_${nix-version}")
+            pkgs.git
+            pkgs.just
+            pkgs.age
+            pkgs.ssh-to-age
+            pkgs.sops
+          ];
 
-        commands = [
+          env =
+            [
+              {
+                name = "NIX_CONFIG";
+                value = ''
+                  plugin-files = ${pkgs.stable25_05.nix-plugins.overrideAttrs (o: {
+                    buildInputs = [pkgs.stable25_05.nixVersions."nix_${nix-version}" pkgs.stable25_05.boost];
+                    patches = (o.patches or []) ++ [./nix-plugins.patch];
+                  })}/lib/nix/plugins
+                  extra-builtins-file = ${self + /nix/extra-builtins.nix}
+                '';
+              }
+            ];
+        };
+        default =
+          let
+            nix-version = "2_30";
+          in
           {
-            package = pkgs.statix;
-            help = "Lint flake";
-          }
-          {
-            package = pkgs.deadnix;
-            help = "Check flake for dead code";
-          }
-          {
-            package = pkgs.nix-tree;
-            help = "Interactively browse dependency graphs of Nix derivations";
-          }
-          {
-            package = pkgs.nvd;
-            help = "Diff two nix toplevels and show which packages were upgraded";
-          }
-          {
-            package = pkgs.nix-diff;
-            help = "Explain why two Nix derivations differ";
-          }
-          {
-            package = pkgs.nix-output-monitor;
-            help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
-            name = "nom \"$@\"";
-          }
-          {
-            name = "hm";
-            help = "Manage home-manager config";
-            command = "home-manager \"$@\"";
-          }
-          {
-            name = "fmt";
-            help = "Format flake";
-            command = "nixpkgs-fmt --check \"$FLAKE\"";
-          }
-          {
-            name = "sd";
-            help = "Build and deploy this nix config to nodes";
-            command = "swarsel-deploy \"$@\"";
-          }
-          {
-            name = "sl";
-            help = "Build and deploy a config to nodes";
-            command = "swarsel-deploy \${1} switch";
-          }
-          {
-            name = "sw";
-            help = "Build and switch to the host's config locally";
-            command = "swarsel-deploy $(hostname) switch";
-          }
-          {
-            name = "bld";
-            help = "Build a number of configurations";
-            command = "swarsel-build \"$@\"";
-          }
-          {
-            name = "c";
-            help = "Work with the flake git repository";
-            command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
-          }
-        ];
+            packages = [
+              (builtins.trace "alarm: pinned nix_${nix-version}" pkgs.nixVersions."nix_${nix-version}")
+              pkgs.git
+              pkgs.just
+              pkgs.age
+              pkgs.ssh-to-age
+              pkgs.sops
+              pkgs.nixpkgs-fmt
+              self.packages.${system}.swarsel-build
+              self.packages.${system}.swarsel-deploy
+              (pkgs.symlinkJoin {
+                name = "home-manager";
+                buildInputs = [ pkgs.makeWrapper ];
+                paths = [ pkgs.home-manager ];
+                postBuild = ''
+                  wrapProgram $out/bin/home-manager \
+                  --append-flags '--flake .#$(hostname)'
+                '';
+              })
+            ];
 
-        devshell.startup.pre-commit-install.text = "pre-commit install";
+            commands = [
+              {
+                package = pkgs.statix;
+                help = "Lint flake";
+              }
+              {
+                package = pkgs.deadnix;
+                help = "Check flake for dead code";
+              }
+              {
+                package = pkgs.nix-tree;
+                help = "Interactively browse dependency graphs of Nix derivations";
+              }
+              {
+                package = pkgs.nvd;
+                help = "Diff two nix toplevels and show which packages were upgraded";
+              }
+              {
+                package = pkgs.nix-diff;
+                help = "Explain why two Nix derivations differ";
+              }
+              {
+                package = pkgs.nix-output-monitor;
+                help = "Nix Output Monitor (a drop-in alternative for `nix` which shows a build graph)";
+                name = "nom \"$@\"";
+              }
+              {
+                name = "hm";
+                help = "Manage home-manager config";
+                command = "home-manager \"$@\"";
+              }
+              {
+                name = "fmt";
+                help = "Format flake";
+                command = "nixpkgs-fmt --check \"$FLAKE\"";
+              }
+              {
+                name = "sd";
+                help = "Build and deploy this nix config to nodes";
+                command = "swarsel-deploy \"$@\"";
+              }
+              {
+                name = "sl";
+                help = "Build and deploy a config to nodes";
+                command = "swarsel-deploy \${1} switch";
+              }
+              {
+                name = "sw";
+                help = "Build and switch to the host's config locally";
+                command = "swarsel-deploy $(hostname) switch";
+              }
+              {
+                name = "bld";
+                help = "Build a number of configurations";
+                command = "swarsel-build \"$@\"";
+              }
+              {
+                name = "c";
+                help = "Work with the flake git repository";
+                command = "git --git-dir=$FLAKE/.git --work-tree=$FLAKE/ \"$@\"";
+              }
+            ];
 
-        env = let
-          nix-plugins = pkgs.nix-plugins.override {
-            nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
+            # devshell.startup.pre-commit-install.text = "pre-commit install";
+            devshell.startup.pre-commit.text = config.pre-commit.installationScript;
+
+            env =
+              let
+                nix-plugins = pkgs.nix-plugins.override {
+                  nixComponents = pkgs.nixVersions."nixComponents_${nix-version}";
+                };
+              in
+              [
+                {
+                  name = "NIX_CONFIG";
+                  value = ''
+                    plugin-files = ${nix-plugins}/lib/nix/plugins
+                    extra-builtins-file = ${self + /nix/extra-builtins.nix}
+                  '';
+                }
+              ];
           };
-        in [
-          {
-            # Additionally configure nix-plugins with our extra builtins file.
-            # We need this for our repo secrets.
-            name = "NIX_CONFIG";
-            value = ''
-              plugin-files = ${nix-plugins}/lib/nix/plugins
-              extra-builtins-file = ${self + /nix/extra-builtins.nix}
-            '';
-          }
-        ];
       };
     };
 }
@@ -2504,10 +2721,32 @@ Defines a formatter that can be called using nix flake format. Whil
 
    
 
 
    
-
    _:
+
    { inputs, ... }:
 {
+  imports = [
+    inputs.treefmt-nix.flakeModule
+  ];
+
   perSystem = { pkgs, ... }: {
-    formatter = pkgs.nixpkgs-fmt;
+    # formatter = pkgs.nixpkgs-fmt;
+    # formatter is set by treefmt to:
+    # formatter = lib.mkIf config.treefmt.flakeFormatter (lib.mkDefault config.treefmt.build.wrapper);
+    treefmt = {
+      projectRootFile = "flake.nix";
+      programs = {
+        nixfmt = {
+          enable = true;
+          package = pkgs.nixpkgs-fmt;
+        };
+        deadnix.enable = true;
+        statix.enable = true;
+        shellcheck.enable = true;
+      };
+      settings.formatter.shellcheck.options = [
+        "--shell"
+        "bash"
+      ];
+    };
   };
 }
 
@@ -2649,7 +2888,7 @@ in
       overlays = {
         default = final: prev:
           let
-            additions = final: _: import "${self}/pkgs" { pkgs = final; inherit self lib; }
+            additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; }
               // {
               swarsel-nix = import inputs.swarsel-nix {
                 pkgs = prev;
@@ -2662,6 +2901,11 @@ in
               #   withSystemVencord = true;
               # };
 
+              lib = prev.lib // {
+                swarselsystems = self.outputs.swarselsystemsLib;
+                hm = self.outputs.homeLib;
+              };
+
               firefox = prev.firefox.override {
                 nativeMessagingHosts = [
                   prev.tridactyl-native
@@ -2712,15 +2956,19 @@ in
                 (builtins.attrNames nixpkgsInputs));
 
           in
-          (additions final prev)
-          // (modifications final prev)
-          // (nixpkgs-stable-versions final prev)
-          // (inputs.niri-flake.overlays.niri final prev)
-          // (inputs.vbc-nix.overlays.default final prev)
-          // (inputs.nur.overlays.default final prev)
-          // (inputs.emacs-overlay.overlay final prev)
-          // (inputs.nix-topology.overlays.default final prev)
-          // (inputs.nixgl.overlay final prev);
+          lib.recursiveUpdate
+            (
+              (additions final prev)
+              // (nixpkgs-stable-versions final prev)
+              // (inputs.niri-flake.overlays.niri final prev)
+              // (inputs.vbc-nix.overlays.default final prev)
+              // (inputs.nur.overlays.default final prev)
+              // (inputs.emacs-overlay.overlay final prev)
+              // (inputs.nix-topology.overlays.default final prev)
+              // (inputs.nixgl.overlay final prev)
+              // (inputs.nixos-extra-modules.overlays.default final prev)
+            )
+            (modifications final prev);
       };
     };
 }
@@ -3545,7 +3793,7 @@ in
 
    
 
 
    
-
    3.1.2.3. Winters (Server)
    
+
    3.1.2.3. Winters (Server: ASRock J4105-ITX)
    
 
    
 
    
 This is my main server that I run at home. It handles most tasks that require bigger amounts of storage than I can receive for free at OCI. Also it houses some data that I find too sensitive to hand over to Oracle.
@@ -3555,7 +3803,7 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    3.1.2.3.1. Main Configuration
    
 
    
 
    
-
    { lib, config, minimal, ... }:
+
    { lib, minimal, ... }:
 {
 
   imports = [
@@ -3567,25 +3815,29 @@ This is my main server that I run at home. It handles most tasks that require bi
     loader.efi.canTouchEfiVariables = true;
   };
 
-  globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4;
-
-  networking = {
-    inherit (config.repo.secrets.local) hostId;
-    hostName = "winters";
-    firewall.enable = true;
-    enableIPv6 = false;
-    firewall.allowedTCPPorts = [ 80 443 ];
-  };
+  # globals.hosts.${config.node.name}.ipv4 = config.repo.secrets.local.ipv4;
+  # globals.networks.home.hosts.${config.node.name} = {
+  #   ipv4 = config.repo.secrets.local.home-ipv4;
+  #   mac = config.repo.secrets.local.home-mac;
+  # };
 
   swarselsystems = {
     info = "ASRock J4105-ITX, 32GB RAM";
     flakePath = "/root/.dotfiles";
     isImpermanence = false;
-    isSecureBoot = true;
-    isCrypted = true;
+    isSecureBoot = false;
+    isCrypted = false;
     isBtrfs = false;
     isLinux = true;
     isNixos = true;
+    server.garage = {
+      data_dir = [
+        {
+          capacity = "200G";
+          path = "/Vault/data/garage/main";
+        }
+      ];
+    };
   };
 
 } // lib.optionalAttrs (!minimal) {
@@ -3595,6 +3847,7 @@ This is my main server that I run at home. It handles most tasks that require bi
   };
 
   swarselmodules.server = {
+    diskEncryption = lib.mkForce false;
     nfs = lib.mkDefault true;
     nginx = lib.mkDefault true;
     kavita = lib.mkDefault true;
@@ -3623,6 +3876,8 @@ This is my main server that I run at home. It handles most tasks that require bi
     ankisync = lib.mkDefault true;
     # snipeit = lib.mkDefault false;
     homebox = lib.mkDefault true;
+    opkssh = lib.mkDefault true;
+    garage = lib.mkDefault false;
   };
 
 }
@@ -3685,180 +3940,17 @@ This is my main server that I run at home. It handles most tasks that require bi
 
    
 
    
 
    
-
    
-
    3.1.2.4. machpizza (MacBook Pro)
    
-
    
-
    
-A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed).
-
    
-
+
    
+
    3.1.2.4. Summers (Server: ASUS Z10PA-D8)
    
+
    
+
    
+
    
+
    3.1.2.4.1. Main Configuration
    
+
    
 
    
-
    { lib, config, ... }:
-let
-  inherit (config.repo.secrets.local) workUser;
-in
+
    { inputs, lib, config, minimal, nodes, globals, ... }:
 {
 
-  # Auto upgrade nix package and the daemon service.
-  services.nix-daemon.enable = true;
-  services.karabiner-elements.enable = true;
-
-  home-manager.users.workUser.home = {
-    username = lib.mkForce workUser;
-    swarselsystems = {
-      isDarwin = true;
-      isLaptop = true;
-      isNixos = false;
-      isBtrfs = false;
-      mainUser = workUser;
-      homeDir = "/home/${workUser}";
-      flakePath = "/home/${workUser}/.dotfiles";
-    };
-  };
-}
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.5. Magicant (Phone)
    
-
    
-
    
-My phone. I use only a minimal config for remote debugging here.
-
    
-
-
    
-
    -{ pkgs, ... }: {
-  environment = {
-    packages = with pkgs; [
-      vim
-      git
-      openssh
-      # toybox
-      dig
-      man
-      gnupg
-      curl
-      deadnix
-      statix
-      nixpgks-fmt
-      nvd
-    ];
-
-    etcBackupExtension = ".bak";
-    extraOutputsToInstall = [
-      "doc"
-      "info"
-      "devdoc"
-    ];
-    motd = null;
-  };
-
-  android-integration = {
-    termux-open.enable = true;
-    xdg-open.enable = true;
-    termux-open-url.enable = true;
-    termux-reload-settings.enable = true;
-    termux-setup-storage.enable = true;
-  };
-
-  # Backup etc files instead of failing to activate generation if a file already exists in /etc
-
-  # Read the changelog before changing this value
-  system.stateVersion = "23.05";
-
-  # Set up nix for flakes
-  nix.extraOptions = ''
-    experimental-features = nix-command flakes
-  '';
-}
-
-
-
    
-
    
-
    
-
    
-
    
-
    3.1.2.6. Treehouse (DGX Spark)
    
-
    
-
    
-
    { self, outputs, ... }:
-{
-
-  imports = [
-    # inputs.sops-nix.homeManagerModules.sops
-    "${self}/modules/home"
-    "${self}/modules/nixos/common/pii.nix"
-    "${self}/modules/nixos/common/meta.nix"
-  ];
-
-  nixpkgs = {
-    overlays = [ outputs.overlays.default ];
-    config = {
-      allowUnfree = true;
-    };
-  };
-
-  services.xcape = {
-    enable = true;
-    mapExpression = {
-      Control_L = "Escape";
-    };
-  };
-
-  # programs.zsh.initContent = "
-  #   export GPG_TTY=\"$(tty)\"
-  # export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
-  # gpgconf --launch gpg-agent
-  #       ";
-
-  swarselsystems = {
-    isLaptop = false;
-    isNixos = false;
-    wallpaper = self + /files/wallpaper/surfacewp.png;
-  };
-
-  swarselprofiles = {
-    dgxspark = true;
-  };
-
-}
-
-
-
    
-
    
-
    
-
    
-
    
-
    
-
    3.1.3. Virtual hosts
    
-
    
-
    
-My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but was still functional. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished.
-
    
-
-
    
-I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI:
-
    
-
      
-
    • MilkyWell: cloud server used for very lightweight sync tasks of non-critical data
      • 
-
    • Moonside: Proxy server + some lightweight services
      • 
-
    
-
    
-
    
-
    3.1.3.1. MilkyWell (OCI)
    
-
    
-
    
-For this I use a free Ampere instance from OCI with 50G of space. In case my account gets terminated, all of this data is easily replaceable or backed up regularly anyways.
-
    
-
    
-
    
-
    3.1.3.1.1. Main configuration
    
-
    
-
    
-
    { lib, minimal, ... }:
-{
   imports = [
     ./hardware-configuration.nix
     ./disk-config.nix
@@ -3866,66 +3958,121 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc
 
   boot = {
     loader.systemd-boot.enable = true;
-    tmp.cleanOnBoot = true;
-  };
-
-  networking = {
-    nftables.enable = lib.mkForce false;
-    hostName = "milkywell";
-    enableIPv6 = true;
-    domain = "subnet03112148.vcn03112148.oraclevcn.com";
-  };
-
-  topology.self = {
-    icon = "devices.cloud-server";
-  };
-
-  hardware = {
-    enableAllFirmware = lib.mkForce false;
+    loader.efi.canTouchEfiVariables = true;
   };
 
   swarselsystems = {
-    info = "VM.Standard.E2.1.Micro";
+    info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
+    flakePath = "/root/.dotfiles";
     isImpermanence = true;
-    isSecureBoot = false;
+    isSecureBoot = true;
     isCrypted = true;
-    isSwap = true;
-    rootDisk = "/dev/sda";
-    swapSize = "4G";
     isBtrfs = true;
     isLinux = true;
     isNixos = true;
+    withMicroVMs = false;
   };
 
 } // lib.optionalAttrs (!minimal) {
+
   swarselprofiles = {
     server = true;
   };
 
-  swarselmodules.server = {
-    forgejo = lib.mkDefault false;
-    ankisync = lib.mkDefault false;
+  swarselmodules = {
+    optional = {
+      microvmHost = true;
+    };
+    server = {
+      diskEncryption = lib.mkForce false; # TODO: disable
+      nfs = false;
+      nginx = false;
+      kavita = false;
+      restic = false;
+      jellyfin = false;
+      navidrome = false;
+      spotifyd = false;
+      mpd = false;
+      postgresql = false;
+      matrix = false;
+      nextcloud = false;
+      immich = false;
+      paperless = false;
+      transmission = false;
+      syncthing = false;
+      grafana = false;
+      emacs = false;
+      freshrss = false;
+      jenkins = false;
+      kanidm = false;
+      firefly-iii = false;
+      koillection = false;
+      radicale = false;
+      atuin = false;
+      forgejo = false;
+      ankisync = false;
+      homebox = false;
+      opkssh = false;
+      garage = false;
+    };
   };
+
+  microvm.vms =
+    let
+      mkMicrovm = guestName: {
+        ${guestName} = {
+          backend = "microvm";
+          autostart = true;
+          modules = [
+            ./guests/${guestName}.nix
+            {
+              node.secretsDir = ./secrets/${guestName};
+            }
+          ];
+          microvm = {
+            system = "x86_64-linux";
+            # baseMac = config.repo.secrets.local.networking.interfaces.lan.mac;
+            # interfaces.vlan-services = { };
+          };
+          specialArgs = {
+            inherit (config) nodes globals;
+            inherit lib;
+            inherit inputs minimal;
+          };
+        };
+      };
+    in
+    lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
+      { }
+      // mkMicrovm "guest1"
+    );
+
 }
 
 
    
 
    
 
    
 
    
-
    
-
    3.1.3.1.2. hardware-configuration
    
-
    
+
    
+
    3.1.2.4.2. hardware-configuration
    
+
    
 
    
-
    { config, lib, modulesPath, ... }: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+
    { config, lib, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
   boot = {
-    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
+    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
     initrd.kernelModules = [ ];
-    kernelModules = [ "kvm-amd" ];
+    kernelModules = [ "kvm-intel" ];
     extraModulePackages = [ ];
+
+    supportedFilesystems = [ "zfs" ];
+    zfs.extraPools = [ "Vault" ];
   };
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@@ -3933,24 +4080,20 @@ For this I use a free Ampere instance from OCI with 50G of space. In case my acc
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
 
    
 
    
 
    
 
    
-
    
-
    3.1.3.1.3. disko
    
-
    
+
    
+
    3.1.2.4.3. disko
    
+
    
 
    
-
    # NOTE: ... is needed because dikso passes diskoFile
-{ lib
-, config
-, ...
-}:
+
    { lib, config, ... }:
 let
   type = "btrfs";
   extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
@@ -4022,7 +4165,7 @@ in
                 mountOptions = [ "defaults" ];
               };
             };
-            root = {
+            root = lib.mkIf (!config.swarselsystems.isCrypted) {
               size = "100%";
               content = {
                 inherit type subvolumes extraArgs;
@@ -4034,6 +4177,31 @@ in
                 '';
               };
             };
+            luks = lib.mkIf config.swarselsystems.isCrypted {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "cryptroot";
+                passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
+                settings = {
+                  allowDiscards = true;
+                  # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
+                };
+                content = {
+                  inherit type subvolumes extraArgs;
+                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                    MNTPOINT=$(mktemp -d)
+                    mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
+                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+                  '';
+                };
+              };
+            };
           };
         };
       };
@@ -4043,6 +4211,391 @@ in
   fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
   fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
 }
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.4.4. Guests
    
+
    
+
    
+
    
+3.1.2.4.4.1. Guest 1
+
    
+
    
+
    { lib, minimal, ... }:
+{
+
+  swarselsystems = {
+    info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
+  };
+
+} // lib.optionalAttrs (!minimal) {
+
+  swarselprofiles = {
+    server = false;
+  };
+
+  swarselmodules = {
+    optional = {
+      microvmGuest = false;
+    };
+  };
+
+  microvm = {
+    mem = 1024 * 4;
+    vcpu = 2;
+  };
+
+}
+
+
    
+
    
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.5. Hintbooth (Router: HUNSN RM02)
    
+
    
+
    
+
    
+
    3.1.2.5.1. Main Configuration
    
+
    
+
    
+
    { lib, minimal,  ... }:
+{
+
+  imports = [
+    ./hardware-configuration.nix
+    ./disk-config.nix
+  ];
+
+  swarselsystems = {
+    info = "HUNSN RM02, 8GB RAM";
+    flakePath = "/root/.dotfiles";
+    isImpermanence = true;
+    isSecureBoot = true;
+    isCrypted = true;
+    isBtrfs = true;
+    isLinux = true;
+    isNixos = true;
+    rootDisk = "/dev/sda";
+    swapSize = "8G";
+    networkKernelModules = [ "igb" ];
+  };
+
+} // lib.optionalAttrs (!minimal) {
+
+  swarselprofiles = {
+    server = true;
+    router = false;
+  };
+
+  swarselmodules = {
+    server = {
+      nginx = lib.mkForce false; # we get this from the server profile
+    };
+  };
+
+}
+
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.5.2. hardware-configuration
    
+
    
+
    
+
    { config, lib, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot = {
+    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.5.3. disko
    
+
    
+
    
+
    { lib, config, ... }:
+let
+  type = "btrfs";
+  extraArgs = [ "-L" "nixos" "-f" ]; # force overwrite
+  subvolumes = {
+    "/root" = {
+      mountpoint = "/";
+      mountOptions = [
+        "subvol=root"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/home" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/home";
+      mountOptions = [
+        "subvol=home"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/persist" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/persist";
+      mountOptions = [
+        "subvol=persist"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/log" = lib.mkIf config.swarselsystems.isImpermanence {
+      mountpoint = "/var/log";
+      mountOptions = [
+        "subvol=log"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/nix" = {
+      mountpoint = "/nix";
+      mountOptions = [
+        "subvol=nix"
+        "compress=zstd"
+        "noatime"
+      ];
+    };
+    "/swap" = lib.mkIf config.swarselsystems.isSwap {
+      mountpoint = "/.swapvol";
+      swap.swapfile.size = config.swarselsystems.swapSize;
+    };
+  };
+in
+{
+  disko.devices = {
+    disk = {
+      disk0 = {
+        type = "disk";
+        device = config.swarselsystems.rootDisk;
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              name = "ESP";
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "defaults" ];
+              };
+            };
+            root = lib.mkIf (!config.swarselsystems.isCrypted) {
+              size = "100%";
+              content = {
+                inherit type subvolumes extraArgs;
+                postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                  MNTPOINT=$(mktemp -d)
+                  mount "/dev/disk/by-label/nixos" "$MNTPOINT" -o subvolid=5
+                  trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                  btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+                '';
+              };
+            };
+            luks = lib.mkIf config.swarselsystems.isCrypted {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "cryptroot";
+                passwordFile = "/tmp/disko-password"; # this is populated by bootstrap.sh
+                settings = {
+                  allowDiscards = true;
+                  # https://github.com/hmajid2301/dotfiles/blob/a0b511c79b11d9b4afe2a5e2b7eedb2af23e288f/systems/x86_64-linux/framework/disks.nix#L36
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
+                };
+                content = {
+                  inherit type subvolumes extraArgs;
+                  postCreateHook = lib.mkIf config.swarselsystems.isImpermanence ''
+                    MNTPOINT=$(mktemp -d)
+                    mount "/dev/mapper/cryptroot" "$MNTPOINT" -o subvolid=5
+                    trap 'umount $MNTPOINT; rm -rf $MNTPOINT' EXIT
+                    btrfs subvolume snapshot -r $MNTPOINT/root $MNTPOINT/root-blank
+                  '';
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+  fileSystems."/home".neededForBoot = lib.mkIf config.swarselsystems.isImpermanence true;
+}
+
    
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.6. machpizza (MacBook Pro)
    
+
    
+
    
+A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations (the darwin configuration is severely under-developed).
+
    
+
+
    
+
    { lib, config, ... }:
+let
+  inherit (config.repo.secrets.local) workUser;
+in
+{
+
+  # Auto upgrade nix package and the daemon service.
+  services.nix-daemon.enable = true;
+  services.karabiner-elements.enable = true;
+
+  home-manager.users.workUser.home = {
+    username = lib.mkForce workUser;
+    swarselsystems = {
+      isDarwin = true;
+      isLaptop = true;
+      isNixos = false;
+      isBtrfs = false;
+      mainUser = workUser;
+      homeDir = "/home/${workUser}";
+      flakePath = "/home/${workUser}/.dotfiles";
+    };
+  };
+}
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.7. Magicant (Phone)
    
+
    
+
    
+My phone. I use only a minimal config for remote debugging here.
+
    
+
+
    
+
    +{ pkgs, ... }: {
+  environment = {
+    packages = with pkgs; [
+      vim
+      git
+      openssh
+      # toybox
+      dig
+      man
+      gnupg
+      curl
+      deadnix
+      statix
+      nixpgks-fmt
+      nvd
+    ];
+
+    etcBackupExtension = ".bak";
+    extraOutputsToInstall = [
+      "doc"
+      "info"
+      "devdoc"
+    ];
+    motd = null;
+  };
+
+  android-integration = {
+    termux-open.enable = true;
+    xdg-open.enable = true;
+    termux-open-url.enable = true;
+    termux-reload-settings.enable = true;
+    termux-setup-storage.enable = true;
+  };
+
+  # Backup etc files instead of failing to activate generation if a file already exists in /etc
+
+  # Read the changelog before changing this value
+  system.stateVersion = "23.05";
+
+  # Set up nix for flakes
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+}
+
+
+
    
+
    
+
    
+
    
+
    
+
    3.1.2.8. Treehouse (DGX Spark)
    
+
    
+
    
+
    { self, ... }:
+{
+
+  imports = [
+    # inputs.sops-nix.homeManagerModules.sops
+    "${self}/modules/home"
+    "${self}/modules/nixos/common/pii.nix"
+    "${self}/modules/nixos/common/meta.nix"
+  ];
+
+
+  services.xcape = {
+    enable = true;
+    mapExpression = {
+      Control_L = "Escape";
+    };
+  };
+
+  # programs.zsh.initContent = "
+  #   export GPG_TTY=\"$(tty)\"
+  # export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+  # gpgconf --launch gpg-agent
+  #       ";
+
+  swarselsystems = {
+    isLaptop = false;
+    isNixos = false;
+    wallpaper = self + /files/wallpaper/surfacewp.png;
+  };
+
+  swarselprofiles = {
+    dgxspark = true;
+  };
+
+}
 
 
 
    
@@ -4050,15 +4603,30 @@ in
 
    
 
    
 
    
+
    
+
    3.1.3. Virtual hosts
    
+
    
+
    
+My server setup was originally built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but was still functional. I was for a long time rewriting all machines on there to use NixOS instead; this process is now finished.
+
    
+
+
    
+I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI:
+
    
+
      
+
    • MilkyWell: cloud server used for very lightweight sync tasks of non-critical data
      • 
+
    • Moonside: Proxy server + some lightweight services
      • 
+
    
+
    
 
    
-
    3.1.3.2. Moonside (OCI)
    
+
    3.1.3.1. Moonside (OCI)
    
 
    
 
    
 This machine mainly acts as my proxy server to stand before my local machines.
 
    
 
    
 
    
-
    3.1.3.2.1. Main Configuration
    
+
    3.1.3.1.1. Main Configuration
    
 
    
 
    
 
    { lib, config, minimal, ... }:
@@ -4101,12 +4669,9 @@ in
   };
 
   networking = {
-    nftables.enable = lib.mkForce false;
-    hostName = "moonside";
-    enableIPv6 = false;
     domain = "subnet03291956.vcn03291956.oraclevcn.com";
     firewall = {
-      allowedTCPPorts = [ 80 443 8384 ];
+      allowedTCPPorts = [ 8384 ];
     };
     wireguard = {
       enable = true;
@@ -4195,7 +4760,7 @@ in
 
   swarselsystems = {
     flakePath = "/root/.dotfiles";
-    info = "VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM";
+    info = "VM.Standard.A1.Flex, 4 vCPUs, 24GB RAM";
     isImpermanence = true;
     isSecureBoot = false;
     isCrypted = false;
@@ -4215,12 +4780,13 @@ in
   };
 
   swarselmodules.server = {
-    oauth2-proxy = lib.mkDefault true;
-    croc = lib.mkDefault true;
-    microbin = lib.mkDefault true;
-    shlink = lib.mkDefault true;
-    slink = lib.mkDefault true;
-    syncthing = lib.mkDefault true;
+    oauth2-proxy = true;
+    croc = true;
+    microbin = true;
+    shlink = true;
+    slink = true;
+    syncthing = true;
+    diskEncryption = lib.mkForce false;
   };
 }
 
@@ -4229,7 +4795,7 @@ in
 
    
 
    
 
    
-
    3.1.3.2.2. hardware-configuration
    
+
    3.1.3.1.2. hardware-configuration
    
 
    
 
    
 
    { lib, modulesPath, ... }:
@@ -4252,7 +4818,7 @@ in
 
    
 
    
 
    
-
    3.1.3.2.3. disko
    
+
    3.1.3.1.3. disko
    
 
    
 
    
 
    # NOTE: ... is needed because dikso passes diskoFile
@@ -4418,6 +4984,13 @@ This is a slim setup for developing base configuration. I do not track the hardw
     minimal = lib.mkForce true;
   };
 
+  swarselmodules = {
+    server = {
+      network = lib.mkForce false;
+      diskEncryption = lib.mkForce false;
+    };
+  };
+
   swarselsystems = {
     info = "~SwarselSystems~ remote install helper";
     wallpaper = self + /files/wallpaper/lenovowp.png;
@@ -4600,36 +5173,32 @@ TODO: cleanup this mess
 
    { self, config, pkgs, lib, ... }:
 let
   pubKeys = lib.filesystem.listFilesRecursive "${self}/secrets/keys/ssh";
+  stateVersion = lib.mkDefault "23.05";
+      homeFiles = {
+        ".bash_history" = {
+          text = ''
+            swarsel-install -n hotel
+          '';
+        };
+      };
 in
 {
 
   config = {
     home-manager.users.root.home = {
-      stateVersion = "23.05";
-      file = {
-        ".bash_history" = {
-          text = ''
-            swarsel-install -n chaostheatre
-          '';
-        };
-      };
+      inherit stateVersion;
+      file = homeFiles;
     };
     home-manager.users.swarsel = {
       home = {
         username = "swarsel";
         homeDirectory = lib.mkDefault "/home/swarsel";
-        stateVersion = lib.mkDefault "23.05";
+        inherit stateVersion;
         keyboard.layout = "us";
         sessionVariables = {
           FLAKE = "/home/swarsel/.dotfiles";
         };
-        file = {
-          ".bash_history" = {
-            text = ''
-              swarsel-install -n chaostheatre
-            '';
-          };
-        };
+        file = homeFiles;
       };
     };
 
@@ -4647,10 +5216,6 @@ in
     nix = {
       channel.enable = false;
       package = pkgs.nixVersions.nix_2_28;
-      # extraOptions = ''
-      #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
-      #   extra-builtins-file = ${../nix/extra-builtins.nix}
-      # '';
       extraOptions = ''
         plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
           buildInputs = [config.nix.package pkgs.boost];
@@ -4702,6 +5267,7 @@ in
     environment.etc."issue".text = ''
       ~SwarselSystems~
       IP of primary interface: \4
+      These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0}
       The Password for all users & root is 'setup'.
       Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
       Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
@@ -4712,6 +5278,7 @@ in
       wireless.enable = false;
       # dhcpcd.runHook = "${pkgs.utillinux}/bin/agetty --reload";
       networkmanager.enable = true;
+      usePredictableInterfaceNames = false;
     };
 
     services.getty.autologinUser = lib.mkForce "root";
@@ -4738,6 +5305,8 @@ in
 
     programs.bash.shellAliases = {
       "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --";
+      "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'";
+      "swarsel-kernel-module" = "lspci -k -d";
     };
 
     system.activationScripts.cache = {
@@ -4771,7 +5340,7 @@ in
 
    
 
    
 
    
-
    3.1.4.3. ChaosTheatre (Demo Physical/VM)
    
+
    3.1.4.3. Hotel (Demo Physical/VM)
    
 
    
 
    
 This is just a demo host. It applies all the configuration found in the common parts of the flake, but disables all secrets-related features (as they would not work without the proper SSH keys).
@@ -4812,10 +5381,17 @@ in
   };
 
   networking = {
-    hostName = "chaostheatre";
+    hostName = "hotel";
     firewall.enable = true;
   };
 
+  swarselmodules = {
+    server = {
+      network = lib.mkForce false;
+      diskEncryption = lib.mkForce false;
+    };
+  };
+
   swarselsystems = {
     info = "~SwarselSystems~ demo host";
     wallpaper = self + /files/wallpaper/lenovowp.png;
@@ -4834,7 +5410,7 @@ in
 
 } // lib.optionalAttrs (!minimal) {
   swarselprofiles = {
-    chaostheatre = true;
+    hotel = true;
     minimal = true;
   };
 }
@@ -5135,6 +5711,91 @@ let
     mkOption
     types
     ;
+
+  networkOptions = netSubmod: {
+    cidrv4 = mkOption {
+      type = types.nullOr types.net.cidrv4;
+      description = "The CIDRv4 of this network";
+      default = null;
+    };
+
+    subnetMask4 = mkOption {
+      type = types.nullOr types.net.ipv4;
+      description = "The dotted decimal form of the subnet mask of this network";
+      readOnly = true;
+      default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4;
+    };
+
+    cidrv6 = mkOption {
+      type = types.nullOr types.net.cidrv6;
+      description = "The CIDRv6 of this network";
+      default = null;
+    };
+
+    hosts = mkOption {
+      default = { };
+      type = types.attrsOf (
+        types.submodule (hostSubmod: {
+          options = {
+            id = mkOption {
+              type = types.int;
+              description = "The id of this host in the network";
+            };
+
+            mac = mkOption {
+              type = types.nullOr types.net.mac;
+              description = "The MAC of the interface on this host that belongs to this network.";
+              default = null;
+            };
+
+            ipv4 = mkOption {
+              type = types.nullOr types.net.ipv4;
+              description = "The IPv4 of this host in this network";
+              readOnly = true;
+              default =
+                if netSubmod.config.cidrv4 == null then
+                  null
+                else
+                  lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv4;
+            };
+
+            ipv6 = mkOption {
+              type = types.nullOr types.net.ipv6;
+              description = "The IPv6 of this host in this network";
+              readOnly = true;
+              default =
+                if netSubmod.config.cidrv6 == null then
+                  null
+                else
+                  lib.net.cidr.host hostSubmod.config.id netSubmod.config.cidrv6;
+            };
+
+            cidrv4 = mkOption {
+              type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part
+              description = "The IPv4 of this host in this network, including CIDR mask";
+              readOnly = true;
+              default =
+                if netSubmod.config.cidrv4 == null then
+                  null
+                else
+                  lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv4;
+            };
+
+            cidrv6 = mkOption {
+              type = types.nullOr types.str; # FIXME: this is not types.net.cidr because it would zero out the host part
+              description = "The IPv6 of this host in this network, including CIDR mask";
+              readOnly = true;
+              default =
+                if netSubmod.config.cidrv6 == null then
+                  null
+                else
+                  lib.net.cidr.hostCidr hostSubmod.config.id netSubmod.config.cidrv6;
+            };
+          };
+        })
+      );
+    };
+  };
 in
 {
   options = {
@@ -5170,12 +5831,44 @@ in
             );
           };
 
+          networks = mkOption {
+            default = { };
+            type = types.attrsOf (
+              types.submodule (netSubmod: {
+                options = networkOptions netSubmod // {
+                  vlans = mkOption {
+                    default = { };
+                    type = types.attrsOf (
+                      types.submodule (vlanNetSubmod: {
+                        options = networkOptions vlanNetSubmod // {
+                          id = mkOption {
+                            type = types.ints.between 1 4094;
+                            description = "The VLAN id";
+                          };
+
+                          name = mkOption {
+                            description = "The name of this VLAN";
+                            default = vlanNetSubmod.config._module.args.name;
+                            type = types.str;
+                          };
+                        };
+                      })
+                    );
+                  };
+                };
+              })
+            );
+          };
+
           hosts = mkOption {
             type = types.attrsOf (
               types.submodule {
                 options = {
-                  ipv4 = mkOption {
-                    type = types.str;
+                  defaultGateway4 = mkOption {
+                    type = types.nullOr types.net.ipv4;
+                  };
+                  defaultGateway6 = mkOption {
+                    type = types.nullOr types.net.ipv6;
                   };
                 };
               }
@@ -5231,11 +5924,13 @@ in
 
    3.2.1.5. Expose home-manager sops secrets in NixOS (automatically active)
    
 
    
 
    
-
    { lib, config, globals, ... }:
+
    { self, lib, config, globals, ... }:
 let
   inherit (config.swarselsystems) mainUser homeDir;
   inherit (config.repo.secrets.common.emacs) radicaleUser;
   modules = config.home-manager.users.${mainUser}.swarselmodules;
+
+  certsSopsFile = self + /secrets/certs/secrets.yaml;
 in
 {
   config = lib.mkIf config.swarselsystems.withHomeManager {
@@ -5255,6 +5950,8 @@ in
         github-nixpkgs-review-token = { owner = mainUser; };
       }) // (lib.optionalAttrs modules.emacs {
         emacs-radicale-pw = { owner = mainUser; };
+      }) // (lib.optionalAttrs modules.optional.work {
+        harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
       }) // (lib.optionalAttrs modules.anki {
         anki-user = { owner = mainUser; };
         anki-pw = { owner = mainUser; };
@@ -5448,7 +6145,19 @@ in
         system.stateVersion = lib.mkDefault "23.05";
 
         nixpkgs = {
-          overlays = [ outputs.overlays.default ];
+          overlays = [
+            outputs.overlays.default
+            (final: prev:
+              let
+                additions = final: _: import "${self}/pkgs/config" {
+                  inherit self config lib;
+                  pkgs = final;
+                  homeConfig = config.home-manager.users.${config.swarselsystems.mainUser};
+                };
+              in
+              additions final prev
+            )
+          ];
           config = {
             allowUnfree = true;
           };
@@ -5469,7 +6178,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
 
    
 
 
    
-
    { self, inputs, config, lib, outputs, globals, nodes, minimal, configName, ... }:
+
    { self, inputs, config, lib, homeLib, outputs, globals, nodes, minimal, configName, ... }:
 {
   options.swarselmodules.home-manager = lib.mkEnableOption "home-manager";
   config = lib.mkIf config.swarselmodules.home-manager {
@@ -5478,6 +6187,7 @@ We enable the use of home-manager as a NixoS module. A nice trick h
       useUserPackages = true;
       verbose = true;
       backupFileExtension = "hm-bak";
+      overwriteBackup = true;
       users.${config.swarselsystems.mainUser}.imports = [
         inputs.nix-index-database.homeModules.nix-index
         inputs.sops-nix.homeManagerModules.sops
@@ -5500,7 +6210,11 @@ We enable the use of home-manager as a NixoS module. A nice trick h
           home.stateVersion = lib.mkDefault config.system.stateVersion;
         }
       ];
-      extraSpecialArgs = { inherit (inputs) self nixgl; inherit inputs outputs globals nodes minimal configName; };
+      extraSpecialArgs = {
+        inherit (inputs) self nixgl;
+        inherit inputs outputs globals nodes minimal configName;
+        lib = homeLib;
+      };
     };
   };
 }
@@ -5623,7 +6337,7 @@ This is also exposed to home-manager configurations, in case this ever breaks, I
 
 
    
 
    # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
-{ config, inputs, lib, minimal, ... }:
+{ config, inputs, lib, ... }:
 let
   # If the given expression is a bare set, it will be wrapped in a function,
   # so that the imported file can always be applied to the inputs, similar to
@@ -5689,7 +6403,7 @@ in
       let
         local = config.node.secretsDir + "/pii.nix.enc";
       in
-      (lib.optionalAttrs (lib.pathExists local && !minimal) { inherit local; }) // lib.optionalAttrs (!minimal) {
+      (lib.optionalAttrs (lib.pathExists local) { inherit local; }) // lib.optionalAttrs true {
         common = ../../../secrets/repo/pii.nix.enc;
       };
   };
@@ -6661,12 +7375,15 @@ Here I disable global completion to prevent redundant compinit calls and cache i
 let
   inherit (config.swarselsystems) mainUser homeDir;
   devices = config.swarselsystems.syncthing.syncDevices;
+  servicePort = 8384;
 in
 {
   options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config";
   config = lib.mkIf config.swarselmodules.syncthing {
     services.syncthing = {
       enable = true;
+      systemService = true;
+      guiAddress = "127.0.0.1:${builtins.toString servicePort}";
       package = pkgs.syncthing;
       user = mainUser;
       dataDir = homeDir;
@@ -7567,12 +8284,16 @@ in
       xwayland-satellite-unstable
     ];
 
-    niri-flake.cache.enable = true;
 
     programs.niri = {
       enable = true;
       package = pkgs.niri-unstable; # the actual niri that will be installed and used
     };
+  } // {
+    niri-flake.cache.enable = true;
+    programs.niri = {
+      package = null;
+    };
   };
 }
 
    
@@ -7640,6 +8361,7 @@ in
     environment.shellAliases = lib.recursiveUpdate
       {
         nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
+        ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
         nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
         ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
       }
@@ -7761,9 +8483,60 @@ let
   inherit (config.repo.secrets.common) dnsProvider;
   inherit (config.repo.secrets.common.mail) address3;
 
+  serviceUser = "nginx";
+  serviceGroup = serviceUser;
+
+  sslBasePath = "/etc/ssl";
+  dhParamsPathBase = "${sslBasePath}/dhparams.pem";
+  dhParamsPath =
+    if config.swarselsystems.isImpermanence then
+      "/persist/${dhParamsPathBase}"
+    else
+      "${dhParamsPathBase}";
 in
 {
   options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server";
+  options.services.nginx = {
+    recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block.";
+    virtualHosts = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule {
+          options.locations = lib.mkOption {
+            type = lib.types.attrsOf (
+              lib.types.submodule (submod: {
+                options = {
+                  recommendedSecurityHeaders = lib.mkOption {
+                    type = lib.types.bool;
+                    default = config.services.nginx.recommendedSecurityHeaders;
+                    description = "Whether to add additional security headers to this location.";
+                  };
+
+                  X-Frame-Options = lib.mkOption {
+                    type = lib.types.str;
+                    default = "DENY";
+                    description = "The value to use for X-Frame-Options";
+                  };
+                };
+                config = lib.mkIf submod.config.recommendedSecurityHeaders {
+                  extraConfig = lib.mkBefore ''
+                    # Enable HTTP Strict Transport Security (HSTS)
+                    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+
+                    # Minimize information leaked to other domains
+                    add_header Referrer-Policy "origin-when-cross-origin";
+
+                    add_header X-XSS-Protection "1; mode=block";
+                    add_header X-Frame-Options "${submod.config.X-Frame-Options}";
+                    add_header X-Content-Type-Options "nosniff";
+                  '';
+                };
+              })
+            );
+          };
+        }
+      );
+    };
+  };
   config = lib.mkIf config.swarselmodules.server.nginx {
     environment.systemPackages = with pkgs; [
       lego
@@ -7776,24 +8549,68 @@ in
       '';
     };
 
+    users.groups.acme.members = [ "nginx" ];
+
     security.acme = {
       acceptTerms = true;
       defaults = {
         inherit dnsProvider;
         email = address3;
         environmentFile = "${config.sops.templates."certs.secret".path}";
+        reloadServices = [ "nginx" ];
+        dnsPropagationCheck = true;
       };
     };
 
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
+      files = [ dhParamsPathBase ];
+    };
+
     services.nginx = {
       enable = true;
+      user = serviceUser;
+      group = serviceGroup;
       statusPage = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
       recommendedOptimisation = true;
       recommendedGzipSettings = true;
-      # virtualHosts are defined in the respective sections
+      recommendedBrotliSettings = true;
+      recommendedSecurityHeaders = true;
+      sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL";
+      sslDhparam = dhParamsPathBase;
+      virtualHosts.fallback = {
+        default = true;
+        rejectSSL = true;
+        locations."/".extraConfig = ''
+          deny all;
+        '';
+      };
     };
+    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
+      deps = [ "generateDHParams" "users" "groups" ];
+    };
+    system.activationScripts."generateDHParams" =
+      {
+        text = ''
+          set -eu
+
+          ${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}
+          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
+
+          if [ ! -f "${dhParamsPathBase}" ]; then
+            ${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
+            chmod 0644 ${dhParamsPath}
+            chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
+          fi
+        '';
+        deps = [
+          "etc"
+          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
+        ];
+      };
   };
 }
 
    
@@ -7844,8 +8661,374 @@ Here I am forcing startWhenNeeded to false so that the value will n
 
    
 
    
 
    
+
    
+
    3.2.3.7. Network settings
    
+
    
+
    
+
    { lib, config, ... }:
+{
+  options.swarselmodules.server.network = lib.mkEnableOption "enable server network config";
+  config = lib.mkIf config.swarselmodules.server.network {
+
+    globals.networks.home.hosts.${config.node.name} = {
+      inherit (config.repo.secrets.local.networking.networks.home) id;
+      mac = config.repo.secrets.local.networking.networks.home.mac or null;
+    };
+
+    globals.hosts.${config.node.name} = {
+      inherit (config.repo.secrets.local.networking) defaultGateway4;
+    };
+
+    networking = {
+      inherit (config.repo.secrets.local.networking) hostId;
+      hostName = config.node.name;
+      nftables.enable = lib.mkDefault false;
+      enableIPv6 = lib.mkDefault true;
+      firewall = {
+        enable = lib.mkDefault true;
+      };
+    };
+
+  };
+}
+
    
+
    
+
    
+
    
+
    
+
    3.2.3.8. Disk encryption
    
+
    
+
    
+The hostkey can be generated with ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key.
+Use lspci -v | grep -iA8 'network\|ethernet' to supposedly find out which kernel module is needed for networking in initrd. However I prefer a different approach:
+
    
+
+
    
+Use lspci -nn | grep -i network to find out manufacturer info:
+
    
+
+
    
+
    lspci -nn | grep -i 'network\|ethernet'
+
    
+
    
+
+
+
+
+++
++
++
++
++
++
++
++
++
++
++
++
++
++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    















    04:00.0Networkcontroller[0280]:MEDIATEKCorp.MT7922802.11axPCIExpressWirelessNetworkAdapter[14c3:0616]
    6a:00.0Ethernetcontroller[0200]:IntelCorporationI210GigabitNetworkConnection[8086:1533](rev03) 
    
+
+
    
+From the last bracket you then find out the correct kernel module:
+
    
+
+
    
+
    lspci -k -d 14c3:0616
+
    
+
    
+
+
+
+
+++
++
++
++
++
++
++
++
++
++
++
++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    













    04:00.0Networkcontroller:MEDIATEKCorp.MT7922802.11axPCIExpressWirelessNetworkAdapter
     Subsystem:MEDIATEKCorp.Devicee616      
     Kerneldriverinuse:mt7921e      
     Kernelmodules:mt7921e        
    
+
+
    
+
    { self, pkgs, lib, config, globals, minimal, ... }:
+let
+  localIp = globals.networks.home.hosts.${config.node.name}.ipv4;
+  subnetMask = globals.networks.home.subnetMask4;
+  gatewayIp = globals.hosts.${config.node.name}.defaultGateway4;
+
+  hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key";
+in
+{
+  options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config";
+  options.swarselsystems.networkKernelModules = lib.mkOption {
+    type = lib.types.listOf lib.types.str;
+    default = [ ];
+  };
+  config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) {
+
+    system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) {
+      text = ''
+        [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath}
+      '';
+      deps = [ "users" ];
+    };
+
+    environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) {
+      files = [ hostKeyPath ];
+    };
+
+    boot = lib.mkIf (config.swarselprofiles.server || minimal) {
+      kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [
+        "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none"
+      ];
+      initrd = {
+        availableKernelModules = config.swarselsystems.networkKernelModules;
+        network = {
+          enable = true;
+          udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true;
+          flushBeforeStage2 = true;
+          ssh = {
+            enable = true;
+            port = 2222; # avoid hostkey changed nag
+            authorizedKeyFiles = [
+              (self + /secrets/keys/ssh/yubikey.pub)
+              (self + /secrets/keys/ssh/magicant.pub)
+            ];
+            hostKeys = [ hostKeyPath ];
+          };
+          # postCommands = ''
+          #   echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+          # '';
+        };
+        systemd = {
+          initrdBin = with pkgs; [
+            cryptsetup
+          ];
+          services = {
+            unlock-luks = {
+              wantedBy = [ "initrd.target" ];
+              after = [ "network.target" ];
+              before = [ "systemd-cryptsetup@cryptroot.service" ];
+              path = [ "/bin" ];
+
+              serviceConfig = {
+                Type = "oneshot";
+                RemainAfterExit = true;
+              };
+
+              script = ''
+                echo "systemctl default" >> /root/.profile
+              '';
+            };
+          };
+        };
+      };
+    };
+  };
+
+}
+
    
+
    
+
    
+
    
+
    
+
    3.2.3.9. Router
    
+
    
+
    
+
    { lib, config, ... }:
+let
+  serviceName = "router";
+in
+{
+  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+
+    systemd.network = {
+      wait-online.anyInterface = true;
+      networks = {
+        "30-lan0" = {
+          matchConfig.Name = "lan0";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "30-lan1" = {
+          matchConfig.Name = "lan1";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "30-lan2" = {
+          matchConfig.Name = "lan2";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "30-lan3" = {
+          matchConfig.Name = "lan3";
+          linkConfig.RequiredForOnline = "enslaved";
+          networkConfig = {
+            ConfigureWithoutCarrier = true;
+          };
+        };
+        "10-wan" = {
+          matchConfig.Name = "wan";
+          networkConfig = {
+            # start a DHCP Client for IPv4 Addressing/Routing
+            DHCP = "ipv4";
+            DNSOverTLS = true;
+            DNSSEC = true;
+            IPv6PrivacyExtensions = false;
+            IPForward = true;
+          };
+          # make routing on this interface a dependency for network-online.target
+          linkConfig.RequiredForOnline = "routable";
+    };
+  };
+};
+  };
+}
+
    
+
    
+
    
+
    
 
    
-
    3.2.3.7. kavita
    
+
    3.2.3.10. kavita
    
 
    
 
    
 
    { self, lib, config, pkgs, globals, ... }:
@@ -7856,7 +9039,7 @@ let
   serviceName = "kavita";
   serviceUser = "kavita";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -7919,7 +9102,7 @@ in
 
    
 
    
 
    
-
    3.2.3.8. jellyfin
    
+
    3.2.3.11. jellyfin
    
 
    
 
    
 
    { pkgs, lib, config, globals, ... }:
@@ -7928,7 +9111,7 @@ let
   serviceName = "jellyfin";
   serviceUser = "jellyfin";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -7990,7 +9173,7 @@ in
 
    
 
    
 
    
-
    3.2.3.9. navidrome
    
+
    3.2.3.12. navidrome
    
 
    
 
    
 
    { pkgs, config, lib, globals, ... }:
@@ -8000,7 +9183,7 @@ let
   serviceUser = "navidrome";
   serviceGroup = serviceUser;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -8036,6 +9219,27 @@ in
 
     globals.services.${serviceName}.domain = serviceDomain;
 
+    services.snapserver = {
+      enable = true;
+      settings = {
+        stream = {
+          port = 1704;
+          source = "pipe:///tmp/snapfifo?name=default";
+          bind_to_address = "0.0.0.0";
+        };
+      };
+    };
+
+    systemd.services = {
+      ${serviceName}.serviceConfig = {
+        PrivateDevices = lib.mkForce false;
+        PrivateUsers = lib.mkForce false;
+        RestrictRealtime = lib.mkForce false;
+        SystemCallFilter = lib.mkForce null;
+        RootDirectory = lib.mkForce null;
+      };
+    };
+
     services.${serviceName} = {
       enable = true;
       openFirewall = true;
@@ -8050,8 +9254,9 @@ in
         EnableTranscodingConfig = true;
         Scanner.GroupAlbumReleases = true;
         ScanSchedule = "@every 24h";
-        MPVPath = "${pkgs.mpv}/bin/mpv";
-        MPVCommandTemplate = "mpv --audio-device=%d --no-audio-display --pause %f";
+        # MPVPath = "";
+        # MPVCommandTemplate = "${pkgs.mpv}/bin/mpv --audio-device=%d --input-ipc-server=%s --no-audio-display --log-file=/tmp/mpv.log --pause %f";
+        # MPVCmdTemplate = "${pkgs.mpv}/bin/mpv --no-audio-display --pause %f --input-ipc-server=%s --audio-channels=stereo --audio-samplerate=48000 --audio-format=s16 --ao=pcm --ao-pcm-file=/tmp/snapfifo --log-file=/tmp/mpv.log";
         ReverseProxyWhitelist = "0.0.0.0/0";
         ReverseProxyUserHeader = "X-User";
         Jukebox = {
@@ -8135,7 +9340,7 @@ in
 
    
 
    
 
    
-
    3.2.3.10. spotifyd
    
+
    3.2.3.13. spotifyd
    
 
    
 
    
 
    { lib, config, ... }:
@@ -8194,7 +9399,7 @@ in
 
    
 
    
 
    
-
    3.2.3.11. mpd
    
+
    3.2.3.14. mpd
    
 
    
 
    
 
    { self, lib, config, pkgs, ... }:
@@ -8268,7 +9473,7 @@ in
 
    
 
    
 
    
-
    3.2.3.12. pipewire
    
+
    3.2.3.15. pipewire
    
 
    
 
    
 
    { lib, config, ... }:
@@ -8296,7 +9501,7 @@ in
 
    
 
    
 
    
-
    3.2.3.13. postgresql
    
+
    3.2.3.16. postgresql
    
 
    
 
    
 
    { config, lib, pkgs, ... }:
@@ -8321,7 +9526,7 @@ in
 
    
 
    
 
    
-
    3.2.3.14. matrix
    
+
    3.2.3.17. matrix
    
 
    
 
    
 
    { lib, config, pkgs, globals, ... }:
@@ -8332,7 +9537,7 @@ let
   serviceName = "matrix";
   serviceDomain = config.repo.secrets.common.services.domains.matrix;
   serviceUser = "matrix-synapse";
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   federationPort = 8448;
   whatsappPort = 29318;
@@ -8677,7 +9882,7 @@ in
 
    
 
    
 
    
-
    3.2.3.15. nextcloud
    
+
    3.2.3.18. nextcloud
    
 
    
 
    
 
    { pkgs, lib, config, globals, ... }:
@@ -8690,7 +9895,9 @@ let
   serviceGroup = serviceUser;
   serviceName = "nextcloud";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
+  nextcloudVersion = "32";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -8711,7 +9918,7 @@ in
           trusted_proxies = [ "0.0.0.0" ];
           overwriteprotocol = "https";
         };
-        package = pkgs.nextcloud31;
+        package = pkgs."nextcloud${nextcloudVersion}";
         hostName = serviceDomain;
         home = "/Vault/data/${serviceName}";
         datadir = "/Vault/data/${serviceName}";
@@ -8719,7 +9926,7 @@ in
         configureRedis = true;
         maxUploadSize = "4G";
         extraApps = {
-          inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin;
+          inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin;
         };
         extraAppsEnable = true;
         config = {
@@ -8761,7 +9968,7 @@ in
 
    
 
    
 
    
-
    3.2.3.16. immich
    
+
    3.2.3.19. immich
    
 
    
 
    
 
    { lib, pkgs, config, globals, ... }:
@@ -8770,7 +9977,7 @@ let
   serviceUser = "immich";
   serviceName = "immich";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -8839,7 +10046,7 @@ in
 
    
 
    
 
    
-
    3.2.3.17. paperless (tika, gotenberg)
    
+
    3.2.3.20. paperless (tika, gotenberg)
    
 
    
 
    
 This is my personal document management system. It automatically pulls documents from several sources, the only manual step for physical documents is to put them in my scanner and use email delivery.
@@ -8859,7 +10066,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "paperless";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   tikaPort = 9998;
   gotenbergPort = 3002;
@@ -8986,7 +10193,7 @@ in
 
    
 
    
 
    
-
    3.2.3.18. transmission
    
+
    3.2.3.21. transmission
    
 
    
 
    
 
    { self, pkgs, lib, config, ... }:
@@ -9175,7 +10382,7 @@ in
 
    
 
    
 
    
-
    3.2.3.19. syncthing
    
+
    3.2.3.22. syncthing
    
 
    
 
    
 
    { lib, config, configName, globals, ... }:
@@ -9187,7 +10394,7 @@ let
   serviceUser = "syncthing";
   serviceGroup = serviceUser;
   serviceName = "syncthing";
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
   specificServiceName = "syncthing-${configName}";
 
   cfg = config.services.${serviceName};
@@ -9328,7 +10535,7 @@ in
 
    
 
    
 
    
-
    3.2.3.20. restic
    
+
    3.2.3.23. restic
    
 
    
 
    
 This manages backups for my pictures and obsidian files.
@@ -9403,7 +10610,7 @@ in
 
    
 
    
 
    
-
    3.2.3.21. monitoring (Grafana, Prometheus)
    
+
    3.2.3.24. monitoring (Grafana, Prometheus)
    
 
    
 
    
 This section exposes several metrics that I use to check the health of my server. I need to expand on the exporters section at some point, but for now I have everything I need.
@@ -9417,7 +10624,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "grafana";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   prometheusPort = 9090;
   prometheusUser = "prometheus";
@@ -9661,7 +10868,7 @@ in
 
    
 
    
 
    
-
    3.2.3.22. Jenkins
    
+
    3.2.3.25. Jenkins
    
 
    
 
    
 This is a WIP Jenkins instance. It is used to automatically build a new system when pushes to the main repository are detected. I have turned this service off for now however, as I actually prefer to start my builds manually.
@@ -9673,7 +10880,7 @@ let
   servicePort = 8088;
   serviceName = "jenkins";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -9720,7 +10927,7 @@ in
 
    
 
    
 
    
-
    3.2.3.23. Emacs elfeed (RSS Server)
    
+
    3.2.3.26. Emacs elfeed (RSS Server)
    
 
    
 
    
 This was an approach of hosting an RSS server from within emacs. That would have been useful as it would have allowed me to allow my feeds from any device. However, it proved impossible to do bidirectional syncing, so I abandoned this configuration in favor of FreshRSS.
@@ -9752,7 +10959,7 @@ in
 
    
 
    
 
    
-
    3.2.3.24. FreshRSS
    
+
    3.2.3.27. FreshRSS
    
 
    
 
    
 FreshRSS is a more 'classical' RSS aggregator that I can just host as a distinct service. This also has its upsides because I jave more control over the state this way.
@@ -9778,7 +10985,7 @@ let
   serviceUser = "freshrss";
   serviceGroup = serviceName;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   inherit (config.swarselsystems) sopsFile;
 in
@@ -9882,7 +11089,7 @@ in
 
    
 
    
 
    
-
    3.2.3.25. forgejo (git server)
    
+
    3.2.3.28. forgejo (git server)
    
 
    
 
    
 
    { lib, config, pkgs, globals, ... }:
@@ -9894,7 +11101,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "forgejo";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   kanidmDomain = globals.services.kanidm.domain;
 in
@@ -10048,7 +11255,7 @@ in
 
    
 
    
 
    
-
    3.2.3.26. Anki Sync Server
    
+
    3.2.3.29. Anki Sync Server
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -10058,7 +11265,7 @@ let
   servicePort = 27701;
   serviceName = "ankisync";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   ankiUser = globals.user.name;
 in
@@ -10123,7 +11330,7 @@ in
 
    
 
    
 
    
-
    3.2.3.27. kanidm
    
+
    3.2.3.30. kanidm
    
 
    
 
    
 The forgejo configuration is a little broken and will show a 500 error when signing in through kanidm. However, when pressing back and refreshing the page, I am logged in. Currently I cannot be bothered to fix this.
@@ -10149,7 +11356,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "kanidm";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
   immichDomain = globals.services.immich.domain;
@@ -10161,8 +11368,18 @@ let
   certBase = "/etc/ssl";
   certsDir = "${certBase}/certs";
   privateDir = "${certBase}/private";
-  certPath = "${certsDir}/${serviceName}.crt";
-  keyPath = "${privateDir}/${serviceName}.key";
+  certPathBase = "${certsDir}/${serviceName}.crt";
+  certPath =
+    if config.swarselsystems.isImpermanence then
+      "/persist${certPathBase}"
+    else
+      "${certPathBase}";
+  keyPathBase = "${privateDir}/${serviceName}.key";
+  keyPath =
+    if config.swarselsystems.isImpermanence then
+      "/persist${keyPathBase}"
+    else
+      "${keyPathBase}";
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -10195,6 +11412,16 @@ in
 
     globals.services.${serviceName}.domain = serviceDomain;
 
+    environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
+      files = [
+        certPathBase
+        keyPathBase
+      ];
+    };
+
+    system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
+      deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
+    };
     system.activationScripts."generateSSLCert-${serviceName}" =
       let
         daysValid = 3650;
@@ -10205,13 +11432,15 @@ in
           set -eu
 
           ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
+          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
           ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir}
+          ${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
 
           need_gen=0
-          if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then
+          if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
             need_gen=1
           else
-            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)"
+            enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
             end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
             now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
             seconds_left=$(( end_epoch - now_epoch ))
@@ -10233,7 +11462,10 @@ in
             chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
           fi
         '';
-        deps = [ "etc" ];
+        deps = [
+          "etc"
+          (lib.mkIf config.swarselsystems.isImpermanence "specialfs")
+        ];
       };
 
     services = {
@@ -10244,9 +11476,9 @@ in
           domain = serviceDomain;
           origin = "https://${serviceDomain}";
           # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
-          tls_chain = certPath;
+          tls_chain = certPathBase;
           # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
-          tls_key = keyPath;
+          tls_key = keyPathBase;
           bindaddress = "0.0.0.0:${toString servicePort}";
           trust_x_forward_for = true;
         };
@@ -10276,6 +11508,7 @@ in
             "firefly.access" = { };
             "radicale.access" = { };
             "slink.access" = { };
+            "opkssh.access" = { };
           };
 
           inherit (config.repo.secrets.local) persons;
@@ -10370,6 +11603,23 @@ in
                   };
                 };
               };
+              opkssh = {
+                displayName = "OPKSSH";
+                originUrl = [
+                  "http://localhost:3000"
+                  "http://localhost:3000/login-callback"
+                  "http://localhost:10001/login-callback"
+                  "http://localhost:11110/login-callback"
+                ];
+                originLanding = "http://localhost:3000";
+                public = true;
+                enableLocalhostRedirects = true;
+                scopeMaps."opkssh.access" = [
+                  "openid"
+                  "email"
+                  "profile"
+                ];
+              };
               oauth2-proxy = {
                 displayName = "Oauth2-Proxy";
                 originUrl = "https://${oauth2ProxyDomain}/oauth2/callback";
@@ -10455,7 +11705,7 @@ in
 
    
 
    
 
    
-
    3.2.3.28. oauth2-proxy
    
+
    3.2.3.31. oauth2-proxy
    
 
    
 
    
 
    { lib, config, globals, ... }:
@@ -10687,7 +11937,7 @@ in
 
    
 
    
 
    
-
    3.2.3.29. Firefly-III
    
+
    3.2.3.32. Firefly-III
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -10697,7 +11947,7 @@ let
   serviceGroup = serviceUser;
   serviceName = "firefly-iii";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   nginxGroup = "nginx";
 
@@ -10807,7 +12057,7 @@ in
 
    
 
    
 
    
-
    3.2.3.30. Koillection
    
+
    3.2.3.33. Koillection
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -10818,7 +12068,7 @@ let
   servicePort = 2282;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
   serviceDir = "/Vault/data/koillection";
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
   postgresPort = config.services.postgresql.settings.port; # 5432
@@ -10949,7 +12199,7 @@ in
 
    
 
    
 
    
-
    3.2.3.31. Atuin
    
+
    3.2.3.34. Atuin
    
 
    
 
    
 
    { lib, config, globals, ... }:
@@ -10957,7 +12207,7 @@ let
   servicePort = 8888;
   serviceName = "atuin";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -11007,7 +12257,7 @@ in
 
    
 
    
 
    
-
    3.2.3.32. Radicale
    
+
    3.2.3.35. Radicale
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -11019,7 +12269,7 @@ let
   serviceUser = "radicale";
   serviceGroup = serviceUser;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   cfg = config.services.${serviceName};
 in
@@ -11088,9 +12338,15 @@ in
       };
     };
 
-    systemd.tmpfiles.rules = [
-      "d ${cfg.settings.storage.filesystem_folder} 0750 ${serviceUser} ${serviceGroup} - -"
-    ];
+    systemd.tmpfiles.settings."10-radicale" = {
+      "${cfg.settings.storage.filesystem_folder}" = {
+        d = {
+          group = serviceGroup;
+          user = serviceUser;
+          mode = "0750";
+        };
+      };
+    };
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -11128,7 +12384,7 @@ in
 
    
 
    
 
    
-
    3.2.3.33. croc
    
+
    3.2.3.36. croc
    
 
    
 
    
 
    { self, lib, config, pkgs, ... }:
@@ -11204,7 +12460,7 @@ in
 
    
 
    
 
    
-
    3.2.3.34. microbin
    
+
    3.2.3.37. microbin
    
 
    
 
    
 
    { self, lib, config, ... }:
@@ -11343,7 +12599,7 @@ in
 
    
 
    
 
    
-
    3.2.3.35. shlink
    
+
    3.2.3.38. shlink
    
 
    
 
    
 
    { self, lib, config, ... }:
@@ -11396,13 +12652,25 @@ in
       ];
     };
 
-    systemd.tmpfiles.rules = [
-      "d ${serviceDir}/data 0750 1001 root - -"
-      "d ${serviceDir}/data/cache 0750 1001 root - -"
-      "d ${serviceDir}/data/locks 0750 1001 root - -"
-      "d ${serviceDir}/data/log 0750 1001 root - -"
-      "d ${serviceDir}/data/proxies 0750 1001 root - -"
-    ];
+    systemd.tmpfiles.settings."11-shlink" = builtins.listToAttrs (
+      map
+        (path: {
+          name = "${serviceDir}/${path}";
+          value = {
+            d = {
+              group = "root";
+              user = "1001";
+              mode = "0750";
+            };
+          };
+        }) [
+        "data"
+        "data/cache"
+        "data/locks"
+        "data/log"
+        "data/proxies"
+      ]
+    );
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -11446,7 +12714,7 @@ in
 
    
 
    
 
    
-
    3.2.3.36. slink
    
+
    3.2.3.39. slink
    
 
    
 
    
 Deployment notes:
@@ -11489,10 +12757,22 @@ in
       ];
     };
 
-    systemd.tmpfiles.rules = [
-      "d ${serviceDir}/var/data 0750 root root - -"
-      "d ${serviceDir}/images   0750 root root - -"
-    ];
+    systemd.tmpfiles.settings."12-slink" = builtins.listToAttrs (
+      map
+        (path: {
+          name = "${serviceDir}/${path}";
+          value = {
+            d = {
+              group = "root";
+              user = "root";
+              mode = "0750";
+            };
+          };
+        }) [
+        "var/data"
+        "images"
+      ]
+    );
 
     networking.firewall.allowedTCPPorts = [ servicePort ];
 
@@ -11542,7 +12822,7 @@ in
 
    
 
    
 
    
-
    3.2.3.37. Snipe-IT
    
+
    3.2.3.40. Snipe-IT
    
 
    
 
    
 
    { self, lib, config, globals, ... }:
@@ -11556,7 +12836,7 @@ let
   serviceUser = "snipeit";
   serviceGroup = serviceUser;
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 
   mysqlPort = 3306;
 in
@@ -11621,7 +12901,7 @@ in
 
    
 
    
 
    
-
    3.2.3.38. Homebox
    
+
    3.2.3.41. Homebox
    
 
    
 
    
 
    { lib, pkgs, config, globals, ... }:
@@ -11629,7 +12909,7 @@ let
   servicePort = 7745;
   serviceName = "homebox";
   serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
-  serviceAddress = globals.hosts.winters.ipv4;
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
 in
 {
   options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@@ -11682,6 +12962,166 @@ in
 
    
 
    
 
    
+
    
+
    3.2.3.42. OPKSSH
    
+
    
+
    
+
    { lib, config, globals, ... }:
+let
+  serviceName = "opkssh";
+  serviceUser = "opksshuser";
+  serviceGroup = serviceUser;
+
+  kanidmDomain = globals.services.kanidm.domain;
+
+  inherit (config.swarselsystems) mainUser;
+  inherit (config.repo.secrets.local) persons;
+in
+{
+  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+
+    services.${serviceName} = {
+      enable = true;
+      user = serviceUser;
+      group = serviceGroup;
+      providers = {
+        kanidm = {
+          lifetime = "oidc";
+          issuer = "https://${kanidmDomain}/oauth2/openid/${serviceName}";
+          clientId = serviceName;
+        };
+      };
+      authorizations = [
+        {
+          user = mainUser;
+          principal = builtins.head persons.${mainUser}.mailAddresses;
+          inherit (config.services.opkssh.providers.kanidm) issuer;
+        }
+      ];
+    };
+
+  };
+
+}
+
    
+
    
+
    
+
    
+
    
+
    3.2.3.43. Garage
    
+
    
+
    
+Generate the admin token using openssl rand -base64 32.
+Generate the rpc token using openssl rand -hex 32.
+
    
+
+
    
+
    { self, lib, pkgs, config, configName, globals, ... }:
+let
+  sopsFile = self + /secrets/${configName}/secrets2.yaml;
+
+  serviceName = "garage";
+  servicePort = 3900;
+  serviceDomain = config.repo.secrets.common.services.domains."${serviceName}-${configName}";
+  serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
+
+  cfg = config.services.${serviceName};
+  metadata_dir = "/var/lib/garage/meta";
+in
+{
+  options = {
+    swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
+    swarselsystems.server.${serviceName} = {
+      data_dir = lib.mkOption {
+        type = lib.types.either lib.types.path (lib.types.listOf lib.types.attrs);
+        default = "/var/lib/garage/data";
+      };
+    };
+  };
+  config = lib.mkIf config.swarselmodules.server.${serviceName} {
+
+    sops = {
+      secrets.garage-admin-token = { inherit sopsFile; };
+      secrets.garage-rpc-secret = { inherit sopsFile; };
+    };
+
+    environment = {
+      persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
+        { directory = metadata_dir; }
+      ];
+      systemPackages = [
+        cfg.package
+      ];
+    };
+
+    systemd.services.${serviceName}.serviceConfig = {
+      DynamicUser = false;
+      ProtectHome = lib.mkForce false;
+    };
+
+    services.${serviceName} = {
+      enable = true;
+      package = pkgs.garage_2;
+      settings = {
+        inherit (config.swarselsystems.${serviceName}) data_dir;
+        inherit metadata_dir;
+        db_engine = "lmdb";
+        block_size = "1MiB";
+        use_local_tz = false;
+
+        replication_factor = 2; # Number of copies of data
+
+        rpc_bind_addr = "[::]:3901";
+        rpc_public_addr = "${config.repo.secrets.local.ipv4}:4317";
+        rpc_secret_file = config.sops.secrets.garage-rpc-secret.path;
+
+        s3_api = {
+          s3_region = "swarsel";
+          api_bind_addr = "0.0.0.0:${builtins.toString servicePort}";
+          root_domain = ".s3.garage.localhost";
+        };
+
+        admin = {
+          api_bind_addr = "0.0.0.0:3903";
+          admin_token_file = config.sops.secrets.garage-admin-token.path;
+        };
+
+        k2v_api = {
+          api_bind_addr = "[::]:3904";
+        };
+      };
+    };
+
+    nodes.moonside.services.nginx = {
+      upstreams = {
+        ${serviceName} = {
+          servers = {
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
+          };
+        };
+      };
+      virtualHosts = {
+        "${serviceDomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          oauth2.enable = false;
+          locations = {
+            "/" = {
+              proxyPass = "http://${serviceName}";
+            };
+          };
+        };
+      };
+    };
+
+  };
+}
+
    
+
    
+
    
+
    
 
    
 
    
 
    3.2.4. Darwin
    
@@ -12061,6 +13501,10 @@ When setting up a new machine:
 
    
 
 
+- setup the work VPN:
+  - using the laptop certificate `.pem` as User cert and private key (CA cert: none)
+  - vpn gateway is found in `nixosConfig.repo.secrets.local.work.vpnGateway`
+
 
    
 
    { self, lib, pkgs, config, configName, ... }:
 let
@@ -12300,8 +13744,8 @@ in
 
    
 
 
-
    
-
    3.2.5.11. microvm-host
    
+
    
+
    3.2.5.11. microvm-host
    
 
    
 
    
 Some standard options that should be set for every microvm host.
@@ -12310,25 +13754,26 @@ Some standard options that should be set for every microvm host.
 
    
 
    { lib, config, ... }:
 {
-  options.swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings";
-  # imports = [
-  #   inputs.microvm.nixosModules.host
-  # ];
+  options = {
+    swarselmodules.optional.microvmHost = lib.mkEnableOption "optional microvmHost settings";
+  };
+    # imports = [
+    #   inputs.microvm.nixosModules.host
+    # ];
 
-  config = lib.mkIf (config.swarselmodules.optional.microvmHost && config.swarselsystems.withMicroVMs) {
+  config = lib.mkIf (config.guests != {}) {
 
     microvm = {
       hypervisor = lib.mkDefault "qemu";
     };
   };
-
 }
 
    
 
    
 
    
 
    
-
    
-
    3.2.5.12. microvm-guest
    
+
    
+
    3.2.5.12. microvm-guest
    
 
    
 
    
 Some standard options that should be set vor every microvm guest. We set the default
@@ -12345,58 +13790,6 @@ Some standard options that should be set vor every microvm guest. We set the def
   # ];
   config = lib.mkIf config.swarselmodules.optional.microvmGuest
     {
-      # imports = [
-      #   inputs.microvm.nixosModules.microvm
-
-      #   "${self}/profiles/nixos"
-      #   "${self}/modules/nixos"
-      # ];
-
-      boot.kernelParams = [ "systemd.hostname=${config.networking.hostName}" ];
-
-      node.name = config;
-      documentation.enable = lib.mkForce false;
-
-      microvm = {
-        guest.enable = lib.mkForce true;
-        hypervisor = lib.mkDefault "qemu";
-        mem = lib.mkDefault 1024 * 4;
-        vcpu = lib.mkDefault 4;
-        optimize.enable = false;
-        writableStoreOverlay = "/nix/.rw-store";
-
-        # interfaces = flip lib.mapAttrsToList guestCfg.microvm.interfaces (
-        #   _: { mac, hostLink, ...}:
-        #   {
-        #     type = "macvtap";
-        #     id = "vm-${replaceStrings [ ":" ] [ "" ] mac}";
-        #     inherit mac;
-        #     macvtap = {
-        #       link = hostLink;
-        #       mode = "bridge";
-        #     };
-        #   }
-        # );
-        shares =
-          [
-            {
-              source = "/nix/store";
-              mountPoint = "/nix/.ro-store";
-              tag = "ro-store";
-              proto = "virtiofs";
-            }
-          ];
-      };
-      # systemd.network.networks = lib.flip lib.concatMapAttrs guestCfg.microvm.interfaces (
-      #   name:
-      #   { mac, ... }:
-      #   {
-      #     "10-${name}".matchConfig = mkForce {
-      #       MACAddress = mac;
-      #     };
-      #   }
-      # );
-
     };
 }
 
@@ -12425,16 +13818,15 @@ in
    -
    -

    3.3.1. Steps to setup/upgrade home-manager only

    +
    +

    3.3.1. Steps to setup/upgrade home-manager only

    Steps to get a home-manager only setup up and running:

    -
    -- (Optional) Install openssh-server
+
    - (Optional) Install openssh-server
 - Set hostname to the name specified in the home-manager configuration
 - Install nix, either:
   - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '<nixpkgs>' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy`
@@ -12446,9 +13838,21 @@ Steps to get a home-manager only setup up and running:
   1) Clone dotfile repo & change into it
   2) `nix --extra-experimental-features 'nix-command flakes' develop`
   3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
-
    + +- (Optional) Install openssh-server +- Set hostname to the name specified in the home-manager configuration +- Install nix, either: + - (if upgrading existing nix) Install nix version matching with version that `nix-plugins` is compiled against: `nix-env --install --file '' cacert -I nixpkgs=channel:nixpkgs-unstable --attr nixVersions.nix_x_yy` + - (or installing nix freshly): + - Grab the link to the install script of the needed nix version from https://releases.nixos.org/?prefix=nix, e.g. https://releases.nixos.org/nix/nix-2.30.1/install + - `bash <(curl -L https://releases.nixos.org/nix/nix-x-yy-y/install) --daemon` +- add the following to /etc/nix/nix.conf to become a trusted user: `trusted-users = @wheel root swarsel` +- For the first build: + 1) Clone dotfile repo & change into it + 2) `nix --extra-experimental-features 'nix-command flakes' develop` + 3) `home-manager --extra-experimental-features 'nix-command flakes' switch --flake .#$(hostname) --show-trace`
    @@ -12506,7 +13910,7 @@ Again, we adapt nix to our needs, enable the home-manager command f

    -
    { self, lib, pkgs, config, ... }:
+
    { self, outputs, lib, pkgs, config, ... }:
 let
   inherit (config.swarselsystems) mainUser flakePath isNixos isLinux;
 in
@@ -12530,7 +13934,7 @@ in
             };
           in
           ''
-            plugin-files = ${nix-plugins}/lib/nix/plugins
+                  plugin-files = ${nix-plugins}/lib/nix/plugins
             extra-builtins-file = ${self + /nix/extra-builtins.nix}
           '';
         settings = {
@@ -12555,7 +13959,24 @@ in
         };
       };
 
-      nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null);
+      nixpkgs = lib.mkIf (!isNixos) {
+        overlays = [
+          outputs.overlays.default
+          (final: prev:
+            let
+              additions = final: _: import "${self}/pkgs/config" {
+                inherit self config lib;
+                pkgs = final;
+                homeConfig = config;
+              };
+            in
+            additions final prev
+          )
+        ];
+        config = {
+          allowUnfree = true;
+        };
+      };
 
       programs = {
         # home-manager.enable = lib.mkIf (!isNixos) true;
@@ -12586,7 +14007,7 @@ in
             buildInputs = [ pkgs.makeWrapper ];
             paths = [ pkgs.home-manager ];
             postBuild = ''
-              wrapProgram $out/bin/home-manager \
+                  wrapProgram $out/bin/home-manager \
               --append-flags '--flake ${flakePath}#$(hostname)'
             '';
           })
@@ -12695,6 +14116,9 @@ This holds packages that I can use as provided, or with small modifications (as
       simple-scan
       cura-appimage
 
+      # ssh login using idm
+      opkssh
+
       # dict
       (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
 
@@ -12878,6 +14302,7 @@ This is just a separate container for derivations defined in 
 
 
    
-
    { lib, config, ... }:
+
    { lib, config, nixosConfig ? config, ... }:
 {
   options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
   config = lib.mkIf config.swarselmodules.ssh {
@@ -13013,43 +14436,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
           controlPath = "~/.ssh/master-%r@%n:%p";
           controlPersist = "no";
         };
-        "pfsense" = {
-          hostname = "192.168.1.1";
-          user = "root";
-        };
-        "bakery" = {
-          hostname = "192.168.1.136";
-          user = "root";
-        };
-        "dgx" = {
-          hostname = "192.168.48.200";
-          user = "swarsel";
-        };
-        "winters" = {
-          hostname = "192.168.178.24";
-          user = "root";
-        };
-        "minecraft" = {
-          hostname = "130.61.119.129";
-          user = "opc";
-        };
-        "milkywell" = {
-          hostname = "193.122.53.173";
-          user = "root";
-        };
-        "moonside" = {
-          hostname = "130.61.238.239";
-          user = "root";
-        };
-        "songdiver" = {
-          hostname = "89.168.100.65";
-          user = "ubuntu";
-        };
-        "pkv" = {
-          hostname = "46.232.248.161";
-          user = "root";
-        };
-      };
+      } // nixosConfig.repo.secrets.common.ssh.hosts;
     };
   };
 }
@@ -13454,8 +14841,8 @@ nix-index provides a way to find out which packages are provided by which deriva
    -
    -
    3.3.2.15. nix-your-shell
    +
    +
    3.3.2.15. nix-your-shell
    { lib, config, ... }:
@@ -13824,11 +15211,23 @@ The theme is handled by stylix.
   config = lib.mkIf config.swarselmodules.kitty {
     programs.kitty = {
       enable = true;
-      keybindings = { };
+      keybindings = let
+        bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key));
+      in bindWithModifier {
+        "page_up" = "scroll_page_up";
+        "up" = "scroll_page_up";
+        "page_down" = "scroll_page_down";
+        "down" = "scroll_page_down";
+        "w" = "no_op";
+      };
       settings = {
-        scrollback_lines = 10000;
+        cursor_blink_interval = 0;
+        disable_ligatures = "cursor";
         enable_audio_bell = false;
         notify_on_cmd_finish = "always 20";
+        open_url_with = "xdg-open";
+        scrollback_lines = 100000;
+        scrollback_pager_history_size = 512;
       };
     };
   };
@@ -13907,6 +15306,7 @@ in
             hg = "history | grep";
             hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
             nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
+            ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
             nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
             ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
             magit = "emacsclient -nc -e \"(magit-status)\"";
@@ -13918,7 +15318,8 @@ in
             hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
             youtube-dl = "yt-dlp";
             cat-orig = "cat";
-            cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
+            # cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\"";
+            cdr = "source cdr";
             nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
             nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
             nix-ldd-locate = "nix-locate --minimal --top-level -w ";
@@ -14025,9 +15426,13 @@ in
    -
    -
    3.3.2.25. zellij
    -
    +
    +
    3.3.2.25. zellij
    +
    +
    +
    +
    3.3.2.25.1. Main config
    +
    { self, lib, config, pkgs, ... }:
 {
@@ -14036,6 +15441,43 @@ in
     programs.zellij = {
       enable = true;
       enableZshIntegration = true;
+      settings = {
+        pane_frames = false;
+        simplified_ui = false;
+        default_shell = "zsh";
+        copy_on_select = true;
+        on_force_close = "detach";
+        show_startup_tips = false;
+        support_kitty_keyboard_protocol = true;
+        default_layout = "swarsel";
+        layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts";
+        theme_dir = "${config.home.homeDirectory}/.config/zellij/themes";
+        scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines;
+        session_serialization = true;
+
+        copy_command =
+          if pkgs.stdenv.hostPlatform.isLinux then
+              "wl-copy"
+          else if pkgs.stdenv.hostPlatform.isDarwin then
+              "pbcopy"
+          else
+              "";
+        ui.pane_frames = {
+            rounded_corners = true;
+            hide_session_name = true;
+        };
+        plugins = {
+          tab-bar.path = "tab-bar";
+          status-bar.path = "status-bar";
+          strider.path = "strider";
+          compact-bar.path = "compact-bar";
+          # configuration.path = "configuration";
+          # filepicker.path = "strider";
+          # plugin-manager.path = "plugin-manager";
+          # session-manager.path = "session-manager";
+          # welcome-screen.path = "session-manager";
+        };
+      };
     };
 
     home.packages = with pkgs; [
@@ -14043,8 +15485,8 @@ in
     ];
 
     xdg.configFile = {
-      "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; };
-      "zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; };
+      # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; };
+      "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; };
     };
   };
 
@@ -14053,6 +15495,1159 @@ in
    +
    +
    3.3.2.25.2. Keybinds
    +
    +
    +
    { lib, config, ... }:
+{
+  config = lib.mkIf config.swarselmodules.zellij {
+    programs.zellij = {
+      settings.keybinds = {
+        _props.clear-defaults = true;
+
+        locked = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl g" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+          ];
+        };
+
+        pane = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl p" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "left" ];
+                _children = [{ MoveFocus._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "down" ];
+                _children = [{ MoveFocus._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "up" ];
+                _children = [{ MoveFocus._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "right" ];
+                _children = [{ MoveFocus._args = [ "right" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "h" ];
+                _children = [{ MoveFocus._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "j" ];
+                _children = [{ MoveFocus._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "k" ];
+                _children = [{ MoveFocus._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "l" ];
+                _children = [{ MoveFocus._args = [ "right" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "d" ];
+                _children = [
+                  { NewPane._args = [ "down" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "e" ];
+                _children = [
+                  { TogglePaneEmbedOrFloating = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "f" ];
+                _children = [
+                  { ToggleFocusFullscreen = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "n" ];
+                _children = [
+                  { NewPane = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "p" ];
+                _children = [{ SwitchFocus = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "f12" ];
+                _children = [
+                  { ToggleFloatingPanes = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        tab = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl t" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "left" ];
+                _children = [{ GoToPreviousTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "down" ];
+                _children = [{ GoToNextTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "up" ];
+                _children = [{ GoToPreviousTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "right" ];
+                _children = [{ GoToNextTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "1" ];
+                _children = [
+                  { GoToTab._args = [ 1 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "2" ];
+                _children = [
+                  { GoToTab._args = [ 2 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "3" ];
+                _children = [
+                  { GoToTab._args = [ 3 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "4" ];
+                _children = [
+                  { GoToTab._args = [ 4 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "5" ];
+                _children = [
+                  { GoToTab._args = [ 5 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "6" ];
+                _children = [
+                  { GoToTab._args = [ 6 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "7" ];
+                _children = [
+                  { GoToTab._args = [ 7 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "8" ];
+                _children = [
+                  { GoToTab._args = [ 8 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "9" ];
+                _children = [
+                  { GoToTab._args = [ 9 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "h" ];
+                _children = [{ GoToPreviousTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "j" ];
+                _children = [{ GoToNextTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "k" ];
+                _children = [{ GoToPreviousTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "l" ];
+                _children = [{ GoToNextTab = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "n" ];
+                _children = [
+                  { NewTab = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "r" ];
+                _children = [
+                  { SwitchToMode._args = [ "renametab" ]; }
+                  { TabNameInput._args = [ 0 ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "s" ];
+                _children = [
+                  { ToggleActiveSyncTab = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "x" ];
+                _children = [
+                  { CloseTab = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        resize = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl n" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "left" ];
+                _children = [{ Resize._args = [ "Increase left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "down" ];
+                _children = [{ Resize._args = [ "Increase down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "up" ];
+                _children = [{ Resize._args = [ "Increase up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "right" ];
+                _children = [{ Resize._args = [ "Increase right" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "+" ];
+                _children = [{ Resize._args = [ "Increase" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "-" ];
+                _children = [{ Resize._args = [ "Decrease" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "=" ];
+                _children = [{ Resize._args = [ "Increase" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "H" ];
+                _children = [{ Resize._args = [ "Decrease left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "J" ];
+                _children = [{ Resize._args = [ "Decrease down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "K" ];
+                _children = [{ Resize._args = [ "Decrease up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "L" ];
+                _children = [{ Resize._args = [ "Decrease right" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "h" ];
+                _children = [{ Resize._args = [ "Increase left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "j" ];
+                _children = [{ Resize._args = [ "Increase down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "k" ];
+                _children = [{ Resize._args = [ "Increase up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "l" ];
+                _children = [{ Resize._args = [ "Increase right" ]; }];
+              };
+            }
+          ];
+        };
+
+        move = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl h" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "left" ];
+                _children = [{ MovePane._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "down" ];
+                _children = [{ MovePane._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "up" ];
+                _children = [{ MovePane._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "right" ];
+                _children = [{ MovePane._args = [ "right" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "h" ];
+                _children = [{ MovePane._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "j" ];
+                _children = [{ MovePane._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "k" ];
+                _children = [{ MovePane._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "l" ];
+                _children = [{ MovePane._args = [ "right" ]; }];
+              };
+            }
+          ];
+        };
+
+        scroll = {
+          _children = [
+            {
+              bind = {
+                _args = [ "e" ];
+                _children = [
+                  { EditScrollback = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "s" ];
+                _children = [
+                  { SwitchToMode._args = [ "entersearch" ]; }
+                  { SearchInput._args = [ 0 ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        search = {
+          _children = [
+            {
+              bind = {
+                _args = [ "c" ];
+                _children = [{ SearchToggleOption._args = [ "CaseSensitivity" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "n" ];
+                _children = [{ Search._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "o" ];
+                _children = [{ SearchToggleOption._args = [ "WholeWord" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "p" ];
+                _children = [{ Search._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "w" ];
+                _children = [{ SearchToggleOption._args = [ "Wrap" ]; }];
+              };
+            }
+          ];
+        };
+
+        session = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl o" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "c" ];
+                _children = [
+                  {
+                    LaunchOrFocusPlugin._args = [ "configuration" ];
+                    LaunchOrFocusPlugin._children = [
+                      { floating._args = [ true ]; }
+                      { move_to_focused_tab._args = [ true ]; }
+                    ];
+                  }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "p" ];
+                _children = [
+                  {
+                    LaunchOrFocusPlugin._args = [ "plugin-manager" ];
+                    LaunchOrFocusPlugin._children = [
+                      { floating._args = [ true ]; }
+                      { move_to_focused_tab._args = [ true ]; }
+                    ];
+                  }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "w" ];
+                _children = [
+                  {
+                    LaunchOrFocusPlugin._args = [ "session-manager" ];
+                    LaunchOrFocusPlugin._children = [
+                      { floating._args = [ true ]; }
+                      { move_to_focused_tab._args = [ true ]; }
+                    ];
+                  }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Alt left" ];
+                _children = [{ MoveFocusOrTab._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt down" ];
+                _children = [{ MoveFocus._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt up" ];
+                _children = [{ MoveFocus._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt right" ];
+                _children = [{ MoveFocusOrTab._args = [ "right" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt +" ];
+                _children = [{ Resize._args = [ "Increase" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt -" ];
+                _children = [{ Resize._args = [ "Decrease" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt =" ];
+                _children = [{ Resize._args = [ "Increase" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt r" ];
+                _children = [
+                  {
+                    WriteChars._args = [ "source cdr" ];
+                  }
+                  {
+                    WriteChars._args = [ "\n" ];
+                  }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt f" ];
+                _children = [{ ToggleFloatingPanes = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Ctrl g" ];
+                _children = [{ SwitchToMode._args = [ "locked" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt h" ];
+                _children = [{ MoveFocusOrTab._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt i" ];
+                _children = [{ MoveTab._args = [ "left" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt j" ];
+                _children = [{ MoveFocus._args = [ "down" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt k" ];
+                _children = [{ MoveFocus._args = [ "up" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt p" ];
+                _children = [{ NewPane = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Alt n" ];
+                _children = [{ NewTab = { }; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"move\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl h" ];
+                _children = [{ SwitchToMode._args = [ "move" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"session\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl o" ];
+                _children = [{ SwitchToMode._args = [ "session" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"scroll\" \"search\" \"tmux\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl b" ];
+                _children = [{ SwitchToMode._args = [ "tmux" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"scroll\" \"search\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl s" ];
+                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"tab\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl t" ];
+                _children = [{ SwitchToMode._args = [ "tab" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"pane\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl p" ];
+                _children = [{ SwitchToMode._args = [ "pane" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"locked\" \"resize\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl n" ];
+                _children = [{ SwitchToMode._args = [ "resize" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"normal\" \"locked\" \"entersearch\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "enter" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_except \"normal\" \"locked\" \"entersearch\" \"renametab\" \"renamepane\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "esc" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+          ];
+        };
+
+        "shared_among \"pane\" \"tmux\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "x" ];
+                _children = [
+                  { CloseFocus = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        "shared_among \"scroll\" \"search\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "PageDown" ];
+                _children = [{ PageScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "PageUp" ];
+                _children = [{ PageScrollUp = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "left" ];
+                _children = [{ PageScrollUp = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "down" ];
+                _children = [{ ScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "up" ];
+                _children = [{ ScrollUp = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "right" ];
+                _children = [{ PageScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Ctrl b" ];
+                _children = [{ PageScrollUp = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Ctrl c" ];
+                _children = [
+                  { ScrollToBottom = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "d" ];
+                _children = [{ HalfPageScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Ctrl f" ];
+                _children = [{ PageScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "h" ];
+                _children = [{ PageScrollUp = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "j" ];
+                _children = [{ ScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "k" ];
+                _children = [{ ScrollUp = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "l" ];
+                _children = [{ PageScrollDown = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Ctrl s" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "u" ];
+                _children = [{ HalfPageScrollUp = { }; }];
+              };
+            }
+          ];
+        };
+
+        entersearch = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl c" ];
+                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "esc" ];
+                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "enter" ];
+                _children = [{ SwitchToMode._args = [ "search" ]; }];
+              };
+            }
+          ];
+        };
+
+        renametab = {
+          _children = [
+            {
+              bind = {
+                _args = [ "esc" ];
+                _children = [
+                  { UndoRenameTab = { }; }
+                  { SwitchToMode._args = [ "tab" ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        "shared_among \"renametab\" \"renamepane\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "Ctrl c" ];
+                _children = [{ SwitchToMode._args = [ "normal" ]; }];
+              };
+            }
+          ];
+        };
+
+        renamepane = {
+          _children = [
+            {
+              bind = {
+                _args = [ "esc" ];
+                _children = [
+                  { UndoRenamePane = { }; }
+                  { SwitchToMode._args = [ "pane" ]; }
+                ];
+              };
+            }
+          ];
+        };
+
+        "shared_among \"session\" \"tmux\"" = {
+          _children = [
+            {
+              bind = {
+                _args = [ "d" ];
+                _children = [{ Detach = { }; }];
+              };
+            }
+          ];
+        };
+
+        tmux = {
+          _children = [
+            {
+              bind = {
+                _args = [ "left" ];
+                _children = [
+                  { MoveFocus._args = [ "left" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "down" ];
+                _children = [
+                  { MoveFocus._args = [ "down" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "up" ];
+                _children = [
+                  { MoveFocus._args = [ "up" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "right" ];
+                _children = [
+                  { MoveFocus._args = [ "right" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "space" ];
+                _children = [{ NextSwapLayout = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "\"" ];
+                _children = [
+                  { NewPane._args = [ "down" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "%" ];
+                _children = [
+                  { NewPane._args = [ "right" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "," ];
+                _children = [{ SwitchToMode._args = [ "renametab" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "[" ];
+                _children = [{ SwitchToMode._args = [ "scroll" ]; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "Ctrl b" ];
+                _children = [
+                  { Write._args = [ 2 ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "c" ];
+                _children = [
+                  { NewTab = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "h" ];
+                _children = [
+                  { MoveFocus._args = [ "left" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "j" ];
+                _children = [
+                  { MoveFocus._args = [ "down" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "k" ];
+                _children = [
+                  { MoveFocus._args = [ "up" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "l" ];
+                _children = [
+                  { MoveFocus._args = [ "right" ]; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "n" ];
+                _children = [
+                  { GoToNextTab = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "o" ];
+                _children = [{ FocusNextPane = { }; }];
+              };
+            }
+            {
+              bind = {
+                _args = [ "p" ];
+                _children = [
+                  { GoToPreviousTab = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+            {
+              bind = {
+                _args = [ "z" ];
+                _children = [
+                  { ToggleFocusFullscreen = { }; }
+                  { SwitchToMode._args = [ "normal" ]; }
+                ];
+              };
+            }
+          ];
+        };
+      };
+    };
+  };
+
+}
+
    +
    +
    +
    +
    3.3.2.26. tmux
    @@ -14380,7 +16975,7 @@ Lastly, I am defining some more packages here that the parser has problems findi 
    { self, lib, config, pkgs, globals, inputs, ... }:
 let
-  inherit (config.swarselsystems) homeDir isPublic isNixos;
+  inherit (config.swarselsystems) homeDir mainUser isPublic isNixos;
   inherit (config.repo.secrets.common.emacs) radicaleUser;
 in
 {
@@ -14389,6 +16984,31 @@ in
     # needed for elfeed
     # enable emacs overlay for bleeding edge features
     # also read init.el file and install use-package packages
+
+    home.activation.setupEmacsOrgFiles =
+      lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+        set -eu
+
+        if [ ! -d ${homeDir}/Org ]; then
+          ${pkgs.coreutils}/bin/install -d -m 0755 ${homeDir}/Org
+          ${pkgs.coreutils}/bin/chown ${mainUser}:syncthing ${homeDir}/Org
+        fi
+
+        # create dummy files to make Emacs calendar work
+        # these have low modified dates and should be marked as sync-conflicts
+        for file in "Tasks" "Archive" "Journal"; do
+          if [ ! -f ${homeDir}/Org/"$file".org ]; then
+            ${pkgs.coreutils}/bin/touch --time=access --time=modify -t 197001010000.00 ${homeDir}/Org/"$file".org
+            ${pkgs.coreutils}/bin/chown ${mainUser}:syncthing ${homeDir}/Org/"$file".org
+          fi
+        done
+
+        # when the configuration is build again, these sync-conflicts will be cleaned up
+        for file in $(find ${homeDir}/Org/ -name "*sync-conflict*"); do
+          ${pkgs.coreutils}/bin/rm "$file"
+        done
+      '';
+
     programs.emacs = {
       enable = true;
       package = pkgs.emacsWithPackagesFromUsePackage {
@@ -15180,8 +17800,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.6. blueman-applet
    +
    +
    3.3.2.31.6. blueman-applet
    { lib, config, ... }:
@@ -15195,8 +17815,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.7. network-manager-applet
    +
    +
    3.3.2.31.7. network-manager-applet
    { lib, config, ... }:
@@ -15211,8 +17831,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.8. obsidian service for tray
    +
    +
    3.3.2.31.8. obsidian service for tray
    { lib, config, ... }:
@@ -15246,8 +17866,8 @@ The `extraConfig` section here CANNOT be reindented. This has something to do wi
    -
    -
    3.3.2.31.9. anki service for tray
    +
    +
    3.3.2.31.9. anki service for tray

    Sets up a systemd user service for anki that does not stall the shutdown process. Note that the outcommented ExecStart does not work because the home-manager anki package builds a separate anki package that - I think - cannot be referenced as no such expression exists in the module. @@ -15294,8 +17914,8 @@ Sets up a systemd user service for anki that does not stall the shutdown process

    -
    -
    3.3.2.31.10. element service for tray
    +
    +
    3.3.2.31.10. element service for tray
    { lib, config, pkgs, ... }:
@@ -15329,8 +17949,8 @@ Sets up a systemd user service for anki that does not stall the shutdown process
    -
    -
    3.3.2.31.11. vesktop service for tray
    +
    +
    3.3.2.31.11. vesktop service for tray
    { lib, config, pkgs, ... }:
@@ -15359,6 +17979,134 @@ Sets up a systemd user service for anki that does not stall the shutdown process
     };
   };
 
+}
+
    +
    +
    +
    +
    +
    3.3.2.31.12. syncthing service for tray
    +
    +
    +
    { lib, config, pkgs, ... }:
+{
+  options.swarselmodules.syncthing-tray = lib.mkEnableOption "enable syncthing applet for tray";
+  config = lib.mkIf config.swarselmodules.syncthing-tray {
+
+    home.activation.setupSyncthingIni =
+      let
+        syncthingApiEnvVarName = "SYNCTHING_API_KEY";
+        syncthingIni = {
+          file = "${config.home.homeDirectory}/.config/syncthingtray.ini";
+          content = ''
+            [General]
+            v=2.0.2
+
+            [qt]
+            customfont=false
+            customicontheme=false
+            customlocale=false
+            custompalette=false
+            customstylesheet=false
+            customwidgetstyle=false
+            font="Cantarell,11,-1,5,400,0,0,0,0,0,0,0,0,0,0,1"
+            icontheme=hicolor
+            iconthemepath=
+            locale=en_US
+            palette="@Variant(\0\0\0\x44\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff  jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff  jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\x66\x66\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff  jj\x86\x86\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\0\0::ff\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\xff\xff\xff\xff\xff\xff\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff\x1d\x1d%%,,\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0\x1\x1\xff\xff\0\0\0\0\0\0\0\0\x1\x2\xff\xffP\x14\xff\xff\x65\x65\0\0\x1\x1\xff\xff\xa0\xa0\xb3\xb3\xc5\xc5\0\0\x1\x1\xff\xff^^\xc4\xc4\xff\xff\0\0\x1\x1\xff\xff\xc0\xc0nn\xce\xce\0\0\x1\x1\xff\xff\x17\x17\x1d\x1d##\0\0)"
+            plugindir=
+            stylesheetpath=
+            trpath=
+            widgetstyle=
+
+            [startup]
+            considerForReconnect=false
+            considerLauncherForReconnect=false
+            showButton=false
+            showLauncherButton=false
+            stopOnMetered=false
+            stopServiceOnMetered=false
+            syncthingArgs="serve --no-browser --logflags=3"
+            syncthingAutostart=false
+            syncthingPath=syncthing
+            syncthingUnit=syncthing.service
+            systemUnit=false
+            useLibSyncthing=false
+
+            [tray]
+            connections\1\apiKey=@ByteArray(''$${syncthingApiEnvVarName})
+            connections\1\authEnabled=falsex
+            connections\1\autoConnect=true
+            connections\1\devStatsPollInterval=60000
+            connections\1\diskEventLimit=200
+            connections\1\errorsPollInterval=30000
+            connections\1\httpsCertPath=${config.home.homeDirectory}/.config/syncthing/https-cert.pem
+            connections\1\label=Primary instance
+            connections\1\localPath=
+            connections\1\longPollingTimeout=0
+            connections\1\password=
+            connections\1\pauseOnMetered=false
+            connections\1\reconnectInterval=30000
+            connections\1\requestTimeout=0
+            connections\1\statusComputionFlags=123
+            connections\1\syncthingUrl=http://${config.services.syncthing.guiAddress}
+            connections\1\trafficPollInterval=5000
+            connections\1\userName=
+            connections\size=1
+            dbusNotifications=true
+            distinguishTrayIcons=false
+            frameStyle=16
+            ignoreInavailabilityAfterStart=15
+            notifyOnDisconnect=true
+            notifyOnErrors=true
+            notifyOnLauncherErrors=true
+            notifyOnLocalSyncComplete=false
+            notifyOnNewDeviceConnects=false
+            notifyOnNewDirectoryShared=false
+            notifyOnRemoteSyncComplete=false
+            positioning\assumedIconPos=@Point(0 0)
+            positioning\useAssumedIconPosition=false
+            positioning\useCursorPos=true
+            preferIconsFromTheme=false
+            showDownloads=false
+            showSyncthingNotifications=true
+            showTabTexts=true
+            showTraffic=true
+            statusIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff"
+            statusIconsRenderSize=@Size(32 32)
+            statusIconsStrokeWidth=0
+            tabPos=1
+            trayIcons="#ff26b6db,#ff0882c8,#ffffffff;#ffdb3c26,#ffc80828,#ffffffff;#ffc9ce3b,#ffebb83b,#ffffffff;#ff2d9d69,#ff2d9d69,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ff26b6db,#ff0882c8,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff;#ffa9a9a9,#ff58656c,#ffffffff"
+            trayIconsRenderSize=@Size(32 32)
+            trayIconsStrokeWidth=0
+            trayMenuSize=@Size(575 475)
+            usePaletteForStatusIcons=false
+            usePaletteForTrayIcons=false
+            windowType=0
+
+            [webview]
+            customCommand=
+            disabled=false
+            mode=0
+
+          '';
+        };
+      in
+      lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+        set -eu
+
+        if [ ! -f ${syncthingIni.file} ]; then
+        cat >${syncthingIni.file} <<'EOF'
+        ${syncthingIni.content}
+        EOF
+        export ${syncthingApiEnvVarName}=$(cat /run/syncthing-init/api_key)
+        ${lib.getExe pkgs.envsubst} -i ${syncthingIni.file} -o ${syncthingIni.file}
+        unset ${syncthingApiEnvVarName}
+        fi
+      '';
+
+  };
+
 }
    @@ -15504,83 +18252,83 @@ Currently, I am too lazy to explain every option here, but most of it is very se in lib.recursiveUpdate { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Shift+f" = "exec swaymsg fullscreen"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+m" = "exec swaymsg workspace back_and_forth"; - "${modifier}+a" = "exec swarselcheck -s"; - "${modifier}+x" = "exec swarselcheck -k"; - "${modifier}+d" = "exec swarselcheck -d"; - "${modifier}+w" = "exec swarselcheck -e"; - "${modifier}+Shift+t" = "exec opacitytoggle"; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+Shift+c" = "exec qalculate-gtk"; - "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; - "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; - "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; - "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel --otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; - "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; - # "${modifier}+Escape" = "mode $exit"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+Escape" = "exec wlogout"; - "${modifier}+h" = "exec hyprpicker | wl-copy"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; - "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; - "${modifier}+1" = "workspace 1:δΈ€"; - "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:δΈ‰"; - "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; - "${modifier}+4" = "workspace 4:ε››"; - "${modifier}+Shift+4" = "move container to workspace 4:ε››"; - "${modifier}+5" = "workspace 5:δΊ”"; - "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; - "${modifier}+6" = "workspace 6:ε…­"; - "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; - "${modifier}+7" = "workspace 7:δΈƒ"; - "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; - "${modifier}+8" = "workspace 8:ε…«"; - "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "${modifier}+Ctrl+m" = "workspace 11:M"; - "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; - "${modifier}+Ctrl+s" = "workspace 12:S"; - "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; - "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+1" = "workspace 1:δΈ€"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+3" = "workspace 3:δΈ‰"; + "${modifier}+4" = "workspace 4:ε››"; + "${modifier}+5" = "workspace 5:δΊ”"; + "${modifier}+6" = "workspace 6:ε…­"; + "${modifier}+7" = "workspace 7:δΈƒ"; + "${modifier}+8" = "workspace 8:ε…«"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; - "${modifier}+Ctrl+t" = "workspace 14:T"; - "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; - "${modifier}+Ctrl+l" = "workspace 15:L"; - "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; - "${modifier}+Ctrl+f" = "workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; + "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L"; + "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; + "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; + "${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T"; + "${modifier}+Ctrl+e" = "workspace 13:E"; + "${modifier}+Ctrl+f" = "workspace 16:F"; + "${modifier}+Ctrl+l" = "workspace 15:L"; + "${modifier}+Ctrl+m" = "workspace 11:M"; + "${modifier}+Ctrl+p" = "exec 1password --quick-acces"; + "${modifier}+Ctrl+s" = "workspace 12:S"; + "${modifier}+Ctrl+t" = "workspace 14:T"; "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; + "${modifier}+Escape" = "exec wlogout"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+Left" = "focus left"; + "${modifier}+Return" = "exec swarselzellij"; + "${modifier}+Right" = "focus right"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "${modifier}+Shift+1" = "move container to workspace 1:δΈ€"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+Shift+3" = "move container to workspace 3:δΈ‰"; + "${modifier}+Shift+4" = "move container to workspace 4:ε››"; + "${modifier}+Shift+5" = "move container to workspace 5:δΊ”"; + "${modifier}+Shift+6" = "move container to workspace 6:ε…­"; + "${modifier}+Shift+7" = "move container to workspace 7:δΈƒ"; + "${modifier}+Shift+8" = "move container to workspace 8:ε…«"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; + "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'"; + "${modifier}+Shift+c" = "exec qalculate-gtk"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+Shift+f" = "exec swaymsg fullscreen"; + "${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'"; + "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"; + "${modifier}+Shift+t" = "exec opacitytoggle"; + "${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Up" = "focus up"; + "${modifier}+a" = "exec swarselcheck -s"; + "${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'"; + "${modifier}+d" = "exec swarselcheck -d"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+f" = "exec firefox"; + "${modifier}+h" = "exec hyprpicker | wl-copy"; + "${modifier}+m" = "exec swaymsg workspace back_and_forth"; + "${modifier}+o" = "exec pass-fuzzel --otp"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+q" = "kill"; "${modifier}+r" = "mode resize"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'"; + "${modifier}+w" = "exec swarselcheck -e"; + "${modifier}+x" = "exec swarselcheck -k"; + # "${modifier}+Escape" = "mode $exit"; # "${modifier}+Return" = "exec kitty"; - "${modifier}+Return" = "exec swarselzellij"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; @@ -16017,6 +18765,12 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; }; + } // { + programs.niri = lib.mkIf (!config.swarselmodules.niri) { + package = null; + config = null; + settings = null; + }; }; } @@ -16068,7 +18822,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se exec = [ "${pkgs.swaybg}/bin/swaybg --output '${config.swarselsystems.sharescreen}' --image ${config.swarselsystems.wallpaper} --mode ${config.stylix.imageScalingMode}" ]; outputs = [ { - criteria = "eDP-2"; + criteria = config.swarselsystems.sharescreen; status = "enable"; scale = 1.0; } @@ -16154,6 +18908,13 @@ When setting up a new machine:
    +- setup gpgsm for signing of mails using S/MIME: + - `gpgsm --import ~/Certificates/.p12` + - `gpgsm --import ~/Certificates/harica-root.pem` + - `gpgsm --import ~/Certificates/harica-intermediate.pem` + - `gpgsm --list-keys --with-validation "HARICA Client RSA Root CA 2021"` + - trust the certificate and set passphrase + 
    { self, lib, config, pkgs, ... }:
 let
@@ -16194,9 +18955,15 @@ in
     };
 
     # assure correct permissions
-    systemd.user.tmpfiles.rules = [
-      "d ${homeDir}/.gnupg 700 ${mainUser} users"
-    ];
+    systemd.user.tmpfiles.settings."30-gpgagent".rules = {
+      "${homeDir}/.gnupg" = {
+        d = {
+          group = "users";
+          user = mainUser;
+          mode = "0700";
+        };
+      };
+    };
   };
 
 }
@@ -16261,8 +19028,8 @@ in
    -
    -
    3.3.2.38. Obsidian
    +
    +
    3.3.2.38. Obsidian
    { lib, config, pkgs, nixosConfig ? config, ... }:
@@ -16422,8 +19189,8 @@ in
    -
    -
    3.3.2.39. Anki
    +
    +
    3.3.2.39. Anki
    { lib, config, pkgs, globals, inputs, nixosConfig ? config, ... }:
@@ -16496,8 +19263,8 @@ in
    -
    -
    3.3.2.40. Element-desktop
    +
    +
    3.3.2.40. Element-desktop
    { lib, config, ... }:
@@ -16533,8 +19300,8 @@ in
    -
    -
    3.3.2.41. Hexchat
    +
    +
    3.3.2.41. Hexchat
    { lib, config, nixosConfig ? config, ... }:
@@ -16558,8 +19325,8 @@ in
    -
    -
    3.3.2.42. obs-studio
    +
    +
    3.3.2.42. obs-studio
    { lib, config, ... }:
@@ -16579,8 +19346,8 @@ in
    -
    -
    3.3.2.43. spotify-player
    +
    +
    3.3.2.43. spotify-player
    { lib, config, ... }:
@@ -16600,8 +19367,8 @@ in
    -
    -
    3.3.2.44. vesktop
    +
    +
    3.3.2.44. vesktop
    { lib, pkgs, config, ... }:
@@ -16688,8 +19455,8 @@ in
    -
    -
    3.3.2.45. batsignal
    +
    +
    3.3.2.45. batsignal
    { lib, config, ... }:
@@ -16721,8 +19488,8 @@ in
    -
    -
    3.3.2.46. autotiling
    +
    +
    3.3.2.46. autotiling
    { lib, config, ... }:
@@ -16743,8 +19510,8 @@ in
    -
    -
    3.3.2.47. swayidle
    +
    +
    3.3.2.47. swayidle
    { lib, config, pkgs, ... }:
@@ -16785,8 +19552,8 @@ in
    -
    -
    3.3.2.48. swaylock
    +
    +
    3.3.2.48. swaylock
    { lib, config, pkgs, ... }:
@@ -16809,6 +19576,44 @@ in
     };
   };
 
+}
+
    +
    +
    +
    +
    +
    3.3.2.49. opkssh
    +
    +
    +
    { lib, config, ... }:
+let
+  moduleName = "opkssh";
+in
+{
+  options.swarselmodules.${moduleName} = lib.mkEnableOption "enable ${moduleName} and settings";
+  config = lib.mkIf config.swarselmodules.${moduleName} {
+    programs.${moduleName} = {
+      enable = true;
+      settings = {
+        default_provider = "kanidm";
+
+        providers = [
+          {
+            alias = "kanidm";
+            issuer = "https://sso.swarsel.win/oauth2/openid/opkssh";
+            client_id = "opkssh";
+            scopes = "openid email profile";
+            redirect_uris = [
+              "http://localhost:3000/login-callback"
+              "http://localhost:10001/login-callback"
+              "http://localhost:11110/login-callback"
+            ];
+          }
+        ];
+      };
+    };
+  };
+
 }
    @@ -17009,32 +19814,44 @@ When setting up a new machine:
    +- setup pizauth for microsoft mail sync (account names are possibly `uni` and `work`): + - `pizauth auth ` + - `pizauth dump > ~/.pizauth.state` +
    -
    { self, config, pkgs, lib, vars, nixosConfig ? config, ... }:
+
    { self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }:
 let
-  inherit (config.swarselsystems) homeDir;
+  inherit (config.swarselsystems) homeDir mainUser;
   inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses;
   inherit (nixosConfig.repo.secrets.local.work) mailAddress;
+
+  certsSopsFile = self + /secrets/certs/secrets.yaml;
 in
 {
   options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings";
   config = lib.mkIf config.swarselmodules.optional.work
-    {
-      home.packages = with pkgs; [
-        stable.teams-for-linux
-        shellcheck
-        dig
-        docker
-        postman
-        # rclone
-        libguestfs-with-appliance
-        prometheus.cli
-        tigervnc
-        # openstackclient
+    ({
+      home = {
+        packages = with pkgs; [
+          stable.teams-for-linux
+          shellcheck
+          dig
+          docker
+          postman
+          # rclone
+          libguestfs-with-appliance
+          prometheus.cli
+          tigervnc
+          # openstackclient
 
-        vscode
-      ];
+          vscode
 
+          rustdesk-vbc
+        ];
+        sessionVariables = {
+          AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path;
+        };
+      };
       systemd.user.sessionVariables = {
         DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work";
       } // lib.optionalAttrs (!config.swarselsystems.isPublic) {
@@ -17117,6 +19934,23 @@ in
       #   };
       # };
 
+      wayland.windowManager.sway =
+        let
+          inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress;
+        in
+        {
+          config = {
+            keybindings =
+              let
+                inherit (config.wayland.windowManager.sway.config) modifier;
+              in
+              {
+                "${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}";
+                "${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}";
+              };
+          };
+        };
+
       stylix = {
         targets.firefox.profileNames =
           let
@@ -17639,7 +20473,16 @@ in
         };
 
       };
-    };
+    } // lib.optionalAttrs (inputs ? sops) {
+      sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) {
+        harica-root-ca = {
+          sopsFile = certsSopsFile;
+          path = "${homeDir}/.aws/certs/harica-root.pem";
+          owner = mainUser;
+        };
+      };
+
+    });
 
 }
 
@@ -18064,10 +20907,9 @@ In short, the options defined here are passed to the modules systems using
    -
    -
    -

    3.5. Packages

    -
    +
    +

    3.4.3. Packages

    +

    This is the central station for self-defined packages. These are all referenced in default.nix. Wherever possible, I am keeping the shell version of these scripts in this file as well and then read it using builtin.readFile in the NixOS configurations. This lets me keep full control in this one file but also keep the separate files uncluttered.

    @@ -18075,17 +20917,21 @@ This is the central station for self-defined packages. These are all referenced

    Note: The structure of generating the packages was changed in commit 2cf03a3 refactor: package and module generation. That commit can be checked out in order to see a simpler version of achieving the same thing.

    - +
    +
    +
    +

    3.4.4. Packages (flake)

    +
    { self, lib, pkgs, ... }:
 let
   mkPackages = names: pkgs: builtins.listToAttrs (map
     (name: {
       inherit name;
-      value = pkgs.callPackage "${self}/pkgs/${name}" { inherit self name; };
+      value = pkgs.callPackage "${self}/pkgs/flake/${name}" { inherit self name; };
     })
     names);
-  packageNames = lib.swarselsystems.readNix "pkgs";
+  packageNames = lib.swarselsystems.readNix "pkgs/flake";
 in
 mkPackages packageNames pkgs
 
@@ -18093,9 +20939,9 @@ mkPackages packageNames pkgs
    -
    -

    3.5.1. pass-fuzzel

    -
    +
    +
    3.4.4.1. pass-fuzzel
    +

    This app allows me, in conjunction with my Yubikey, to quickly enter passwords when the need arises. Normal and TOTP passwords are supported, and they can either be printed directly or copied to the clipboard.

    @@ -18167,9 +21013,40 @@ writeShellApplication {
    -
    -

    3.5.2. cura5

    -
    +
    +
    3.4.4.2. quickpass
    +
    +
    +
    shopt -s nullglob globstar
+
+notify-send "$(env | grep -E 'WAYLAND|SWAY')"
+
+password="$1"
+
+pass show "$password" | {
+    IFS= read -r pass
+    printf %s "$pass"
+} | wtype -
+
+notify-send -u critical -a pass -t 1000 "Typed Password"
+
    +
    + +
    +
    { self, name, writeShellApplication, libnotify, pass, wtype }:
+writeShellApplication {
+  inherit name;
+  runtimeInputs = [ libnotify pass wtype ];
+  text = builtins.readFile "${self}/files/scripts/${name}.sh";
+}
+
+
    +
    +
    +
    +
    +
    3.4.4.3. cura5
    +

    The version of cura used to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead.

    @@ -18210,9 +21087,9 @@ writeScriptBin "cura" ''
    -
    -

    3.5.3. hm-specialisation

    -
    +
    +
    3.4.4.4. hm-specialisation
    +

    This script allows for quick git home-manager specialisation switching.

    @@ -18236,9 +21113,9 @@ writeShellApplication {
    -
    -

    3.5.4. cdw

    -
    +
    +
    3.4.4.5. cdw
    +

    This script allows for quick git worktree switching.

    @@ -18260,9 +21137,9 @@ writeShellApplication {
    -
    -

    3.5.5. cdb

    -
    +
    +
    3.4.4.6. cdb
    +

    This script allows for quick git branch switching.

    @@ -18282,9 +21159,9 @@ writeShellApplication {
    -
    -

    3.5.6. bak

    -
    +
    +
    3.4.4.7. bak
    +

    This script lets me quickly backup files by appending .bak to the filename.

    @@ -18305,9 +21182,9 @@ writeShellApplication {
    -
    -

    3.5.7. timer

    -
    +
    +
    3.4.4.8. timer
    +

    This app starts a configuratble timer and uses TTS to say something once the timer runs out.

    @@ -18328,9 +21205,9 @@ writeShellApplication {
    -
    -

    3.5.8. e

    -
    +
    +
    3.4.4.9. e
    +

    This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm scratchpad window that I sometimes use for calling a command quickly, in case it is on the screen. After emacs closes, the kittyterm window is then shown again if it was visible earlier.

    @@ -18374,9 +21251,9 @@ writeShellApplication {
    -
    -

    3.5.9. command-not-found

    -
    +
    +
    3.4.4.10. command-not-found
    +

    The normal command-not-found.sh uses the outdated nix-shell commands as suggestions. This version supplies me with the more modern nixpkgs#<name> version.

    @@ -18420,9 +21297,9 @@ command_not_found_handler() {
    -
    -

    3.5.10. swarselcheck

    -
    +
    +
    3.4.4.11. swarselcheck
    +

    This app checks for different apps that I keep around in the scratchpad for quick viewing and hiding (messengers and music players mostly) and then behaves like the kittyterm hider that I described in e.

    @@ -18505,9 +21382,9 @@ writeShellApplication {
    -
    -

    3.5.11. swarselcheck-niri

    -
    +
    +
    3.4.4.12. swarselcheck-niri
    +
    while :; do
     case ${1:-} in
@@ -18560,9 +21437,9 @@ writeShellApplication {
    -
    -

    3.5.12. swarselzellij

    -
    +
    +
    3.4.4.13. swarselzellij
    +
    # KITTIES=$(($(pgrep -P 1 kitty | wc -l) - 1))
 
@@ -18587,9 +21464,9 @@ writeShellApplication {
    -
    -

    3.5.13. waybarupdate

    -
    +
    +
    3.4.4.14. waybarupdate
    +

    This scripts checks if there are uncommited changes in either my dotfile repo, my university repo, or my passfile repo. In that case a warning will be shown in waybar.

    @@ -18634,9 +21511,9 @@ writeShellApplication {
    -
    -

    3.5.14. opacitytoggle

    -
    +
    +
    3.4.4.15. opacitytoggle
    +

    This app quickly toggles between 5% and 0% transparency.

    @@ -18661,9 +21538,9 @@ writeShellApplication {
    -
    -

    3.5.15. fs-diff

    -
    +
    +
    3.4.4.16. fs-diff
    +

    This utility is used to compare the current state of the root directory with the blanket state that is stored in /root-blank (the snapshot that is restored on each reboot of an impermanence machine). Using this, I can find files that I will lose once I reboot - if there are important files in that list, I can then easily add them to the persist options.

    @@ -18702,9 +21579,9 @@ writeShellApplication {
    -
    -

    3.5.16. github-notifications

    -
    +
    +
    3.4.4.17. github-notifications
    +

    This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.

    @@ -18728,9 +21605,9 @@ writeShellApplication {
    -
    -

    3.5.17. kanshare

    -
    +
    +
    3.4.4.18. kanshare
    +

    This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.

    @@ -18752,9 +21629,9 @@ writeShellApplication {
    -
    -

    3.5.18. swarsel-bootstrap

    -
    +
    +
    3.4.4.19. swarsel-bootstrap
    +

    This program sets up a new NixOS host remotely. It also takes care of secret management on the new host.

    @@ -18765,6 +21642,7 @@ set -eo pipefail target_hostname="" target_destination="" +target_arch="" target_user="swarsel" ssh_port="22" persist_dir="" @@ -18780,6 +21658,7 @@ function help_and_exit() { echo "ARGS:" echo " -n <target_hostname> specify target_hostname of the target host to deploy the nixos config on." echo " -d <target_destination> specify ip or url to the target host." + echo " -a <targeit_arch> specify the architecture of the target host." echo " target during install process." echo echo "OPTIONS:" @@ -18862,6 +21741,10 @@ while [[ $# -gt 0 ]]; do shift target_destination=$1 ;; + -a) + shift + target_arch=$1 + ;; -u) shift target_user=$1 @@ -18882,6 +21765,11 @@ while [[ $# -gt 0 ]]; do shift done +if [[ $target_arch == "" || $target_destination == "" || $target_hostname == "" ]]; then + red "error: target_arch, target_destination or target_hostname not set." + help_and_exit +fi + green "~SwarselSystems~ remote installer" green "Reading system information for $target_hostname ..." @@ -18936,6 +21824,7 @@ if [ ! -d "$FLAKE" ]; then fi cd "$FLAKE" + rm install/flake.lock || true git_root=$(git rev-parse --show-toplevel) # ------------------------ @@ -18973,8 +21862,13 @@ fi green "Generating hardware-config.nix for $target_hostname and adding it to the nix-config." $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt" -mkdir -p "$FLAKE"/hosts/nixos/"$target_hostname" -$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_hostname"/hardware-configuration.nix +mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" +$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix +# ------------------------ +# green "Generating hostkey for ssh initrd" +# $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd" +# $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key" +# $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key" # ------------------------ green "Deploying minimal NixOS installation on $target_destination" @@ -19039,7 +21933,7 @@ if yes_or_no "Do you want to manually edit .sops.yaml now?"; then fi green "Updating all secrets files to reflect updates .sops.yaml" sops updatekeys --yes --enable-local-keyservice "${git_root}"/secrets/*/secrets.yaml -sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_hostname"/secrets/pii.nix.enc +sops updatekeys --yes --enable-local-keyservice "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/secrets/pii.nix.enc # -------------------------- green "Making ssh_host_ed25519_key available to home-manager for user $target_user" sed -i "/$target_hostname/d; /$target_destination/d" ~/.ssh/known_hosts @@ -19098,10 +21992,10 @@ fi green "NixOS was successfully installed!" if yes_or_no "You can now commit and push the nix-config, which includes the hardware-configuration.nix for $target_hostname?"; then cd "${git_root}" - deadnix hosts/nixos/"$target_hostname"/hardware-configuration.nix -qe - nixpkgs--fmt hosts/nixos/"$target_hostname"/hardware-configuration.nix + deadnix hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix -qe + nixpkgs--fmt hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix (.pre-commit-config.yaml mit run --all-files 2> /dev/null || true) && - git add "$git_root/hosts/nixos/$target_hostname/hardware-configuration.nix" && + git add "$git_root/hosts/nixos/$target_arch/$target_hostname/hardware-configuration.nix" && git add "$git_root/.sops.yaml" && git add "$git_root/secrets" && (git commit -m "feat: deployed $target_hostname" || true) && git push @@ -19125,13 +22019,14 @@ writeShellApplication {
    -
    -

    3.5.19. swarsel-rebuild

    -
    +
    +
    3.4.4.20. swarsel-rebuild
    +
    set -eo pipefail
 
-target_config="chaostheatre"
+target_config="hotel"
+target_arch=""
 target_user="swarsel"
 
 function help_and_exit() {
@@ -19141,10 +22036,11 @@ function help_and_exit() {
     echo "USAGE: $0 [OPTIONS]"
     echo
     echo "ARGS:"
-    echo "  -n <target_config>                       specify nixos config to build."
-    echo "                                          Default: chaostheatre"
+    echo "  -n <target_config>                      specify nixos config to build."
+    echo "                                          Default: hotel"
     echo "  -u <target_user>                        specify user to deploy for."
     echo "                                          Default: swarsel"
+    echo "  -a <target_arch>                        specify target architecture."
     echo "  -h | --help                             Print this help."
     exit 0
 }
@@ -19174,6 +22070,10 @@ while [[ $# -gt 0 ]]; do
         shift
         target_config=$1
         ;;
+    -a)
+        shift
+        target_arch=$1
+        ;;
     -u)
         shift
         target_user=$1
@@ -19187,6 +22087,11 @@ while [[ $# -gt 0 ]]; do
     shift
 done
 
+if [[ $target_arch == "" ]]; then
+    red "error: target_arch not set."
+    help_and_exit
+fi
+
 cd /home/"$target_user"
 
 if [ ! -d /home/"$target_user"/.dotfiles ]; then
@@ -19214,7 +22119,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
     rm modules/home/common/mail.nix
     rm modules/home/common/yubikey.nix
     rm modules/nixos/server/restic.nix
-    rm hosts/nixos/milkywell/default.nix
+    rm hosts/nixos/aarch64-linux/milkywell/default.nix
     rm -rf modules/nixos/server
     rm -rf modules/home/server
     nix flake update vbc-nix
@@ -19222,8 +22127,8 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
 else
     green "Valid SSH key found! Continuing with installation"
 fi
-sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/
-git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
+sudo nixos-generate-config --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/
+git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix
 
 green "Installing flake $target_config"
 sudo nixos-rebuild --show-trace --flake .#"$target_config" boot
@@ -19244,9 +22149,9 @@ writeShellApplication {
    -
    -

    3.5.20. swarsel-install

    -
    +
    +
    3.4.4.21. swarsel-install
    +

    Autoformatting always puts the EOF with indentation, which makes shfmt check fail. When editing this block, unindent them manually.

    @@ -19254,9 +22159,10 @@ Autoformatting always puts the EOF with indentation, which makes sh 
    set -eo pipefail
 
-target_config="chaostheatre"
-target_hostname="chaostheatre"
+target_config="hotel"
+target_hostname="hotel"
 target_user="swarsel"
+target_arch=""
 persist_dir=""
 target_disk="/dev/vda"
 disk_encryption=0
@@ -19269,11 +22175,12 @@ function help_and_exit() {
     echo
     echo "ARGS:"
     echo "  -n <target_config>                      specify the nixos config to deploy."
-    echo "                                          Default: chaostheatre"
+    echo "                                          Default: hotel"
     echo "  -d <target_disk>                        specify disk to install on."
     echo "                                          Default: /dev/vda"
     echo "  -u <target_user>                        specify user to deploy for."
     echo "                                          Default: swarsel"
+    echo "  -a <target_arch>                        specify target architecture."
     echo "  -h | --help                             Print this help."
     exit 0
 }
@@ -19312,6 +22219,10 @@ while [[ $# -gt 0 ]]; do
         shift
         target_disk=$1
         ;;
+    -a)
+        shift
+        target_arch=$1
+        ;;
     -h | --help) help_and_exit ;;
     *)
         echo "Invalid option detected."
@@ -19327,6 +22238,11 @@ function cleanup() {
 }
 trap cleanup exit
 
+if [[ $target_arch == "" || $target_hostname == "" ]]; then
+    red "error: target_arch or target_hostname not set."
+    help_and_exit
+fi
+
 green "~SwarselSystems~ local installer"
 
 cd /home/"$target_user"
@@ -19406,7 +22322,7 @@ if [ "$disk_encryption" -eq 1 ]; then
 fi
 
 green "Setting up disk ..."
-if [[ $target_config == "chaostheatre" ]]; then
+if [[ $target_config == "hotel" ]]; then
     sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/v1.10.0 -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks --arg diskDevice "$target_disk"
 else
     sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount --flake .#"$target_config" --yes-wipe-all-disks
@@ -19416,9 +22332,9 @@ sudo cp -r /home/"$target_user"/.dotfiles /mnt/"$persist_dir"/home/"$target_user
 sudo chown -R 1000:100 /mnt/"$persist_dir"/home/"$target_user"
 
 green "Generating hardware configuration ..."
-sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/
+sudo nixos-generate-config --root /mnt --no-filesystems --dir /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/
 
-git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_config"/hardware-configuration.nix
+git add /home/"$target_user"/.dotfiles/hosts/nixos/"$target_arch"/"$target_config"/hardware-configuration.nix
 sudo mkdir -p /root/.local/share/nix/
 printf '{\"extra-substituters\":{\"https://nix-community.cachix.org\":true,\"https://nix-community.cachix.org https://cache.ngi0.nixos.org/\":true},\"extra-trusted-public-keys\":{\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=\":true,\"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=\":true}}' | sudo tee /root/.local/share/nix/trusted-settings.json > /dev/null
 green "Installing flake $target_config"
@@ -19446,13 +22362,13 @@ writeShellApplication {
    -
    -

    3.5.21. swarsel-postinstall

    -
    +
    +
    3.4.4.22. swarsel-postinstall
    +
    set -eo pipefail
 
-target_config="chaostheatre"
+target_config="hotel"
 target_user="swarsel"
 
 function help_and_exit() {
@@ -19464,8 +22380,8 @@ function help_and_exit() {
     echo "ARGS:"
     echo "  -d <disk>                               specify disk to install on."
     echo "  -n <target_config>                      specify the nixos config to deploy."
-    echo "                                          Default: chaostheatre"
-    echo "                                          Default: chaostheatre"
+    echo "                                          Default: hotel"
+    echo "                                          Default: hotel"
     echo "  -u <target_user>                        specify user to deploy for."
     echo "                                          Default: swarsel"
     echo "  -h | --help                             Print this help."
@@ -19538,9 +22454,9 @@ writeShellApplication {
    -
    -

    3.5.22. t2ts

    -
    +
    +
    3.4.4.23. t2ts
    +
    { name, writeShellApplication, ... }:
 
@@ -19556,9 +22472,9 @@ writeShellApplication {
    -
    -

    3.5.23. ts2t

    -
    +
    +
    3.4.4.24. ts2t
    +
    { name, writeShellApplication, ... }:
 
@@ -19574,9 +22490,9 @@ writeShellApplication {
    -
    -

    3.5.24. vershell

    -
    +
    +
    3.4.4.25. vershell
    +
    { name, writeShellApplication, ... }:
 
@@ -19592,9 +22508,9 @@ writeShellApplication {
    -
    -

    3.5.25. eontimer

    -
    +
    +
    3.4.4.26. eontimer
    +
    { lib
 , python3
@@ -19696,9 +22612,9 @@ python3.pkgs.buildPythonApplication rec {
    -
    -

    3.5.26. project

    -
    +
    +
    3.4.4.27. project
    +
    set -euo pipefail
 
@@ -19720,9 +22636,9 @@ writeShellApplication {
    -
    -

    3.5.27. fhs

    -
    +
    +
    3.4.4.28. fhs
    +
    { name, pkgs, ... }:
 let
@@ -19739,9 +22655,9 @@ pkgs.buildFHSEnv (base // {
    -
    -

    3.5.28. swarsel-displaypower

    -
    +
    +
    3.4.4.29. swarsel-displaypower
    +

    A crude script to power on all displays that might be attached. Needed because sometimes displays do not awake from sleep.

    @@ -19764,9 +22680,9 @@ writeShellApplication {
    -
    -

    3.5.29. swarsel-mgba

    -
    +
    +
    3.4.4.30. swarsel-mgba
    +

    AppImage version of mgba in which the lua scripting works.

    @@ -19798,9 +22714,9 @@ appimageTools.wrapType2 {
    -
    -

    3.5.30. swarsel-deploy

    -
    +
    +
    3.4.4.31. swarsel-deploy
    +
    # heavily inspired from https://github.com/oddlama/nix-config/blob/d42cbde676001a7ad8a3cace156e050933a4dcc3/pkgs/deploy.nix
 { name, bc, nix-output-monitor, writeShellApplication, ... }:
@@ -19930,9 +22846,9 @@ writeShellApplication {
    -
    -

    3.5.31. swarsel-build

    -
    +
    +
    3.4.4.32. swarsel-build
    +
    { name, nix-output-monitor, writeShellApplication, ... }:
 writeShellApplication {
@@ -19954,9 +22870,9 @@ writeShellApplication {
    -
    -

    3.5.32. swarsel-instantiate

    -
    +
    +
    3.4.4.33. swarsel-instantiate
    +

    This is a convenience function that calls nix-instantiate with a number of flags that I need in order to evaluate nix expressions in org-src blocks.

    @@ -19975,9 +22891,9 @@ writeShellApplication {
    -
    -

    3.5.33. sshrm

    -
    +
    +
    3.4.4.34. sshrm
    +

    This programs simply runs ssh-keygen on the last host that I tried to ssh into. I need this frequently when working with cloud-init usually.

    @@ -20008,9 +22924,9 @@ writeShellApplication {
    -
    -

    3.5.34. endme

    -
    +
    +
    3.4.4.35. endme
    +

    Sometimes my DE crashes after putting it to suspend - to be precise, it happens when I put it into suspend when I have multiple screens plugged in. I have never taken the time to debug the issue, but instead just switch to a different TTY and then use this script to kill the hanging session.

    @@ -20030,9 +22946,9 @@ writeShellApplication {
    -
    -

    3.5.35. git-replace

    -
    +
    +
    3.4.4.36. git-replace
    +

    This script allows for quick git replace of a string.

    @@ -20109,8 +23025,51 @@ writeShellApplication {
    +
    +

    3.4.5. Packages (config)

    +
    +
    +
    { self, homeConfig, lib, pkgs, ... }:
+let
+  mkPackages = names: pkgs: builtins.listToAttrs (map
+    (name: {
+      inherit name;
+      value = pkgs.callPackage "${self}/pkgs/config/${name}" { inherit self name homeConfig; };
+    })
+    names);
+  packageNames = lib.swarselsystems.readNix "pkgs/config";
+in
+mkPackages packageNames pkgs
+
    +
    +
    +
    +
    3.4.5.1. cdr
    +
    +
    +
    { name, homeConfig, writeShellApplication, fzf, ... }:
+
+writeShellApplication {
+  inherit name;
+  runtimeInputs = [ fzf ];
+  text = ''
+    DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""}
+    DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV}
+    FLAKE=${homeConfig.home.sessionVariables.FLAKE}
+
+    cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )"
+  '';
+}
+
+
+
    +
    +
    +
    +
    +
    -

    3.6. Profiles

    +

    3.5. Profiles

    In this section I define custom modules under the swarsel attribute. These are mostly used to define settings specific to a host. I keep these settings confined to either home-manager or nixos to maintain compatibility with non-NixOS machines. @@ -20121,7 +23080,7 @@ Note: The structure of generating the packages was changed in commit 2cf03

    -

    3.6.1. NixOS

    +

    3.5.1. NixOS

    Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS. @@ -20139,7 +23098,7 @@ in

    -
    3.6.1.1. Personal
    +
    3.5.1.1. Personal
    { lib, config, ... }:
@@ -20170,7 +23129,7 @@ in
       lowBattery = lib.mkDefault false;
       network = lib.mkDefault true;
       networkDevices = lib.mkDefault true;
-      niri = lib.mkDefault true;
+      niri = lib.mkDefault false;
       nix-ld = lib.mkDefault true;
       nvd = lib.mkDefault true;
       packages = lib.mkDefault true;
@@ -20210,7 +23169,7 @@ in
    -
    3.6.1.2. Minimal
    +
    3.5.1.2. Minimal
    { lib, config, ... }:
@@ -20236,6 +23195,7 @@ in
 
       server = {
         ssh = lib.mkDefault true;
+        diskEncryption = lib.mkDefault true;
       };
     };
 
@@ -20247,9 +23207,9 @@ in
    -
    -
    3.6.1.3. Optionals
    -
    +
    +
    3.5.1.3. Optionals
    +
    { lib, config, ... }:
 {
@@ -20277,13 +23237,13 @@ in
    -
    3.6.1.4. Chaostheatre
    +
    3.5.1.4. Hotel
    { lib, config, ... }:
 {
-  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
-  config = lib.mkIf config.swarselprofiles.chaostheatre {
+  options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
+  config = lib.mkIf config.swarselprofiles.hotel {
     swarselmodules = {
       packages = lib.mkForce true;
       general = lib.mkForce true;
@@ -20336,7 +23296,7 @@ in
    -
    3.6.1.5. Work
    +
    3.5.1.5. Work
    { lib, config, ... }:
@@ -20363,7 +23323,7 @@ in
    -
    3.6.1.6. Uni
    +
    3.5.1.6. Uni
    { lib, config, ... }:
@@ -20390,7 +23350,7 @@ in
    -
    3.6.1.7. Framework
    +
    3.5.1.7. Framework
    { lib, config, ... }:
@@ -20417,7 +23377,7 @@ in
    -
    3.6.1.8. Server
    +
    3.5.1.8. Server
    { lib, config, ... }:
@@ -20426,6 +23386,7 @@ in
   config = lib.mkIf config.swarselprofiles.server {
     swarselmodules = {
         general = lib.mkDefault true;
+        lanzaboote = lib.mkDefault true;
         pii = lib.mkDefault true;
         home-manager = lib.mkDefault true;
         xserver = lib.mkDefault true;
@@ -20437,6 +23398,8 @@ in
         boot = lib.mkDefault true;
         server = {
           general = lib.mkDefault true;
+          network = lib.mkDefault true;
+          diskEncryption = lib.mkDefault true;
           packages = lib.mkDefault true;
           ssh = lib.mkDefault true;
           nginx = lib.mkDefault true;
@@ -20446,13 +23409,34 @@ in
 
 }
 
+
    +
    +
    +
    +
    +
    3.5.1.9. Router
    +
    +
    +
    { lib, config, ... }:
+{
+  options.swarselprofiles.router = lib.mkEnableOption "enable the router profile";
+  config = lib.mkIf config.swarselprofiles.router {
+    swarselmodules = {
+        server = {
+          router = lib.mkDefault true;
+        };
+      };
+  };
+
+}
+
    -

    3.6.2. home-manager

    +

    3.5.2. home-manager

    This holds modules that are to be used on most hosts. These are also the most important options to configure, as these allow me easy access to monitor, keyboard, and other setups. @@ -20470,7 +23454,7 @@ in

    -
    3.6.2.1. Personal
    +
    3.5.2.1. Personal
    { lib, config, ... }:
@@ -20504,7 +23488,7 @@ in
       kitty = lib.mkDefault true;
       mail = lib.mkDefault true;
       mako = lib.mkDefault true;
-      niri = lib.mkDefault true;
+      niri = lib.mkDefault false;
       nix-index = lib.mkDefault true;
       nixgl = lib.mkDefault true;
       nix-your-shell = lib.mkDefault true;
@@ -20512,6 +23496,7 @@ in
       obs-studio = lib.mkDefault true;
       obsidian = lib.mkDefault true;
       obsidian-tray = lib.mkDefault true;
+      opkssh = lib.mkDefault true;
       ownpackages = lib.mkDefault true;
       packages = lib.mkDefault true;
       passwordstore = lib.mkDefault true;
@@ -20530,6 +23515,7 @@ in
       tmux = lib.mkDefault true;
       vesktop = lib.mkDefault true;
       vesktop-tray = lib.mkDefault true;
+      syncthing-tray = lib.mkDefault true;
       waybar = lib.mkDefault true;
       yubikey = lib.mkDefault false;
       yubikeytouch = lib.mkDefault true;
@@ -20544,9 +23530,9 @@ in
    -
    -
    3.6.2.2. DGX Spark
    -
    +
    +
    3.5.2.2. DGX Spark
    +
    { lib, config, ... }:
 {
@@ -20605,6 +23591,7 @@ in
       tmux = lib.mkDefault true;
       vesktop = lib.mkDefault false;
       vesktop-tray = lib.mkDefault false;
+      syncthing-tray = lib.mkDefault false;
       waybar = lib.mkDefault false;
       yubikey = lib.mkDefault false;
       yubikeytouch = lib.mkDefault false;
@@ -20620,7 +23607,7 @@ in
    -
    3.6.2.3. Optionals
    +
    3.5.2.3. Optionals
    { lib, config, ... }:
@@ -20642,7 +23629,7 @@ in
    -
    3.6.2.4. Minimal
    +
    3.5.2.4. Minimal
    { lib, config, ... }:
@@ -20665,13 +23652,13 @@ in
    -
    3.6.2.5. Chaostheatre
    +
    3.5.2.5. Hotel
    { lib, config, ... }:
 {
-  options.swarselprofiles.chaostheatre = lib.mkEnableOption "is this a chaostheatre host";
-  config = lib.mkIf config.swarselprofiles.chaostheatre {
+  options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
+  config = lib.mkIf config.swarselprofiles.hotel {
     swarselmodules = {
       packages = lib.mkForce true;
       ownpackages = lib.mkForce true;
@@ -20718,7 +23705,7 @@ in
    -
    3.6.2.6. toto
    +
    3.5.2.6. toto
    { lib, config, ... }:
@@ -20741,7 +23728,7 @@ in
    -
    3.6.2.7. Work
    +
    3.5.2.7. Work
    { lib, config, ... }:
@@ -20762,7 +23749,7 @@ in
    -
    3.6.2.8. Uni
    +
    3.5.2.8. Uni
    { lib, config, ... }:
@@ -20783,7 +23770,7 @@ in
    -
    3.6.2.9. Framework
    +
    3.5.2.9. Framework
    { lib, config, ... }:
@@ -20805,7 +23792,7 @@ in
    -
    3.6.2.10. Local Server
    +
    3.5.2.10. Local Server
    { lib, config, ... }:
@@ -21309,12 +24296,32 @@ This function was found here: 
+
    4.2.1.9. Magit: List directories using vertico/consult
    
+
    
+
    
+
    +(defun swarsel/consult-magit-repos ()
+  (interactive)
+  (require 'magit)
+  (let* ((repos (magit-list-repos))
+         (repo  (consult--read repos
+                               :prompt "Magit repo: "
+                               :require-match t
+                               :history 'my/consult-magit-repos-history
+                               :sort t)))
+    (magit-status repo)))
+
    -
    4.2.1.9. org-mode: General setup
    +
    4.2.1.10. org-mode: General setup

    Sets up the basic settings that I want to have active in org-mode buffers. @@ -21336,7 +24343,7 @@ Used here: General org-mode

    -
    4.2.1.10. org-mode: Visual-fill column
    +
    4.2.1.11. org-mode: Visual-fill column

    This function sets the width of buffers in org-mode. @@ -21358,7 +24365,7 @@ Used in: Centered org-mode Buf

    -
    4.2.1.11. org-mode: Upon-save actions (Auto-tangle, export to html, formatting)
    +
    4.2.1.12. org-mode: Upon-save actions (Auto-tangle, export to html, formatting)

    This section handles everything that shoudld happen when I save SwarselSystems.org. It: @@ -21400,7 +24407,7 @@ We set a hook that runs everytime we save the file. It would be a bit more effic

    -
    4.2.1.12. org-mode: Fold current heading
    +
    4.2.1.13. org-mode: Fold current heading

    Normally emacs cycles between three states: @@ -21431,7 +24438,7 @@ However, I want to be able to fold a single heading consistently.

    -
    4.2.1.13. corfu: Do not interrupt navigation
    +
    4.2.1.14. corfu: Do not interrupt navigation

    These three functions allow me to keep using the normal navigation keys even when a corfu completion pops up. @@ -21464,7 +24471,7 @@ These functions are used here:

    -
    4.2.1.14. Disable garbage collection while minibuffer is active
    +
    4.2.1.15. Disable garbage collection while minibuffer is active
    @@ -21543,6 +24550,7 @@ I also define some keybinds to some combinations directly. Those are used mostly
     "l"  '(:ignore l :which-key "links")
     "lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org")
     "le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org")
+    "lr" '(swarsel/consult-magit-repos :which-key "List repos")
     "ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org")
     "lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project")
     "lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos")
@@ -21592,6 +24600,7 @@ I also define some keybinds to some combinations directly. Those are used mostly
  "C-c D" 'crux-duplicate-and-comment-current-line-or-region
  "<DUMMY-m>" 'swarsel/last-buffer
  "M-\\" 'indent-region
+ "M-r" 'swarsel/consult-magit-repos
  "<Paste>" 'yank
  "<Cut>" 'kill-region
  "<Copy>" 'kill-ring-save
@@ -23045,6 +26054,17 @@ Recently I have grown fond of holding presentations using Emacs :)
 (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end)
 (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide)
 
+
    +
    +
    +
    +
    +
    4.4.1.11. Render markdown blocks as body to expand noweb blocks
    +
    +
    +
    (defun org-babel-execute:markdown (body params)
+  "Just return BODY unchanged, allowing noweb expansion."
+  body)
    @@ -23186,7 +26206,7 @@ This adds support for Terraform configuration files. I need this at work.
    -

    4.4.8. nixpkgs-fmt

    +

    4.4.8. nix formatting

    Adds functions for formatting nix code. @@ -23485,8 +26505,8 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. 

     (use-package magit
   :config
-  (setq magit-repository-directories `((,swarsel-work-projects-directory  . 1)
-                                       (,swarsel-private-projects-directory . 1)
+  (setq magit-repository-directories `((,swarsel-work-projects-directory  . 3)
+                                       (,swarsel-private-projects-directory . 3)
                                        ("~/.dotfiles/" . 0)))
   :custom
   (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window
@@ -24255,8 +27275,8 @@ This adds the simple utility of sending desktop notifications whenever a new mai
    -
    -
    4.4.39.3. Work: Signing Mails (S/MIME, smime)
    +
    +
    4.4.39.3. Work: Signing Mails (S/MIME, smime)

    Used to automatically sign messages sent from my work email address using S/MIME certificate. @@ -24540,8 +27560,8 @@ Also see `prot-window-delete-popup-frame'." command) This sections is no longer used really. An introduction can be found in Structure of this file under the historical note. The little noweb-ref blocks that I still use are found in Hosts and Services.

    -
    -

    5.1. General steps when setting up a new machine

    +
    +

    5.1. General steps when setting up a new machine

    These general steps are needed when setting up a new machine and do not fit into another block well: @@ -24552,10 +27572,13 @@ These general steps are needed when setting up a new machine and do not fit into - `systemd-cryptenroll --fido2-device=auto /dev/<device, e.g. 'nvme0n1p2'>`

    + +- setup yubikey (automatic yubikey enrollment is not yet supported by `disko`): + - `systemd-cryptenroll --fido2-device=auto /dev/`
    -
    -

    5.2. Current patches and fixes

    +
    +

    5.2. Current patches and fixes

    These are current deviations from the standard settings that I take while some things are broken upstream @@ -24582,6 +27605,25 @@ These are current deviations from the standard settings that I take while some t - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)

    + +- 202501102: + - flake: + - emacs-overlay: + - : version pinned because emacsclient is currently broken on latest + - niri-flake: + - currently not using the sugared version of screenshot-[,window], as it is currently broken + - home-manager: + - emacs-tramp: + - using stable version in extraPackages (broken in unstable) + - :ensure nil in emacs tramp settings to use package in extraPackages + - emacs-calfwL + - pinned to version not in nixpkgs (is in latest emacs-overlay, but that is broken) + - vesktop: + - running stable version (broken in unstable) + - batgrep: + - running stable version (broken in unstable) + - swayosd: + - pinned to version not in nixpkgs (fixes https://github.com/ErikReider/SwayOSD/issues/175)
    @@ -25330,12 +28372,9 @@ check-trace: update: nix flake update -iso: +iso CONFIG="live-iso": rm -rf result - nix build .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso - -iso-flake FLAKE SYSTEM="x86_64" FORMAT="iso": - nixos-generate --flake .#{{FLAKE}} -f {{FORMAT}} --system {{SYSTEM}} + nix build --print-out-paths .#live-iso iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync @@ -25346,6 +28385,9 @@ dd DRIVE ISO: sync USER HOST: rsync -rltv --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:.dotfiles/ +bootstrap DEST CONFIG ARCH="x86_64-linux": + nix develop .#deploy --command zsh -c "swarsel-bootstrap -n {{CONFIG}} -d {{DEST}} -a {{ARCH}}" +
    @@ -25389,7 +28431,7 @@ index 3a0f90e..bb10f8b 100644
    -

    6.8. Zellij layout default.kdl.nix

    +

    6.8. Zellij layout swarsel.kdl.nix

    { config, pkgs }:
@@ -26954,7 +29996,7 @@ Here lies defined the readme for GitHub and Forgejo:
   nix run --experimental-features 'nix-command flakes' github:Swarsel/.dotfiles#swarsel-rebuild -- -u <YOUR_USERNAME>
   ```
 
-  This will activate the `chaostheatre` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed.
+  This will activate the `hotel` configuration on your system, which is a de-facto mirror of my main configuration with secret-based settings removed.
   Please keep in mind that this limited installer will make local changes to the cloned repository in order to be able to install it (otherwise the builder would fail at fetching my private secrets repository). As such, this should only be used to evaluate the system - if you want to use it longterm, you will need to create a fork and make some changes.
   </details>
 
@@ -26967,7 +30009,7 @@ Here lies defined the readme for GitHub and Forgejo:
 
   #### Remote deployment (recommended if you have at least one running system)
 
-  0) Fork this repo, and write your own host config at `hosts/nixos/<YOUR_CONFIG_NAME>/default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files.
+  0) Fork this repo, and write your own host config at `hosts/nixos/<YOUR_ARCHITECTURE>/<YOUR_CONFIG_NAME>/default.nix` (you can use one of the other configurations as a template. Also see https://github.com/Swarsel/.dotfiles/tree/main/modules for a list of all additional options). At the very least, you should replace the `secrets/` directory with your own secrets and replace the SSH public keys with your own ones (otherwise I will come visit you!πŸ”“β€οΈ). I personally recommend to use the literate configuration and `org-babel-tangle-file` in Emacs, but you can also simply edit the separate `.nix` files.
   1) Have a system with `nix` available booted (this does not need to be installed, i.e. you can use a NixOS installer image; a custom minimal installer ISO can be built by running `just iso` in the root of this repo)
   2) Make sure that your Yubikey is plugged in or that you have your SSH key available (and configured)
   3) Run `swarsel-bootstrap -n <CONFIGURATION_NAME> -d <TARGET_IP>` on your existing system.
@@ -27041,16 +30083,21 @@ Here lies defined the readme for GitHub and Forgejo:
   | Name               | Hardware                                            | Use                                                  |
   |--------------------|-----------------------------------------------------|------------------------------------------------------|
   |πŸ’» **pyramid**      | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop                                          |
-  |πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal lapto                                       |
-  |πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS sandbox                                        |
-  |πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Main homeserver and data storgae                     |
-  |πŸ–₯️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
-  |πŸ–₯️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+  |πŸ’» **bakery**       | Lenovo Ideapad 720S-13IKB                           | Personal laptop                                      |
+  |πŸ’» **machpizza**    | MacBook Pro 2016                                    | MacOS reference and build sandbox                    |
+  |🏠 **treehouse**    | NVIDIA DGX Spark                                    | Workstation, AI playground and home-manager reference|
+  |πŸ–₯️ **winters**      | ASRock J4105-ITX, 32GB RAM                          | Secondary homeserver and data storgae                |
+  |πŸ–₯️ **summers**      | ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM  | Main homeserver running microvms, data storage       |
+  |πŸ–₯️ **hintbooth**    | HUNSN RM02, 8GB RAM                                 | Router                                               |
+  |☁️ **milkywell**    | Oracle Cloud: VM.Standard.E2.1.Micro                | Server for lightweight synchronization tasks         |
+  |☁️ **moonside**     | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services  |
+  |☁️ **belchsfactory**| Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Hydra builder and nix binary cache                   |
+  |☁️ **monkeycave**   | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Gaming server                                        |
+  |☁️ **eagleland**    | Hetzner Cloud: CX23                                 | Mail server                                          |
   |πŸ“± **magicant**     | Samsung Galaxy Z Flip 6                             | Phone                                                |
   |πŸ’Ώ **drugstore**    | -                                                   | ISO installer configuration                          |
   |❔ **chaotheatre**  | -                                                   | Demo config for checking out my configurtion         |
   |❔ **toto**         | -                                                   | Helper configuration for bootstrapping a new system  |
-  |🏠 **treehouse**    | -                                                   | Reference configuration for a home-manager only host |
   </details>
 
   ## General Nix tips & useful links
@@ -27267,7 +30314,7 @@ builtins.listToAttrs converts a list of name-value pairs into an attribute set.
 
    -{ bakery = "directory"; chaostheatre = "directory"; milkywell = "directory"; moonside = "directory"; pyramid = "directory"; toto = "directory"; winters = "directory"; }
+{ aarch64-linux = "directory"; x86_64-linux = "directory"; }
    @@ -27515,7 +30562,7 @@ similarly, there exists an version that starts from the right.

    Author: Leon SchwarzΓ€ugl

    -

    Created: 2025-11-03 Mo 17:12

    +

    Created: 2025-11-19 Mi 15:22

    Validate

    diff --git a/modules/home/common/custom-packages.nix b/modules/home/common/custom-packages.nix index 302ba29..8efebe1 100644 --- a/modules/home/common/custom-packages.nix +++ b/modules/home/common/custom-packages.nix @@ -7,6 +7,7 @@ pass-fuzzel cdw cdb + cdr bak timer e @@ -31,8 +32,6 @@ sshrm endme git-replace - - rustdesk-vbc ]; }; } diff --git a/modules/home/common/settings.nix b/modules/home/common/settings.nix index 0f690f9..3793cbc 100644 --- a/modules/home/common/settings.nix +++ b/modules/home/common/settings.nix @@ -47,9 +47,20 @@ in }; }; - # nixpkgs.overlays = lib.mkIf isNixos (lib.mkForce null); nixpkgs = lib.mkIf (!isNixos) { - overlays = [ outputs.overlays.default ]; + overlays = [ + outputs.overlays.default + (final: prev: + let + additions = final: _: import "${self}/pkgs/config" { + inherit self config lib; + pkgs = final; + homeConfig = config; + }; + in + additions final prev + ) + ]; config = { allowUnfree = true; }; diff --git a/modules/home/common/zellij-keybinds.nix b/modules/home/common/zellij-keybinds.nix index b9ce4d4..80d28c5 100644 --- a/modules/home/common/zellij-keybinds.nix +++ b/modules/home/common/zellij-keybinds.nix @@ -620,6 +620,19 @@ _children = [{ Resize._args = [ "Increase" ]; }]; }; } + { + bind = { + _args = [ "Alt r" ]; + _children = [ + { + WriteChars._args = [ "source cdr" ]; + } + { + WriteChars._args = [ "\n" ]; + } + ]; + }; + } { bind = { _args = [ "Alt f" ]; diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index 7813983..30aa13c 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -35,7 +35,8 @@ in hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; youtube-dl = "yt-dlp"; cat-orig = "cat"; - cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; + # cdr = "cd \"$( (find $DOCUMENT_DIR_WORK $DOCUMENT_DIR_PRIV -maxdepth 1 && echo $FLAKE) | fzf )\""; + cdr = "source cdr"; nix-ldd-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; nix-ldd-locate = "nix-locate --minimal --top-level -w "; diff --git a/modules/home/optional/work.nix b/modules/home/optional/work.nix index ad74838..006638a 100644 --- a/modules/home/optional/work.nix +++ b/modules/home/optional/work.nix @@ -1,28 +1,36 @@ -{ self, config, pkgs, lib, vars, nixosConfig ? config, ... }: +{ self, inputs, config, pkgs, lib, vars, nixosConfig ? config, ... }: let - inherit (config.swarselsystems) homeDir; + inherit (config.swarselsystems) homeDir mainUser; inherit (nixosConfig.repo.secrets.local.mail) allMailAddresses; inherit (nixosConfig.repo.secrets.local.work) mailAddress; + + certsSopsFile = self + /secrets/certs/secrets.yaml; in { options.swarselmodules.optional.work = lib.mkEnableOption "optional work settings"; config = lib.mkIf config.swarselmodules.optional.work - { - home.packages = with pkgs; [ - stable.teams-for-linux - shellcheck - dig - docker - postman - # rclone - libguestfs-with-appliance - prometheus.cli - tigervnc - # openstackclient + ({ + home = { + packages = with pkgs; [ + stable.teams-for-linux + shellcheck + dig + docker + postman + # rclone + libguestfs-with-appliance + prometheus.cli + tigervnc + # openstackclient - vscode - ]; + vscode + rustdesk-vbc + ]; + sessionVariables = { + AWS_CA_BUNDLE = nixosConfig.sops.secrets.harica-root-ca.path; + }; + }; systemd.user.sessionVariables = { DOCUMENT_DIR_WORK = lib.mkForce "${homeDir}/Documents/Work"; } // lib.optionalAttrs (!config.swarselsystems.isPublic) { @@ -644,6 +652,15 @@ in }; }; - }; + } // lib.optionalAttrs (inputs ? sops) { + sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { + harica-root-ca = { + sopsFile = certsSopsFile; + path = "${homeDir}/.aws/certs/harica-root.pem"; + owner = mainUser; + }; + }; + + }); } diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index 7c2a3e1..fd2db03 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -1,8 +1,10 @@ -{ lib, config, globals, ... }: +{ self, lib, config, globals, ... }: let inherit (config.swarselsystems) mainUser homeDir; inherit (config.repo.secrets.common.emacs) radicaleUser; modules = config.home-manager.users.${mainUser}.swarselmodules; + + certsSopsFile = self + /secrets/certs/secrets.yaml; in { config = lib.mkIf config.swarselsystems.withHomeManager { @@ -22,6 +24,8 @@ in github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; + }) // (lib.optionalAttrs modules.optional.work { + harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; }) // (lib.optionalAttrs modules.anki { anki-user = { owner = mainUser; }; anki-pw = { owner = mainUser; }; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 5539de5..cdcf3a2 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -107,7 +107,19 @@ in system.stateVersion = lib.mkDefault "23.05"; nixpkgs = { - overlays = [ outputs.overlays.default ]; + overlays = [ + outputs.overlays.default + (final: prev: + let + additions = final: _: import "${self}/pkgs/config" { + inherit self config lib; + pkgs = final; + homeConfig = config.home-manager.users.${config.swarselsystems.mainUser}; + }; + in + additions final prev + ) + ]; config = { allowUnfree = true; }; diff --git a/nix/overlays.nix b/nix/overlays.nix index 828aba2..1f8fdc2 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -9,7 +9,7 @@ in overlays = { default = final: prev: let - additions = final: _: import "${self}/pkgs" { pkgs = final; inherit self lib; } + additions = final: _: import "${self}/pkgs/flake" { pkgs = final; inherit self lib; } // { swarsel-nix = import inputs.swarsel-nix { pkgs = prev; diff --git a/nix/packages.nix b/nix/packages.nix index 233747c..2f2f525 100644 --- a/nix/packages.nix +++ b/nix/packages.nix @@ -17,7 +17,7 @@ inherit (self.outputs) lib; in { - packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs" { inherit self lib pkgs; }); + packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import "${self}/pkgs/flake" { inherit self lib pkgs; }); }; perSystem = { pkgs, system, ... }: diff --git a/pkgs/config/cdr/default.nix b/pkgs/config/cdr/default.nix new file mode 100644 index 0000000..56b44df --- /dev/null +++ b/pkgs/config/cdr/default.nix @@ -0,0 +1,13 @@ +{ name, homeConfig, writeShellApplication, fzf, ... }: + +writeShellApplication { + inherit name; + runtimeInputs = [ fzf ]; + text = '' + DOCUMENT_DIR_WORK=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_WORK or ""} + DOCUMENT_DIR_PRIV=${homeConfig.systemd.user.sessionVariables.DOCUMENT_DIR_PRIV} + FLAKE=${homeConfig.home.sessionVariables.FLAKE} + + cd "$( (find "$DOCUMENT_DIR_WORK" "$DOCUMENT_DIR_PRIV" -maxdepth 1 && echo "$FLAKE") | fzf )" + ''; +} diff --git a/pkgs/config/default.nix b/pkgs/config/default.nix new file mode 100644 index 0000000..668619b --- /dev/null +++ b/pkgs/config/default.nix @@ -0,0 +1,11 @@ +{ self, homeConfig, lib, pkgs, ... }: +let + mkPackages = names: pkgs: builtins.listToAttrs (map + (name: { + inherit name; + value = pkgs.callPackage "${self}/pkgs/config/${name}" { inherit self name homeConfig; }; + }) + names); + packageNames = lib.swarselsystems.readNix "pkgs/config"; +in +mkPackages packageNames pkgs diff --git a/pkgs/bak/default.nix b/pkgs/flake/bak/default.nix similarity index 100% rename from pkgs/bak/default.nix rename to pkgs/flake/bak/default.nix diff --git a/pkgs/cdb/default.nix b/pkgs/flake/cdb/default.nix similarity index 100% rename from pkgs/cdb/default.nix rename to pkgs/flake/cdb/default.nix diff --git a/pkgs/cdw/default.nix b/pkgs/flake/cdw/default.nix similarity index 100% rename from pkgs/cdw/default.nix rename to pkgs/flake/cdw/default.nix diff --git a/pkgs/cura5/default.nix b/pkgs/flake/cura5/default.nix similarity index 100% rename from pkgs/cura5/default.nix rename to pkgs/flake/cura5/default.nix diff --git a/pkgs/default.nix b/pkgs/flake/default.nix similarity index 54% rename from pkgs/default.nix rename to pkgs/flake/default.nix index 4301f59..2bc3808 100644 --- a/pkgs/default.nix +++ b/pkgs/flake/default.nix @@ -3,9 +3,9 @@ let mkPackages = names: pkgs: builtins.listToAttrs (map (name: { inherit name; - value = pkgs.callPackage "${self}/pkgs/${name}" { inherit self name; }; + value = pkgs.callPackage "${self}/pkgs/flake/${name}" { inherit self name; }; }) names); - packageNames = lib.swarselsystems.readNix "pkgs"; + packageNames = lib.swarselsystems.readNix "pkgs/flake"; in mkPackages packageNames pkgs diff --git a/pkgs/e/default.nix b/pkgs/flake/e/default.nix similarity index 100% rename from pkgs/e/default.nix rename to pkgs/flake/e/default.nix diff --git a/pkgs/endme/default.nix b/pkgs/flake/endme/default.nix similarity index 100% rename from pkgs/endme/default.nix rename to pkgs/flake/endme/default.nix diff --git a/pkgs/eontimer/default.nix b/pkgs/flake/eontimer/default.nix similarity index 100% rename from pkgs/eontimer/default.nix rename to pkgs/flake/eontimer/default.nix diff --git a/pkgs/fhs/default.nix b/pkgs/flake/fhs/default.nix similarity index 100% rename from pkgs/fhs/default.nix rename to pkgs/flake/fhs/default.nix diff --git a/pkgs/fs-diff/default.nix b/pkgs/flake/fs-diff/default.nix similarity index 100% rename from pkgs/fs-diff/default.nix rename to pkgs/flake/fs-diff/default.nix diff --git a/pkgs/git-replace/default.nix b/pkgs/flake/git-replace/default.nix similarity index 100% rename from pkgs/git-replace/default.nix rename to pkgs/flake/git-replace/default.nix diff --git a/pkgs/github-notifications/default.nix b/pkgs/flake/github-notifications/default.nix similarity index 100% rename from pkgs/github-notifications/default.nix rename to pkgs/flake/github-notifications/default.nix diff --git a/pkgs/hm-specialisation/default.nix b/pkgs/flake/hm-specialisation/default.nix similarity index 100% rename from pkgs/hm-specialisation/default.nix rename to pkgs/flake/hm-specialisation/default.nix diff --git a/pkgs/kanshare/default.nix b/pkgs/flake/kanshare/default.nix similarity index 100% rename from pkgs/kanshare/default.nix rename to pkgs/flake/kanshare/default.nix diff --git a/pkgs/opacitytoggle/default.nix b/pkgs/flake/opacitytoggle/default.nix similarity index 100% rename from pkgs/opacitytoggle/default.nix rename to pkgs/flake/opacitytoggle/default.nix diff --git a/pkgs/pass-fuzzel/default.nix b/pkgs/flake/pass-fuzzel/default.nix similarity index 100% rename from pkgs/pass-fuzzel/default.nix rename to pkgs/flake/pass-fuzzel/default.nix diff --git a/pkgs/project/default.nix b/pkgs/flake/project/default.nix similarity index 100% rename from pkgs/project/default.nix rename to pkgs/flake/project/default.nix diff --git a/pkgs/quickpass/default.nix b/pkgs/flake/quickpass/default.nix similarity index 100% rename from pkgs/quickpass/default.nix rename to pkgs/flake/quickpass/default.nix diff --git a/pkgs/sshrm/default.nix b/pkgs/flake/sshrm/default.nix similarity index 100% rename from pkgs/sshrm/default.nix rename to pkgs/flake/sshrm/default.nix diff --git a/pkgs/swarsel-bootstrap/default.nix b/pkgs/flake/swarsel-bootstrap/default.nix similarity index 100% rename from pkgs/swarsel-bootstrap/default.nix rename to pkgs/flake/swarsel-bootstrap/default.nix diff --git a/pkgs/swarsel-build/default.nix b/pkgs/flake/swarsel-build/default.nix similarity index 100% rename from pkgs/swarsel-build/default.nix rename to pkgs/flake/swarsel-build/default.nix diff --git a/pkgs/swarsel-deploy/default.nix b/pkgs/flake/swarsel-deploy/default.nix similarity index 100% rename from pkgs/swarsel-deploy/default.nix rename to pkgs/flake/swarsel-deploy/default.nix diff --git a/pkgs/swarsel-displaypower/default.nix b/pkgs/flake/swarsel-displaypower/default.nix similarity index 100% rename from pkgs/swarsel-displaypower/default.nix rename to pkgs/flake/swarsel-displaypower/default.nix diff --git a/pkgs/swarsel-install/default.nix b/pkgs/flake/swarsel-install/default.nix similarity index 100% rename from pkgs/swarsel-install/default.nix rename to pkgs/flake/swarsel-install/default.nix diff --git a/pkgs/swarsel-instantiate/default.nix b/pkgs/flake/swarsel-instantiate/default.nix similarity index 100% rename from pkgs/swarsel-instantiate/default.nix rename to pkgs/flake/swarsel-instantiate/default.nix diff --git a/pkgs/swarsel-mgba/default.nix b/pkgs/flake/swarsel-mgba/default.nix similarity index 100% rename from pkgs/swarsel-mgba/default.nix rename to pkgs/flake/swarsel-mgba/default.nix diff --git a/pkgs/swarsel-postinstall/default.nix b/pkgs/flake/swarsel-postinstall/default.nix similarity index 100% rename from pkgs/swarsel-postinstall/default.nix rename to pkgs/flake/swarsel-postinstall/default.nix diff --git a/pkgs/swarsel-rebuild/default.nix b/pkgs/flake/swarsel-rebuild/default.nix similarity index 100% rename from pkgs/swarsel-rebuild/default.nix rename to pkgs/flake/swarsel-rebuild/default.nix diff --git a/pkgs/swarselcheck-niri/default.nix b/pkgs/flake/swarselcheck-niri/default.nix similarity index 100% rename from pkgs/swarselcheck-niri/default.nix rename to pkgs/flake/swarselcheck-niri/default.nix diff --git a/pkgs/swarselcheck/default.nix b/pkgs/flake/swarselcheck/default.nix similarity index 100% rename from pkgs/swarselcheck/default.nix rename to pkgs/flake/swarselcheck/default.nix diff --git a/pkgs/swarselzellij/default.nix b/pkgs/flake/swarselzellij/default.nix similarity index 100% rename from pkgs/swarselzellij/default.nix rename to pkgs/flake/swarselzellij/default.nix diff --git a/pkgs/t2ts/default.nix b/pkgs/flake/t2ts/default.nix similarity index 100% rename from pkgs/t2ts/default.nix rename to pkgs/flake/t2ts/default.nix diff --git a/pkgs/timer/default.nix b/pkgs/flake/timer/default.nix similarity index 100% rename from pkgs/timer/default.nix rename to pkgs/flake/timer/default.nix diff --git a/pkgs/ts2t/default.nix b/pkgs/flake/ts2t/default.nix similarity index 100% rename from pkgs/ts2t/default.nix rename to pkgs/flake/ts2t/default.nix diff --git a/pkgs/vershell/default.nix b/pkgs/flake/vershell/default.nix similarity index 100% rename from pkgs/vershell/default.nix rename to pkgs/flake/vershell/default.nix diff --git a/pkgs/waybarupdate/default.nix b/pkgs/flake/waybarupdate/default.nix similarity index 100% rename from pkgs/waybarupdate/default.nix rename to pkgs/flake/waybarupdate/default.nix diff --git a/pkgs/fullscreen/default.nix b/pkgs/fullscreen/default.nix deleted file mode 100644 index ca6080c..0000000 --- a/pkgs/fullscreen/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ name, writeShellApplication, sway, ... }: - -writeShellApplication { - inherit name; - runtimeInputs = [ sway ]; - text = '' - swaymsg '[app_id=at.yrlf.wl_mirror] move to workspace 14:T' - swaymsg '[app_id=at.yrlf.wl_mirror] fullscreen' - ''; -} diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml index 6f70d30..6564dea 100644 --- a/secrets/certs/secrets.yaml +++ b/secrets/certs/secrets.yaml @@ -2,6 +2,7 @@ pia-vpn1-crl-pem: ENC[AES256_GCM,data:vIngU8HivUQpJLZyOVTeBTmlaDxfPnyTfPakYk7aEf pia-vpn1-ca-pem: ENC[AES256_GCM,data:bRFLqNnqUqvmvo/Cs1rk5m7FzFGsZKvN/btQGC0/zS8BejOztFGL7yPaWsUVXSjxRsIEbWc2JWKzFP5AZXozDvK6vH9BWV0j/4FJBN38w87+Tr0a8U5XbGVWqEm8dr3OoCo7jRi1HkASpLtjRbL3hSSLWjCBfnd7FUyCemLR5+c6tlRuAL0ubk6N3FQYbUtfWQEDLu75TGND2EWo2CMzqfRZinFigIBQZuNCMKrRJm8cLbaAcPqy95wCtH3vPanMzdG2n2jrCt7gqTWn6tmNQH7L+RYJzpfFxoK6bOxBt2iyvyPp7nTCEMt8YZvz6Salk/V0aYnIXT4gbKVmpsdnPrwggYogLWP//dAycUjC0eF16zUkB17+Lj5zvuiEr7l+VfVZ6zt+LIo3adacdxU9vR4C6izyTJq5lVbAUYKFHxN8OMS0ZM5twtsUBmoIysyUQhE6xzMDHv9PJiK6A7BDFQ+PjzJcYWeBhGCr68Fj1flcHQEZxSuqbvFdwllhJiLAsO/TlqMf5IRIDGS1H9ouiEPuZ/VpD4JrjhW6QsUF2ALqDD9IuDQVQ464kqtVZdD/tQawF0zcoBNYI/YDKjgbI/sw3IrBpOuvdVHFq0Ea26igdupRZSzuLb/OSJ0G1nKnirs6gPlMw8rlvI1p8cSrSUSFlp+BBU2kV+GD9S5cXsQYfuuFJquPM62QQo/GvlBKZ1Vbz1fr+WzLxTyoz8m0VsduPuSnRx3IUcrVvs/MOmwcylbnTpZ1nmRjZ2dy0Ev7XDLeCbi3i1gnHPKAqQaA+tNo8EmkaxBqO7nfFulUZwaooKBGwy7AxjiCD2FBKYJm+5WUqXYXCDGpA9UxPtagCkEljETRulO1tyKWuP50QiYKaXk1Y0Z8SY8PZkNHpEjlCee6Nb0VBkmusIVFFoc5D7bO0TYqq9nqgrsFUTPHOhHHyCewwcTHZcISAK3Bi9AUWYwFAQUopwFDCE5rkM2Rcfo0khW+1fd7EPQysk3HJn81KnV06jc9AcOGJQkWxGfBOsBROuXJmiCZzF5jg4AK2fEjvvPm2f1S6IbIPoTyMk79eBDAZJsbS61uvRd46Ik4IhPFmgM4wcraNEzegSnaDiIgZA+bYO1t14TD/ctOGHeGt12lqWkkqcKyL9MTOuuW32sNSWsL4MWHGYmS89RrJXYalG0ql9WKEJit8UXwTkNxDZ6XHvLGMkaJBVKgaU48Mf/ejgAoqwgob7fG0cxV/YPUnVhS5ODdZ89tjxeSeQWJULmLxK0Tq3znCqQYhHS4dKXCDOXo0P7ZoA0ludVF87QLPe5V6cccPTvnEBHKDTEhBzkkS2smbz/MLacOBexkW2ypPlNgAsiyqThrdZC4O0GpX80TmNHQy4kfqcAQ30jmN5Ay4muFjAunJvWIqBZBZ7bHUR6exvjng3tU7hmzoykJ/1ful11C59ydvOkpMdERBNbtoh9xBxSe645+H6iYrESsBfRNMzdEg5FppGM2KRLQPD27c5ywQxAvjf6e6PClkmF81FlvD3FrUoQYZBmGGYLZRtKm4Dk7rk7JxvIzVpcSH5DBhlStyVH6EAG/R/3AvGbXdGcAPK3pS6DBSur6CZh86/75HOv3/CfQQj2bkmAmtMOX+x83U8ts5sINJjq8dcsU1m9RfAgasw+OFVsqYGLfJita1kYmYIvPHQlAZuuFUrm6PPFZ73Mz+u9rkpGxEGPZ2N35naULBkX0Tn8EpTaPJgyua914Yrd5foQhtD/SvfFp4TaVAQ2XsrJpHWs92oyZipmAYonB8UoifKxwBPa6dB/E7nmzZfL9+FS+3QVvDBDvI7FNLS+90TCWY949N7Luc6EPt2NVxwXpSUI4YmB4WDpAnbvO1+9U5VToXe000DClv6N3HI54lLsm2sSNZCDAJVW8it+dKQXB+SSmwExoeamcWlEpMRTIL1kcJu16CTVXtwuEmaLNiianl/XaLSDBvXynAbqaZqjtwpTSggiuIsFU8NvofflucU2IohYJRExfser8tCWBJ7+/YznNI4zH0OByIsOfys202LfIV4DYhGITgYlCZYzeR5/egxZ7Ge0ezEW/pDaUCsqyHrx8Qj+iFuTEZtBR0/sVT34sEx0QmPmcRE+jBIZkFQ/2nt2OdRgqhl66ArbAL06S7d0VD+I+fc4Z6jFhmeDg4ROYe5Zo+4vD/WBl2bPKK2sjB80IkrnJ0f/JmT/TajeRU2d1+l9cEXzz2+pxWT0SQ7MrNIVzOuyatelvSLgzdI5bRgc4Hs4nsAvb18M+joC/CgjAw8Cf1EdqnRo9k97IhhWuglx/wVYL8XLQnSLzBzv8lUXthRIJ0EaNtp8LlAkEqQAyXGpuctRO8aSjZ3WRqudGCDQ9awwgCaxPDyLILqkNlUjqr5phuk1prSPruixFFkKT3XzT57kv9CVMTEqIH/q1ukNJC353VIFUF9RhmRMiBFKUy3Cpy7vp0YVSnq+HF0pR9xttGN2gbQ6QdeB2ZpeCbfFEOdp5nFNTKpRMGNBq6CCIF5KoZA8jdneYYzTZ5b6zkCAR8Hf1hkppDnRbZhHa4SIMO9WDCv0b7o6SFkVqtTJlTJzavcLXizMf2D/lgVBmCbqrGOBYiyOhkQvIpSLBhyUmyLu6WtET51lkc/DmLhaN4MKXdKF1PQw3UblH1wtRrng/4cYo56ftgXD7m2YMqDYevNZ11pkR,iv:bIQdKQPSsaR7cY6mfTZdqQTowEcga4H9yzNANHKcNEw=,tag:oto4R2yeumVxKoPy+U2eKQ==,type:str] kanidm-self-signed-crt: ENC[AES256_GCM,data:1+dM8NdsKcuqlCAbQBF7+gnVbeKbc6Gtr9AaBId/ehJjHDkHm4Ptg2pVSvkapjJE5TKTAOWF17lRuKgVpCfPxATBUu6RCrvnJHRcUyQiS9wuGRAlQBWICv2ygtfx6ODGaBuLEzAulxGHT69UG7IgB7XH6bPPqTNDPKduRw35KMYMpCsH/9kVpIAWp5r0hCDL9zGUnBrGyclpdwDtbowW0j5qOoCYrcj2OvQMzr9gNvOLKiIaEBnXV95WkSUbt9RSrE476Ib4uH3aXtoWkkGeZTEiFXAhf8cqVV2xP2tpJWEgl781L9Gno6D7r3A/doF8wA9GSByS4IdOJqUpEHK1+6Txl0WrkK/h9LEqHrIaTgyzz35wMXlVeBFYFsmrmZZCZHsIaPhHRoAJxfzxrz/kThBsfhaH8G5QiiRtn8DZynopSPSj5XEsN8tZvWARfiNvNLEH9RKZgtyodoxIc6+jGCQl2Pg2oKP7YWb7Xza/zVN8ZKF2dpHzPrrxUObu275Tte9PiOXKvHVSlcBZsqom6Cd8WaI0Cwsd46sZUo0nV1FBAPyYAf329D1yauwF0S+SsHR+wQxo7pAigVjTpp3CwwiKUBhf4Pnov646+idXZNbPpAHDkhuaQM1JXkxo8EFYR13lIYvlSnPC8YwzSYHyMhV9h7GZKwUwC8988Jn1vxA1Iju7s2biJMndWT0z4522iMx6Quy7Imn78Pq4V5gYanuaDiDOJyD8na18l3BNdU8+Y+8d0hM55FlquypeR+fdp9DhGQToQb6RJzMFVurvtQIvDJzyciNbx/ha+OthI1IflhiCICNhIG4vZp5RCGLNj0ZL/nV/F9wC/JxUSIiTNSpqpI1cRfCDlKooWHLryNj73I0GfeliZFNNAoQHw506bOZD4dIOi6MleqqGOPEopKS+7c8mVTIGEXARtW1UTa40zYri8q/WIV4QkiaMBMCv8giLy3CiTPucmjOlV94KjVMU/ZnEO6BPnMWGJ2MuEzF8i27DvEH3hDdrCiRvCLwyd5xdSoVL1xv41LqhBLS0kUT8pJW3zuSAYw1IGhB201X+qvEtWa+3V19VoF9oHyBh4mwvYtJxaCq1LTVfwrw8xg0pDYP8uIpbHYIClovcZ2OtVVlIZGOKeCRrOKLClbA0cS0ZrEF0S5LO3cTwLyUlHC0GrMsZzwW2JH3mShxTvTrU4ryVaYObW0nqymeCUYZn5mxVCq3Hl2MwEX0cmB6NWAweLzDc9ngiu3w07bO2czgXZjREZrPvbQ+CFmfP6XFiguTCF0qdQJ4g31oGyDWbuK1tl/mpmnnUc02/BfZkpKB7q5FY6Ig0PsvwAyuHuARAo8uBPaNFPJp1rfkmNRZ1gIb2pL0KWG6+QQt0aoZ6/f4DSsUDKlnkTyUtSGqrwg3RJA9dBeOKkikfWtbOB6tOnA4PLnxXyEzw+s4cc3H03jxRsP72TF2qVrSJLSKYpD/Gm3ULdhqWlOO42fMAowh8Dx5w6mlXHBBxtigVfZy0Fu1Y+4lB7OnPpvCGPjX22FJlgb7cIufX2ksNGOwOV+sysI8zgJCNRRrol4vTHNsVnp1B++64Z7MYjVX7mIdffzKY4jdV8RgqJLHavn1d+dKG5NxkzPXOJtrTemZfGbuSWROEjH6MdcF45NgwCY3eakWMazeo0pGJWaBIMixN2J/XzMWhEgopO4+zrp7fDV36lqV2MUySOeRZsXFOHejxTG+OHTTa00RZxsZzvzpVzQqN5hhVeQPUCLwPurJdYnuYs7hr8leQOAVxLglqs/OnbhaCWyMKRDkqPx1baY45ytCdmp8IBCzFrIbbAvRA72xUNwHCKGf4RY9QhsyrFTltyRBVPaVG0LJhVxMbtf25gYgSyooPANcUm4BI5EvdFAJx1i9xnfGzgh/JEx8eZic7Cu9xryUbuL0n95HocJAmRu0+MTUuiFlMxIfnvB1K6I3J6KJIojd+6FMCb5k8QRESCR6TK3PtsuCpBj9oJF8g/rMfKeX8reSZn1aBtI7XHqKGxk2I7lYh5wqa07nIKQkB5FRcNUJ/tQQt+mUZDxW27ELX6Oh3JLZysSMw+Y08mT/1AwF+kqA5aHjpAxUBwQQfcn+WUxu9usNE6HdXjrrrSuIVWS9m0BloIUt/MIOPHiRYNW9wx5A5SJwdLSN0G2r9VD/2a7YguXjtDSCLxiVTzoKodhXir/U868CvCprhYZrFT8po3GeNOOb5psrNpaFeI6uWJzoNn0fren9fD+eZk+HFgZVi5aT6CNy9fYYtDv16vyapSTowmmcn3OjtTeSOe2oHfkfe4TeP1BMNx8263jmCeYLipPm+mGyHHnb3cBHWgDZX3QfMlVoFKUm9p+aDiKoA6YFqmy1+9r7EvZ9QCQ66UIxMYt7e5wL4P8ukmttG90GQFNKNA86OMd4nOrtsl4c+PNCbYRxYf0qyc0ad2wyyReHvwDKOoIRSbwkVTxZrSTZA0wXW2y7ddW3K1Ld2+qBSPtIYHTHM5w==,iv:LIuJpGoxOCBX73ZyjIUl9mYVA0wcRdue8EJyfqQzcK0=,tag:5W2UVbOH3Lma99lVxDdkNw==,type:str] kanidm-self-signed-key: ENC[AES256_GCM,data:IIi2LK13Tskk7V6jALsVYOYKgNobhUlmai1z9PwohkUUbXYpmvaB8yu56lssUb/xX9cdFHghDM8YHhS0FOe44ugDexisZRXhyxWIenGRRTJM99/RWEO4Ew04ZFWAMrCUFdDHuSThNhaLyuEm291cp0iA05W9Z/G7i3ymKlqE8Wg6HkcaxkuSek10S74SYAABbfrz/8KfZQdfN1fl8i+0UD8/n42XpT1wU45CldZfDuRjOmsRaDwDDgXageFhsN2oJuZQjA3060sMom+/DUDHPam3eYYKE9ulNcrPhJKFzB0r5RJYnLZEY+wtiYI6YMZs2x5aXAvuh+dmjD8rVWTQb9ZuuJlMvVv0PInORojMs/LyJNsxC/Rv48wY8lCIkalfAVa8TkGiptiX02kNELOsWlBuPzawynzNi6tFRn0gHQl1wSrjOJi9oPRiiV5Ru1ufmDCivHOoJlDoPZ9fqTnMf14tdUPAlSRgAho9d6yke0t0/7y0QIEQClOMaUF+xdJ+pJxXY4puesCPcw9f7R068tFNINNz42xCvSEP2VgSEa2lvFs7Uw0OKf6QZ+cFxuM85CWPE/58kShKLz0GNo1t509+sZC9aazbpsvTMacedo+m+D9aiPiX4dmkT0VK75JXlX5WEUkFL/p8ZVQ/z3m1yvtXv56iPO0mgvGHHAPy2i8khfa1hqwnFO+Z2JiG2Bcydf2I7fW3rBOQZbBINd5YVMm8qN3f7notptLP4GY+vAWm67+FwdF/YFVVseXmqipGvhjx7bw07WasBC6Cscaw3FDRDEx3LYckdfEO928Edq3G2G+Wme5uYwzvHB9fqW3w9UoFS9j5cYumbbFjPCsQUK5PZmKa4hhg4eFnn0jcUTl7/rs213iFsHWxHmzOgVlo2iIkc1eDlKGvdJRY+zqOPnwJiiqxbE3P8kpH5FObmEqY57+eUT/g1bEaqFRYEH6Wq3kONujQrTZipCyor9ai4+bYhGI4SdxEpA6eQfcyFljofNiTbDAfURjvGtLkvY1pUpimyafoYU1EIOuB+aBlIR9XE7baiX7PnidSWqhMqS5ua/eLSYmRgFAxWmpyMNPXbMj/7CL7MSaDZvIvbyXW5nHm+RzjFYU7HzP6nl0WeURUsnvY9maYJOVPsN/1p/vrQ1ezTXFGhPmiHX1K4NunVZ8bGo7bU7OO7T3e+xcrkGjZQIlZA7FpLrYwF3kIwy1WdSOUIKF4EKNvmmJr+yYq2Mkaw6dd4hua+50hGzePGYrnYBJHYTeQhhjXd+uU30bFJ7y+WmABts4oJCEoU8wScgZ3Cds0ZKu5lCgxxBGcz4P3oMagSct400WiMHZ0VQIHb1V4+prjhVJVm5hcxgfVXFEJOA44zkmD/XIsqla2CFEpL9AEoIPyBOZFY+RUnLZ/oPVGJzVfL4XvDdji0Wcvaw7FpKu5KUYs1vxloVDsMpNUJNK4snvB63ppitm7uYF5sVD+1rLAWIs8SdT+zo7bq5mUFUBSS9ZypAKQbdcprqn4myZ62CFHJbgyAxwX0fnPcvn3YBJmCuZBm9+zCNuFr1fYOhcwY+YLiXuel1UeEfmFjTU4EDiELY34EUdhxh/PqTirvBtU7JEdeOZXInHSqILOqzWsfQ4Qp6pTDQum4Qt2aRWWg0ls4b4ublXrTaz0gKoQlfyRNQN1F6d6+dYU6O4If8VRBs5TKnJ2GxJaky2XCJW7AdtnOy3XdDv+avKwFJ1yDp1rwi9iVTUI9djmJohEBCiXDEp3gzHBtNoReZV0Fo435whb4jA3NmoJEvyZpaDSQm+lF46glxDye7dvsp6WsFL9vOLiYcED/RrlRBQpI63eVRBCslNT/4tQVSiYzxnLnDpMyVmXPIBmcV3fe94on1Uvn0J1r5Jvl8GPKuZ5BZ8rqN/psxoKVuBToUTJJZu+78T+sT1cPsn0S3rOCZp+sWn0fZ64NQzaxgH8M6G5epBj8ZDY2SSbLNUa0Gj93lPoYOYWVUIUROcKuhgbWw7JFgWIe6c+jF8yQ/BOJigLr2mLeIterVlXyILZbQEm0AkV+bu9nt0QUDWiRL4h80BVu0jycgTksCyy7zRrz09fzkjrWuFmPZ0rEr3E0dJCV5uZeF7P/GKuvLTdwwn8Imb9r6oNFhCdBvVeGD2V4XzJxzf0kem45aAYwWWSMELPCzHTSvxUMUjo6tzvILeuLYrr8ztE9pim7ZIOA9xKTfQ5LF9XTBpYTfC2+aSmPNnfxnR0gbniLPb/XYur7iGM658WwPkh+1I+VaSyUBWl4HitQGa5q5T/bfSDMe+SxczcsGibIA24iCUwCSVo/jrhcGaGVVVldTFQ+nj5jD1hMVsuzvKe4MyTyHvubjYgjK39qXmLX2NInvgz7FfVLwwPzEh5LDmK3Nl46aHqRISK95BH2PusnP1z0HA+375fVsoIxmbQT7QRbovsmIf2vEU/6EB32DeyLjRIe/2lmTsfBgpm0ju7tRRNMHe61YZBC8Ed6QuTKvHp5bFmXntMQUAoRqyQQe4XFzCHago8guAdV1UkPMcFdZxN8L2D96EXKO3dpF4+6fnCo/c/yQ5+sMhwzzJYE/gV1gOJkyraxJofjUCr6+tzF99HM7x5YFzkJGhtpHtnLGXRwml7wlKH45o0MIXrNmeE6lIX29lw0wMPyq1WYF3tZ63csRzXw8HS6/zukFKM2D6r5sOz1D8zZ3AamEkQm4axsiz45pxgzwxq8uCi4kU14vFr5QOQ0n/DYr5KSUVmsSHokCfyf769NDTRhE6SZDTEjx9mJ0uzB7VAKXI+pKUd9gJhLJcsrjVF+HoDIhoYY8h9Llm+lfhKmiS/eqmo0CbPzwYQM9LljL1V7L7ydel3wxcOrRWISQF5j52KhIT4TiVQKciCH3cvgXJzJGpnjMZzeuhHEvyFhWeLmfqCGqSq74j8alwGrPPy389ofw3lQ7Lkh3F4obz2YYoFfs+6ZhFA1kKNNbf191qskiIJFbYvaKbnASfGa7iw/W0VnC7/unNswozb+q9ur3L47ZeusPUD6ZJfAqxyabmCRpCFkfpuGgxnprzB6wECD5GLp02SnZUqRS++jXoKrMBaLtj2wnyPO8m+V5BZHaqWSUzc7yDN808ttxTCHBITQds62rDqmRhvxceT6NmWrt+ztM369M2k9WNp7BcfcExVdtdfmq0nt9Ykox0IisJKyVn5k7By4WEz3rGdIkFLPTN2SGlSs63olEFd9MYM/JePFIUicnZ7fQAh87ZwYnlzbmD7KwolcM3s+B4y+dYyjpUPAcyF6qcc7Z+6Jh+Kqr6WKl3b6K726xe7XJYpYgw3pwSigzdidknDNNicu0wHRll/BpZJ2VJkes8OBpJIun2Z0WTe6aG8b3tbwMfRG4aleoImJGwWDKZQ6o4aVR0awZifVaJ4/xgX2bjPCPVY5nOEh13aNzUW1itKw20dDIb1I5fSaRP0YLVX5uHpzGFbcLW+nySTibuRph8EeYF0yrVjuoO+KPvr7InAA7zENCmJsDjkjnd9g+WR4wm73oE68/wpBCtlFGXxuhLP5RfdM7zEzK83iQksq4Eaa/xd/lV8qBAG63wolgk3spL9ZSJwe/5lHafM7aKznKuSPU8gz3X8dMeeCKEffXUQCcsBVacNKL4EVPz6KdjZQixUkOG0JDCFcAU3YfquS9SwvfbiO7x6d7rv0kQqMEexx6j+UYV5udTyPkmfz4IEvqsmU2zjIvgUEqeM2t8+I4V7PW676gbbDfQJiRqTrKhiPw7/ZDtPwxOPOKUwT3UMaOZ7i/6gLucdivJMMWAe799tK24ZQQS4ELI1xsKiRRidB7vHOMIkCYj5QdZbLqFSyR3bCLq/EolmMDWnA0yKCsY3UtrCaYVdpaNKDM0bdMhNuXXypy8wJdFr2C4juB1kUYyAA/LTskZYbyQV80b+vq8dKc5W3b5Q13Chm/wGRlisBmi8NhYXtJL8j72L/3K82bbwhHc+VLwmffxYq/zl0XZrMc/ZlLhoKHOGEDMe33SXhRDOUxchDTsblSnbybvW6EGs2IZqp1IYi3YtWkfoo2qHvnVa1OgNlpaAs7vMZ95wmvWJO3SDIJpAkGufDcgi8MPw1AyU2BLFI2PAcY9/x83jPtimVTJ2yTysC3eBZFaYPyaK0xWlAVtk+FR6oN5CvZwu/zKLNd73VOZAL2/4cMZq9PB598MLIrY+Ear2oFoINzLqv0NxUIaX/380P2327ZoUBpb5kSxyI/oAge1PjgnmV+FiInNom49YoehMRDNSCEk9n5gFghcX8VmM6DRemXKIZlj46ZXz9b1os3gc79BiHLY2OyazwP7xQGJO7/kcNJLI/wzPuVHDdqPcI3sk+IU=,iv:p7TGpmls39IYix0rHgeeV+ngkQkXybrUtKQCOF+M8rk=,tag:lNmUlYzd/zxvCfpk50TXTw==,type:str] +harica-root-ca: ENC[AES256_GCM,data:Q81ku0Cpn+taKbgSb6JntZjGblSHO7mzNIGqiHzsUrEpT7fZ7dCBTtHrOv5vQCz3W7k8u2HEEyrJBIgTdaECBTENp/rRwXBh3BCj78taxK+iweF86Ty/BnhWd3POLoYVIJcdG6Yn/oJtoFPqVLb94zzmx1yRXs3mgiItPoWjhIZFe7myQkxGCkPvAU+sJhMCkj+nQ/ZmEOQSgv7kQhhNrNAWidYRcW+vOb2gj+6na4Vw9yIA13zXWX8NQ+4El62UOJ+WPpmVbwl4MOxffKnETYFFRnkpGb9cTL4Cfujs2nFpyJzqA/GwrbOvbbCevMZf+78M3LUtFSk5+tnhE+J3qwnq3ADey3Pcya6VrJJJSVQw4cue92aKP3dGFF3lb59HO9KEqEBIZ+xMSEcqmZcfvBaAFqNeCqw9h2lNFsK/0Yz5Fx+uJXr6BOS8Mt5fZ2SKSKoUpm/Y0qaloEwnqs/KGTA1BBjhwjtO8NjcD8HM3FWkjP2/atR57jKMe35Rz9LTysb6N0ntotK67wEM52Vp4gliIcPlOzNA3LREaVcycRqW8OHvTHiW2SRe0sDVz9hzBCJirNGAGY+qMZHuXMQoKxySmj6GvvtEiptSt1UmDqgcwAbz5ki6DTYM96ZoEH6AtH1tG7tHcuZ6EfT+hMQPLY9wpTMATEWMYOFUfPY+u4cEnvJbQPdQMNN5mxOfsqu+2rhomekTDzPDqSdmPdjOAqHZHSvZ2n6x9pb1ChIcpWbLkB6I6NtSZ1LnVJl0KlaID35396gJ2nkTlCmBHaeIs9q+RvsDGOS898iONh6mvBBVj0l69sKRTa9XS/gJPoBwLX7WSNRls9MQGgzXo0CbmmnsqNnSZVtmITNMX5xaum/rU/Ej+3UBdVbH19McqbQ0sJVTAyqJgtJyNu5M4ktrueJK4wz+Ik4DryBB+23VrRFb3RoeBTa00oqWqwFDphsvx/OWdJ2D04hb0ITCYtg8rV0e52AO2evqL5o/1NUJdyq79QvXKSRYPPmuTsCfR7uCG9Le9gibqPhubCawJWwA0m5K/B39Rrnphu2/2KFn8CSS6rct5vr4vqYdYdfbv+qhcstkoQaYvu8StLHrtmXs6P0ySFAatBnzTuHlIk0IhmcZCTULp1OeDTpZyPH/fILLp/fE6TcdASCrWijSWN2mzAq/vp+Gz0AHXn7n0MVeMOkUvvmi6K+6dLgY8AmL8ceFamWg4TsxWxPNNeZiHlQmMD4jbQ/uR33iaXrstu2g5CfB9XEt3HRw5ZnulVHDrpHY9rECi/PtgpkbrwD8f8sBuaDzfEsBpbWGOUrFBHzdDKQmHltor3WmYJAdflSeJ9P0X3WuVuL3iEues8HWkTOk8SqiKgMKTwpJsg9uUm86hm4to0vaVG9C4Qkyvcs79MAHLMT16Ujg9pmm3xQsFKFvr8LrbfbxdOPWRvbLPLCnaULG9mi20pixtTcnIv1kx7AZ5d8pxwJBRcCaWZtpV0PIWIDjDMY3mxB1wHzjfonS/ZQ4nOuF5pNL5HxlfxLW7eRbqbc3+gJIJOeVSVNY/xwRVmBN6c+n9+nFrgp0geBJjG2h5hQ3TyyVn6iuWeT3+XB8+F97/76Jj6mbQdxAkQ+e7NLxDpEsBmOaXHOhP851nWiAgIIYYeKcMbjNiTdHghjWndEEEf/flrV84mZtgEcKwR01yC4+FiTPceI0yNcIx99yoFb8G72u6f5KiH/fsbYV0otraEEmmMQcMpH3s3OgFjkVQQz0i6WETJHMjz8L1Sb8/iUm3nIt9W+y0xEftSeoJAJ3n5hGp0gayC+XV1pcDDRCVryBrMYzBhYBcrfYuiL6KaGrHGm2nfkhosDEVFcyA1D4xqXhC6Mndy6Uv4AMYBKAMq0opgkdqMDe5jAlmFyd/xSEZk8ySNlD+d64AZqETTc+MgZ1sh4dMNEeN5H9A291kTJIbRXzUP6GbP14lW3z1Meq0WxH0ijsDJHdHwu8u8LPu0D8m3FVHR4kWn0eLrYrYaGyRW0rfvdMvc3rVOGwGR/7e4P1py7/7q3TS2/6ZoHJDNptPF7K0XBbapSNjFBCpo/QT22vo3eBmw3WvG/CLPk7yAc47EmT64YP7zvvNaA9JcQWlx3r5oWT7lhYvgP3tcUFlWXXOcV4EN8CeAB7fOF3T2vU7HxM5CC+mBYFXydSh4a/yK40aR7C7HMLpNGDIZaLPk6GxsQbCrsqcAqc+BitSAUiTZ90cgAQf+V8iadZPLb/xYUnqhT8EwWrNB2af7PSX8oM6Ot8zXLaTfnxsQmq11FeNyUHxU32UhjnC0JsdXzL6i57VlLs0iWqkoHZO4ICtezkXbOeWapZGSecWdXlY+/4CURQDV8owqppos9GIEBBDr1IiXy6V5EoMW1cphEWIL+EqHCD7puYijvVMI9FjJwsJN5lpz556FaNIcB5tQXqeQ0GNpIxJkOmR6tLBH6BokbXoVq+atWVa56O2hegXmltc2LSZrWTaTEI1MAmR3hSxd0wcIOEPAj1ZHYTLLxo4HUa4Ks/lpgxWUYKAIzrVxo5YSRgm29P5ZOqt72DaqZe7PePoR6OPhzFJCe3SYlQ2Ofxcn4ArH7N5u1pwkomFJAgv7cEGNm8jZs+hZdx43fdu2bB8as8S7xGAQEYEMtFjb28TMgLT/RSZfTmjnWC04Ktf0E1oO9u7L+PrQ==,iv:0FTPt+bXgzOngxxFqoP1Sg12j0BMk4pJj5JIsHWPIuQ=,tag:tigFlF0LxzG8Za5+kbG4fA==,type:str] sops: age: - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy @@ -67,8 +68,8 @@ sops: bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0 OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-05T11:01:02Z" - mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] + lastmodified: "2025-11-19T14:09:27Z" + mac: ENC[AES256_GCM,data:tZ6QzVPivueZiC9Qfb3KNZAv02QatgHRNnlM+Y0iV4BZkYoBjxeDojutizvAMwUarnubUdk5I6m2OZK1mvVDZKXyI6zALX4JMeT2xYQWRHYzHpOygLhhGwTFVhV+0C4jN+eJFF2cNf9lu7NuZI9ylZSOY8I3YKUl+l0l3CkXUl4=,iv:JSGOUq+j9T/NXspn70dfu0J4ISV6vVFZUe/Z1CirrJk=,tag:Hm9N55f9qMc056nSTR1piw==,type:str] pgp: - created_at: "2025-11-11T17:51:25Z" enc: |- @@ -102,4 +103,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE7925262289B476DBBC17B76FD3810215AE097 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0