diff --git a/flake.lock b/flake.lock index 654e6d2..789d957 100755 --- a/flake.lock +++ b/flake.lock @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1771987897, - "narHash": "sha256-5pNQFGxG3fxS9pGnNBJjT76veotKIKq2XpAVFGAhCdI=", + "lastModified": 1772764582, + "narHash": "sha256-hSwjmpXHFqzSXrndVekA0IheKrbC7wi0IbfZTYwlmXw=", "owner": "caelestia-dots", "repo": "cli", - "rev": "b0d68f0a1c48fa138d6fde94dcbecea801a86a01", + "rev": "4bcd42f482d038b98145b0b03388244b68b7d35d", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1772330657, - "narHash": "sha256-cWblprYsDUeAWA57xAqxIjNxXvDI/rqYn6TFp2OPi/k=", + "lastModified": 1772934947, + "narHash": "sha256-CCZKZAa7uaRBY5TgKG59fOpmDkBiGkY78mbcJ68A9Vw=", "owner": "caelestia-dots", "repo": "shell", - "rev": "278fd4a4ed1bfb42c3fe197ff38b587539c012aa", + "rev": "658e09f89664978497a81f744a8f9186ee32c518", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1772420042, - "narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=", + "lastModified": 1772867152, + "narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=", "owner": "nix-community", "repo": "disko", - "rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6", + "rev": "eaafb89b56e948661d618eefd4757d9ea8d77514", "type": "github" }, "original": { @@ -637,7 +637,7 @@ }, "flake-utils_6": { "inputs": { - "systems": "systems_11" + "systems": "systems_12" }, "locked": { "lastModified": 1731533236, @@ -679,11 +679,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1772511675, - "narHash": "sha256-0VoWORbMVtDW7fwN0qwoc5SDZ6t/mdmt2NJSkQ1Mil0=", + "lastModified": 1772901710, + "narHash": "sha256-iHVOdllj/cLEV7SdcvSjPem2pP6K7ISPL+HKnENoWjA=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "2502ca294efe5aa9722c36e25b2252b0150054e9", + "rev": "472b926a4d7abbacad4deea17aa0a0c69ffc12d3", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1772024342, - "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -824,11 +824,11 @@ ] }, "locked": { - "lastModified": 1772516620, - "narHash": "sha256-2r4cKdqCVlQkvcTcLUMxmsmAYZZxCMd//w/PnDnukTE=", + "lastModified": 1772845525, + "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2b9504d5a0169d4940a312abe2df2c5658db8de9", + "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0", "type": "github" }, "original": { @@ -912,11 +912,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1772487546, - "narHash": "sha256-DJugMsFeTNwV9MUIqQr+aE7xLBhKppYi8O+b2ACmUTU=", + "lastModified": 1772913214, + "narHash": "sha256-lI361+KhTUerHMYJOaDzVhIikAX1PNcZMNY1WEx/+dc=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "be03497b82be332a124dd170e8741623791ef7c4", + "rev": "a4ecae91600d7e8ceb31610176d6b40cb816711b", "type": "github" }, "original": { @@ -1260,11 +1260,11 @@ "scenefx": "scenefx" }, "locked": { - "lastModified": 1772520692, - "narHash": "sha256-kF242TbUoMN1WwBu1G37lBZmITxqfmzPRE7IL5gmwIk=", + "lastModified": 1772930756, + "narHash": "sha256-/+qbxTdtSnHozEGqs/P/ybE8k9aA8eAUCOaah8WqHtY=", "owner": "DreamMaoMao", "repo": "mango", - "rev": "1e1d41e626aa12057c03ec79ed11bcc5619f6748", + "rev": "a4ad8d0d1945fa37063ac3d112926e061f158c73", "type": "github" }, "original": { @@ -1297,11 +1297,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1772338235, - "narHash": "sha256-9XcwtSIL/c+pkC3SBNuxCJuSktFOBV1TLvvkhekyB8I=", + "lastModified": 1772922713, + "narHash": "sha256-+dn2D7gNrrld3q/AapoZZ6HL8xnBS/pcV4Gye1Nfsg0=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "9d1ff9b53532908a5eba7707931c9093508b6b92", + "rev": "6207a74a1ec31d3aa628cb98eb75795a10f49dea", "type": "github" }, "original": { @@ -1354,11 +1354,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1772496284, - "narHash": "sha256-pDGgYqXFU5cY1Jn11R7N/Q6DFazg6CQq8KDlqvyl/XE=", + "lastModified": 1772928300, + "narHash": "sha256-7WXA2vUlHNvCjjTDLsM0CGzTE52d8M8tXj+c4QOQnsk=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "fc9e6626baffb5b577810269713aedc37e95ef60", + "rev": "8df2141922896b7923ab78d624951f29531b5e8a", "type": "github" }, "original": { @@ -1370,11 +1370,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1772473891, - "narHash": "sha256-E/0dAqFsUm4DggmHBl8rfI67yK227RXpzbEkZ7729bM=", + "lastModified": 1772909350, + "narHash": "sha256-SOywFX51TumgEMzjRN8JBo2E59Dr9+13sye7qv20nR8=", "owner": "neovim", "repo": "neovim", - "rev": "a8361c3afc5b9281814e9f16a9d4291e095b38fa", + "rev": "e8e694d837427bd158d51dd62a25f165d49725c6", "type": "github" }, "original": { @@ -1515,11 +1515,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1772334875, - "narHash": "sha256-AveYVY2plEJ62Br6iAd4fB5PDYyjJoTEmgdWRV3m+Vo=", + "lastModified": 1772592046, + "narHash": "sha256-+Lyl+mGVd0t2nlR6ODK/gvUHzMtF5qLlbTK+x5tCenU=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "a852ac73a4f9bf8270bdac90a72a28fef5df846b", + "rev": "483abf9ad6aeac1d61f2a5419ded2879f0c4795e", "type": "github" }, "original": { @@ -1712,11 +1712,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1772419343, - "narHash": "sha256-QU3Cd5DJH7dHyMnGEFfPcZDaCAsJQ6tUD+JuUsYqnKU=", + "lastModified": 1772736753, + "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "93178f6a00c22fcdee1c6f5f9ab92f2072072ea9", + "rev": "917fec990948658ef1ccd07cef2a1ef060786846", "type": "github" }, "original": { @@ -1744,11 +1744,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1772479524, - "narHash": "sha256-u7nCaNiMjqvKpE+uZz9hE7pgXXTmm5yvdtFaqzSzUQI=", + "lastModified": 1772736753, + "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4215e62dc2cd3bc705b0a423b9719ff6be378a43", + "rev": "917fec990948658ef1ccd07cef2a1ef060786846", "type": "github" }, "original": { @@ -1795,14 +1795,16 @@ "nixpkgs": [ "nixpkgs" ], - "noctalia-qs": "noctalia-qs" + "noctalia-qs": [ + "noctalia-qs" + ] }, "locked": { - "lastModified": 1772500480, - "narHash": "sha256-7Rj0vLxKBn25QDKaW1heAQPH9ICg/cyrlLsoEPO0E58=", + "lastModified": 1772925400, + "narHash": "sha256-I0Gb+CO6bXi1U5PYgCqnuvI1B+R9kZtamLwhVvOywSo=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "ddfb06fe5b8d859578b269362d2f3e21b5dc5a75", + "rev": "5f319987a5003c383678f4aae0cf71f78c7ea49e", "type": "github" }, "original": { @@ -1814,16 +1816,16 @@ "noctalia-qs": { "inputs": { "nixpkgs": [ - "noctalia", "nixpkgs" - ] + ], + "systems": "systems_8" }, "locked": { - "lastModified": 1772227064, - "narHash": "sha256-f821ZSoGpa/aXrWq0gPpea9qBnX8KDyavGKkptz2Mog=", + "lastModified": 1773175685, + "narHash": "sha256-YOkWzVq7opym1ovJvSCvqpG6OCDGJwPo/EPeRxcGay4=", "owner": "noctalia-dev", "repo": "noctalia-qs", - "rev": "0741d27d2f7db567270f139c5d1684614ecf9863", + "rev": "6b9eceefde3d47ca83c544b54bcdd358be4cbd2f", "type": "github" }, "original": { @@ -1866,14 +1868,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_8" + "systems": "systems_9" }, "locked": { - "lastModified": 1772483693, - "narHash": "sha256-sOq/GUSR0uw1eQla0Wc5BKztPqBJBj3khd/GhaVg4xU=", + "lastModified": 1772875143, + "narHash": "sha256-ENBRe7vCCp/SIG2WRKI2pyAxwnrc9CPuwZ4CtMu4KU4=", "owner": "notashelf", "repo": "nvf", - "rev": "750dbfaf6eb62db8e67afc03a3ae3078bfd8f098", + "rev": "6681e33727409d4ccfa687de981b594110a735d6", "type": "github" }, "original": { @@ -1936,11 +1938,11 @@ ] }, "locked": { - "lastModified": 1771926182, - "narHash": "sha256-QbXuSLhiSxOq6ydBL3+KGe1aiYWBW+e3J6qjJZaRMq0=", + "lastModified": 1772925576, + "narHash": "sha256-mMoiXABDtkSJxCYDrkhJ/TrrJf5M46oUfIlJvv2gkZ0=", "ref": "refs/heads/master", - "rev": "cddb4f061bab495f4473ca5f2c571b6c710efef7", - "revCount": 744, + "rev": "15a84097653593dd15fad59a56befc2b7bdc270d", + "revCount": 750, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -1977,13 +1979,15 @@ "nixd": "nixd", "nixpkgs": "nixpkgs_7", "noctalia": "noctalia", + "noctalia-qs": "noctalia-qs", "nvf": "nvf", "rust-overlay": "rust-overlay_3", "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems_10", + "systems": "systems_11", "yazi": "yazi", - "zen-browser": "zen-browser" + "zen-browser": "zen-browser", + "zen-nebula": "zen-nebula" } }, "rust-overlay": { @@ -2035,11 +2039,11 @@ ] }, "locked": { - "lastModified": 1772507320, - "narHash": "sha256-GdGXniFvtIfRiakc+ncdQYnoQjKbTCv9Imjfl4ggquI=", + "lastModified": 1772939270, + "narHash": "sha256-HbxD5DJAKxzo0G8on5wdY+OZNiUWt3FTvGmXmVEmg7g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1775eafa1879ac098ee436849bc9c3d963206f89", + "rev": "bb93f191a07c0165992ed6d0b4197ee5c7e6e641", "type": "github" }, "original": { @@ -2137,7 +2141,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems_9", + "systems": "systems_10", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -2174,6 +2178,21 @@ } }, "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_11": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2187,7 +2206,7 @@ "type": "indirect" } }, - "systems_11": { + "systems_12": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2294,16 +2313,16 @@ }, "systems_8": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -2505,11 +2524,11 @@ "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1772502075, - "narHash": "sha256-FDyvMvqrpDb2CrXOvtUEr0b4qgbe7D/POqVWdFD7wuI=", + "lastModified": 1772869527, + "narHash": "sha256-U0E3U2Iu3JeQFbTQ+vclG2jZMoJl+rJdEa68I8qk4Eg=", "owner": "sxyazi", "repo": "yazi", - "rev": "0efeaf5f641c7809bc820680c8a7d43a69ff2e13", + "rev": "741f84e22b2c360366c685724d45cbec6d90b480", "type": "github" }, "original": { @@ -2528,11 +2547,11 @@ ] }, "locked": { - "lastModified": 1772517053, - "narHash": "sha256-aBuL2TFnyBLR+t6iBlKnTWWzprXYKQQIaV0IuCSPPeE=", + "lastModified": 1772858378, + "narHash": "sha256-VPRlTud1REOz0GPjq3XQNjk5GpH/xNbeadiul4gkPGA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "32e9673aee2ae994ced561247918952398a3e933", + "rev": "42e1e9a1cb5b507789a51193113d56f8f1bb08d9", "type": "github" }, "original": { @@ -2541,6 +2560,22 @@ "type": "github" } }, + "zen-nebula": { + "flake": false, + "locked": { + "lastModified": 1772915241, + "narHash": "sha256-GvSyNwPbvUpI7Ii2WC0IW0soKDzNOj51YsjFTFAmsKY=", + "owner": "JustAdumbPrsn", + "repo": "zen-nebula", + "rev": "d5dd37455aa4c12e89c188c02f0c3a56841eee6f", + "type": "github" + }, + "original": { + "owner": "JustAdumbPrsn", + "repo": "zen-nebula", + "type": "github" + } + }, "zig": { "inputs": { "flake-compat": [ diff --git a/flake.nix b/flake.nix index c65c286..a09debd 100755 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + zen-nebula = { + url = "github:JustAdumbPrsn/zen-nebula"; + flake = false; + }; + zen-browser = { url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; @@ -143,9 +148,15 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + noctalia-qs = { + url = "github:noctalia-dev/noctalia-qs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + noctalia = { url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.noctalia-qs.follows = "noctalia-qs"; }; mango = { diff --git a/home/config/neofetch/config b/home/config/neofetch/config deleted file mode 100755 index be6ed71..0000000 --- a/home/config/neofetch/config +++ /dev/null @@ -1,197 +0,0 @@ -# https://github.com/chick2d/neofetch-themes - -print_info() { - #info "\e[31m " users - info "\e[32m " kernel - info "\e[33m " uptime - info "\e[34m " packages - info "\e[35m " wm - info "\e[32m " shell - #info "\e[33m󰑭" memory -} - -# Shorten the output of the kernel function. -kernel_shorthand="off" - -# Shorten the output of the distro function -distro_shorthand="off" - -# Show/Hide OS Architecture. -os_arch="off" - -# Shorten the output of the uptime function -uptime_shorthand="on" - -# Show memory pecentage in output. -memory_percent="on" - -# Change memory output unit ('kib', 'mib', 'gib') -memory_unit="mib" - -# Show/Hide Package Manager names. -# Values: 'on', 'tiny' 'off' -# on: '998 (pacman), 8 (flatpak), 4 (snap)' -# tiny: '908 (pacman, flatpak, snap)' -# off: '908' -package_managers="on" - -# Show the path to $SHELL -# Example: -# on: '/bin/bash' -# off: 'bash' -shell_path="off" - -# Show $SHELL version -shell_version="on" - -# Display refresh rate next to each monitor -refresh_rate="off" - -# Show Desktop Environment version -de_version="on" - -# Text Colors -# Values: 'distro', 'num' 'num' 'num' 'num' 'num' 'num' -# Each number represents a different part of the text in -# this order: 'title', '@', 'underline', 'subtitle', 'colon', 'info' -# Example: -# colors=(distro) - Text is colored based on Distro colors. -# colors=(4 6 1 8 8 6) - Text is colored in the order above. -# colors=(4 7 7 4 7 7) -colors=(distro) - -# Toggle bold text -bold="on" - -# Enable/Disable Underline -underline_enabled="on" - -# Underline character (string) -underline_char="─" - -# Info Separator -separator=" •" - -# Color block range. The range of colors to print. -# Values: 'num' -block_range=(0 7) - -# Toggle color blocks -color_blocks="on" - -# Color block width in spaces -block_width=3 - -# Color block height in lines -block_height=1 - -# Color Alignment -# Values: 'auto', 'num' -# Number specifies how far from the left side of the terminal (in spaces) to -# begin printing the columns, in case you want to e.g. center them under your -# text. -# Example: -# col_offset="auto" - Default behavior of neofetch -# col_offset=7 - Leave 7 spaces then print the colors -col_offset="auto" - -# Progress Bar characters -bar_char_elapsed="-" -bar_char_total="=" - -# Toggle Progress Bar border -bar_border="on" - -# Progress bar length in spaces -# Number of chars long to make the progress bars. -bar_length=15 - -# Progress bar colors -# When set to distro, uses your distro's logo colors. -# Values: 'distro', 'num' -bar_color_elapsed="distro" -bar_color_total="distro" - -# Info display -# Display a bar with the info. -# Values: 'bar', 'infobar', 'barinfo', 'off' -# Example: -# bar: '[---=======]' -# infobar: 'info [---=======]' -# barinfo: '[---=======] info' -# off: 'info' -cpu_display="off" -memory_display="off" -battery_display="off" -disk_display="off" - -# Image backend. -# Values: 'ascii', 'caca', 'chafa', 'jp2a', 'iterm2', 'off', -# 'pot', 'termpix', 'pixterm', 'tycat', 'w3m', 'kitty' -image_backend="ascii" - -# Image Source -# Default: 'auto' -# Values: 'auto', 'ascii', 'wallpaper', '/path/to/img', '/path/to/ascii', '/path/to/dir/' -# 'command output (neofetch --ascii "$(fortune | cowsay -W 30)")' -# image_source="${HOME}/.config/neofetch/ascii.txt" - -# Ascii distro (Which distro's ascii art to display). -# Default: 'auto' -# Values: 'auto', 'distro_name' -ascii_distro="NixOS_small" - -# Ascii Colors -# Values: 'distro', 'num' 'num' 'num' 'num' 'num' 'num' -# Example: -# ascii_colors=(distro) - Ascii is colored based on Distro colors. -# ascii_colors=(4 6 1 8 8 6) - Ascii is colored using these colors. -ascii_colors=(distro) - -# Whether or not to bold the ascii logo. -ascii_bold="on" - -# Image loop -# Setting this to on will make neofetch redraw the image constantly until -# Ctrl+C is pressed. This fixes display issues in some terminal emulators. -image_loop="off" - -# Thumbnail directory -# Default: '~/.cache/thumbnails/neofetch' -thumbnail_dir="${XDG_CACHE_HOME:-${HOME}/.cache}/thumbnails/neofetch" - -# Crop mode -# Values: 'normal', 'fit', 'fill' -# See this wiki page to learn about the fit and fill options. -# https://github.com/dylanaraps/neofetch/wiki/What-is-Waifu-Crop%3F -crop_mode="normal" - -# Crop offset -# Note: Only affects 'normal' crop mode. -# Values: 'northwest', 'north', 'northeast', 'west', 'center' -# 'east', 'southwest', 'south', 'southeast' -crop_offset="center" - -# Image size -# The image is half the terminal width by default. -# Values: 'auto', '00px', '00%', 'none' -image_size="auto" - -# Gap between image and text. Can be a positive or negative integer -gap=5 - -# Image offsets -# Only works with the w3m backend. -# Values: 'px' -yoffset=0 -xoffset=0 - -# Image background color -# Only works with the w3m backend. -# Values: 'color', 'blue' -background_color= - -# Stdout mode -# Turn off all colors and disables image backend (ASCII/Image). -# Useful for piping into another command. -stdout="off" diff --git a/home/user/config.nix b/home/user/config.nix index 53dc958..988fe46 100755 --- a/home/user/config.nix +++ b/home/user/config.nix @@ -11,7 +11,6 @@ in lib.mkForce "${configDir}/starship/starship.toml"; home.file = { - ".config/neofetch".source = "${configDir}/neofetch"; ".config/rofi".source = "${configDir}/rofi"; ".config/scripts".source = "${configDir}/scripts"; ".config/gh" = { diff --git a/home/user/nvf/extra-lsp.nix b/home/user/nvf/extra-lsp.nix index 792b786..3817b12 100755 --- a/home/user/nvf/extra-lsp.nix +++ b/home/user/nvf/extra-lsp.nix @@ -6,6 +6,11 @@ }; treesitter.grammars = with pkgs.vimPlugins.nvim-treesitter-parsers; [ dockerfile + latex + scss + svelte + typst + vue ]; extraPackages = with pkgs; [ # docker diff --git a/home/user/nvf/plugins/snacks-nvim/default.nix b/home/user/nvf/plugins/snacks-nvim/default.nix index 9c0c098..4966732 100755 --- a/home/user/nvf/plugins/snacks-nvim/default.nix +++ b/home/user/nvf/plugins/snacks-nvim/default.nix @@ -45,7 +45,7 @@ in enable = true; setupOpts = { image = { - enabled = false; + enabled = true; doc = { enabled = true; }; diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix index fa55872..db931f7 100755 --- a/home/user/zen-browser.nix +++ b/home/user/zen-browser.nix @@ -1,4 +1,5 @@ { + inputs, osConfig, config, helper, @@ -9,13 +10,9 @@ let inherit (osConfig.systemConf) username; inherit (helper) capitalize; inherit (pkgs) runCommand; + inherit (builtins) hasAttr; - zenNebula = pkgs.fetchFromGitHub { - owner = "JustAdumbPrsn"; - repo = "zen-nebula"; - rev = "main"; - sha256 = "sha256-Eg9HsN+yDA8OdVcE9clS+FyUhVBH3ooN/odkZIVR/p4="; - }; + zenNebula = inputs.zen-nebula; patchedNebula = runCommand "patched-nebula" @@ -37,7 +34,6 @@ let in { programs.zen-browser = { - suppressXdgMigrationWarning = true; enable = true; languagePacks = [ "en-US" @@ -156,7 +152,10 @@ in let zen-browser = config.programs.zen-browser.package; in - zen-browser.meta.desktopFileName; + if hasAttr "desktopFileName" zen-browser.meta then + zen-browser.meta.desktopFileName + else + "Zen Browser Twilight"; associations = builtins.listToAttrs ( map diff --git a/system/dev/dn-lap/home/default.nix b/system/dev/dn-lap/home/default.nix index 8bc5415..67e4830 100755 --- a/system/dev/dn-lap/home/default.nix +++ b/system/dev/dn-lap/home/default.nix @@ -1,11 +1,9 @@ { pkgs, config, - lib, ... }: let - inherit (lib) mkForce; inherit (config.networking) hostName; inherit (config.systemConf) username; in @@ -15,10 +13,6 @@ in mattermost-desktop ]; - home.sessionVariables = { - BROWSER = mkForce "chromium"; - }; - services.kanshi.settings = [ { profile.name = hostName; @@ -32,35 +26,10 @@ in } ]; - programs.noctalia-shell = { - settings = { }; - }; - - programs.chromium = { - enable = true; - extensions = [ - # Bitwarden - { - id = "nngceckbapebfimnlniiiahkandclblb"; - } - # Vimium - { - id = "dbepggeogbaibhgnhhndojpepiihcmeb"; - } - # Dark Reader - { - id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; - } - # Vertical Tabs - { - id = "efobhjmgoddhfdhaflheioeagkcknoji"; - } - ]; - }; - imports = [ ../../../../home/presets/basic.nix ../../../../home/user/zellij.nix + ./noctalia.nix ]; }; } diff --git a/system/dev/dn-lap/home/noctalia.nix b/system/dev/dn-lap/home/noctalia.nix new file mode 100644 index 0000000..631ede9 --- /dev/null +++ b/system/dev/dn-lap/home/noctalia.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + programs.noctalia-shell.settings = { + desktopWidgets = { + monitorWidgets = [ + { + name = "eDP-1"; + widgets = [ + { + clockColor = "none"; + clockStyle = "binary"; + customFont = ""; + format = "HH:mm\\nd MMMM yyyy"; + id = "Clock"; + roundedCorners = true; + scale = 2.25675; + showBackground = false; + useCustomFont = false; + x = 25; + y = 64; + } + ]; + } + ]; + }; + }; +} diff --git a/system/dev/dn-pre7780/expr/acme.nix b/system/dev/dn-pre7780/expr/acme.nix new file mode 100644 index 0000000..1d50965 --- /dev/null +++ b/system/dev/dn-pre7780/expr/acme.nix @@ -0,0 +1,39 @@ +{ + self, + config, + pkgs, + ... +}: +let + serverACMEConfig = self.nixosConfigurations.dn-server.config.security.acme.certs."dnywe.com"; + inherit (config.sops) secrets; +in +{ + users.users.nginx.extraGroups = [ "acme" ]; + + sops.secrets = { + "acme/cloudflare" = { + mode = "0640"; + }; + }; + + security.acme = { + acceptTerms = true; + certs."dnywe.com" = { + inherit (serverACMEConfig) + domain + server + dnsProvider + email + dnsResolver + dnsPropagationCheck + ; + environmentFile = pkgs.writeText "lego-config" '' + LEGO_CA_CERTIFICATES=${config.security.pki.caBundle} + ''; + credentialFiles = { + "CLOUDFLARE_DNS_API_TOKEN_FILE" = secrets."acme/cloudflare".path; + }; + }; + }; +} diff --git a/system/dev/dn-pre7780/expr/default.nix b/system/dev/dn-pre7780/expr/default.nix index dec4e60..3872b29 100755 --- a/system/dev/dn-pre7780/expr/default.nix +++ b/system/dev/dn-pre7780/expr/default.nix @@ -1,6 +1,18 @@ +{ ... }: +let + extra-modules = "${ + fetchGit { + url = "https://git.dnywe.com/dachxy/extra-modules"; + rev = "cce58d705bee67e0634d4353b5eb40bd4a99ca42"; + ref = "main"; + } + }/modules//default.nix"; +in { imports = [ # ./osx-kvm.nix + extra-modules ./noise-cancel.nix + ./acme.nix ]; } diff --git a/system/dev/dn-pre7780/home/default.nix b/system/dev/dn-pre7780/home/default.nix index 881eeb1..a308176 100755 --- a/system/dev/dn-pre7780/home/default.nix +++ b/system/dev/dn-pre7780/home/default.nix @@ -88,7 +88,6 @@ in # Noctalia programs.noctalia-shell.filteredIds = [ "Brightness" - "Battery" ]; # ==== WM ==== # diff --git a/system/dev/dn-pre7780/home/wm/default.nix b/system/dev/dn-pre7780/home/wm/default.nix index 96e5300..063c9cf 100755 --- a/system/dev/dn-pre7780/home/wm/default.nix +++ b/system/dev/dn-pre7780/home/wm/default.nix @@ -1,5 +1,6 @@ { imports = [ ./hyprland.nix + ./noctalia.nix ]; } diff --git a/system/dev/dn-pre7780/home/wm/noctalia.nix b/system/dev/dn-pre7780/home/wm/noctalia.nix new file mode 100644 index 0000000..2856b41 --- /dev/null +++ b/system/dev/dn-pre7780/home/wm/noctalia.nix @@ -0,0 +1,28 @@ +{ ... }: +{ + programs.noctalia-shell.settings = { + + desktopWidgets = { + monitorWidgets = [ + { + name = "DP-6"; + widgets = [ + { + clockColor = "none"; + clockStyle = "binary"; + customFont = ""; + format = "HH:mm\\nd MMMM yyyy"; + id = "Clock"; + roundedCorners = true; + scale = 2.25675; + showBackground = false; + useCustomFont = false; + x = 25; + y = 64; + } + ]; + } + ]; + }; + }; +} diff --git a/system/dev/dn-pre7780/network/default.nix b/system/dev/dn-pre7780/network/default.nix index caf3094..cff9313 100755 --- a/system/dev/dn-pre7780/network/default.nix +++ b/system/dev/dn-pre7780/network/default.nix @@ -1,7 +1,6 @@ { imports = [ ../../../modules/netbird-client.nix - ./openfortivpn.nix # ../../../modules/wireguard.nix ]; } diff --git a/system/dev/dn-pre7780/network/openfortivpn.nix b/system/dev/dn-pre7780/network/openfortivpn.nix deleted file mode 100644 index 16a7ba8..0000000 --- a/system/dev/dn-pre7780/network/openfortivpn.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - inherit (lib) getExe; - inherit (config.sops) secrets; -in -{ - sops.secrets = { - "openfortivpn" = { }; - }; - - systemd.services.openfortivpn = { - script = '' - ${getExe pkgs.openfortivpn} -c "$CREDENTIALS_DIRECTORY/config" --set-dns=1 --use-resolvconf=1 - ''; - serviceConfig = { - Restart = "no"; - LoadCredential = [ - "config:${secrets."openfortivpn".path}" - ]; - }; - }; -} diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml index 09dd4f0..0128133 100755 --- a/system/dev/dn-pre7780/sops/secret.yaml +++ b/system/dev/dn-pre7780/sops/secret.yaml @@ -1,6 +1,5 @@ wireguard: wg0.conf: ENC[AES256_GCM,data:ozySeNEvkiLt9TGrZCrlJWKT5gcSlZ9T8AeXGO97SPgxI394eCQ/LOkVFl7AykhZvs7YkxMpZzAZxc0oNdTYuDlqfrNr0pqTUJmpX+5PVRmDb5z2MJvERktVkJ4LSvVodoYznDwT/y9q199AFKf3t4EoWuRyR/il6P8HuGVHXrKRYUrwuB4nuq1SIByY+8D2gzohFB/s6pSOPYy6/xCt0Nm+x0wmcdrlyOb0S+4WXlcou2ll98o9q2YDdVBKeW4jyUjFqXM2XzD0JXpAi9ZFlyzxyYNwa4oMYATyCBCH4BNHqe850QHEoCaOovioEdDH/tluB2X/891ixqzURypzbg==,iv:3Q5xOgGcg8/DIwHt4fHsQGtN8f2hGpVDtf47PcwW62I=,tag:SbJqhWi3+h1O5ZIOayDrUw==,type:str] -openfortivpn: ENC[AES256_GCM,data:rWv6kZDYO4yKmrEfm63X7qin0veSx7U/ZZFPM0vxBPjIzh7VZg6wCjJ1pHpSpCT0DS39TA/Z5xhH4l+gOUHMxeuKw1Zn96DxccdpGs+WMdgis8LJc42Qmfnmdw==,iv:QEgbiRV2B5LG7X9KXcln04nUedbV7GiS+3E5AihVbXw=,tag:rGerAwx0FeRLGPBCePdo/w==,type:str] netbird: wt0-setupKey: ENC[AES256_GCM,data:166VX+rgzxhar+GFKxA5d8G3/9ewISdv2hUSwvbggyyjwwvE,iv:w8p4gDP6U0ZONX59t2dnglTC9S2dW2TX5A4OoCzRuzM=,tag:zf3jvlERJtM+osBd4ZQjMA==,type:str] dovecot: @@ -18,6 +17,7 @@ stalwart: ldap: ENC[AES256_GCM,data:ygOPMCNIxvWxE9dPBeKGbA==,iv:t+p1/vjEZNDTw7LcaitzYv2xCPtlf/mmQhqXT1OFKXs=,tag:uPYp259FHZu5fut+Bc9eSA==,type:str] acme: pdns: ENC[AES256_GCM,data:eKnahc8HWboYCUpBuEUrdCMhN8A2N2VN0wrmzcyU2OfMeQaswIYSWV4sBzUbj/pono8PaVxK1FBKsn+Ycd4Y6tcxsAkbPfnPkOsbe0FJpz4t9RFLJBLw3U0YTE/TaURiDYipHnvPGYgyq3AziH/xa4WXZxLHGI0x+a/y3PpWy37rT87DWUT2kktPshdO7Mbwn7nSC78WByXmyaUMkT74Sc0FNmCgfijrHk/ATXGb,iv:y3eRZXFbqqf4VuuqHHYdIoiEa1zqRU1XIlEqooJ28lU=,tag:2bIALJFGZyIZT7fyo/y5Nw==,type:str] + cloudflare: ENC[AES256_GCM,data:WLdtDbMkq4duAr5hezOGe7SmQ4fY1ks1V3Q/Ma8iIlk1kUc3VGjz4g==,iv:cVKPY+pnyVkvNbzmd3yPRmeT4DyNq6RwvW439PYnAk4=,tag:eTlbEsJ/NYrKolg+TkGWNA==,type:str] cloudflare: secret: ENC[AES256_GCM,data:Ktk7BtyjaDeOc4Okflz/ZBYpJ7Uy1SeEBV6ofWcToZsvCDT6aTVxGrAKEHIE/eknvnyWOFeSQv/z/Q==,iv:x2ymbLwa1E2FzdomISeyhchya5bowgieO/XuOnoi81w=,tag:Nj+1DRnbvcwiLiEeu2WaRQ==,type:str] crowdsec: @@ -29,6 +29,10 @@ pangolin: env: ENC[AES256_GCM,data:f5Pq+DE9PeRyOKeygREuovlqOMhe/bmTOrBA7Px3Oq+pWG5kGwnxqDdP/PwawJAskQPC9LN+QP6hIPNrJbPyxtk87hoRMb/3X0ggOw==,iv:yqqQizPwf3EfCelczf/7piH9kYiAwGLTtassvQ8oXNs=,tag:UzVuKIS8WZNAHgpLkzc9XA==,type:str] velocity: ENC[AES256_GCM,data:Q1Bfiks3/0XsBfouqck9PJr9QmZv/2ayd2qEFNPVz+GW3JpzIPEf2uGn06u7U+ZFtSuV12jG+3fhGhMh+UT3,iv:PHZLyLhNb9NE1J/Tsm35K4g6WMnR/9EYfVrsuDFbaNE=,tag:SCJgjDjaHkLffX8JiWTKsA==,type:str] fabricProxy: ENC[AES256_GCM,data:MXukmKmMBRXCfeW6MBlfJU3cMZ/Y8sysFxiW0g3MOXnEcySu5tN5uuNhuorWNNknemRWayAaozU+d21UWbHmVez1inVQX193EnlTnDaZ,iv:ih2l1rimFqupZlu3NrGaCL7IMM0SPW6YZkMnk8mtXvc=,tag:wxNatJHNB3isKDuprxl7Fw==,type:str] +stash: + session: ENC[AES256_GCM,data:2L05eopoQefgmmuTm3QlxsdS,iv:7Cu3VnsBVkFqkRE/HGoFScy9EGLoHBYs+h0BZBkmUtE=,tag:+0WQMMzA1kAcUmvJaxagBA==,type:str] + password: ENC[AES256_GCM,data:vi2pTG4nUhbI,iv:jJfksswJ2Q+XzJ7jRdK/+6CpO+PpZUGeWaG49Keyx10=,tag:89cCqGSFt9oayMJdmg+Zvw==,type:str] + jwt: ENC[AES256_GCM,data:w64DI/ygxebc9z1jMc8Va2kcCpHzBpYvzGO5Y5bmkLw8NZcX9iB3qZAnNor7zx1iKV26VGXEwaI28noOeg==,iv:ERYTrZFZWV2DjPE/ZutotHc47T1kLOEU80Y9BoNSMQE=,tag:Pdoo80q/q4quUhnARSd+yw==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -40,7 +44,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-06T08:47:28Z" - mac: ENC[AES256_GCM,data:1q8l6J6ePg3M4YZAxIjvVMzKurmPQHa93wXIQ3YJirVLaPGyXXczFPKrl9iHTPlwI7Vt1KSQGw1hkO2Q6KWSZgKd3/aKJ+HliRhnqbdOJThwbdHzmVq80mnCzG/Z+yYY45ONPI369bVHydZZT7iEjAWi3ndSkC9KFhyEez3Wa2w=,iv:+w+riNzfF4R+EkTON72AskJscqEMJ1WJoFSiJHPSEGc=,tag:wG4ZuOxXE3dzTezHOu9yzg==,type:str] + lastmodified: "2026-03-10T13:46:31Z" + mac: ENC[AES256_GCM,data:fTDTD8yw3lH2ImMFMpGZscLtq7MbmQu+F7MZt18UFaTbgjGJQ39lIaibXxdv+KlGwsaI2yhI+PVATe65HeVIc1w+IMSh86J73qag+zQ6d7t6lAgjHaD9c2RoLCxhYG2rQGNbk5CNd6a+UWKTwCYVetTl7wID+uW2i6+ElDi2ITg=,iv:2rDyvNFjW2NEbrOgxOb7DNYpbhcogfTPOhf+060qT9w=,tag:BdB46YNDj+LLzkQooUxbQg==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/system/dev/dn-pre7780/virtualisation/default.nix b/system/dev/dn-pre7780/virtualisation/default.nix index 6e0daa0..b3005c5 100755 --- a/system/dev/dn-pre7780/virtualisation/default.nix +++ b/system/dev/dn-pre7780/virtualisation/default.nix @@ -2,6 +2,6 @@ imports = [ ../../../modules/virtualization.nix ../../../modules/wine.nix - ./kvm.nix + # ./kvm.nix ]; } diff --git a/system/dev/dn-server/services/dns.nix b/system/dev/dn-server/services/dns.nix index d9c848d..eb7555b 100644 --- a/system/dev/dn-server/services/dns.nix +++ b/system/dev/dn-server/services/dns.nix @@ -4,6 +4,7 @@ let inherit (lib) nameValuePair mkForce; inherit (config.sops) secrets; inherit (config.networking) domain; + infraIP = "10.10.0.0"; splitDNS = listToAttrs ( map (x: nameValuePair x "127.0.0.1:5359") [ @@ -71,8 +72,8 @@ in dnsupdate=yes primary=yes secondary=no - allow-dnsupdate-from=10.0.0.0/24 - allow-axfr-ips=10.0.0.0/24 + allow-dnsupdate-from=${infraIP}/24 + allow-axfr-ips=${infraIP}/24 also-notify=10.0.0.148:53 ''; secretFile = secrets.powerdns.path; @@ -98,7 +99,7 @@ in dnssecValidation = "off"; dns.allowFrom = [ "127.0.0.0/8" - "10.0.0.0/24" + "${infraIP}/24" "192.168.100.0/24" ]; dns.port = 5300; diff --git a/system/dev/dn-server/services/identity-provider/default.nix b/system/dev/dn-server/services/identity-provider/default.nix new file mode 100644 index 0000000..5675529 --- /dev/null +++ b/system/dev/dn-server/services/identity-provider/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./ldap.nix + ]; +} diff --git a/system/dev/dn-server/services/identity-provider/keycloak.nix b/system/dev/dn-server/services/identity-provider/keycloak.nix new file mode 100644 index 0000000..74989e7 --- /dev/null +++ b/system/dev/dn-server/services/identity-provider/keycloak.nix @@ -0,0 +1,49 @@ +{ config, ... }: +let + inherit (config.networking) domain; + inherit (config.sops) secrets; + hostname = "login"; + cfg = config.services.keycloak; +in +{ + sops.secrets = { + "oauth/password" = { }; + }; + + # ==== Keycloak Service ==== # + systemd.services.keycloak = { + owner = "keycloak"; + group = "keycloak"; + mode = "440"; # Read Only + }; + + # ==== Keycloak Service ==== # + services.keycloak = { + enable = true; + + database = { + type = "postgresql"; + name = "keycloak"; + createLocally = true; + passwordFile = secrets."oauth/password".path; + }; + + settings = { + hostname = "${hostname}.${domain}"; + proxy-headers = "xforwarded"; + http-port = 38080; + http-enabled = true; + health-enabled = true; + http-management-port = 38081; + }; + }; + + services.nginx.virtualHosts."${cfg.settings.hostname}" = { + useACMEHost = domain; + forceSSL = true; + + locations."/".proxyPass = "http://127.0.0.1:${toString cfg.settings.http-port}"; + locations."/health".proxyPass = + "http://127.0.0.1:${toString cfg.settings.http-management-port}/health"; + }; +} diff --git a/system/dev/dn-server/services/identity-provider/ldap.nix b/system/dev/dn-server/services/identity-provider/ldap.nix new file mode 100644 index 0000000..7ca16e4 --- /dev/null +++ b/system/dev/dn-server/services/identity-provider/ldap.nix @@ -0,0 +1,184 @@ +{ + config, + pkgs, + lib, + ... +}: +let + inherit (config.networking) domain; + inherit (lib) + concatStringsSep + splitString + getExe + getExe' + ; + inherit (config.sops) secrets; + + getOlcSuffix = domain: concatStringsSep "," (map (dc: "dc=${dc}") (splitString "." domain)); + + ldapHostname = "ldap"; + olcSuffix = getOlcSuffix domain; + adminDN = "cn=admin,ou=people,${olcSuffix}"; + localDN = "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"; + cfg = config.services.openldap.package; +in +{ + + # ==== Admin Password ==== # + sops.secrets."ldap/password" = { }; + + systemd.services.openldap-pre = + let + passwordPath = cfg.settings.children."olcDatabase={1}mdb".attrs.olcRootPW.path; + in + { + before = [ "openldap.service" ]; + requiredBy = [ "openldap.service" ]; + serviceConfig = { + User = "openldap"; + ExecStart = "${getExe pkgs.bash} -c '${getExe' cfg.package "slappasswd"} -T ${secrets."ldap/password".path} > ${passwordPath}"; + ExecStartPost = [ + "${getExe' pkgs.busybox.out "chmod"} 700 ${passwordPath}" + ]; + Type = "oneshot"; + StateDirectory = [ + "openldap" + ]; + StateDirectoryMode = "700"; + }; + }; + + # ==== TLS Cert ===== # + systemd.services.openldap = { + wants = [ "acme-finished-${domain}.target" ]; + serviceConfig.LoadCredential = + let + certDir = config.security.acme.certs."${domain}".directory; + in + [ + "full.pem:${certDir}/full.pem" + "cert.pem:${certDir}/cert.pem" + "key.pem:${certDir}/key.pem" + ]; + }; + + # ===== Openldap Service ==== # + services.openldap = + let + credsDir = "/run/credentials/openldap.service"; + caDir = "${credsDir}/full.pem"; + certDir = "${credsDir}/cert.pem"; + keyDir = "${credsDir}/key.pem"; + in + { + enable = true; + + urlList = [ + "ldap:///" + "ldapi:///" + "ldaps:///" # TLS + ]; + + settings = { + attrs = { + olcLogLevel = "conns config"; + + olcTLSCACertificateFile = caDir; + olcTLSCertificateFile = certDir; + olcTLSCertificateKeyFile = keyDir; + olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL"; + olcTLSCRLCheck = "none"; + olcTLSVerifyClient = "never"; + olcTLSProtocolMin = "3.1"; + }; + + children = { + "cn=schema".includes = [ + "${cfg.package}/etc/schema/core.ldif" + "${cfg.package}/etc/schema/cosine.ldif" + "${cfg.package}/etc/schema/inetorgperson.ldif" + ]; + + "olcDatabase={1}mdb" = { + attrs = { + objectClass = [ + "olcDatabaseConfig" + "olcMdbConfig" + ]; + + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; + + olcSuffix = olcSuffix; + + olcRootDN = "cn=admin,${olcSuffix}"; + olcRootPW.path = "/var/lib/openldap/olcPasswd"; + + olcAccess = [ + '' + {0}to attrs=userPassword + by peername="${localDN}" manage + by dn.exact="${adminDN}" manage + by self write + by anonymous auth + by * none + '' + '' + {1}to * + by peername="${localDN}" manage + by dn.exact="${adminDN}" manage + by self read + by anonymous auth + by * none + '' + ]; + }; + + children = { + # ==== Password Policy ==== # + "olcOverlay={2}ppolicy".attrs = { + objectClass = [ + "olcOverlayConfig" + "olcPPolicyConfig" + "top" + ]; + olcOverlay = "{2}ppolicy"; + olcPPolicyHashCleartext = "TRUE"; + }; + + # ==== Group ==== # + "olcOverlay={3}memberof".attrs = { + objectClass = [ + "olcOverlayConfig" + "olcMemberOf" + "top" + ]; + olcOverlay = "{3}memberof"; + olcMemberOfRefInt = "TRUE"; + olcMemberOfDangling = "ignore"; + olcMemberOfGroupOC = "groupOfNames"; + olcMemberOfMemberAD = "member"; + olcMemberOfMemberOfAD = "memberOf"; + }; + + "olcOverlay={4}refint".attrs = { + objectClass = [ + "olcOverlayConfig" + "olcRefintConfig" + "top" + ]; + olcOverlay = "{4}refint"; + olcRefintAttribute = [ + "memberof" + "member" + "manager" + "owner" + ]; + }; + }; + }; + }; + }; + }; + +} diff --git a/system/dev/dn-server/services/netbird.nix b/system/dev/dn-server/services/netbird.nix index 5323825..65b0a9e 100755 --- a/system/dev/dn-server/services/netbird.nix +++ b/system/dev/dn-server/services/netbird.nix @@ -35,6 +35,7 @@ in ]; services.netbird = { + useRoutingFeatures = "server"; ui.enable = mkForce false; clients.wt0 = { diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix index 46c0bc6..10c13cd 100755 --- a/system/dev/dn-server/services/nextcloud.nix +++ b/system/dev/dn-server/services/nextcloud.nix @@ -59,6 +59,7 @@ in ]; services.nextcloud = { + package = pkgs.nextcloud32; extraApps = { inherit (config.services.nextcloud.package.packages.apps) music spreed; diff --git a/system/dev/public/dn/networkmanager.nix b/system/dev/public/dn/networkmanager.nix new file mode 100644 index 0000000..93ec4e7 --- /dev/null +++ b/system/dev/public/dn/networkmanager.nix @@ -0,0 +1,187 @@ +{ config, ... }: +{ + sops.secrets."networkmanager" = { + sopsFile = ../sops/dn-secret.yaml; + }; + + networking.networkmanager = { + ensureProfiles = { + environmentFiles = [ + config.sops.secrets."networkmanager".path + ]; + + profiles = { + "CSIT VPN" = { + connection = { + autoconnect = "false"; + id = "CSIT VPN"; + type = "vpn"; + uuid = "7aa21c9d-4004-49e8-af61-827850fb4370"; + }; + ipv4 = { + method = "auto"; + ignore-auto-dns = true; + routes = "10.1.0.0/16"; + never-default = true; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + ignore-auto-dns = true; + }; + proxy = { }; + vpn = { + gateway = "$CSIT_VPN_GATEWAY"; + otp-flags = "0"; + password-flags = "0"; + realm = "$CSIT_VPN_REALM"; + service-type = "org.freedesktop.NetworkManager.fortisslvpn"; + trusted-cert = "$CSIT_VPN_TRUST_CERT"; + user = "$CSIT_VPN_IDENTITY"; + }; + vpn-secrets = { + password = "$CSIT_VPN_PASSWORD"; + }; + }; + "CSIT VPN (test)" = { + connection = { + autoconnect = "false"; + id = "CSIT VPN (test)"; + type = "vpn"; + uuid = "561552b7-d7b0-443e-b817-8c8c18367542"; + }; + ipv4 = { + method = "auto"; + ignore-auto-dns = true; + routes = "10.2.0.0/16"; + never-default = true; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + ignore-auto-dns = true; + method = "auto"; + }; + proxy = { }; + vpn = { + gateway = "$CSIT_VPN_TEST_GATEWAY"; + otp-flags = "0"; + password-flags = "0"; + realm = "$CSIT_VPN_TEST_REALM"; + service-type = "org.freedesktop.NetworkManager.fortisslvpn"; + trusted-cert = "$CSIT_VPN_TEST_TRUST_CERT"; + user = "$CSIT_VPN_TEST_IDENTITY"; + }; + vpn-secrets = { + password = "$CSIT_VPN_TEST_PASSWORD"; + }; + }; + NYCU = { + "802-1x" = { + eap = "peap"; + identity = "$NYCU_WIFI_IDENTITY"; + password = "$NYCU_WIFI_PASSWORD"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "NYCU"; + interface-name = "wlp0s20f3"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "NYCU"; + }; + wifi-security = { + key-mgmt = "wpa-eap"; + }; + }; + DACDAC_5G = { + connection = { + id = "DACDAC_5G"; + interface-name = "wlp0s20f3"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "DACDAC_5G"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$DACDAC_5G_WIFI_PASSWORD"; + }; + }; + CSIT = { + "802-1x" = { + eap = "peap"; + identity = "$CSIT_WIFI_IDENTITY"; + password = "$CSIT_WIFI_PASSWORD"; + phase2-auth = "gtc"; + }; + connection = { + autoconnect-priority = "10"; + id = "CSIT"; + interface-name = "wlp0s20f3"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "CSIT"; + }; + wifi-security = { + key-mgmt = "wpa-eap"; + }; + }; + YCC0121_5G = { + connection = { + id = "YCC0121_5G"; + interface-name = "wlp0s20f3"; + type = "wifi"; + uuid = "aa650a47-b76c-4782-979e-c2f71dc31c8c"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = { }; + wifi = { + mode = "infrastructure"; + ssid = "YCC0121_5G"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$YCC0121_5G_WIFI_PASSWORD"; + }; + }; + }; + }; + }; +} diff --git a/system/dev/public/dn/presets/local.nix b/system/dev/public/dn/presets/local.nix index 8497e6e..fe04dac 100644 --- a/system/dev/public/dn/presets/local.nix +++ b/system/dev/public/dn/presets/local.nix @@ -5,5 +5,6 @@ ../yubikey.nix ../ntfy.nix ../wm.nix + ../networkmanager.nix ]; } diff --git a/system/dev/public/sops/dn-secret.yaml b/system/dev/public/sops/dn-secret.yaml index 0d3ec2b..156dac9 100755 --- a/system/dev/public/sops/dn-secret.yaml +++ b/system/dev/public/sops/dn-secret.yaml @@ -1,6 +1,7 @@ ntfy: ENC[AES256_GCM,data:7m7hwmDWu6qP/mX7QujXPiDAmRC542CKyWzFaOL5sHza,iv:nn1F44LSFmrV2USRDD0z8CNfUhi40LZnvoU3j0nklcU=,tag:WhqQpThDaG10kNTk1tZxOQ==,type:str] u2f_keys: ENC[AES256_GCM,data:0EofFtgar18YzbzXiT6NdC9nwMTQoYkeU8snRTwhUX2Hz+k4B46839xZet4Df5a8xpaB2CuoPvRkEMSxknBWGKkK+gZr2m+zogbpMTGQVTYqmqlnunywrhe9u9FQ5D1hwU4PYcOgDqox5dw4QMg/AUontu5BYTG3WKCCTDVIL+i6PejwXKcfoKHd9G1K2QHV33S40EM4/jjijgxW+NoO6vkEWIwxih/DxQ4YZYTHHBZXhKRD7Hwhikd6G3Vs3/xD/UOVVJKtkyn1wKNQf+O30Q2LNOhDQ8/weNfN9IAMpVtRqvEtFXA2rfp9zI7TY1iuSN9nN9hYuZJeCktvK1WiRvspU5wYn2jDtM83zCA8Udnq1XJbsGEv2aA3SYyxoldtkjFcjlupGa1lJiaANxhmpOfJp0IIkeXqnIkLE/FzRFiced58H1UV6InlH5S/Lz42854ec/jDlgvzCnDoWIsgfgQf+KmwRHznzeepPW7S3tyB/jbJETEfCJfZ3E6YmeAMWd85drTKsySjBGiM7mueb4thGstfgnAEO/Y3PuVc/qGS1j95lUc0w0zbr3VzwibxCsS02PgMIUE5gZPEllknbhh6QiqbS2AtTAb9pIwrpYfEmcZU2blofQ8WzkLEjqNnRGaDXzgIEw4OirM0tSaFGmT9Vy1XN4yvSVssjsW/wXg19U4S/6FS+zOvyg+lIkT3NOfu5dKQecz8cH0czEN5MoVj3fm5LBhFmDOawP5AAA8dLafMEepxbBIGr/9nzDP17trMfzFf78hymHTgQk/qFb6oWl9Ai1dFZRwHO7HcXpBveTpPMCaeNOjcvRrvKsm2HSzsWPCVsfX6nrmNjqyFJXpPuuNaPezclL/ApPdEXpi9Q+aVHAgjllBLAH/R8UJu71cJAo+x7TCWykG31xLO0xodtJ5Lwk3O1lMnznnQXT/fCVaFYV24OT/nS7hQOtDvlJOCfmSpZTmZxX31xF4Gt0Auok+0uPJzDfbFQH9WwifXn6F8ixdsLK/VJMEk8EZbHpkNSV6hzWJkiOeJCDl7SBKEcQ+FizYSfZuOcVEt83ScJuVa7IScVLdatnTTTpR4c5GASYLr3lahqYwhuZGcQEUIwjDXu8Oymo0Sbvnmev60wY5Q3BEMSX1iwt3QWdCe5Kzq2vEUQHP9s6lg7DgOeIA2xQRK5siqwOhw9i1qaHbPG+1yTFOx7gRu0+yBy2Qzkwsc9naD8Ce0hpwQmu4Nvpd5TjMnS51ljDMWBok5evdOtGeWL9mDz6VdxtuHbcBShmEOk+lfKKjpDeK5319veBX5ugCm8WXeDmIIhG12gI07xRVzPaeYEhnRG2pHy/+JdjlyGeh0oHCJOYPhxtwVbqXwmH83BGn3H05bdIWEjXs=,iv:pAdO+Uja/Zyf5uLMa9zbKvEMoOOjQgkqHYnEH+Bxd5k=,tag:mYngzcv0bGwVJBHOR6D4uw==,type:str] netrc: ENC[AES256_GCM,data:UaTMV459ApE94Lg/MsbEttaBskwTgQ/UJRejFa2KjxMQ1CKF38A6BOZip/yeE/lrDy5y4WblS7Hru38ytkPGCikZIjsdn61sLMstw1RQAHs=,iv:imk+pjmPu7soPImWQQHYapy46SvYTyWj/+4gwu9I/18=,tag:VhOCAWtUd/AC/DBxuNmt8A==,type:str] +networkmanager: ENC[AES256_GCM,data:wp142VzpyhaYKb9HuR/CCuZLdhv4tWu4AMeqkyMus+uxTadVMep191HRjpoOPvusVGjYH7C9RK7xNHVP06T1D2G3NvSC1CrRGPx6qU7QXImdF+7s3XPp/MMe9kkxLx9NwyvkpK926T0F7nQ7h6qwBFC/VwNUrgDLvGy4OiB4U8zYhWtpKwss99CgrnzBy4imxq9kiDXCnqWtDjKl/nGInD+3TBDpayH0j3Uyanq5LzsB/Yjxr2Zpg7abU/aQs1MCHrUC/YW0yaT3slyJZpCnKXAVEoYpF5ReSIxESJ1gpiTa9ru17XSfbjmbC/PuS1Pw/iX5iz4LcqBj0t5Hvum+IC482kN1FnHFcFex8FnvSHEOEzGYF3sjmq4AGtRY2kge9cGT+srcvf9ckd0BQLCG0Dvo2QDDghWgXWwix0dcPeubRF57yAv3ZcCgPmAV0WTseejZREz2JTjbqbtCBkXyaRRpseqKaskxwx7bPtFyMFstcXdHFhG1c285qgnvRnlcXbvjrgsV03lfBbss6ddDiglqvmSvqumRqGsrnUv8JbBpzb0s8XjII98sRSI6nj7wLhmZP62v4DV/DdLPuPEW5BaVm/8AvSZL5cruTXPx+LWF3iNsHCtdnHU2IxF2FoLTQFfSGazkY2MXPxoWKpwUvZW+B6YHLHYce3oQKerzoqEREdKvo8sdSa/jVjSb+ANMMkp6ePOmsKWj9rcl9kDCU+zGyYnnOVpCcB3NJApiWVkcFLR/CM7HFuyH3BdGW2gmyLRFTdVi5KVqs5zGVwTUmwOhIQhjnbec3toX+gRXbbCZXjmT/mY=,iv:9CGLFND2LS+X6dHZpmfp47khuTvA08yVPFI/a6z6OJs=,tag:ietrPoynN4ri0LzzonU1Kg==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -30,7 +31,7 @@ sops: QWV3VjRjNC9RaXNwbDdLWmVQNS94UzAKeLZSqcXRwkVoUUKd4PuRusbJwFlubdJy kcxGMzvfT0BMYDp61vV+F5Vh4TkgddCzp6Lphbb/6orkWWpjmE9I4g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-06T08:47:47Z" - mac: ENC[AES256_GCM,data:RMHOwVwL4tGKWOOOjh9OlAFnJxDGcQvgLb8vTACDAY5Mky+0+8gL1GO7hK+r0G7tbfMB4A/4CHeZtHqoXWjfhIEoDLVkkpAmckMpHVMd7bNlhvL0fkzi5YOLPgW8RCRO6VCXJM3Hb0v6N0NjcK37jdZdYJyr6DZI6aV3oY72mz0=,iv:CBAUv12RSLNY73JBZT4iHpRTLpRIm6a6mo1pz+lYEwc=,tag:l7RZNUzbZpG0Wkntl0qfLQ==,type:str] + lastmodified: "2026-03-11T07:46:11Z" + mac: ENC[AES256_GCM,data:7FCPDFjK9aubZO377fpy0BdnaOtB4InxCjFhMmzXRw3IJIIBHRRaXvfUw+ph9xhLkImYvueC3pr3Me0NKgww5cdKPLhbnvjffrLOVghVr39pMoo9Q+KTPfvIWAGQIHOQeQvqhaCwjLcL4BKWKcn38bAvALSV+sxo+elgWOXXIkg=,iv:ALKjtFhjH5HPqjzcj1j7hWMBEv9fsIlbnapLay0gz2o=,tag:N52iWdWwM0/x5gyr1Qb+4g==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/system/dev/skydrive-lap/default.nix b/system/dev/skydrive-lap/default.nix index 6653a83..80679de 100755 --- a/system/dev/skydrive-lap/default.nix +++ b/system/dev/skydrive-lap/default.nix @@ -14,7 +14,7 @@ in { systemConf = { inherit hostname username; - domain = "net.dn"; + domain = "dnywe.com"; enableHomeManager = true; windowManager = "niri"; face = pkgs.fetchurl { @@ -33,8 +33,18 @@ in ./network ./home ../../modules/shells/noctalia + ../../modules/sunshine.nix ]; + services.openssh.settings.PasswordAuthentication = true; + + services.displayManager.sddm.autoLogin.relogin = true; + + services.displayManager.autoLogin = { + enable = true; + user = "${username}"; + }; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" ]; diff --git a/system/modules/netbird-client.nix b/system/modules/netbird-client.nix index 7119b5f..0ec1df6 100755 --- a/system/modules/netbird-client.nix +++ b/system/modules/netbird-client.nix @@ -4,6 +4,7 @@ ... }: let + inherit (config.systemConf) username; serverCfg = self.nixosConfigurations.dn-server.config; cfg = config.services.netbird; domain = serverCfg.services.netbird.server.domain; @@ -14,6 +15,8 @@ in mode = "400"; }; + users.users.${username}.extraGroups = [ "netbird-wt0" ]; + services.netbird = { clients.wt0 = { openFirewall = true; @@ -21,6 +24,7 @@ in port = 51820; environment = { NB_MANAGEMENT_URL = "https://${domain}"; + NB_ADMIN_URL = "https://${domain}"; }; login = { enable = true; diff --git a/system/modules/networking.nix b/system/modules/networking.nix index 2ffdef4..3134234 100755 --- a/system/modules/networking.nix +++ b/system/modules/networking.nix @@ -1,7 +1,24 @@ -{ lib, ... }: +{ lib, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + openfortivpn + ]; + networking = { - networkmanager.enable = true; + networkmanager = { + enable = true; + plugins = with pkgs; [ + networkmanager-fortisslvpn + networkmanager-openvpn + networkmanager-openconnect + networkmanager-ssh + networkmanager-sstp + networkmanager-l2tp + networkmanager-vpnc + networkmanager-strongswan + networkmanager-iodine + ]; + }; enableIPv6 = lib.mkDefault false; firewall = { enable = lib.mkDefault true; diff --git a/system/modules/packages.nix b/system/modules/packages.nix index af087df..c1dbcfe 100755 --- a/system/modules/packages.nix +++ b/system/modules/packages.nix @@ -24,8 +24,8 @@ in btop eza fzf - neofetch ripgrep + fastfetch tree tldr # Alternative for man wget diff --git a/system/modules/shells/noctalia/bar.nix b/system/modules/shells/noctalia/bar.nix index 2e16588..a38ef5b 100755 --- a/system/modules/shells/noctalia/bar.nix +++ b/system/modules/shells/noctalia/bar.nix @@ -3,18 +3,54 @@ let inherit (lib) mkForce; in { - backgroundOpacity = mkForce 0.25; capsuleOpacity = mkForce 0; + backgroundOpacity = mkForce 0.25; + autoHideDelay = 500; + autoShowDelay = 150; + barType = "floating"; + capsuleColorKey = "none"; + contentPadding = 2; density = "comfortable"; - exclusive = true; + displayMode = "always_visible"; floating = true; - marginHorizontal = 0.25; - marginVertical = 0.25; + fontScale = 1; + frameRadius = 12; + frameThickness = 8; + hideOnOverview = false; + marginHorizontal = 5; + marginVertical = 5; + middleClickAction = "none"; + middleClickCommand = ""; + middleClickFollowMouse = false; + monitors = [ ]; + mouseWheelAction = "none"; + mouseWheelWrap = true; outerCorners = false; position = "top"; + reverseScroll = false; + rightClickAction = "controlCenter"; + rightClickCommand = ""; + rightClickFollowMouse = true; + screenOverrides = [ ]; showCapsule = true; + showOnWorkspaceSwitch = true; + showOutline = false; + useSeparateOpacity = false; + widgetSpacing = 6; widgets = { center = [ + { + defaultSettings = { + activeColor = "primary"; + enableToast = true; + hideInactive = false; + iconSpacing = 4; + inactiveColor = "none"; + micFilterRegex = ""; + removeMargins = false; + }; + id = "plugin:privacy-indicator"; + } { colorizeIcons = false; hideMode = "hidden"; @@ -22,13 +58,19 @@ in maxWidth = 145; scrollingMode = "hover"; showIcon = true; + textColor = "none"; useFixedWidth = false; } ]; left = [ { + colorizeSystemIcon = "none"; + enableColorization = false; + generalTooltipText = ""; + hideMode = "alwaysExpanded"; icon = "rocket"; id = "CustomButton"; + ipcIdentifier = ""; leftClickExec = "noctalia-shell ipc call launcher toggle"; leftClickUpdateText = false; maxTextLength = { @@ -40,6 +82,9 @@ in parseJson = false; rightClickExec = ""; rightClickUpdateText = false; + showExecTooltip = true; + showIcon = true; + showTextTooltip = true; textCollapse = ""; textCommand = ""; textIntervalMs = 3000; @@ -52,92 +97,185 @@ in wheelUpUpdateText = false; wheelUpdateText = false; } + { id = "plugin:weekly-calendar"; } { + clockColor = "none"; customFont = ""; formatHorizontal = "HH:mm ddd, MMM dd"; formatVertical = "HH mm - dd MM"; id = "Clock"; + tooltipFormat = "HH:mm ddd, MMM dd"; useCustomFont = false; - usePrimaryColor = true; } { characterCount = 4; + colorizeIcons = false; + emptyColor = "secondary"; + enableScrollWheel = true; + focusedColor = "primary"; followFocusedScreen = false; + fontWeight = "bold"; + groupedBorderOpacity = 1; hideUnoccupied = false; + iconScale = 0.8; id = "Workspace"; labelMode = "index"; + occupiedColor = "secondary"; + pillSize = 0.6; + showApplications = false; + showBadge = true; + showLabelsOnlyWhenOccupied = true; + unfocusedIconsOpacity = 1; } { + compactMode = false; hideMode = "hidden"; hideWhenIdle = false; id = "MediaMini"; maxWidth = 250; + panelShowAlbumArt = true; scrollingMode = "hover"; showAlbumArt = true; showArtistFirst = false; showProgressRing = true; showVisualizer = true; + textColor = "none"; useFixedWidth = false; visualizerType = "linear"; } ]; right = [ { - blacklist = [ - "Bluetooth*" - ]; + blacklist = [ "Bluetooth*" ]; + chevronColor = "none"; colorizeIcons = false; drawerEnabled = false; + hidePassive = false; id = "Tray"; - pinned = [ - ]; + pinned = [ ]; } { + compactMode = true; diskPath = "/"; + iconColor = "none"; id = "SystemMonitor"; + showCpuCores = false; + showCpuFreq = false; showCpuTemp = true; showCpuUsage = true; + showDiskAvailable = false; showDiskUsage = false; + showDiskUsageAsPercent = false; + showGpuTemp = false; + showLoadAverage = false; showMemoryAsPercent = false; showMemoryUsage = true; showNetworkStats = false; - usePrimaryColor = false; + showSwapUsage = false; + textColor = "none"; + useMonospaceFont = true; + usePadding = false; } { - id = "ScreenRecorder"; + defaultSettings = { + connectedColor = "primary"; + disconnectedColor = "none"; + displayMode = "onhover"; + }; + id = "plugin:network-manager-vpn"; } { + defaultSettings = { + compactMode = false; + defaultPeerAction = "copy-ip"; + hideDisconnected = false; + pingCount = 5; + refreshInterval = 5000; + showIpAddress = true; + showPing = false; + }; + id = "plugin:netbird"; + } + { + defaultSettings = { + audioCodec = "opus"; + audioSource = "default_output"; + colorRange = "limited"; + copyToClipboard = false; + directory = ""; + filenamePattern = "recording_yyyyMMdd_HHmmss"; + frameRate = "60"; + hideInactive = false; + iconColor = "none"; + quality = "very_high"; + resolution = "original"; + showCursor = true; + videoCodec = "h264"; + videoSource = "portal"; + }; + id = "plugin:screen-recorder"; + } + { + iconColor = "none"; id = "KeepAwake"; + textColor = "none"; + } + { + defaultSettings = { + completedCount = 0; + count = 0; + current_page_id = 0; + exportEmptySections = false; + exportFormat = "markdown"; + exportPath = "~/Documents"; + isExpanded = false; + pages = [ + { + id = 0; + name = "General"; + } + ]; + priorityColors = { + high = "#f44336"; + low = "#9e9e9e"; + medium = "#2196f3"; + }; + showBackground = true; + showCompleted = true; + todos = [ ]; + useCustomColors = false; + }; + id = "plugin:todo"; } { displayMode = "onhover"; + iconColor = "none"; id = "Volume"; + middleClickCommand = "pwvucontrol || pavucontrol"; + textColor = "none"; } { displayMode = "onhover"; - id = "Brightness"; - } - { - displayMode = "onhover"; - id = "VPN"; - } - { - displayMode = "onhover"; + iconColor = "none"; id = "Bluetooth"; + textColor = "none"; } { hideWhenZero = true; + hideWhenZeroUnread = false; + iconColor = "none"; id = "NotificationHistory"; showUnreadBadge = true; + unreadBadgeColor = "primary"; } { deviceNativePath = "__default__"; - displayMode = "graphic"; - hideIfIdle = false; + displayMode = "graphic-clean"; + hideIfIdle = true; hideIfNotDetected = true; id = "Battery"; - showNoctaliaPerformance = true; - showPowerProfiles = true; + showNoctaliaPerformance = false; + showPowerProfiles = false; } { colorizeDistroLogo = false; diff --git a/system/modules/shells/noctalia/controlCenter.nix b/system/modules/shells/noctalia/controlCenter.nix index 2e6747e..ec6b810 100755 --- a/system/modules/shells/noctalia/controlCenter.nix +++ b/system/modules/shells/noctalia/controlCenter.nix @@ -1,3 +1,4 @@ +{ config }: { cards = [ { @@ -21,35 +22,38 @@ id = "media-sysmon-card"; } ]; + diskPath = "/"; position = "bottom_center"; shortcuts = { left = [ + { id = "Network"; } + { id = "Bluetooth"; } + { id = "WallpaperSelector"; } { - id = "WiFi"; - } - { - id = "Bluetooth"; - } - { - id = "ScreenRecorder"; - } - { - id = "WallpaperSelector"; + defaultSettings = { + audioCodec = "opus"; + audioSource = "default_output"; + colorRange = "limited"; + copyToClipboard = false; + directory = "${config.home.homeDirectory}/Videos"; + filenamePattern = "recording_yyyyMMdd_HHmmss"; + frameRate = "60"; + hideInactive = false; + iconColor = "none"; + quality = "very_high"; + resolution = "original"; + showCursor = true; + videoCodec = "h264"; + videoSource = "portal"; + }; + id = "plugin:screen-recorder"; } ]; right = [ - { - id = "Notifications"; - } - { - id = "PowerProfile"; - } - { - id = "KeepAwake"; - } - { - id = "NightLight"; - } + { id = "Notifications"; } + { id = "PowerProfile"; } + { id = "KeepAwake"; } + { id = "NightLight"; } ]; }; } diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index 57646be..94f0e10 100755 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -1,14 +1,21 @@ -{ lib, config, ... }: +{ + lib, + config, + inputs, + ... +}: let inherit (config.systemConf) username; - inherit (builtins) mapAttrs; + inherit (builtins) mapAttrs hasAttr; inherit (lib) + listToAttrs mkForce removePrefix concatStringsSep mapAttrsToList mkIf + mkDefault ; in { @@ -18,10 +25,26 @@ in networking.networkmanager.enable = true; services.upower.enable = true; hardware.bluetooth.enable = true; + systemd.user.services.polkit-gnome-authentication-agent-1.enable = mkForce false; + # ================================= # + # Calendar Service + # Run `nix shell nixpkgs#gnome-control-center -c bash -c "XDG_CURRENT_DESKTOP=GNOME gnome-control-center"`, + # Then login to service. Check: https://nixos.wiki/wiki/GNOME/Calendar + programs.dconf.enable = true; + services.gnome.evolution-data-server.enable = true; + services.gnome.gnome-online-accounts.enable = true; + services.gnome.gnome-keyring.enable = true; + programs.evolution.enable = true; + home-manager.users.${username} = - { osConfig, config, ... }: + { + osConfig, + config, + pkgs, + ... + }: let wmCfg = config.wm; bindCfg = wmCfg.keybinds; @@ -56,224 +79,444 @@ in "XF86MonBrightnessUp" = ''noctalia "brightness" "increase"''; }; - programs.noctalia-shell = { - enable = true; - systemd.enable = true; - colors = mkForce { }; - settings = { - settingsVersion = 26; - appLauncher = { - customLaunchPrefix = ""; - customLaunchPrefixEnabled = false; - enableClipPreview = true; - enableClipboardHistory = true; - pinnedExecs = [ - ]; - position = "top_center"; - sortByMostUsed = true; - terminalCommand = "${wmCfg.app.terminal.run}"; - useApp2Unit = false; - viewMode = "list"; + # Install Required Packages + home.packages = mkIf (hasAttr "wt0" osConfig.services.netbird.clients) [ + # Alias netbird-wt0 to netbird + (pkgs.writeShellScriptBin "netbird" '' + netbird-wt0 $@ + '') + # Output noctalia settings in nix format + (pkgs.writeShellScriptBin "noctalia-settings" '' + PATH="$PATH:${pkgs.jq}/bin:${pkgs.nixfmt}/bin" + tmp=$(mktemp) + + noctalia-shell ipc call state all | jq -S .settings > "$tmp" + + nix eval --impure --expr \ + "(builtins.fromJSON (builtins.readFile \"$tmp\"))$1" \ + | nixfmt + + rm "$tmp" + '') + pkgs.gpu-screen-recorder + ]; + + programs.noctalia-shell = + let + officialPlugins = [ + "niri-overview-launcher" + "timer" + "screen-recorder" + "clipper" + "battery-threshold" + "polkit-agent" + "todo" + "keybind-cheatsheet" + "battery-action" + "weekly-calendar" + "privacy-indicator" + "netbird" + "network-manager-vpn" + ]; + states = listToAttrs ( + map (x: { + name = x; + value = { + enabled = true; + sourceUrl = "https://github.com/noctalia-dev/noctalia-plugins"; + }; + }) officialPlugins + ); + in + { + enable = true; + package = inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default.override { + calendarSupport = true; }; - audio = { - cavaFrameRate = 30; - externalMixer = "pwvucontrol"; - mprisBlacklist = [ - ]; - preferredPlayer = "mpv"; - visualizerQuality = "high"; - visualizerType = "linear"; - volumeOverdrive = false; - volumeStep = 5; - }; - bar = import ./bar.nix { inherit lib; }; - brightness = { - brightnessStep = 5; - enableDdcSupport = false; - enforceMinimum = true; - }; - calendar = { - cards = [ + systemd.enable = true; + colors = mkForce { }; + plugins = { + sources = [ { enabled = true; - id = "banner-card"; - } - { - enabled = true; - id = "calendar-card"; - } - { - enabled = true; - id = "timer-card"; - } - { - enabled = true; - id = "weather-card"; + name = "Official Noctalia Plugins"; + url = "https://github.com/noctalia-dev/noctalia-plugins"; } ]; + inherit states; }; - changelog = { - lastSeenVersion = ""; + pluginSettings = { + netbird = { + compactMode = true; + defaultPeerAction = "copy-ip"; + hideDisconnected = false; + pingCount = 5; + refreshInterval = 5000; + showIpAddress = false; + showPing = false; + }; + privacy-indicator = { + activeColor = "primary"; + enableToast = false; + hideInactive = true; + iconSpacing = 4; + inactiveColor = "none"; + micFilterRegex = ""; + removeMargins = true; + }; }; - colorSchemes = { - darkMode = true; - generateTemplatesForPredefined = true; - manualSunrise = "06:30"; - manualSunset = "18:30"; - matugenSchemeType = "scheme-neutral"; - predefinedScheme = "Noctalia (default)"; - schedulingMode = "off"; - useWallpaperColors = true; - }; - controlCenter = import ./controlCenter.nix; - dock = { - backgroundOpacity = mkForce 1.0; - colorizeIcons = false; - displayMode = "auto_hide"; - enabled = false; - floatingRatio = 1; - monitors = [ - ]; - onlySameOutput = true; - pinnedApps = [ - ]; - size = 1; - }; - general = { - allowPanelsOnScreenWithoutBar = true; - animationDisabled = false; - animationSpeed = 1.5; - avatarImage = "${config.home.homeDirectory}/.face"; - boxRadiusRatio = 0.68; - iRadiusRatio = 0.68; - compactLockScreen = false; - dimmerOpacity = 0.4; - enableShadows = true; - forceBlackScreenCorners = true; - language = ""; - lockOnSuspend = true; - radiusRatio = 1; - scaleRatio = 1; - screenRadiusRatio = 1.09; - shadowDirection = "bottom_right"; - shadowOffsetX = 2; - shadowOffsetY = 3; - showHibernateOnLockScreen = false; - showScreenCorners = true; - lockScreenAnimation = true; - lockScreenCountdownDuration = 3000; - }; - hooks = { - enabled = false; - darkModeChange = ""; - wallpaperChange = ""; - }; - location = { - analogClockInCalendar = false; - firstDayOfWeek = -1; - name = "Taipei, TW"; - showCalendarEvents = true; - showCalendarWeather = true; - showWeekNumberInCalendar = false; - use12hourFormat = false; - useFahrenheit = false; - weatherEnabled = true; - weatherShowEffects = true; - }; - network = { - wifiEnabled = true; - }; - nightLight = { - enabled = true; - autoSchedule = true; - dayTemp = "6000"; - nightTemp = "5500"; - forced = false; - manualSunrise = "06:30"; - manualSunset = "18:30"; - }; - notifications = { - enableMarkdown = true; - backgroundOpacity = mkForce 1.00; - criticalUrgencyDuration = 15; - enableKeyboardLayoutToast = true; - enabled = true; - location = "bottom_right"; - lowUrgencyDuration = 3; - monitors = [ - ]; - normalUrgencyDuration = 8; - overlayLayer = true; - respectExpireTimeout = false; - }; - osd = { - autoHideMs = 1500; - backgroundOpacity = mkForce 0.55; - enabled = true; - enabledTypes = [ - 0 - 1 - 2 - ]; - location = "right"; - monitors = [ - ]; - overlayLayer = true; - }; - screenRecorder = { - audioCodec = "opus"; - audioSource = "default_output"; - colorRange = "limited"; - directory = "${config.home.homeDirectory}/Videos"; - frameRate = 60; - quality = "very_high"; - showCursor = true; - videoCodec = "h264"; - videoSource = "portal"; - }; - sessionMenu = import ./sessionMenu.nix; - systemMonitor = import ./systemMonitor.nix; - templates = import ./templates.nix; - ui = { - fontDefault = config.stylix.fonts.sansSerif.name; - fontDefaultScale = 1; - fontFixed = config.stylix.fonts.monospace.name; - fontFixedScale = 1; - panelBackgroundOpacity = mkForce 0.25; - panelsAttachedToBar = true; - settingsPanelAttachToBar = true; - tooltipsEnabled = true; - }; - wallpaper = { - directory = "${config.home.homeDirectory}/Pictures/Wallpapers"; - enableMultiMonitorDirectories = false; - enabled = true; - fillColor = "#000000"; - fillMode = "crop"; - hideWallpaperFilenames = true; - monitorDirectories = [ - ]; - overviewEnabled = true; - panelPosition = "follow_bar"; - randomEnabled = false; - randomIntervalSec = 300; - recursiveSearch = false; - setWallpaperOnAllMonitors = true; - transitionDuration = 1500; - transitionEdgeSmoothness = 0.05; - transitionType = "random"; - useWallhaven = false; - wallhavenCategories = "111"; - wallhavenOrder = "desc"; - wallhavenPurity = "100"; - wallhavenQuery = ""; - wallhavenResolutionHeight = ""; - wallhavenResolutionMode = "atleast"; - wallhavenResolutionWidth = ""; - wallhavenSorting = "relevance"; + settings = { + appLauncher = { + autoPasteClipboard = false; + clipboardWatchImageCommand = "wl-paste --type image --watch cliphist store"; + clipboardWatchTextCommand = "wl-paste --type text --watch cliphist store"; + clipboardWrapText = true; + customLaunchPrefix = ""; + customLaunchPrefixEnabled = false; + density = "default"; + enableClipPreview = true; + enableClipboardHistory = true; + enableSessionSearch = true; + enableSettingsSearch = true; + enableWindowsSearch = true; + iconMode = "tabler"; + ignoreMouseInput = false; + overviewLayer = false; + pinnedApps = [ ]; + position = "top_center"; + screenshotAnnotationTool = ""; + showCategories = true; + showIconBackground = false; + sortByMostUsed = true; + terminalCommand = "${wmCfg.app.terminal.run}"; + useApp2Unit = false; + viewMode = "list"; + }; + audio = { + mprisBlacklist = [ ]; + preferredPlayer = "mpv"; + spectrumFrameRate = 30; + visualizerType = "linear"; + volumeFeedback = false; + volumeFeedbackSoundFile = ""; + volumeOverdrive = false; + volumeStep = 5; + }; + bar = import ./bar.nix { inherit lib; }; + brightness = { + backlightDeviceMappings = [ ]; + brightnessStep = 5; + enableDdcSupport = false; + enforceMinimum = true; + }; + calendar = { + cards = [ + { + enabled = true; + id = "banner-card"; + } + { + enabled = true; + id = "calendar-card"; + } + { + enabled = true; + id = "timer-card"; + } + { + enabled = true; + id = "weather-card"; + } + ]; + }; + colorSchemes = { + darkMode = true; + generationMethod = "tonal-spot"; + manualSunrise = "06:30"; + manualSunset = "18:30"; + monitorForColors = ""; + predefinedScheme = "Noctalia (default)"; + schedulingMode = "off"; + useWallpaperColors = true; + }; + controlCenter = import ./controlCenter.nix { inherit config; }; + dock = { + animationSpeed = 1; + backgroundOpacity = mkForce 1.0; + colorizeIcons = false; + deadOpacity = 0.6; + displayMode = "auto_hide"; + dockType = "floating"; + enabled = false; + floatingRatio = 1; + groupApps = false; + groupClickAction = "cycle"; + groupContextMenuMode = "extended"; + groupIndicatorStyle = "dots"; + inactiveIndicators = false; + indicatorColor = "primary"; + indicatorOpacity = 0.6; + indicatorThickness = 3; + launcherIconColor = "none"; + launcherPosition = "end"; + monitors = [ ]; + onlySameOutput = true; + pinnedApps = [ ]; + pinnedStatic = false; + position = "bottom"; + showDockIndicator = false; + showLauncherIcon = false; + sitOnFrame = false; + size = 1; + }; + general = { + allowPanelsOnScreenWithoutBar = true; + allowPasswordWithFprintd = false; + animationDisabled = false; + animationSpeed = 1.5; + autoStartAuth = false; + avatarImage = "${config.home.homeDirectory}/.face"; + boxRadiusRatio = 0.68; + clockFormat = "hh\\nmm"; + clockStyle = "custom"; + compactLockScreen = false; + dimmerOpacity = 0.4; + enableBlurBehind = true; + enableLockScreenCountdown = true; + enableLockScreenMediaControls = false; + enableShadows = true; + forceBlackScreenCorners = true; + iRadiusRatio = 0.68; + keybinds = { + keyDown = [ "Down" ]; + keyEnter = [ + "Return" + "Enter" + ]; + keyEscape = [ "Esc" ]; + keyLeft = [ "Left" ]; + keyRemove = [ "Del" ]; + keyRight = [ "Right" ]; + keyUp = [ "Up" ]; + }; + language = ""; + lockOnSuspend = true; + lockScreenAnimations = false; + lockScreenBlur = 0; + lockScreenCountdownDuration = 3000; + lockScreenMonitors = [ ]; + lockScreenTint = 0; + passwordChars = false; + radiusRatio = 1; + reverseScroll = false; + scaleRatio = 1; + screenRadiusRatio = 1.09; + shadowDirection = "bottom_right"; + shadowOffsetX = 2; + shadowOffsetY = 3; + showChangelogOnStartup = true; + showHibernateOnLockScreen = false; + showScreenCorners = true; + showSessionButtonsOnLockScreen = true; + telemetryEnabled = false; + }; + hooks = { + darkModeChange = ""; + enabled = false; + performanceModeDisabled = ""; + performanceModeEnabled = ""; + screenLock = ""; + screenUnlock = ""; + session = ""; + startup = ""; + wallpaperChange = ""; + }; + location = { + analogClockInCalendar = false; + firstDayOfWeek = -1; + hideWeatherCityName = false; + hideWeatherTimezone = false; + name = mkDefault "Taipei, TW"; + showCalendarEvents = true; + showCalendarWeather = true; + showWeekNumberInCalendar = false; + use12hourFormat = false; + useFahrenheit = false; + weatherEnabled = true; + weatherShowEffects = true; + }; + network = { + airplaneModeEnabled = false; + bluetoothAutoConnect = true; + bluetoothDetailsViewMode = "grid"; + bluetoothHideUnnamedDevices = false; + bluetoothRssiPollIntervalMs = 60000; + bluetoothRssiPollingEnabled = false; + disableDiscoverability = false; + networkPanelView = "wifi"; + wifiDetailsViewMode = "grid"; + wifiEnabled = true; + }; + nightLight = { + autoSchedule = true; + dayTemp = "6000"; + enabled = true; + forced = false; + manualSunrise = "06:30"; + manualSunset = "18:30"; + nightTemp = "5500"; + }; + notifications = { + backgroundOpacity = mkForce 1.00; + clearDismissed = true; + criticalUrgencyDuration = 15; + density = "default"; + enableBatteryToast = true; + enableKeyboardLayoutToast = true; + enableMarkdown = true; + enableMediaToast = false; + enabled = true; + location = "bottom_right"; + lowUrgencyDuration = 3; + monitors = [ ]; + normalUrgencyDuration = 8; + overlayLayer = true; + respectExpireTimeout = false; + saveToHistory = { + critical = true; + low = true; + normal = true; + }; + sounds = { + criticalSoundFile = ""; + enabled = false; + excludedApps = "discord,firefox,chrome,chromium,edge"; + lowSoundFile = ""; + normalSoundFile = ""; + separateSounds = false; + volume = 0.5; + }; + }; + osd = { + autoHideMs = 1500; + backgroundOpacity = mkForce 0.55; + enabled = true; + enabledTypes = [ + 0 + 1 + 2 + ]; + location = "right"; + monitors = [ ]; + overlayLayer = true; + }; + settingsVersion = 57; + sessionMenu = import ./sessionMenu.nix; + systemMonitor = { + batteryCriticalThreshold = 5; + batteryWarningThreshold = 20; + cpuCriticalThreshold = 90; + cpuWarningThreshold = 80; + criticalColor = ""; + diskAvailCriticalThreshold = 10; + diskAvailWarningThreshold = 20; + diskCriticalThreshold = 90; + diskWarningThreshold = 80; + enableDgpuMonitoring = false; + externalMonitor = "resources || missioncenter || jdsystemmonitor || corestats || system-monitoring-center || gnome-system-monitor || plasma-systemmonitor || mate-system-monitor || ukui-system-monitor || deepin-system-monitor || pantheon-system-monitor"; + gpuCriticalThreshold = 90; + gpuWarningThreshold = 80; + memCriticalThreshold = 90; + memWarningThreshold = 80; + swapCriticalThreshold = 90; + swapWarningThreshold = 80; + tempCriticalThreshold = 90; + tempWarningThreshold = 80; + useCustomColors = false; + warningColor = ""; + }; + templates = { + activeTemplates = [ ]; + enableUserTheming = false; + }; + ui = { + boxBorderEnabled = false; + fontDefault = config.stylix.fonts.sansSerif.name; + fontDefaultScale = 1; + fontFixed = config.stylix.fonts.monospace.name; + fontFixedScale = 1; + panelBackgroundOpacity = mkForce 0.25; + panelsAttachedToBar = true; + settingsPanelMode = "attached"; + settingsPanelSideBarCardStyle = false; + tooltipsEnabled = true; + }; + wallpaper = { + automationEnabled = false; + directory = "${config.home.homeDirectory}/Pictures/Wallpapers"; + enableMultiMonitorDirectories = false; + enabled = true; + favorites = [ ]; + fillColor = "#000000"; + fillMode = "crop"; + hideWallpaperFilenames = true; + monitorDirectories = [ ]; + overviewBlur = 0.4; + overviewEnabled = true; + overviewTint = 0.6; + panelPosition = "follow_bar"; + randomIntervalSec = 300; + setWallpaperOnAllMonitors = true; + showHiddenFiles = false; + skipStartupTransition = false; + sortOrder = "name"; + transitionDuration = 1500; + transitionEdgeSmoothness = 0.05; + transitionType = "random"; + useSolidColor = false; + useWallhaven = false; + viewMode = "single"; + wallhavenApiKey = ""; + wallhavenCategories = "111"; + wallhavenOrder = "desc"; + wallhavenPurity = "100"; + wallhavenQuery = ""; + wallhavenRatios = ""; + wallhavenResolutionHeight = ""; + wallhavenResolutionMode = "atleast"; + wallhavenResolutionWidth = ""; + wallhavenSorting = "relevance"; + wallpaperChangeMode = "random"; + }; + plugins = { + autoUpdate = false; + }; + noctaliaPerformance = { + disableDesktopWidgets = true; + disableWallpaper = true; + }; + desktopWidgets = { + enabled = true; + gridSnap = false; + monitorWidgets = [ ]; + overviewEnabled = true; + }; + idle = { + customCommands = "[]"; + enabled = false; + fadeDuration = 5; + lockCommand = ""; + lockTimeout = 660; + resumeLockCommand = ""; + resumeScreenOffCommand = ""; + resumeSuspendCommand = ""; + screenOffCommand = ""; + screenOffTimeout = 600; + suspendCommand = ""; + suspendTimeout = 1800; + }; }; }; - }; programs.niri.settings = mkIf osConfig.programs.niri.enable ( with config.lib.niri.actions; diff --git a/system/modules/shells/noctalia/sessionMenu.nix b/system/modules/shells/noctalia/sessionMenu.nix index 6d81ded..ebd10c4 100755 --- a/system/modules/shells/noctalia/sessionMenu.nix +++ b/system/modules/shells/noctalia/sessionMenu.nix @@ -1,38 +1,47 @@ { countdownDuration = 3000; enableCountdown = true; + powerOptiolargeButtonsLayout = "single-row"; + largeButtonsStyle = true; position = "bottom_center"; powerOptions = [ { action = "lock"; countdownEnabled = true; enabled = true; + keybind = "1"; } { action = "suspend"; countdownEnabled = true; enabled = true; + keybind = "2"; } { action = "hibernate"; countdownEnabled = true; enabled = true; + keybind = "3"; } { action = "reboot"; countdownEnabled = true; enabled = true; + keybind = "4"; } { action = "logout"; countdownEnabled = true; enabled = true; + keybind = "5"; } { action = "shutdown"; countdownEnabled = true; enabled = true; + keybind = "6"; } ]; showHeader = false; + showKeybinds = true; } diff --git a/system/modules/shells/noctalia/systemMonitor.nix b/system/modules/shells/noctalia/systemMonitor.nix deleted file mode 100755 index 46e038d..0000000 --- a/system/modules/shells/noctalia/systemMonitor.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - cpuCriticalThreshold = 90; - cpuPollingInterval = 3000; - cpuWarningThreshold = 80; - criticalColor = ""; - diskCriticalThreshold = 90; - diskPollingInterval = 3000; - diskWarningThreshold = 80; - memCriticalThreshold = 90; - memPollingInterval = 3000; - memWarningThreshold = 80; - networkPollingInterval = 3000; - tempCriticalThreshold = 90; - tempPollingInterval = 3000; - tempWarningThreshold = 80; - useCustomColors = false; - warningColor = ""; -} diff --git a/system/modules/shells/noctalia/templates.nix b/system/modules/shells/noctalia/templates.nix deleted file mode 100755 index 0f53889..0000000 --- a/system/modules/shells/noctalia/templates.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - alacritty = false; - cava = false; - code = false; - discord = false; - emacs = false; - enableUserTemplates = false; - foot = false; - fuzzel = false; - ghostty = false; - gtk = false; - kcolorscheme = false; - kitty = false; - niri = false; - pywalfox = false; - qt = false; - spicetify = false; - telegram = false; - vicinae = false; - walker = false; - wezterm = false; -} diff --git a/system/modules/stalwart.nix b/system/modules/stalwart.nix index e006154..90d9ac1 100755 --- a/system/modules/stalwart.nix +++ b/system/modules/stalwart.nix @@ -1,22 +1,27 @@ { - adminPassFile, - ldapConf, - domain ? null, - acmeConfs ? null, - certs ? null, - enableNginx ? true, + hostname, + domain, }: { config, - lib, ... }: let - inherit (lib) mkIf; + inherit (config.sops) secrets; + cfg = config.services.stalwart; + secretPrefix = "/run/credentials/stalwart.service"; + adminPasswordVarName = "user_admin_password"; + adminPasswordFile = "${secretPrefix}/${adminPasswordVarName}"; - logFilePath = "${config.services.stalwart.dataDir}/logs"; + fqdn = "${hostname}.${domain}"; in { + sops.secrets."stalwart/password" = { + owner = cfg.user; + group = cfg.group; + mode = "0440"; + }; + services.postgresql = { enable = true; ensureDatabases = [ @@ -30,20 +35,14 @@ in ]; }; - systemd.tmpfiles.rules = - let - inherit (config.users.users.stalwart) name group; - in - [ - "d ${logFilePath} 0750 ${name} ${group} - " - ]; - services.stalwart = { enable = true; - openFirewall = true; + credentials = { + user_admin_password = secrets."stalwart/password".path; + }; settings = { server = { - hostname = if (domain != null) then "mx1.${domain}" else config.networking.fqdn; + hostname = fqdn; proxy = { trusted-networks = [ "10.0.0.148" ]; }; @@ -91,11 +90,9 @@ in }; lookup.default = { - hostname = "mx1.${domain}"; - domain = "${domain}"; + inherit domain; + hostname = fqdn; }; - acme = mkIf (acmeConfs != null) acmeConfs; - certificate = mkIf (certs != null) certs; directory = { "in-memory" = { @@ -104,20 +101,19 @@ in { name = "postmaster"; class = "individual"; - secret = "%{file:${adminPassFile}}%"; + secret = "%{file:${adminPasswordFile}}%"; email = [ "postmaster@${domain}" ]; } ]; }; - "ldap" = ldapConf; imap.lookup.domains = [ - "mx1.${domain}" + fqdn ]; }; authentication.fallback-admin = { user = "admin"; - secret = "%{file:${adminPassFile}}%"; + secret = "%{file:${adminPasswordFile}}%"; }; tracer."stdout" = { enable = true; @@ -126,16 +122,4 @@ in }; }; }; - - services.nginx = mkIf enableNginx { - enable = true; - virtualHosts = { - "mail.${domain}" = { - locations."/".proxyPass = "http://127.0.0.1:8080"; - locations."/jmap".proxyPass = "http://127.0.0.1:31004"; - enableACME = true; - forceSSL = true; - }; - }; - }; }