diff --git a/modules/home/programs/ghostty.hjem.nix b/modules/home/programs/ghostty.hjem.nix index 9367c20..ed95503 100644 --- a/modules/home/programs/ghostty.hjem.nix +++ b/modules/home/programs/ghostty.hjem.nix @@ -5,12 +5,15 @@ ... }: let - inherit (lib.lists) elem; + inherit (lib.lists) elem singleton; inherit (lib.meta) getExe; inherit (lib.attrsets) mapAttrsToList; inherit (lib.strings) concatStringsSep; + inherit (lib.modules) mkIf; + inherit (lib) getFlakePkg; + inherit (osConfig.meta.system) isGraphical; inherit (osConfig.meta.mainUser.defaultShell) name package; ghostty = (getFlakePkg inputs.ghostty).override { @@ -67,11 +70,10 @@ let }; in { - packages = builtins.attrValues { - inherit ghostty; + config = mkIf isGraphical { + packages = singleton ghostty; + files.".config/ghostty/config".text = + concatStringsSep "\n" + <| mapAttrsToList (name: value: "${name} = ${toString value}") ghostty-settings; }; - - files.".config/ghostty/config".text = - concatStringsSep "\n" - <| mapAttrsToList (name: value: "${name} = ${toString value}") ghostty-settings; } diff --git a/modules/programs/cli/jj.mod.nix b/modules/programs/cli/jj.mod.nix index 975ad76..4ec0a1c 100644 --- a/modules/programs/cli/jj.mod.nix +++ b/modules/programs/cli/jj.mod.nix @@ -6,14 +6,14 @@ }: let inherit (lib.meta) getExe; - inherit (builtins) attrValues readFile; + inherit (lib.lists) singleton; + inherit (lib.strings) optionalString; inherit (config.meta.mainUser) username; + inherit (config.meta.system) isWorkstation; - realName = readFile config.sops.secrets.real_name.path; - universityEmail = readFile config.sops.secrets.university_email.path; - organizationEmail = readFile config.sops.secrets.organization_email.path; - organizationShortName = readFile config.sops.secrets.organization_short_name.path; + organizationScope = config.sops.secrets.organization_scope.path; + uniScope = config.sops.secrets.uni_scope.path; toml = pkgs.formats.toml { }; jj-config = toml.generate "config.toml" { @@ -21,24 +21,6 @@ let email = "fau@faukah.com"; name = "faukah"; }; - "--scope" = [ - { - "--when".repositories = [ "~/repos/projects/uni" ]; - user = { - email = universityEmail; - name = realName; - }; - } - { - - "--when".repositories = [ "~/repos/projects/${organizationShortName}" ]; - - user = { - email = organizationEmail; - name = realName; - }; - } - ]; aliases = { c = [ "commit" ]; ci = [ @@ -123,8 +105,17 @@ let }; }; + jj-wrapped = pkgs.symlinkJoin { + name = "jj-wrapped"; + paths = [ pkgs.jujutsu ]; + nativeBuildInputs = [ pkgs.makeWrapper ]; + postBuild = optionalString isWorkstation '' + wrapProgram $out/bin/jj --add-flags " --config-file ${uniScope} --config-file ${organizationScope}" + ''; + }; + in { hjem.users.${username}.xdg.config.files."jj/config.toml".source = jj-config; - environment.systemPackages = attrValues { inherit (pkgs) jujutsu; }; + environment.systemPackages = singleton jj-wrapped; } diff --git a/modules/system/hardware/power.mod.nix b/modules/system/hardware/power.mod.nix index 8834476..b29409c 100644 --- a/modules/system/hardware/power.mod.nix +++ b/modules/system/hardware/power.mod.nix @@ -6,29 +6,17 @@ ... }: let - inherit (lib.modules) mkDefault mkForce; + inherit (lib.modules) mkIf; + inherit (lib.lists) singleton; + inherit (builtins) attrValues; + + inherit (config.meta.system) isLaptop; in { imports = [ inputs.watt.nixosModules.default ]; - config = { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - acpi - powertop - ; - }; - - boot = { - kernelModules = [ "acpi_call" ]; - extraModulePackages = with config.boot.kernelPackages; [ - acpi_call - cpupower - ]; - }; - - hardware.acpilight.enable = false; + config = mkIf isLaptop { services = { watt.enable = true; thermald.enable = true; @@ -37,32 +25,19 @@ in percentageLow = 15; percentageCritical = 5; }; - acpid = { - enable = true; - logEvents = true; + }; + services.acpid = { + enable = true; + logEvents = true; + }; + environment.systemPackages = attrValues { + inherit (pkgs) acpi; + }; + boot = { + kernelModules = singleton "acpi_call"; + extraModulePackages = attrValues { + inherit (config.boot.kernelPackages) acpi_call cpupower; }; - power-profiles-daemon.enable = mkForce false; - auto-cpufreq = { - enable = false; - settings = { - charger = { - governor = "performance"; - energy_performance_preference = "performance"; - scaling_min_freq = mkDefault 1800000; - scaling_max_freq = mkDefault 3800000; - turbo = "auto"; - }; - - battery = { - governor = "powersave"; - energy_performance_preference = "power"; - scaling_min_freq = mkDefault 1200000; - scaling_max_freq = mkDefault 1800000; - turbo = "never"; - }; - }; - }; - }; }; } diff --git a/modules/system/secrets/organization_scope.toml b/modules/system/secrets/organization_scope.toml new file mode 100644 index 0000000..59a106e --- /dev/null +++ b/modules/system/secrets/organization_scope.toml @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:vwfjHpLbHG8g79CpMpsDzYAk0vlfwKuWUTSZnKzGwCZW5rrFFBLamQoZLt5HpvvsGqBrqRditj+GSsHsZAzxz25Vfv7dcyvz1AdaFI56zmU1NzSK+RAyucPZfnjV98vJUqFgVmOFQBkv0o1ThrzXmE8jd1Osz7qKIoy/+rHCzqsBw8wFD3tMe4UjGtkI9DYFSJUh1Ym9PjBE,iv:JeLgCfQXvjWNk8BypNbqJw1+OHawEDQSCdamq0C+lis=,tag:XZUy4g3W4O9L/c1PXlooKA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRE5xR1RISy9rM3FkOGpu\ncGRCL2ZYOU5PeXNhaUtXSWxRWXN5bWNkSmlnCjB1Q0VlNDhmNmVCME5IMTU5SzVV\nSUt3RVFGRFJMc21TTXFGTzJSYkpjRTgKLS0tIHVZZnh4cG1FendxSENNRmhVY1gv\ndG55UVdhN2Nka2hJS0NwbTBud1V0L28KxHGZdIQUQ3/fG5q4rFiBrXpISdqgXsIc\n05vEYEkO0PSOeFSAkOZiSgPPVmcCQMMHj4RyeHc/BdzUDZbGA/rGtw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeVFxRGhvSm1lTW5VeDlX\nbXlIS0JOZGpjTmd0U3NWMFY3aFdra3ZiazFRCjdpT0k2d0dyUXQwUjhEaWsvd2lp\nU1FvNFc3cVNKdXdGWFdjUGd4a2hrQzQKLS0tIFhtMkhCUFdoVzVIOFFEelNJMG1Q\nMk0wNXg0ekxNU0RzREJicHFvUzFkajgKe+2lC/eUPYfzdNNDEuOheXO7EioBg6HM\nJ25diaPvFSUypux76SdFHAXqd75gMcWbhpeFcOlhXMMQ01UPeXNlYA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-03T16:39:42Z", + "mac": "ENC[AES256_GCM,data:DkWLyVJQIhQDOqUD2W61E+dxQVgxwqqJAVuKh6LPMOihj1MbjFDgU1YEf+CJG3sN5iQt9LtshqFZMOpy8NYMBT+8korofuaa3DeAulg3UAb29lkiXNAkrysMFUmtWUEjvKzWNuo7fGzJj0IUzIGi+HRdZXrK8y25XnVv+6bxcmE=,iv:fJjHxGmBvSPMTqwRuP2JJUEdzVPfEvnNbSZgYHTy47E=,tag:HxA6t69e/l7xYBbEiDJ0Xw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/modules/system/secrets/sops.mod.nix b/modules/system/secrets/sops.mod.nix index cd8dfe9..527282d 100644 --- a/modules/system/secrets/sops.mod.nix +++ b/modules/system/secrets/sops.mod.nix @@ -41,6 +41,7 @@ let postBuild = '' wrapProgram $out/bin/sops --add-flags " --config ${sopsConfig}" ''; + # --age ${keys} }; mkRecipients = list: [ { age = list; } ]; @@ -73,6 +74,20 @@ let tower_host_key ]; } + { + path_regex = "uni_scope.toml"; + key_groups = mkRecipients [ + master_key + hermit_host_key + ]; + } + { + path_regex = "organization_scope.toml"; + key_groups = mkRecipients [ + master_key + hermit_host_key + ]; + } ]; }; @@ -104,7 +119,18 @@ in defaultSopsFile = ./secrets.json; defaultSopsFormat = "json"; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - secrets = listToAttrs <| filter (x: x != [ ]) <| flatten <| map generateSecrets secretFiles; + secrets = (listToAttrs <| filter (x: x != [ ]) <| flatten <| map generateSecrets secretFiles) // { + uni_scope = { + sopsFile = ./uni_scope.toml; + format = "binary"; + mode = "0444"; + }; + organization_scope = { + sopsFile = ./organization_scope.toml; + format = "binary"; + mode = "0444"; + }; + }; }; environment.systemPackages = attrValues { inherit sops; diff --git a/modules/system/secrets/uni_scope.toml b/modules/system/secrets/uni_scope.toml new file mode 100644 index 0000000..506fab1 --- /dev/null +++ b/modules/system/secrets/uni_scope.toml @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:l4IvlpDrDVnlArtnixJqwI0Ai3xG5jF5clhLGWOrqywd0lnKFjNDuEMcHlKN6cGmeFwX6i/6qkXcKT//pKNQDUvALzDY8PNp9AKV9/NmnQ7ZWzpyScXNqMnNwgs9+TA5SpKAZseVpEk3Nle29Jbene9BTYL614tlkL/uXO5KLLQAPZ4GGQ==,iv:qmrKAfdaDh3dVY95oKo666Knw7F29hi3O7zDIZFyYbc=,tag:Db54A+7rW7Amctx9lL9yBA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYTJaa1RETEFOdENzQXl6\nakg0bk1icTllRHdkb0Q1WGFxMWE5RXdGTVhzCmhsRkVVUC80Um5CcUtrY2NQVmJv\nYzZCVUllSi9hamdKemduME9BdGJjM0UKLS0tIC8zS3RaUUpBSm4xK1ozeXFHQzdz\nYmd2Z3V3ODkvQjcvdnliVVNPdmY2azAKA/2YkNAjwbTWdoQLV8qM012EzAx8yM8l\nH1cSLyfXfulUA3DGTeSck8MJmd/c5kTSkH6TqGs2XxnGSI8W92c/Uw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQk9ZU3JXYXFNZm5pdCtz\nQis4TFlqanRlY3lHdVA3S1FyQTFsTmI2MzBnCk80K041NDZmMnBUUURrZFcyMzR2\nSitjY2xLeE40V1pTckdpNHZQNjBPOEUKLS0tIGpQVnB3MUd5b0FZOUlqNzlvWFZt\nb2RMZGJVbk1ZOHpqV0dOZ0ZudXNQNWcKg5v6dzKUPR5W1B8FM5hnsLA+HjcAObES\nc+Ff371ERAFfA8S9z4kxUmjRpdp+5AORakyf4PrtlUeEx7Ah9uARug==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-03T16:39:27Z", + "mac": "ENC[AES256_GCM,data:awRHWYorrKxyF1qUIXO6JZ6mVI3iCOSK9eVbltvaO2xCqdlyDEzRR5gvj2IZuK+I9rubPmlgB3/VfIeK/Kn1VbHGuKfRoHId9mwL27VgnOeD6UPQFMkqs0n/vYBydZUcy/U6QUnQnrqTt6V28yzgaqRaj2pR/ipPm7NMDjj1JkI=,iv:6+dmOJOMfkQu44b4T7oYQxh/NnpBTEtgXGnBh+3CpxI=,tag:jdzLQ+74sH6s/Lc2iT5V9g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/modules/system/system.mod.nix b/modules/system/system.mod.nix index 7f56135..fa580d9 100644 --- a/modules/system/system.mod.nix +++ b/modules/system/system.mod.nix @@ -1,13 +1,29 @@ -{ config, ... }: +{ config, lib, ... }: let + inherit (lib.options) mkEnableOption; machine-id = builtins.substring 0 32 (builtins.hashString "sha256" config.networking.hostName); + cfg = config.meta.system; in { - system = { - # My state version. - stateVersion = "23.11"; - disableInstallerTools = true; - tools.nixos-option.enable = false; + options.meta.system = { + isWorkstation = mkEnableOption "Workstation system" // { + default = cfg.isLaptop; + }; + isBatteryPowered = mkEnableOption "Battery-powered system" // { + default = cfg.isLaptop; + }; + isGraphical = mkEnableOption "System with graphical output" // { + default = cfg.isLaptop; + }; + isLaptop = mkEnableOption "System is a laptop"; + }; + config = { + system = { + # My state version. + stateVersion = "23.11"; + disableInstallerTools = true; + tools.nixos-option.enable = false; + }; + environment.etc."machine-id".text = "${machine-id}\n"; }; - environment.etc."machine-id".text = "${machine-id}\n"; }