/nix/store/dlwqlnbaj5vfm9aw20r1yxk8y56lmgif-repo/header.tmpl

Compare commits

base: faukah:fcb417144ff18c66c6d673e3352feab8e2269594
Branches Tags
faukah:main
faukah:website
..
compare: faukah:274c91a8f731732f13c44cd6e52511389bad67b9
Branches Tags
faukah:main
faukah:website

4 commits
fcb417144f ... 274c91a8f7

Author SHA1 Message Date
faukah
274c91a8f7 ghostty: cleanup 2025-09-03 19:58:24 +02:00
faukah
2dcee66c65 power: only enable stuff depending on the type of system 2025-09-03 19:57:28 +02:00
faukah
69face9d77 system: add more options to distinguish systems 2025-09-03 19:57:12 +02:00
faukah
fb7679a9a3 jj: only add scopes on some systems 2025-09-03 19:56:54 +02:00
7 changed files with 130 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/home/programs/ghostty.hjem.nix
View file

@ -5,12 +5,15 @@
... ...
}: }:
let let
inherit (lib.lists) elem; inherit (lib.lists) elem singleton;
inherit (lib.meta) getExe; inherit (lib.meta) getExe;
inherit (lib.attrsets) mapAttrsToList; inherit (lib.attrsets) mapAttrsToList;
inherit (lib.strings) concatStringsSep; inherit (lib.strings) concatStringsSep;
inherit (lib.modules) mkIf;
inherit (lib) getFlakePkg; inherit (lib) getFlakePkg;
inherit (osConfig.meta.system) isGraphical;
inherit (osConfig.meta.mainUser.defaultShell) name package; inherit (osConfig.meta.mainUser.defaultShell) name package;
ghostty = (getFlakePkg inputs.ghostty).override { ghostty = (getFlakePkg inputs.ghostty).override {
@ -67,11 +70,10 @@ let
}; };
in in
{ {
packages = builtins.attrValues { config = mkIf isGraphical {
inherit ghostty; packages = singleton ghostty;
};
files.".config/ghostty/config".text = files.".config/ghostty/config".text =
concatStringsSep "\n" concatStringsSep "\n"
<| mapAttrsToList (name: value: "${name} = ${toString value}") ghostty-settings; <| mapAttrsToList (name: value: "${name} = ${toString value}") ghostty-settings;
};
} }

39
modules/programs/cli/jj.mod.nix
View file

@ -6,14 +6,14 @@
}: }:
let let
inherit (lib.meta) getExe; inherit (lib.meta) getExe;
inherit (builtins) attrValues readFile; inherit (lib.lists) singleton;
inherit (lib.strings) optionalString;
inherit (config.meta.mainUser) username; inherit (config.meta.mainUser) username;
inherit (config.meta.system) isWorkstation;
realName = readFile config.sops.secrets.real_name.path; organizationScope = config.sops.secrets.organization_scope.path;
universityEmail = readFile config.sops.secrets.university_email.path; uniScope = config.sops.secrets.uni_scope.path;
organizationEmail = readFile config.sops.secrets.organization_email.path;
organizationShortName = readFile config.sops.secrets.organization_short_name.path;
toml = pkgs.formats.toml { }; toml = pkgs.formats.toml { };
jj-config = toml.generate "config.toml" { jj-config = toml.generate "config.toml" {
@ -21,24 +21,6 @@ let
email = "fau@faukah.com"; email = "fau@faukah.com";
name = "faukah"; name = "faukah";
}; };
"--scope" = [
{
"--when".repositories = [ "~/repos/projects/uni" ];
user = {
email = universityEmail;
name = realName;
};
}
{
"--when".repositories = [ "~/repos/projects/${organizationShortName}" ];
user = {
email = organizationEmail;
name = realName;
};
}
];
aliases = { aliases = {
c = [ "commit" ]; c = [ "commit" ];
ci = [ ci = [
@ -123,8 +105,17 @@ let
}; };
}; };
jj-wrapped = pkgs.symlinkJoin {
name = "jj-wrapped";
paths = [ pkgs.jujutsu ];
nativeBuildInputs = [ pkgs.makeWrapper ];
postBuild = optionalString isWorkstation ''
wrapProgram $out/bin/jj --add-flags " --config-file ${uniScope} --config-file ${organizationScope}"
'';
};
in in
{ {
hjem.users.${username}.xdg.config.files."jj/config.toml".source = jj-config; hjem.users.${username}.xdg.config.files."jj/config.toml".source = jj-config;
environment.systemPackages = attrValues { inherit (pkgs) jujutsu; }; environment.systemPackages = singleton jj-wrapped;
} }

53
modules/system/hardware/power.mod.nix
View file

@ -6,29 +6,17 @@
... ...
}: }:
let let
inherit (lib.modules) mkDefault mkForce; inherit (lib.modules) mkIf;
inherit (lib.lists) singleton;
inherit (builtins) attrValues;
inherit (config.meta.system) isLaptop;
in in
{ {
imports = [ imports = [
inputs.watt.nixosModules.default inputs.watt.nixosModules.default
]; ];
config = { config = mkIf isLaptop {
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
acpi
powertop
;
};
boot = {
kernelModules = [ "acpi_call" ];
extraModulePackages = with config.boot.kernelPackages; [
acpi_call
cpupower
];
};
hardware.acpilight.enable = false;
services = { services = {
watt.enable = true; watt.enable = true;
thermald.enable = true; thermald.enable = true;
@ -37,32 +25,19 @@ in
percentageLow = 15; percentageLow = 15;
percentageCritical = 5; percentageCritical = 5;
}; };
acpid = { };
services.acpid = {
enable = true; enable = true;
logEvents = true; logEvents = true;
}; };
power-profiles-daemon.enable = mkForce false; environment.systemPackages = attrValues {
auto-cpufreq = { inherit (pkgs) acpi;
enable = false;
settings = {
charger = {
governor = "performance";
energy_performance_preference = "performance";
scaling_min_freq = mkDefault 1800000;
scaling_max_freq = mkDefault 3800000;
turbo = "auto";
}; };
boot = {
battery = { kernelModules = singleton "acpi_call";
governor = "powersave"; extraModulePackages = attrValues {
energy_performance_preference = "power"; inherit (config.boot.kernelPackages) acpi_call cpupower;
scaling_min_freq = mkDefault 1200000;
scaling_max_freq = mkDefault 1800000;
turbo = "never";
}; };
}; };
}; };
};
};
} }

19
modules/system/secrets/organization_scope.toml Normal file
View file

@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:vwfjHpLbHG8g79CpMpsDzYAk0vlfwKuWUTSZnKzGwCZW5rrFFBLamQoZLt5HpvvsGqBrqRditj+GSsHsZAzxz25Vfv7dcyvz1AdaFI56zmU1NzSK+RAyucPZfnjV98vJUqFgVmOFQBkv0o1ThrzXmE8jd1Osz7qKIoy/+rHCzqsBw8wFD3tMe4UjGtkI9DYFSJUh1Ym9PjBE,iv:JeLgCfQXvjWNk8BypNbqJw1+OHawEDQSCdamq0C+lis=,tag:XZUy4g3W4O9L/c1PXlooKA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRE5xR1RISy9rM3FkOGpu\ncGRCL2ZYOU5PeXNhaUtXSWxRWXN5bWNkSmlnCjB1Q0VlNDhmNmVCME5IMTU5SzVV\nSUt3RVFGRFJMc21TTXFGTzJSYkpjRTgKLS0tIHVZZnh4cG1FendxSENNRmhVY1gv\ndG55UVdhN2Nka2hJS0NwbTBud1V0L28KxHGZdIQUQ3/fG5q4rFiBrXpISdqgXsIc\n05vEYEkO0PSOeFSAkOZiSgPPVmcCQMMHj4RyeHc/BdzUDZbGA/rGtw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeVFxRGhvSm1lTW5VeDlX\nbXlIS0JOZGpjTmd0U3NWMFY3aFdra3ZiazFRCjdpT0k2d0dyUXQwUjhEaWsvd2lp\nU1FvNFc3cVNKdXdGWFdjUGd4a2hrQzQKLS0tIFhtMkhCUFdoVzVIOFFEelNJMG1Q\nMk0wNXg0ekxNU0RzREJicHFvUzFkajgKe+2lC/eUPYfzdNNDEuOheXO7EioBg6HM\nJ25diaPvFSUypux76SdFHAXqd75gMcWbhpeFcOlhXMMQ01UPeXNlYA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-09-03T16:39:42Z",
"mac": "ENC[AES256_GCM,data:DkWLyVJQIhQDOqUD2W61E+dxQVgxwqqJAVuKh6LPMOihj1MbjFDgU1YEf+CJG3sN5iQt9LtshqFZMOpy8NYMBT+8korofuaa3DeAulg3UAb29lkiXNAkrysMFUmtWUEjvKzWNuo7fGzJj0IUzIGi+HRdZXrK8y25XnVv+6bxcmE=,iv:fJjHxGmBvSPMTqwRuP2JJUEdzVPfEvnNbSZgYHTy47E=,tag:HxA6t69e/l7xYBbEiDJ0Xw==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

28
modules/system/secrets/sops.mod.nix
View file

@ -41,6 +41,7 @@ let
postBuild = '' postBuild = ''
wrapProgram $out/bin/sops --add-flags " --config ${sopsConfig}" wrapProgram $out/bin/sops --add-flags " --config ${sopsConfig}"
''; '';
# --age ${keys}
}; };
mkRecipients = list: [ { age = list; } ]; mkRecipients = list: [ { age = list; } ];
@ -73,6 +74,20 @@ let
tower_host_key tower_host_key
]; ];
} }
{
path_regex = "uni_scope.toml";
key_groups = mkRecipients [
master_key
hermit_host_key
];
}
{
path_regex = "organization_scope.toml";
key_groups = mkRecipients [
master_key
hermit_host_key
];
}
]; ];
}; };
@ -104,7 +119,18 @@ in
defaultSopsFile = ./secrets.json; defaultSopsFile = ./secrets.json;
defaultSopsFormat = "json"; defaultSopsFormat = "json";
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = listToAttrs <| filter (x: x != [ ]) <| flatten <| map generateSecrets secretFiles; secrets = (listToAttrs <| filter (x: x != [ ]) <| flatten <| map generateSecrets secretFiles) // {
uni_scope = {
sopsFile = ./uni_scope.toml;
format = "binary";
mode = "0444";
};
organization_scope = {
sopsFile = ./organization_scope.toml;
format = "binary";
mode = "0444";
};
};
}; };
environment.systemPackages = attrValues { environment.systemPackages = attrValues {
inherit sops; inherit sops;

19
modules/system/secrets/uni_scope.toml Normal file
View file

@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:l4IvlpDrDVnlArtnixJqwI0Ai3xG5jF5clhLGWOrqywd0lnKFjNDuEMcHlKN6cGmeFwX6i/6qkXcKT//pKNQDUvALzDY8PNp9AKV9/NmnQ7ZWzpyScXNqMnNwgs9+TA5SpKAZseVpEk3Nle29Jbene9BTYL614tlkL/uXO5KLLQAPZ4GGQ==,iv:qmrKAfdaDh3dVY95oKo666Knw7F29hi3O7zDIZFyYbc=,tag:Db54A+7rW7Amctx9lL9yBA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYTJaa1RETEFOdENzQXl6\nakg0bk1icTllRHdkb0Q1WGFxMWE5RXdGTVhzCmhsRkVVUC80Um5CcUtrY2NQVmJv\nYzZCVUllSi9hamdKemduME9BdGJjM0UKLS0tIC8zS3RaUUpBSm4xK1ozeXFHQzdz\nYmd2Z3V3ODkvQjcvdnliVVNPdmY2azAKA/2YkNAjwbTWdoQLV8qM012EzAx8yM8l\nH1cSLyfXfulUA3DGTeSck8MJmd/c5kTSkH6TqGs2XxnGSI8W92c/Uw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQk9ZU3JXYXFNZm5pdCtz\nQis4TFlqanRlY3lHdVA3S1FyQTFsTmI2MzBnCk80K041NDZmMnBUUURrZFcyMzR2\nSitjY2xLeE40V1pTckdpNHZQNjBPOEUKLS0tIGpQVnB3MUd5b0FZOUlqNzlvWFZt\nb2RMZGJVbk1ZOHpqV0dOZ0ZudXNQNWcKg5v6dzKUPR5W1B8FM5hnsLA+HjcAObES\nc+Ff371ERAFfA8S9z4kxUmjRpdp+5AORakyf4PrtlUeEx7Ah9uARug==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-09-03T16:39:27Z",
"mac": "ENC[AES256_GCM,data:awRHWYorrKxyF1qUIXO6JZ6mVI3iCOSK9eVbltvaO2xCqdlyDEzRR5gvj2IZuK+I9rubPmlgB3/VfIeK/Kn1VbHGuKfRoHId9mwL27VgnOeD6UPQFMkqs0n/vYBydZUcy/U6QUnQnrqTt6V28yzgaqRaj2pR/ipPm7NMDjj1JkI=,iv:6+dmOJOMfkQu44b4T7oYQxh/NnpBTEtgXGnBh+3CpxI=,tag:jdzLQ+74sH6s/Lc2iT5V9g==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

18
modules/system/system.mod.nix
View file

@ -1,8 +1,23 @@
{ config, ... }: { config, lib, ... }:
let let
inherit (lib.options) mkEnableOption;
machine-id = builtins.substring 0 32 (builtins.hashString "sha256" config.networking.hostName); machine-id = builtins.substring 0 32 (builtins.hashString "sha256" config.networking.hostName);
cfg = config.meta.system;
in in
{ {
options.meta.system = {
isWorkstation = mkEnableOption "Workstation system" // {
default = cfg.isLaptop;
};
isBatteryPowered = mkEnableOption "Battery-powered system" // {
default = cfg.isLaptop;
};
isGraphical = mkEnableOption "System with graphical output" // {
default = cfg.isLaptop;
};
isLaptop = mkEnableOption "System is a laptop";
};
config = {
system = { system = {
# My state version. # My state version.
stateVersion = "23.11"; stateVersion = "23.11";
@ -10,4 +25,5 @@ in
tools.nixos-option.enable = false; tools.nixos-option.enable = false;
}; };
environment.etc."machine-id".text = "${machine-id}\n"; environment.etc."machine-id".text = "${machine-id}\n";
};
} }