flakfiy some Justfile recipes and experiment with wayland based custom desktop

nix/os/devices/steveej-t14/pkg.nix

@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{pkgs, lib, ...}: {
   home-manager.users.steveej = _: {
     imports = [
       ../../../home-manager/configuration/graphical-fullblown.nix
@@ -11,13 +11,86 @@
     ];
   };
 
-  services.teamviewer.enable = true;
+# TODO: delegate graphical session to home-manager config (mostly)
+
+# FIXME: move this to home-manager entirely
+# programs.sway.enable = true;
+# programs.sway.package = null;
+
+services.xserver = {
+  enable = lib.mkForce false;
+
+  desktopManager = {
+    gnome.enable = lib.mkForce false;
+    xterm.enable = lib.mkForce false;
+
+    # FIXME: gnome should be moved to user session
+    # gnome.enable = true;
+    # xterm.enable = true; 
+  };
+
+  displayManager = {
+    # gdm.enable = lib.mkForce false;
+
+    # FIXME: does the home-manager session have an explicit name?
+    # defaultSession = "xterm";
+
+    # autoLogin = {
+    #   enable = true;
+    #   user = "steveej";
+    # };
+
+    # session = [
+    #   { 
+    #     manage = "desktop";
+    #     name = "xsession";
+    #     start = "";
+    #   }
+    # ];
+  };
+};
+
+services.greetd = 
+  let
+    # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
+    swayConfig = pkgs.writeText "greetd-sway-config" ''
+      # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
+      exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
+      bindsym Mod4+shift+e exec swaynag \
+        -t warning \
+        -m 'What do you want to do?' \
+        -b 'Poweroff' 'systemctl poweroff' \
+        -b 'Reboot' 'systemctl reboot'
+    '';
+  in {
+  enable = true;
+    settings = {
+      vt = 1;
+      default_session = {
+        command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; 
+      };
+    };
+  };
+
+  environment.etc."greetd/environments".text = ''
+    sway
+    jay
+  '';
+
+  # required by swaywm
+  security.polkit.enable = true;
+
+  security.pam.services.swaylock = { };
+
+  services.teamviewer.enable = false;
   system.stateVersion = "20.09";
 
+
   # TODO: move this into home-manager
   environment.systemPackages = with pkgs.gnomeExtensions; [
     pop-shell
     vitals
+    soft-brightness
 
     # TODO: currently not compatible
     # window-switcher-current-workspace-first

nix/os/devices/steveej-t14/system.nix

@@ -31,13 +31,22 @@ in {
   ];
 
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [
+  services.openssh.openFirewall = false;
+
+  # TODO: upstream feature for inverse rule to work: `! --in-interface zt+`
+  networking.firewall.interfaces."eth+".allowedTCPPorts = [
+    22 
+
     # syncthing
     22000
 
     # iperf3
     5201
   ];
+  networking.firewall.interfaces."eth+".allowedUDPPorts = [ 
+    # syncthing
+    22000 21027
+  ];
 
   networking.firewall.logRefusedConnections = false;
   networking.usePredictableInterfaceNames = false;
@@ -62,7 +71,7 @@ in {
     podman = {
       enable = true;
       dockerCompat = true;
-      defaultNetwork.dnsname.enable = true;
+      # defaultNetwork.dnsname.enable = true;
     };
   };
 
@@ -83,4 +92,11 @@ in {
   time.timeZone = lib.mkForce passwords.timeZone.stefan;
 
   hardware.ledger.enable = true;
+
+  services.zerotierone = {
+    enable = true;
+    joinNetworks = [
+      "93afae5963c547f1"
+    ];
+  };
 }

nix/os/profiles/graphical/system.nix

@@ -62,18 +62,14 @@
 
     displayManager = {
       gdm.enable = true;
-
-      autoLogin = {
-        enable = true;
-        user = "steveej";
-      };
+      gdm.wayland = true;
     };
   };
 
   # gnome, most of it is disabled and ideally it could live entirely in the user's home config
   programs.gpaste.enable = false;
   programs.gnome-terminal.enable = false;
-  programs.gnome-documents.enable = false;
+  # programs.gnome-documents.enable = false;
   programs.gnome-disks.enable = false;
 
   services.gnome = {