feat: start migrating steveej-t14 and sj-vps-htz-0 to sops

2023-07-05 15:55:04 +02:00 · 2023-07-05 15:55:04 +02:00 · b481126ae2
commit b481126ae2
parent 6587a914e4
55 changed files with 877 additions and 452 deletions
--- a/nix/home-manager/configuration/graphical-fullblown.nix
+++ b/nix/home-manager/configuration/graphical-fullblown.nix
@ -4,10 +4,14 @@
  # these come in via home-manager.extraSpecialArgs and are specific to each node
  nodeFlake,
  packages',
+  repoFlake,
+  # repoFlakeInputs',
  ...
 }: let
  pkgsMaster = nodeFlake.inputs.nixpkgs-master.${pkgs.system};
  pkgsUnstableSmall = nodeFlake.inputs.nixpkgs-unstable-small.legacyPackages.${pkgs.system};
+  pkgs2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system};
+  # pkgs2211 = repoFlakeInputs'.nixpkgs-2211.legacyPackages;
 in {
  imports = [
    ../profiles/common.nix
@ -22,6 +26,7 @@ in {
    ../programs/redshift.nix
    ../programs/gpg-agent.nix

+    # ../programs/espanso.nix

    ../programs/firefox.nix
    ../programs/chromium.nix
@ -31,18 +36,16 @@ in {
    ../programs/pass.nix
    ../programs/vscode

-    # TODO: broken since nixos-23.05
-    # ../programs/radicale.nix
-    # ../programs/espanso.nix
+    # TODO: bump these to 23.05 and make it work
+    (args: import ../programs/radicale.nix (args // {pkgs = pkgs2211;}))
+    # (args: import ../programs/espanso.nix (args // {pkgs = pkgs2211;}))
  ];

  home.sessionVariables.HM_CONFIG = "graphical-fullblown";
  home.sessionVariables.GOPATH = "$HOME/src/go";
  home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];

-  # required by logseq as of 2023-05-24
  nixpkgs.config.permittedInsecurePackages = [
-    "electron-20.3.11"
  ];

  home.packages =
@ -89,8 +92,9 @@ in {
      yubikey-personalization
      yubikey-personalization-gui

-      # gnome.gnome-keyring 
-      gcr gnome.seahorse
+      # gnome.gnome-keyring
+      gcr
+      gnome.seahorse

      # Language Support
      hunspellDicts.en-us
@ -110,6 +114,59 @@ in {
      # FIXME: depends on insecure openssl 1.1.1t
      # kotatogram-desktop
      tdesktop
+      (let
+        version = "6.20.0-beta.1";
+      in
+        pkgsUnstableSmall.signal-desktop-beta.overrideAttrs (old: {
+          inherit version;
+          src = builtins.fetchurl {
+            url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop-beta/signal-desktop-beta_${version}_amd64.deb";
+            sha256 = "0xkagnldagfxnpv4c23yd9w0kz1y719m1sj9vqn8mnr1zfn7j62a";
+          };
+          preFixup =
+            old.preFixup
+            + ''
+              gappsWrapperArgs+=(
+                --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto}}"
+                --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform}}"
+              )
+            '';
+        }))
+
+      # --add-flags "--enable-features=UseOzonePlatform"
+      # --add-flags "--ozone-platform=wayland"
+      (pkgsUnstableSmall.session-desktop.overrideAttrs (old: {
+        nativeBuildInputs =
+          old.nativeBuildInputs
+          ++ [
+            pkgs.wrapGAppsHook
+          ];
+
+        preFixup =
+          (old.preFixup or "")
+          + ''
+            gappsWrapperArgs+=(
+              --add-flags "--enable-features=UseOzonePlatform"
+              --add-flags "--ozone-platform=wayland"
+              # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto}}"
+              # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=WaylandWindowDecorations}}"
+              # --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform}}"
+            )
+          '';
+      }))
+
+      #(pkgsUnstableSmall.session-desktop.overrideAttrs(old: {
+      #    nativeBuildInputs = old.nativeBuildInputs ++ [
+      #      pkgs.wrapGAppsHook
+      #    ];
+      #
+      #    preFixup = (old.preFixup or "") + ''
+      #      gappsWrapperArgs+=(
+      #        --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform=wayland}}"
+      #        --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--enable-features=UseOzonePlatform}}"
+      #      )
+      #    '';
+      #  }))

      thunderbird
      # gnome.cheese
@ -129,7 +186,8 @@ in {
      vlc
      audacity
      spotify
-      # youtube-dl-light
+      yt-dlp
+      (writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}")
      libwebcam

      # Network Tools
@ -177,9 +235,15 @@ in {
      cdrtools

      # Document Processing and Management
-      mendeley
+      xfce.thunar
+      # mendeley
      evince
-      (logseq.override (_: {electron = pkgs.electron_20;}))
+      ((logseq.overrideAttrs (attrs: {
+        version = "nightly";
+        src = repoFlake.inputs.logseqNightly;
+      })).override (_: {
+        electron = pkgs.electron_24;
+      }))

      # File Synchronzation
      dropbox
--- a/nix/home-manager/profiles/sway-desktop.nix
+++ b/nix/home-manager/profiles/sway-desktop.nix
@ -11,12 +11,11 @@
  displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'";
  displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'";
  swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh;
-
 in {
  imports = [
-      ../profiles/wayland-desktop.nix
-      ../programs/waybar.nix
-      ../programs/salut.nix
+    ../profiles/wayland-desktop.nix
+    ../programs/waybar.nix
+    ../programs/salut.nix
  ];

  # TODO: autostart
@ -44,7 +43,7 @@ in {
    pkgs.gnome-icon-theme

    ## fonts
-    pkgs.dejavu_fonts   # just a basic good fond
+    pkgs.dejavu_fonts # just a basic good fond
    pkgs.font-awesome_5 # needed by i3status-rust
    pkgs.nerdfonts
    pkgs.font-awesome
@ -80,9 +79,10 @@ in {
  wayland.windowManager.sway = {
    enable = true;
    systemdIntegration = true;
+    # systemd.enable = true;
    xwayland = false;

-    config = let 
+    config = let
      modifier = "Mod4";
      inherit (config.wayland.windowManager.sway.config) left right up down;
    in {
@ -90,12 +90,14 @@ in {
      bars = [];

      input = {
-        "type:keyboard" = {
-          xkb_layout = config.home.keyboard.layout;
-          xkb_variant = config.home.keyboard.variant;
-        } // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) {
-          xkb_options = builtins.concatStringsSep "," config.home.keyboard.options;
-        };
+        "type:keyboard" =
+          {
+            xkb_layout = config.home.keyboard.layout;
+            xkb_variant = config.home.keyboard.variant;
+          }
+          // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) {
+            xkb_options = builtins.concatStringsSep "," config.home.keyboard.options;
+          };

        "type:touchpad" = {
          natural_scroll = "enabled";
@ -105,8 +107,8 @@ in {
      keybindings = lib.mkOptionDefault {
        # as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi
        # "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps";
-        "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel";
-      
+        "${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions";
+
        # only 1-9 exist on the default config
        "${modifier}+0" = "workspace number 0";
        "${modifier}+Shift+0" = "move container to workspace number 0";
@ -118,15 +120,15 @@ in {
        # move workspace to output
        "${modifier}+Control+Shift+${left}" = "move workspace to output left";
        "${modifier}+Control+Shift+${right}" = "move workspace to output right";
-        "${modifier}+Control+Shift+${up}" =  "move workspace to output up";
+        "${modifier}+Control+Shift+${up}" = "move workspace to output up";
        "${modifier}+Control+Shift+${down}" = "move workspace to output down";
        # move workspace to output with arrow keys
-        "${modifier}+Control+Shift+Left" =  "move workspace to output left";
+        "${modifier}+Control+Shift+Left" = "move workspace to output left";
        "${modifier}+Control+Shift+Right" = "move workspace to output right";
-        "${modifier}+Control+Shift+Up" =    "move workspace to output up";
-        "${modifier}+Control+Shift+Down" =  "move workspace to output down";
+        "${modifier}+Control+Shift+Up" = "move workspace to output up";
+        "${modifier}+Control+Shift+Down" = "move workspace to output down";

-        "${modifier}+Shift+e" =  "exec ${pkgs.sway}/bin/swaymsg exit";
+        "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit";
        "${modifier}+q" = "kill";
        "${modifier}+x" = "exec ${swapOutputWorkspaces}";

@ -140,20 +142,31 @@ in {
        "XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
        "--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";

-        # TODO: screenshot util, flameshot doesn't work in the packaged version
-        "Print" = "exec ${pkgs.flameshot}/bin/flameshot gui";
+        "Print" = "exec ${pkgs.shotman}/bin/shotman --capture region";
      };

      terminal = "alacritty";
-      startup = [
-        {command = builtins.toString(pkgs.writeShellScript "ensure-graphical-session" ''
-            (
-              ${pkgs.coreutils}/bin/sleep 0.2
-              ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target
-            ) &
-          ''); 
-        }
-      ];
+      startup =
+        [
+          {
+            command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" ''
+              (
+                ${pkgs.coreutils}/bin/sleep 0.2
+                ${pkgs.systemd}/bin/systemctl --user restart graphical-session.target
+              ) &
+            '');
+          }
+        ]
+        ++ lib.optionals config.services.swayidle.enable [
+          {
+            command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" ''
+              (
+                ${pkgs.coreutils}/bin/sleep 0.2
+                ${pkgs.systemd}/bin/systemctl --user restart swayidle
+              ) &
+            '');
+          }
+        ];

      colors.focused = lib.mkOptionDefault {
        childBorder = lib.mkForce "#ffa500";
@ -166,19 +179,37 @@ in {
  services.swayidle = {
    enable = true;
    timeouts = [
-      { timeout = 10; command = "if ${pkgs.procps}/bin/pgrep -x swaylock; then ${displayOffCmd}; fi"; resumeCommand = displayOnCmd; }
-      { timeout = 60 * 5; command = lockCmd; }
-      { timeout = 60 * 6; command = displayOffCmd; resumeCommand = displayOnCmd; }
+      {
+        timeout = 10;
+        command = "if ${pkgs.procps}/bin/pgrep -x swaylock; then ${displayOffCmd}; fi";
+        resumeCommand = displayOnCmd;
+      }
+      {
+        timeout = 60 * 5;
+        command = lockCmd;
+      }
+      {
+        timeout = 60 * 6;
+        command = displayOffCmd;
+        resumeCommand = displayOnCmd;
+      }
    ];
    events = [
-      { event = "before-sleep"; 
+      {
+        event = "before-sleep";
        command = builtins.concatStringsSep "; " [
          lockCmd
          "${pkgs.playerctl}/bin/playerctl pause"
-        ]; 
+        ];
+      }
+      {
+        event = "after-resume";
+        command = displayOnCmd;
+      }
+      {
+        event = "lock";
+        command = lockCmd;
      }
-      { event = "after-resume"; command = displayOnCmd; }
-      { event = "lock"; command = lockCmd; }
    ];
  };
 }
--- a/nix/home-manager/profiles/wayland-desktop.nix
+++ b/nix/home-manager/profiles/wayland-desktop.nix
@ -54,37 +54,13 @@ in {
    pavucontrol
    playerctl
    pasystray
-    qt5.qtwayland
-    qt6.qtwayland
+    # qt5.qtwayland
+    # qt6.qtwayland

    # probably required by flameshot
    # xdg-desktop-portal xdg-desktop-portal-wlr 
    # grim

-    (nixpkgs-unstable-small.signal-desktop.overrideAttrs (old: {
-      preFixup = old.preFixup + ''
-        gappsWrapperArgs+=(
-          --add-flags "--enable-features=UseOzonePlatform"
-          --add-flags "--ozone-platform=wayland"
-        )
-      '';
-    }))
-
-    ((nixpkgs-unstable-small.session-desktop.override (old: {
-        inherit (nixpkgs-2211) appimageTools;
-      }))
-        .overrideAttrs(old: {
-        nativeBuildInputs = old.nativeBuildInputs ++ [
-          pkgs.wrapGAppsHook
-        ];
-        
-        preFixup = (old.preFixup or "") + ''
-          gappsWrapperArgs+=(
-            --add-flags "--enable-features=UseOzonePlatform"
-            --add-flags "--ozone-platform=wayland"
-          )
-        '';
-      }))
  ];

  home.sessionVariables = {
--- a/nix/home-manager/programs/espanso.nix
+++ b/nix/home-manager/programs/espanso.nix
@ -2,10 +2,11 @@
  pkgs,
  config,
  ...
-}: let
-  passwords = import ../../variables/passwords.crypt.nix;
-in {
+}: {
  services.espanso = {
+    # package = pkgs.espanso.overrideAttrs(_: {
+    #   # src =
+    # })
    enable = true;
    settings = {
      matches = let
--- a/nix/home-manager/programs/firefox.nix
+++ b/nix/home-manager/programs/firefox.nix
@ -1,4 +1,5 @@
 {pkgs, ...}: {
+  programs.librewolf = {enable = true;};
  programs.firefox = {enable = true;};

  programs.browserpass = {
--- a/nix/home-manager/programs/radicale.nix
+++ b/nix/home-manager/programs/radicale.nix
@ -1,11 +1,10 @@
 {
  config,
-  pkgs,
  lib,
+  pkgs,
+  osConfig,
  ...
 }: let
-  passwords = import ../../variables/passwords.crypt.nix;
-
  libdecsync = pkgs.python3Packages.buildPythonPackage rec {
    pname = "libdecsync";
    version = "2.2.1";
@ -16,9 +15,8 @@
    };

    propagatedBuildInputs = [
-      pkgs.libxcrypt-legacy
+      # pkgs.libxcrypt-legacy
    ];
-
  };
  radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec {
    pname = "radicale_storage_decsync";
@ -31,13 +29,13 @@

    buildInputs = [
      pkgs.radicale
-      pkgs.libxcrypt-legacy
-      pkgs.libxcrypt
+      # pkgs.libxcrypt-legacy
+      # pkgs.libxcrypt
    ];

    nativeCheckInputs = [
-      pkgs.libxcrypt-legacy
-      pkgs.libxcrypt
+      # pkgs.libxcrypt-legacy
+      # pkgs.libxcrypt
    ];

    propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
@ -48,18 +46,17 @@
      ++ [radicale-storage-decsync];
  });

-  mkRadicaleService = { suffix, port }: let
+  mkRadicaleService = {
+    suffix,
+    port,
+  }: let
    radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
      [server]
-      hosts = localhost:${builtins.toString(port)}
+      hosts = localhost:${builtins.toString port}

      [auth]
      type = htpasswd
-      htpasswd_filename = ${
-        pkgs.writeText "radicale" ''
-          radicale:${passwords.users.radicale}
-        ''
-      }
+      htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path}
      htpasswd_encryption = bcrypt

      [storage]
@ -77,7 +74,14 @@
      Install.WantedBy = ["default.target"];
    };
  };
-in builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
-  {suffix = "personal"; port = 5232;}
-  {suffix = "family"; port = 5233;}
-]
+in
+  builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
+    {
+      suffix = "personal";
+      port = 5232;
+    }
+    {
+      suffix = "family";
+      port = 5233;
+    }
+  ]
--- a/nix/home-manager/programs/waybar.nix
+++ b/nix/home-manager/programs/waybar.nix
@ -1,6 +1,9 @@
-{ pkgs, config, repoFlake, ... }:
-
 {
+  pkgs,
+  config,
+  repoFlake,
+  ...
+}: {
  home.packages = [
    # required by any bar that has a tray plugin
    pkgs.libappindicator-gtk3
@ -10,8 +13,9 @@
  programs.waybar = {
    enable = true;
    package = repoFlake.inputs.nixpkgs-wayland.outputs.packages.${pkgs.stdenv.hostPlatform.system}.waybar;
-    style = pkgs.lib.readFile "${pkgs.waybar.src}/resources/style.css"
-          + pkgs.lib.readFile ./waybar.css;
+    style =
+      pkgs.lib.readFile "${pkgs.waybar.src}/resources/style.css"
+      + pkgs.lib.readFile ./waybar.css;
    systemd.enable = true;
    settings = {
      mainBar = {
@ -35,12 +39,12 @@
          all-outputs = false;
        };

-        modules-center = [ 
+        modules-center = [
          "sway/window"
          # "custom/hello-from-waybar"
        ];

-        modules-right = [ 
+        modules-right = [
          "tray"

          "cpu"
@ -55,22 +59,22 @@

        tray.spacing = 10;

-        cpu.format = "  {}%";
+        cpu.format = "  {usage}%";
        memory.format = "  {}%";
-        "temperature" =  {
+        "temperature" = {
          hwmon-path = "/sys/class/hwmon/hwmon3/temp1_input";
          format = " {temperatureC} °C";
        };

        "custom/cputemp" = {
-            format = " {}";
-            exec = "${pkgs.lm_sensors}/bin/sensors | ${pkgs.gawk}/bin/awk '/CPU:/ {print $2}'";
-            interval = 2;
+          format = " {}";
+          exec = "${pkgs.lm_sensors}/bin/sensors | ${pkgs.gawk}/bin/awk '/CPU:/ {print $2}'";
+          interval = 2;
        };
        "custom/fan" = {
-            format = "   {} rpm  ";
-            exec = "${pkgs.lm_sensors}/bin/sensors | ${pkgs.gawk}/bin/awk '/fan1:/ {print $2}'";
-            interval = 2;
+          format = "   {} rpm  ";
+          exec = "${pkgs.lm_sensors}/bin/sensors | ${pkgs.gawk}/bin/awk '/fan1:/ {print $2}'";
+          interval = 2;
        };
        battery.format = "🔋 {}%";
        pulseaudio = {