SwarselSystems: NixOS + Emacs Configuration
Table of Contents
- 1. Introduction (no code)
- 2. Noweb-Ref blocks
- 3. System
- 4. Emacs
- 4.1. Initialization (early-init.el)
- 4.2. Personal settings
- 4.3. General init.el setup + UI
- 4.3.1. General setup
- 4.3.2. Mark all themes as safe
- 4.3.3. Show less compilation warnings
- 4.3.4. Indentation
- 4.3.5. Scrolling
- 4.3.6. Evil
- 4.3.7. ispell
- 4.3.8. Font Configuration
- 4.3.9. Theme
- 4.3.10. Icons
- 4.3.11. Variable Pitch Mode
- 4.3.12. Modeline
- 4.3.13. Helper Modes
- 4.3.14. Ligatures
- 4.3.15. Popup (popper) + Shackle Buffers
- 4.3.16. Indicate first and last line of buffer
- 4.3.17. Authentication
- 4.4. Modules
- 4.4.1. Org Mode
- 4.4.2. Nix Mode
- 4.4.3. nixpkgs-fmt
- 4.4.4. Markdown Mode
- 4.4.5. Olivetti
- 4.4.6. darkroom
- 4.4.7. Ripgrep
- 4.4.8. Tree-sitter
- 4.4.9. direnv (envrc)
- 4.4.10. avy
- 4.4.11. crdt (Collaborative Editing)
- 4.4.12. devdocs
- 4.4.13. Projectile
- 4.4.14. Magit
- 4.4.15. Yubikey support
- 4.4.16. Forge
- 4.4.17. git-timemachine
- 4.4.18. Delimiters (brackets): rainbow-delimiters, highlight-parentheses
- 4.4.19. rainbow-mode
- 4.4.20. Corfu
- 4.4.21. cape
- 4.4.22. rust
- 4.4.23. Tramp
- 4.4.24. diff-hl
- 4.4.25. Commenting
- 4.4.26. yasnippet
- 4.4.27. eglot
- 4.4.28. Breadcrumb
- 4.4.29. Prevent breaking of hardlinks
- 4.4.30. Dirvish
- 4.4.31. pdf-tools: pdf-viewer and support for dirvish
- 4.4.32. Jupyter
- 4.4.33. undo-tree
- 4.4.34. Hydra
- 4.4.35. External Applications
- 4.4.36. Email
- 4.4.37. Calendar
- 4.4.38. Dashboard: emacs startup screen
- 4.4.39. ansible
This file has 45632 words spanning 12064 lines and was last revised on 2024-08-31 18:00:48 +0200.
In order to have working links and macros when viewing this file online, you might want to switch to the html version.
1. Introduction (no code)
This literate configuration file holds the entirety of all configuration files for both NixOS as well as home manager across all machines that I currently use. It also holds an extensive Emacs configuration
I used to have two separate files (Emacs.org and Nixos.org) because the NixOS setting for installing Emacs packages used to break if it found UTF-8 characters in .el files but not in .org files. Hence I used to pass Emacs.org to that function rather than init.el. This seems to be fixed now however and I was finally able to consolidate both files into one.
This configuration is part of a NixOS system that is fully declarative and can be found here:
The literate configuration lets me explain my choices to my future self as well as you, the reader. I go to great lengths to explain the choices for all configuration steps that I take in order for me to pay due diligence in crafting my setup, and not simply copying big chunks of other peoples code. Also, the literate configuration approach is very convenient to me as I only need to keep of (ideally) a single file to manage all of my configuration. I hope that this documentation will make it easier for beginners to get into Emacs and NixOS as I know it can be a struggle in the beginning.
This file is structured as follows:
- Introduction (no code) This is the block you are currently in. It holds no code that actually builds the system, it just outlines the general approach and explains my rough mentality
- Noweb-Ref blocks This section hold code that can be templated at other parts of the configuration. This is mostly used for the NixOS side of the configuration where I define my host systems that usually have a lot in common.
- System This section holds all configuration options that apply to NixOS or Home Manager. In other words, here we are doing system and user level configuration.
Emacs This section defines my Emacs configuration. For a while, I considered to use rycee's
emacs-initmodule (https://github.com/nix-community/nur-combined/blob/master/repos/rycee/hm-modules/emacs-init.nix) to manage my Emacs configuration; I have since come to the conclusion that this would be a bad idea: at the moment, even though it might seem as I am very bound to the configuration file that you are currently reading, if I ever decide to change how I run my system, I can simply take the generated.nixand.elfiles and put them wherever I need them. This file only simplifies that generation without putting further restrictions on my. If I were however to switch toemacs-initthen I would be indeed to some level confined to the nix ecosystem with my Emacs configuration, as I would no longer have a valid.orgfile to manage it with, instead generating aninit.eldirectly from nix code. I like to keep that level of freedom for potential future use. Also, you will notice there is no package system setup in this configuration. This is because packages are automatically handled on the NixOS side by parsing the generatedinit.elfile for package installs.My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-08-31 18:00:48 +0200)
system-configuration-options
--prefix=/nix/store/bjzr50zcpb5dqwybljizsvzs7pzx3jk5-emacs-pgtk-20240827.0 --disable-build-details --with-modules --with-pgtk --with-compress-install --with-toolkit-scroll-bars --with-native-compilation --without-imagemagick --with-mailutils --without-small-ja-dic --with-tree-sitter --without-xinput2 --with-xwidgets --with-dbus --with-selinux
This file is not loaded by Emacs directly as the configuration (even though this would be possible) - instead, it generates two more files:
early-init.elThis file handle startup optimization and sets up the basic frame that I will be working in.init.elThis file handles the rest of the Emacs configuration.
By using the configuration offered by this file, the file you are reading right now (SwarselSystems.org) will be freshly tangled on every file save. However, when you clone this configuration yourself and have not yet activated it, you need to tangle the file yourself. This can be done using the keybind C-c C-v t. Alternatively, execute the following block:
(org-babel-tangle)
Lastly, I add this javascript bit to the file in order to have a darkmode toggle when exporting to html:
(concat
"<script src=\"https://cdn.jsdelivr.net/npm/darkmode-js@1.5.7/lib/darkmode-js.min.js\"></script>\n"
"<script>\n"
"function addDarkmodeWidget() {\n"
"new Darkmode().showWidget();\n"
"}\n"
"window.addEventListener('load', addDarkmodeWidget);\n"
"</script>")
The rest of this file will now contain actual code that is used in the configuration.
2. Noweb-Ref blocks
These blocks are used in several places throughout the configurations, but not on all machines necessarily. For example, the theming section needs to be in a NixOS block on NixOS machines but in a home-manager block on non-NixOS. This serves to reduce code duplication.
2.1. Non-NixOS
These blocks are to be used on systems that are not running NixOS. For example, one such system would be a Fedora system running home manager, where the respective NixOS features might not be available.
2.1.1. Theme (stylix)
This is where the theme for the whole OS is defined. This noweb-ref section cannot be copied to the general NixOS config for now since they are on different folder structure levels in the config, which would make the flake impure.
For styling, I am using the stylix NixOS module, loaded by flake. This package is really great, as it adds nix expressions for basically everything. Ever since switching to this, I did not have to play around with theming anywhere else.
enable = true;
base16Scheme = ../../../wallpaper/swarsel.yaml;
# base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
polarity = "dark";
opacity.popups = 0.5;
cursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
size = 16;
};
fonts = {
sizes = {
terminal = 10;
applications = 11;
};
serif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts; # has overrides
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
2.1.2. firefox profile
At work I am using several services that are using SSO login - however, as I am using four different accounts at work, this becomes a chore here. Hence, I have defined multiple profiles in Work that are all practically using the same configuration. To save screen space, I template that profile here.
isDefault = false;
userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl
browserpass
clearurls
darkreader
enhancer-for-youtube
istilldontcareaboutcookies
translate-web-pages
ublock-origin
reddit-enhancement-suite
sponsorblock
web-archives
onepassword-password-manager
single-file
widegithub
enhanced-github
unpaywall
don-t-fuck-with-paste
plasma-integration
];
search.engines = {
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "type"; value = "packages"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [{
template = "https://nixos.wiki/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ];
};
"NixOS Options" = {
urls = [{
template = "https://search.nixos.org/options";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ];
};
"Home Manager Options" = {
urls = [{
template = "https://home-manager-options.extranix.com/";
params = [
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@hm" "@ho" "@hmo" ];
};
"Google".metaData.alias = "@g";
};
search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart
2.2. NixOS
These settings are to be used only on full NixOS setups.
2.2.1. Virtual hosts init
This sections is for common NixoS settings that I use for my NixoS LXC images that I run on Proxmox. Proxmox requires special attention to run along with NixOS in any capacity.
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
This is again the hardware-configuration.nix wrap that you saw earlier, however for Proxmox systems we need to add some more NixOS modules for compatibility.
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
2.3. flake.nix
Handling the flake.nix file used to be a bit of a chore, since it felt like writing so much boilerplate code just to define new systems. The noweb-approach here makes this a little bit less painful.
These blocks are later inserted here: flake.nix template. Adding new flake inputs is very easy, you just add them to Inputs & Inputs@Outputs first by name in the first source-block, and then the path in the second source-block. Any variables to be set for the host configuration are done in let, and the specific setup is done in either nixosConfigurations (for NixOS systems), homeConfigurations (for home-manager systems), or nixOnDroidConfigurations (for Nix on Android). There is also the nixos-generators section that currently just defines a Proxmox LXC image.
2.3.1. Inputs
Here we define inputs and outputs of the flake. First, the following list is for the outputs of the flake.
Format: <name>,
Mind the comma at the end. You need this because the ... is being passed as the last argument in the template at flake.nix template.
Here, just add the input names, urls and other options that are needed, like nixpkgs.follows. By using the latter option, you tell the package to not provide it's own package repository, but instead 'nest' itself into another, which is very useful.
A short overview over each input and what it does:
- nixpkgs This is the base repository that I am following for all packages. I follow the unstable branch.
- home-manager
This handles user-level configuration and mostly provides dotfiles that are generated and symlinked to
~/.config/. - NUR The nix user repository contains user provided modules, packages and expressions. These are not audited by the nix community, so be aware of supply chain vulnerabilities when using those. I am only really using rycee's firefox addons from there which saves me a lot of hassle, and it seems to be a safe resource.
- nixGL This solves the problem that nix has with "OpenGL", as libraries are not linked and programs will often fail to find drivers. But I do not fully understand what it does. All I know is that I usually have to use this on non-NIxoS systems.
- stylix As described before, this handles all theme related options.
- sops-nix This provides declarative secrets management for NixOS and home manager using sops and age keys. It is a bit more cumbersome to use on home manager systems - which is a bother because I then have to resort to that configuration to keep everything supported - but it is super practical and really the primary reason why it makes sense for me to go for NixOS, as I do not have to do any extra secrets provisioning.
- Lanzaboote Provides secure boot for NixOS. Needed for my Surface Pro 3.
- nix-on-droid This brings nix to android in an app that is similar to tmux! Of course most of the configuration does not apply to this, but it is still neat to have!
- nixos-hardware Provides specific hardware setting for some hardware configurations. For example, this sets some better defaults for my Lenovo Thinkpad P14s Gen2.
- nix-alien
This is supposed to allow me to run unpatched libraries directly without a need for ELF patching or resorting to
steam-run. However, I have not yet gotten this to work. - nixos-generators Provides me with images that I can use to create LXCs on Proxmox.
- nswitch-rcm-nix Allows auto injection of payloads upon connecting a Nintendo Switch.
- nix-index-database
This provides a database for
nix-indexthat is updated weekly. This allows for declarative management, without needing to run thenix-indexcommand for database assembly. - disko disko provides declarative disk partitioning, which I use for impermanence as well as nixos-anywhere.
- Impermanence Some of my machines are using a btrfs filesystem that wipes the root directory on each reboot. This forces me to pay more attention in keeping my system declarative as well as helping me keeping the system uncluttered. However, it is a chore to make sure that important files are not deleted. This flake helps with this problem, allowing me to select files and directories for persisting.
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
systems.url = "github:nix-systems/default-linux";
# user-level configuration
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# overlay to access bleeding edge emacs
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
# nix user repository
# i use this mainly to not have to build all firefox extensions
# myself as well as for the emacs-init package (tbd)
nur.url = "github:nix-community/NUR";
# provides GL to non-NixOS hosts
nixgl.url = "github:guibou/nixGL";
# manages all theming using Home-Manager
stylix.url = "github:danth/stylix";
# nix secrets management
sops-nix.url = "github:Mic92/sops-nix";
# enable secure boot on NixOS
lanzaboote.url = "github:nix-community/lanzaboote";
# nix for android
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# generate NixOS images
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
# hardware quirks on nix
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
};
# dynamic library loading
nix-alien = {
url = "github:thiagokokada/nix-alien";
};
# automatic nintendo switch payload injection
nswitch-rcm-nix = {
url = "github:Swarsel/nswitch-rcm-nix";
};
# weekly updated nix-index database
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
2.3.2. let
Here I define a few variables that I need for my system specifications. First and foremost, pkgs, which gets passed the emacs-overlay, nur, and nixgl modules to it. With this, I can grab all these packages by referencing pkgs.<name> instead of having to put e.g. nixgl.auto.nixGLDefault.
Lastly I define some common module lists that I can simply load depending on the fundamental system (NixOS vs. non-NixOS).
inherit (self) outputs;
lib = nixpkgs.lib // home-manager.lib;
forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
pkgsFor = lib.genAttrs (import systems) (
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
}
);
# NixOS modules that can only be used on NixOS systems
nixModules = [
inputs.stylix.nixosModules.stylix
inputs.lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
# inputs.impermanence.nixosModules.impermanence
inputs.sops-nix.nixosModules.sops
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
./profiles/common/nixos
];
# Home-Manager modules wanted on non-NixOS systems
homeModules = [
inputs.stylix.homeManagerModules.stylix
];
# Home-Manager modules wanted on both NixOS and non-NixOS systems
mixedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
./profiles/common/home
];
2.3.3. General (outputs)
In this section I am creating some attributes that define general concepts of my configuration:
nixosModulesimports self-defined options that I only want to use on NixOS systems. All modules are held as separately as possible, to allow for easier sharing with other people mostly.homeManagerModulesimports modules that are to be used on NixOS and non-NixOS systems. These are mostly used to define outputs (monitors), keyboards and special commands for machines.packagesholds packages that I am building myself. These are mostly shell scripts, but also a few others such as AppImages and firefox addons.devShellsprovides a development shell that can be used as a bootstrap for new installs usingnix developwhile inside the flake directory.formatterprovides the formatter that is to be used on.nixfiles. At the moment this is not used anywhere.overlaysimports a few community overlays (such as the emacs-overlay) and also three overlays of my own:additionsholds derivations that I am adding myself to nixpkgs - i.e. this is where the packages defined in/pkgsget added to nixpkgs.modificationsholds derivations that I have performed overrides on. The list of interesting attribute overrides can be found by looking at the source code of a derivation and looking at the start of the file for lines of the form<name> ? <val>. But this can also be used to, for example, fetch a different version of a package instead.nixpkgs-stableholds the newest version of stable nixpkgs. I only use this on packages that seem broken on unstable, which are not many.
inherit lib;
inherit mixedModules;
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home;
packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
devShells = forEachSystem
(pkgs:
{
default = pkgs.mkShell {
NIX_CONFIG = "experimental-features = nix-command flakes";
nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ];
};
});
formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = [
(import ./overlays { inherit inputs; }).additions
(import ./overlays { inherit inputs; }).modifications
(import ./overlays { inherit inputs; }).nixpkgs-stable
inputs.nur.overlay
inputs.emacs-overlay.overlay
inputs.nixgl.overlay
];
2.3.4. nixosConfigurations
This section used to be much longer, since I performed all of my imports right here in the past. Since then, I have however refactored and now my important hosts can be defined in little space. Once I have fully transitioned my server to NixOS too this section will become even smaller once more.
sandbox = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./profiles/sandbox/disk-config.nix
inputs.sops-nix.nixosModules.sops
./profiles/sandbox/nixos.nix
];
};
threed = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = nixModules ++ [
inputs.lanzaboote.nixosModules.lanzaboote
./profiles/threed/nixos.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/threed/home.nix
];
}
];
};
fourside = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = nixModules ++ [
./profiles/fourside
];
};
nbl-imba-2 = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = nixModules ++ [
./profiles/nbl-imba-2
];
};
nginx = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/nginx/nixos.nix
];
};
calibre = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/calibre/nixos.nix
];
};
jellyfin = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./profiles/server1/jellyfin/nixos.nix
];
};
transmission = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/transmission/nixos.nix
];
};
matrix = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/matrix/nixos.nix
];
};
sound = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/sound/nixos.nix
];
};
spotifyd = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/spotifyd/nixos.nix
];
};
paperless = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/paperless/nixos.nix
];
};
#ovm swarsel
sync = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/remote/oracle/sync/nixos.nix
];
};
#ovm swarsel
swatrix = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/remote/oracle/matrix/nixos.nix
];
};
2.3.5. homeConfigurations
In contrast, this defines home-manager systems, which I only have one of, that serves as a template mostly.
"swarsel@home-manager" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = pkgsFor.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = homeModules ++ mixedModules ++ [
./profiles/home-manager
];
};
2.3.6. nixOnDroidConfigurations
Nix on Android also demands an own flake output, which is provided here.
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./profiles/mysticant/configuration.nix
];
};
2.3.7. nixos-generators
This builds my Proxmox template. It is defined as a separate output so that I can already apply some rudimentary configuration before even setting up the system.
Usage:
nix build ~/.dotfiles/#proxmox-lxc
The resulting image can then be loaded in Proxmox.
proxmox-lxc = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = [
./profiles/server1/TEMPLATE/nixos.nix
];
format = "proxmox-lxc";
};
3. System
3.1. System specific configuration
This section mainly exists house different `configuration.nix` files for system level configurations of NixOS systems as well as `home.nix` for user level configurations on all systems.
Important: Think about if a settings really needs to go into this area - chances are that the settings can also go to the general settings, which is to be preferred in order to reduce code duplication.
3.1.1. Physical hosts
- Home-manager only
This is the "reference implementation" of a setup that runs without NixOS, only relying on home-manager. I try to test this every now and then and keep it supported. However, manual steps are needed to get the system to work fully, depending on what distribution you are running on.
{ inputs, outputs, config, ... }: { imports = builtins.attrValues outputs.homeManagerModules; nixpkgs = { inherit (outputs) overlays; config = { allowUnfree = true; }; }; services.xcape = { enable = true; mapExpression = { Control_L = "Escape"; }; }; programs.zsh.initExtra = " export GPG_TTY=\"$(tty)\" export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) gpgconf --launch gpg-agent "; swarselsystems = { isLaptop = true; isNixos = false; wallpaper = ../../wallpaper/surfacewp.png; temperatureHwmon = { isAbsolutePath = true; path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; input-filename = "temp1_input"; }; monitors = { main = { name = "California Institute of Technology 0x1407 Unknown"; mode = "1920x1080"; # TEMPLATE scale = "1"; position = "2560,0"; workspace = "2:二"; output = "eDP-1"; }; }; inputs = { "1:1:AT_Translated_Set_2_keyboard" = { xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; }; }; keybindings = { }; }; } - Sandbox (Lenovo Y510P)
My old laptop, replaced by a new one, since most basic functions have stopped to work lately. However, it is still good as a dummy server for testing things out before having them go live. This configuration often changes when I am testing things - at the moment it is not even transitioned to the new module system however.
- NixOS
{ config, pkgs, sops, ... }: let matrixDomain = "swatrix.swarsel.win"; in { imports = [ ./hardware-configuration.nix ]; boot = { zfs.forceImportRoot = false; supportedFilesystems = [ "zfs" ]; kernelModules = [ "tun" ]; kernel.sysctl = { "net.ipv4.conf.all.rp_filter" = 2; "net.ipv4.conf.default.rp_filter" = 2; "net.ipv4.conf.enp7s0.rp_filter" = 2; }; loader.grub = { enable = true; device = "/dev/sda"; useOSProber = true; }; }; networking = { hostId = "8a8ad84a"; hostName = "sandbox"; # Define your hostname. enableIPv6 = true; firewall.enable = false; firewall.extraCommands = '' sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP ''; iproute2 = { enable = true; rttablesExtraConfig = '' 200 vpn ''; }; }; nixpkgs.config.allowUnfree = true; hardware = { enableAllFirmware = true; graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; }; }; users = { groups = { vpn = { }; mpd = { }; navidrome = { gid = 61593; }; spotifyd = { gid = 65136; }; }; users = { jellyfin = { extraGroups = [ "video" "render" ]; }; vpn = { isNormalUser = true; group = "vpn"; home = "/home/vpn"; }; navidrome = { isSystemUser = true; uid = 61593; group = "navidrome"; extraGroups = [ "audio" "utmp" ]; }; spotifyd = { isSystemUser = true; uid = 65136; group = "spotifyd"; extraGroups = [ "audio" "utmp" ]; }; mpd = { isSystemUser = true; group = "mpd"; extraGroups = [ "audio" "utmp" ]; }; swarsel = { isNormalUser = true; description = "Leon S"; extraGroups = [ "networkmanager" "wheel" "lp" ]; packages = with pkgs; [ ]; }; root = { openssh.authorizedKeys.keyFiles = [ ../../secrets/keys/authorized_keys ]; }; }; }; fileSystems."/mnt/Eternor" = { device = "//192.168.1.3/Eternor"; fsType = "cifs"; options = let # this line prevents hanging on network split automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; in [ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ]; }; environment = { systemPackages = with pkgs; [ git gnupg ssh-to-age lego nginx calibre openvpn jq iptables busybox wireguard-tools matrix-synapse lottieconverter ffmpeg pciutils alsa-utils mpv zfs ]; etc = { "openvpn/iptables.sh" = { source = ../../scripts/server1/iptables.sh; mode = "0755"; }; "openvpn/update-resolv-conf" = { source = ../../scripts/server1/update-resolv-conf; mode = "0755"; }; "openvpn/routing.sh" = { source = ../../scripts/server1/routing.sh; mode = "0755"; }; "openvpn/ca.rsa.2048.crt" = { source = ../../secrets/certs/ca.rsa.2048.crt; mode = "0644"; }; "openvpn/crl.rsa.2048.pem" = { source = ../../secrets/certs/crl.rsa.2048.pem; mode = "0644"; }; }; shellAliases = { nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; }; systemd = { timers."restart-bridges" = { wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "1d"; OnUnitActiveSec = "1d"; Unit = "restart-bridges.service"; }; }; services."restart-bridges" = { script = '' systemctl restart mautrix-whatsapp.service systemctl restart mautrix-signal.service systemctl restart mautrix-telegram.service ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change documentation = { enable = false; }; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; validateSopsFiles = false; secrets = { dnstokenfull = { owner = "acme"; }; kavita = { owner = "kavita"; }; vpnuser = { }; rpcuser = { owner = "vpn"; }; vpnpass = { }; rpcpass = { owner = "vpn"; }; vpnprot = { }; vpnloc = { }; mpdpass = { owner = "mpd"; }; }; templates = { "transmission-rpc" = { owner = "vpn"; content = builtins.toJSON { rpc-username = config.sops.placeholder.rpcuser; rpc-password = config.sops.placeholder.rpcpass; }; }; pia.content = '' ${config.sops.placeholder.vpnuser} ${config.sops.placeholder.vpnpass} ''; vpn.content = '' client dev tun proto ${config.sops.placeholder.vpnprot} remote ${config.sops.placeholder.vpnloc} resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass ${config.sops.templates.pia.path} compress verb 1 reneg-sec 0 crl-verify /etc/openvpn/crl.rsa.2048.pem ca /etc/openvpn/ca.rsa.2048.crt disable-occ ''; "certs.secret".content = '' CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; }; security.acme = { acceptTerms = true; preliminarySelfsigned = false; defaults.email = "mrswarsel@gmail.com"; defaults.dnsProvider = "cloudflare"; defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; }; services = { xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; openssh = { enable = true; settings.PermitRootLogin = "yes"; listenAddresses = [{ port = 22; addr = "0.0.0.0"; }]; }; nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { "stash.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "https://192.168.1.5"; extraConfig = '' client_max_body_size 0; ''; }; "/.well-known/carddav" = { return = "301 $scheme://$host/remote.php/dav"; }; "/.well-known/caldav" = { return = "301 $scheme://$host/remote.php/dav"; }; }; }; "swatrix.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://127.0.0.1:8008"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "sound.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://127.0.0.1:4040"; proxyWebsockets = true; extraConfig = '' proxy_redirect http:// https://; proxy_read_timeout 600s; proxy_send_timeout 600s; proxy_buffering off; proxy_request_buffering off; client_max_body_size 0; ''; }; }; }; "scan.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://127.0.0.1:28981"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "screen.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://127.0.0.1:8096"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "scroll.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://127.0.0.1:8080"; extraConfig = '' client_max_body_size 0; ''; }; }; }; }; }; kavita = { enable = true; user = "kavita"; settings.port = 8080; tokenKeyFile = config.sops.secrets.kavita.path; }; jellyfin = { enable = true; user = "jellyfin"; }; radarr = { enable = true; }; readarr = { enable = true; }; sonarr = { enable = true; }; lidarr = { enable = true; }; prowlarr = { enable = true; }; openvpn.servers = { pia = { autoStart = true; updateResolvConf = false; config = "config ${config.sops.templates.vpn.path}"; }; }; transmission = { enable = true; credentialsFile = config.sops.templates."transmission-rpc".path; user = "vpn"; settings = { alt-speed-down = 8000; alt-speed-enabled = false; alt-speed-time-begin = 0; alt-speed-time-day = 127; alt-speed-time-enabled = true; alt-speed-time-end = 360; alt-speed-up = 2000; bind-address-ipv4 = "0.0.0.0"; bind-address-ipv6 = "::"; blocklist-enabled = false; blocklist-url = "http://www.example.com/blocklist"; cache-size-mb = 256; dht-enabled = false; download-dir = "/test"; download-limit = 100; download-limit-enabled = 0; download-queue-enabled = true; download-queue-size = 5; encryption = 2; idle-seeding-limit = 30; idle-seeding-limit-enabled = false; incomplete-dir = "/var/lib/transmission-daemon/Downloads"; incomplete-dir-enabled = false; lpd-enabled = false; max-peers-global = 200; message-level = 1; peer-congestion-algorithm = ""; peer-id-ttl-hours = 6; peer-limit-global = 100; peer-limit-per-torrent = 40; peer-port = 22371; peer-port-random-high = 65535; peer-port-random-low = 49152; peer-port-random-on-start = false; peer-socket-tos = "default"; pex-enabled = false; port-forwarding-enabled = false; preallocation = 1; prefetch-enabled = true; queue-stalled-enabled = true; queue-stalled-minutes = 30; ratio-limit = 2; ratio-limit-enabled = false; rename-partial-files = true; rpc-authentication-required = true; rpc-bind-address = "0.0.0.0"; rpc-enabled = true; rpc-host-whitelist = ""; rpc-host-whitelist-enabled = true; rpc-port = 9091; rpc-url = "/transmission/"; rpc-whitelist = "127.0.0.1,192.168.3.2"; rpc-whitelist-enabled = true; scrape-paused-torrents-enabled = true; script-torrent-done-enabled = false; seed-queue-enabled = false; seed-queue-size = 10; speed-limit-down = 6000; speed-limit-down-enabled = true; speed-limit-up = 500; speed-limit-up-enabled = true; start-added-torrents = true; trash-original-torrent-files = false; umask = 2; upload-limit = 100; upload-limit-enabled = 0; upload-slots-per-torrent = 14; utp-enabled = false; }; }; # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; # sops.templates."matrix_user_register.sh".content = '' # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 # ''; # sops.templates.matrixshared.owner = "matrix-synapse"; # sops.templates.matrixshared.content = '' # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} # ''; # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; # sops.templates.mautrixtelegram.owner = "matrix-synapse"; # sops.templates.mautrixtelegram.content = '' # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} # ''; # ---------------- # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; # sops.templates.mautrixwhatsapp.content = '' # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} # ''; postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; ''; }; matrix-synapse = { settings.app_service_config_files = [ "/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/whatsapp-registration.yaml" "/var/lib/matrix-synapse/signal-registration.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml" ]; enable = false; settings.server_name = matrixDomain; settings.public_baseurl = "https://${matrixDomain}"; extraConfigFiles = [ config.sops.templates.matrixshared.path ]; settings.listeners = [ { port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = true; } ]; } ]; }; mautrix-telegram = { enable = false; environmentFile = config.sops.templates.mautrixtelegram.path; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; id = "telegram"; # ephemeral_events = true; # not needed due to double puppeting public = { enabled = false; }; database = "postgresql:///mautrix-telegram?host=/run/postgresql"; }; bridge = { # login_shared_secret_map = { # matrixDomain = "as_token:doublepuppet"; # }; relaybot.authless_portals = true; allow_avatar_remove = true; allow_contact_info = true; sync_channel_members = true; startup_sync = true; sync_create_limit = 0; sync_direct_chats = true; telegram_link_preview = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; animated_sticker = { target = "gif"; args = { width = 256; height = 256; fps = 30; # only for webm background = "020202"; # only for gif, transparency not supported }; }; }; }; }; mautrix-whatsapp = { enable = false; # environmentFile = config.sops.templates.mautrixwhatsapp.path; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { type = "postgres"; uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; }; }; bridge = { displayname_template = "{{or .FullName .PushName .JID}} (WA)"; history_sync = { backfill = true; max_initial_conversations = -1; message_count = -1; request_full_sync = true; full_sync_config = { days_limit = 900; size_mb_limit = 5000; storage_quota_mb = 5000; }; }; login_shared_secret_map = { matrixDomain = "as_token:doublepuppet"; }; sync_manual_marked_unread = true; send_presence_on_typing = true; parallel_member_sync = true; url_previews = true; caption_in_message = true; extev_polls = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; }; }; }; mautrix-signal = { enable = false; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { type = "postgres"; uri = "postgresql:///mautrix-signal?host=/run/postgresql"; }; }; bridge = { displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; login_shared_secret_map = { matrixDomain = "as_token:doublepuppet"; }; caption_in_message = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; }; }; }; navidrome = { enable = true; settings = { Address = "0.0.0.0"; Port = 4040; MusicFolder = "/mnt/"; EnableSharing = true; EnableTranscodingConfig = true; Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 24h"; # Insert these values locally as sops-nix does not work for them # LastFM.ApiKey = TEMPLATE; # LastFM.Secret = TEMPLATE; # Spotify.ID = TEMPLATE; # Spotify.Secret = TEMPLATE; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UIWelcomeMessage = "~SwarselSound~"; }; }; mpd = { enable = true; musicDirectory = "/mnt/Eternor/Musik"; user = "mpd"; group = "mpd"; network = { port = 3254; listenAddress = "any"; }; credentials = [ { passwordFile = config.sops.secrets.mpdpass.path; permissions = [ "read" "add" "control" "admin" ]; } ]; }; spotifyd = { enable = true; settings = { global = { dbus_type = "session"; use_mpris = false; device = "default:CARD=PCH"; device_name = "SwarselSpot"; mixer = "alsa"; zeroconf_port = 1025; }; }; }; # Network shares # add a user with sudo smbpasswd -a <user> samba = { package = pkgs.samba4Full; extraConfig = '' workgroup = WORKGROUP server role = standalone server dns proxy = no pam password change = yes map to guest = bad user create mask = 0664 force create mode = 0664 directory mask = 0775 force directory mode = 0775 follow symlinks = yes ''; # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` # Required for samba to register mDNS records for auto discovery # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 enable = true; # openFirewall = true; shares.test = { browseable = "yes"; "read only" = "no"; "guest ok" = "no"; path = "/test2"; writable = "true"; comment = "Eternor"; "valid users" = "@smbtest2"; }; }; avahi = { publish.enable = true; publish.userServices = true; # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` nssmdns4 = true; # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it enable = true; }; samba-wsdd = { # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued enable = true; }; }; }
- NixOS
- Fourside (Lenovo Thinkpad P14s Gen2)
This is my private main machine. I am not using hardware encryption here as I personally do not really care. However, I want to setup impermanence on this one as soon as I get the chance.
{ inputs, outputs, config, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 ./hardware-configuration.nix ../optional/nixos/steam.nix ../optional/nixos/virtualbox.nix ../optional/nixos/autologin.nix ../optional/nixos/nswitch-rcm.nix inputs.home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = outputs.mixedModules ++ [ ../optional/home/gaming.nix ] ++ (builtins.attrValues outputs.homeManagerModules); } ] ++ (builtins.attrValues outputs.nixosModules); nixpkgs = { inherit (outputs) overlays; config = { allowUnfree = true; }; }; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest; }; networking = { hostName = "fourside"; firewall.enable = true; }; hardware.graphics.extraPackages = with pkgs; [ vulkan-loader vulkan-validation-layers vulkan-extension-layer ]; services = { thinkfan.enable = false; fwupd.enable = true; }; swarselsystems = { wallpaper = ../../wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; trackpoint = { isAvailable = true; device = "TPPS/2 Elan TrackPoint"; }; }; home-manager.users.swarsel.swarselsystems = { isLaptop = true; isNixos = true; temperatureHwmon = { isAbsolutePath = true; path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; input-filename = "temp1_input"; }; # ------ ----- # | DP-4 | |eDP-1| # ------ ----- monitors = { main = { name = "California Institute of Technology 0x1407 Unknown"; mode = "1920x1080"; # TEMPLATE scale = "1"; position = "2560,0"; workspace = "2:二"; output = "eDP-1"; }; homedesktop = { name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; mode = "2560x1440"; scale = "1"; position = "0,0"; workspace = "1:一"; output = "DP-4"; }; }; inputs = { "1:1:AT_Translated_Set_2_keyboard" = { xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; }; }; keybindings = { # these are left open to use # "XF86WLAN" = "exec wl-mirror eDP-1"; # "XF86Messenger" = "exec wl-mirror eDP-1"; # "XF86Go" = "exec wl-mirror eDP-1"; # "XF86Favorites" = "exec wl-mirror eDP-1"; # "XF86HomePage" = "exec wtype -P Escape -p Escape"; # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%"; # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% "; }; }; } - nbl-imba-2 (Framework Laptop 16)
My work machine. Built for more security, this is the gold standard of my configurations at the moment.
{ inputs, outputs, config, pkgs, lib, ... }: { imports = [ inputs.nixos-hardware.nixosModules.framework-16-7040-amd ./hardware-configuration.nix ./disk-config.nix ../optional/nixos/steam.nix # ../optional/nixos/virtualbox.nix ../optional/nixos/autologin.nix ../optional/nixos/nswitch-rcm.nix ../optional/nixos/work.nix inputs.home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = outputs.mixedModules ++ [ ../optional/home/gaming.nix ../optional/home/work.nix ] ++ (builtins.attrValues outputs.homeManagerModules); } ] ++ (builtins.attrValues outputs.nixosModules); nixpkgs = { inherit (outputs) overlays; config = { allowUnfree = true; }; }; networking.networkmanager.wifi.scanRandMacAddress = false; boot = { loader.systemd-boot.enable = lib.mkForce false; loader.efi.canTouchEfiVariables = true; lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; }; supportedFilesystems = [ "btrfs" ]; kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "resume_offset=533760" ]; resumeDevice = "/dev/disk/by-label/nixos"; }; networking = { hostName = "nbl-imba-2"; fqdn = "nbl-imba-2.imp.univie.ac.at"; firewall.enable = true; }; services = { fwupd.enable = true; udev.extraRules = '' ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", ATTR{power/autosuspend}="20" ''; }; swarselsystems = { wallpaper = ../../wallpaper/lenovowp.png; hasBluetooth = true; hasFingerprint = true; impermanence = false; isBtrfs = true; }; home-manager.users.swarsel.swarselsystems = { isLaptop = true; isNixos = true; isBtrfs = true; # temperatureHwmon = { # isAbsolutePath = true; # path = "/sys/devices/platform/thinkpad_hwmon/hwmon/"; # input-filename = "temp1_input"; # }; # ------ ----- # | DP-4 | |eDP-1| # ------ ----- startup = [ { command = "nextcloud --background"; } { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } { command = "ANKI_WAYLAND=1 anki"; } { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } { command = "nm-applet"; } { command = "teams-for-linux"; } { command = "1password"; } ]; monitors = { main = { name = "BOE 0x0BC9 Unknown"; mode = "2560x1600"; # TEMPLATE scale = "1"; position = "2560,0"; workspace = "10:十"; output = "eDP-2"; }; homedesktop = { name = "Philips Consumer Electronics Company PHL BDM3270 AU11806002320"; mode = "2560x1440"; scale = "1"; position = "0,0"; workspace = "1:一"; output = "DP-11"; }; work_back_middle = { name = "LG Electronics LG Ultra HD 0x000305A6"; mode = "2560x1440"; scale = "1"; position = "5120,0"; workspace = "1:一"; output = "DP-10"; }; work_front_left = { name = "LG Electronics LG Ultra HD 0x0007AB45"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; output = "DP-7"; }; work_back_right = { name = "HP Inc. HP Z32 CN41212T55"; mode = "3840x2160"; scale = "1"; position = "5120,0"; workspace = "1:一"; output = "DP-3"; }; work_middle_middle_main = { name = "HP Inc. HP 732pk CNC4080YL5"; mode = "3840x2160"; scale = "1"; position = "-1280,0"; workspace = "1:一"; output = "DP-8"; }; work_middle_middle_side = { name = "Hewlett Packard HP Z24i CN44250RDT"; mode = "1920x1200"; transform = "270"; scale = "1"; position = "-2480,0"; workspace = "12:S"; output = "DP-9"; }; }; inputs = { "12972:18:Framework_Laptop_16_Keyboard_Module_-_ANSI_Keyboard" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; "1133:45081:MX_Master_2S_Keyboard" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; "2362:628:PIXA3854:00_093A:0274_Touchpad" = { dwt = "enabled"; tap = "enabled"; natural_scroll = "enabled"; middle_emulation = "enabled"; }; "1133:50504:Logitech_USB_Receiver" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; "1133:45944:MX_KEYS_S" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; }; keybindings = { "Mod4+Ctrl+p" = "exec wl-mirror eDP-2"; }; }; }
3.1.2. Virtual hosts
My server setup is built on Proxmox VE; back when I started, I created all kinds of wild Debian/Ubuntu/etc. KVMs and LXCs on there. However, the root disk has suffered a weird failure where it has become unable to be cloned, but it is still functional for now. I am currently rewriting all machines on there to use NixOS instead; this is a ongoing process.
In the long run, I am thinking about a transition to kubernetes or using just a server running NixOS and using the built-in container functionality. For now however, I like the network management provided by Proxmox, as I am a bit intimidated by doing that from scratch.
- TEMPLATE
- NixOS
{ pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age ]; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { hostName = "TEMPLATE"; # Define your hostname. useDHCP = true; enableIPv6 = false; firewall.enable = false; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; # users.users.root.password = "TEMPLATE"; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change }
- NixOS
- NGINX
- NixOS
{ config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age lego nginx ]; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; validateSopsFiles = false; secrets.dnstokenfull = { owner = "acme"; }; templates."certs.secret".content = '' CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { hostName = "nginx"; # Define your hostname. useDHCP = true; enableIPv6 = false; firewall.enable = false; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; # users.users.root.password = "TEMPLATE"; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change security.acme = { acceptTerms = true; preliminarySelfsigned = false; defaults.email = "mrswarsel@gmail.com"; defaults.dnsProvider = "cloudflare"; defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; }; environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { "stash.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "https://192.168.1.5"; extraConfig = '' client_max_body_size 0; ''; }; # "/push/" = { # proxyPass = "http://192.168.2.5:7867"; # }; "/.well-known/carddav" = { return = "301 $scheme://$host/remote.php/dav"; }; "/.well-known/caldav" = { return = "301 $scheme://$host/remote.php/dav"; }; }; }; "matrix2.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.23:8008"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "sound.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://192.168.1.13:4040"; proxyWebsockets = true; extraConfig = '' proxy_redirect http:// https://; proxy_read_timeout 600s; proxy_send_timeout 600s; proxy_buffering off; proxy_request_buffering off; client_max_body_size 0; ''; }; }; }; "scan.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://192.168.1.24:28981"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "screen.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://192.168.1.16:8096"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "matrix.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.20:8008"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "scroll.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://192.168.1.22:8080"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "blog.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "https://192.168.1.7"; extraConfig = '' client_max_body_size 0; ''; }; }; }; }; }; }
- NixOS
- [Manual steps required] Calibre
This machine requires manual setup:
- (obsolete for now) Set up calibre-web:
- Create metadata.db with 664 permissions, make sure parent directory is writeable
- Login @ books.swarsel.win using initial creds:
- user: admin
- pw: admin123
- point to metadata.db file, make sure you can upload
- Change pw, create normal user
- Setup kavita:
- Login @ scrolls.swarsel.win
- Create admin user
- Import Libraries
- Create normal user
In general, I am not amazed by this setup; Kavita is the reader of choice, calibre-web mostly is there to have a convenient way to fullfill the opinionated folder structure when uploading ebooks (calibre-web does not work on its own since it forces sqlite which does not work nicely with my NFS book store). I hope that in the future Kavita will implement ebook upload, or that calibre-web will ditch the sqlite constraints.
- NixOS
{ config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age calibre ]; users.groups.lxc_shares = { gid = 10000; members = [ "kavita" "calibre-web" "root" ]; }; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; validateSopsFiles = false; secrets.kavita = { owner = "kavita"; }; }; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { hostName = "calibre"; # Define your hostname. useDHCP = true; enableIPv6 = false; firewall.enable = false; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; services.kavita = { enable = true; user = "kavita"; port = 8080; tokenKeyFile = config.sops.secrets.kavita.path; }; }
- (obsolete for now) Set up calibre-web:
- Jellyfin
- NixOS
{ config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age ]; users.groups.lxc_shares = { gid = 10000; members = [ "jellyfin" "root" ]; }; users.users.jellyfin = { extraGroups = [ "video" "render" ]; }; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { hostName = "jellyfin"; # Define your hostname. useDHCP = true; enableIPv6 = false; firewall.enable = false; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; hardware.graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; }; services.jellyfin = { enable = true; user = "jellyfin"; # openFirewall = true; # this works only for the default ports }; }
- NixOS
- [WIP/Incomplete/Untested] Transmission
This stuff just does not work, I seem to be unable to create a working VPN Split Tunneling on NixOS. Maybe this is introduced by the wonky Proxmox-NixOS container interaction, I am not sure. For now, this machine does not work at all and I am stuck with my Debian Container that does this for me …
- NixOS
{ config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix # ./openvpn.nix #this file holds the vpn login data ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age openvpn jq iptables busybox wireguard-tools ]; users.groups.lxc_shares = { gid = 10000; members = [ "vpn" "radarr" "sonarr" "lidarr" "readarr" "root" ]; }; users.groups.vpn = { }; users.users.vpn = { isNormalUser = true; group = "vpn"; home = "/home/vpn"; }; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml"; validateSopsFiles = false; }; boot.kernelModules = [ "tun" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { hostName = "transmission"; # Define your hostname. useDHCP = true; enableIPv6 = false; firewall.enable = false; }; services = { radarr = { enable = true; }; readarr = { enable = true; }; sonarr = { enable = true; }; lidarr = { enable = true; }; prowlarr = { enable = true; }; }; networking.iproute2 = { enable = true; rttablesExtraConfig = '' 200 vpn ''; }; environment.etc = { "openvpn/iptables.sh" = { source = ../../../scripts/server1/iptables.sh; mode = "0755"; }; "openvpn/update-resolv-conf" = { source = ../../../scripts/server1/update-resolv-conf; mode = "0755"; }; "openvpn/routing.sh" = { source = ../../../scripts/server1/routing.sh; mode = "0755"; }; "openvpn/ca.rsa.2048.crt" = { source = ../../../secrets/certs/ca.rsa.2048.crt; mode = "0644"; }; "openvpn/crl.rsa.2048.pem" = { source = ../../../secrets/certs/crl.rsa.2048.pem; mode = "0644"; }; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; listenAddresses = [{ port = 22; addr = "0.0.0.0"; }]; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change # users.users.root.password = "TEMPLATE"; environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; sops = { templates = { "transmission-rpc" = { owner = "vpn"; content = builtins.toJSON { rpc-username = config.sops.placeholder.rpcuser; rpc-password = config.sops.placeholder.rpcpass; }; }; pia.content = '' ${config.sops.placeholder.vpnuser} ${config.sops.placeholder.vpnpass} ''; vpn.content = '' client dev tun proto ${config.sops.placeholder.vpnprot} remote ${config.sops.placeholder.vpnloc} resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass ${config.sops.templates.pia.path} compress verb 1 reneg-sec 0 crl-verify /etc/openvpn/crl.rsa.2048.pem ca /etc/openvpn/ca.rsa.2048.crt disable-occ dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 dhcp-option DNS 8.8.8.8 route-noexec ''; }; secrets = { vpnuser = { }; rpcuser = { owner = "vpn"; }; vpnpass = { }; rpcpass = { owner = "vpn"; }; vpnprot = { }; vpnloc = { }; }; }; services.openvpn.servers = { pia = { autoStart = false; updateResolvConf = true; config = "config ${config.sops.templates.vpn.path}"; }; }; services.transmission = { enable = true; credentialsFile = config.sops.templates."transmission-rpc".path; user = "vpn"; group = "lxc_shares"; settings = { alt-speed-down = 8000; alt-speed-enabled = false; alt-speed-time-begin = 0; alt-speed-time-day = 127; alt-speed-time-enabled = true; alt-speed-time-end = 360; alt-speed-up = 2000; bind-address-ipv4 = "0.0.0.0"; bind-address-ipv6 = "::"; blocklist-enabled = false; blocklist-url = "http://www.example.com/blocklist"; cache-size-mb = 4; dht-enabled = false; download-dir = "/media/Eternor/New"; download-limit = 100; download-limit-enabled = 0; download-queue-enabled = true; download-queue-size = 5; encryption = 2; idle-seeding-limit = 30; idle-seeding-limit-enabled = false; incomplete-dir = "/var/lib/transmission-daemon/Downloads"; incomplete-dir-enabled = false; lpd-enabled = false; max-peers-global = 200; message-level = 1; peer-congestion-algorithm = ""; peer-id-ttl-hours = 6; peer-limit-global = 100; peer-limit-per-torrent = 40; peer-port = 22371; peer-port-random-high = 65535; peer-port-random-low = 49152; peer-port-random-on-start = false; peer-socket-tos = "default"; pex-enabled = false; port-forwarding-enabled = false; preallocation = 1; prefetch-enabled = true; queue-stalled-enabled = true; queue-stalled-minutes = 30; ratio-limit = 2; ratio-limit-enabled = false; rename-partial-files = true; rpc-authentication-required = true; rpc-bind-address = "0.0.0.0"; rpc-enabled = true; rpc-host-whitelist = ""; rpc-host-whitelist-enabled = true; rpc-port = 9091; rpc-url = "/transmission/"; rpc-whitelist = "127.0.0.1,192.168.3.2"; rpc-whitelist-enabled = true; scrape-paused-torrents-enabled = true; script-torrent-done-enabled = false; seed-queue-enabled = false; seed-queue-size = 10; speed-limit-down = 6000; speed-limit-down-enabled = true; speed-limit-up = 500; speed-limit-up-enabled = true; start-added-torrents = true; trash-original-torrent-files = false; umask = 2; upload-limit = 100; upload-limit-enabled = 0; upload-slots-per-torrent = 14; utp-enabled = false; }; }; }
- NixOS
- [Manual steps needed] Matrix
- After the initial setup, run the
- /run/secrets-generated/matrixuserregister.sh
command to register a new admin user.
- All bridges will fail on first start, copy the registration files using:
- cp var/lib/mautrix-telegram/telegram-registration.yaml /var/lib/matrix-synapse
- chown matrix-synapse:matrix-synapse var/lib/matrix-synapse/telegram-registration.yaml
Make sure to also do this for doublepuppet.yaml
- Restart postgresql.service, matrix-synapse.service, mautrix-whatsapp.service, mautrix-telegram.service
- NixOS
{ config, pkgs, modulesPath, sops, ... }: let matrixDomain = "matrix2.swarsel.win"; in { services = { xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; openssh = { enable = true; settings.PermitRootLogin = "yes"; listenAddresses = [{ port = 22; addr = "0.0.0.0"; }]; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { useDHCP = true; enableIPv6 = false; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix # we import here a service that is not available yet on normal nixpkgs # this module is hence not in the modules list, we add it ourselves ]; networking = { hostName = "matrix"; # Define your hostname. firewall.enable = false; }; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age matrix-synapse lottieconverter ffmpeg ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; validateSopsFiles = false; secrets = { matrixsharedsecret = { owner = "matrix-synapse"; }; mautrixtelegram_as = { owner = "matrix-synapse"; }; mautrixtelegram_hs = { owner = "matrix-synapse"; }; mautrixtelegram_api_id = { owner = "matrix-synapse"; }; mautrixtelegram_api_hash = { owner = "matrix-synapse"; }; }; templates = { "matrix_user_register.sh".content = '' register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 ''; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} ''; }; mautrixtelegram = { owner = "matrix-synapse"; content = '' MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} ''; }; }; }; services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; ''; }; services.matrix-synapse = { enable = true; settings = { app_service_config_files = [ "/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/whatsapp-registration.yaml" "/var/lib/matrix-synapse/signal-registration.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml" ]; server_name = matrixDomain; public_baseurl = "https://${matrixDomain}"; listeners = [ { port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = true; } ]; } ]; }; extraConfigFiles = [ config.sops.templates.matrixshared.path ]; }; services.mautrix-telegram = { enable = true; environmentFile = config.sops.templates.mautrixtelegram.path; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; id = "telegram"; # ephemeral_events = true; # not needed due to double puppeting public = { enabled = false; }; database = "postgresql:///mautrix-telegram?host=/run/postgresql"; }; bridge = { relaybot.authless_portals = true; allow_avatar_remove = true; allow_contact_info = true; sync_channel_members = true; startup_sync = true; sync_create_limit = 0; sync_direct_chats = true; telegram_link_preview = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; animated_sticker = { target = "gif"; args = { width = 256; height = 256; fps = 30; # only for webm background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ lottieconverter # for animated stickers conversion, unfree package ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { enable = true; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { type = "postgres"; uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; }; }; bridge = { displayname_template = "{{or .FullName .PushName .JID}} (WA)"; history_sync = { backfill = true; max_initial_conversations = -1; message_count = -1; request_full_sync = true; full_sync_config = { days_limit = 900; size_mb_limit = 5000; storage_quota_mb = 5000; }; }; login_shared_secret_map = { matrixDomain = "as_token:doublepuppet"; }; sync_manual_marked_unread = true; send_presence_on_typing = true; parallel_member_sync = true; url_previews = true; caption_in_message = true; extev_polls = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; }; }; }; services.mautrix-signal = { enable = true; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { type = "postgres"; uri = "postgresql:///mautrix-signal?host=/run/postgresql"; }; }; bridge = { displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; login_shared_secret_map = { matrixDomain = "as_token:doublepuppet"; }; caption_in_message = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; }; }; }; # restart the bridges daily. this is done for the signal bridge mainly which stops carrying # messages out after a while. systemd.timers."restart-bridges" = { wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "1d"; OnUnitActiveSec = "1d"; Unit = "restart-bridges.service"; }; }; systemd.services."restart-bridges" = { script = '' systemctl restart mautrix-whatsapp.service systemctl restart mautrix-signal.service systemctl restart mautrix-telegram.service ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; }
- After the initial setup, run the
- Sound
- NixOS
{ config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; services = { xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; openssh = { enable = true; settings.PermitRootLogin = "yes"; listenAddresses = [{ port = 22; addr = "0.0.0.0"; }]; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { useDHCP = true; enableIPv6 = false; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; proxmoxLXC.privileged = true; # manage hostname myself users = { groups = { lxc_pshares = { gid = 110000; members = [ "navidrome" "mpd" "root" ]; }; navidrome = { gid = 61593; }; mpd = { }; }; users = { navidrome = { isSystemUser = true; uid = 61593; group = "navidrome"; extraGroups = [ "audio" "utmp" ]; }; mpd = { isSystemUser = true; group = "mpd"; extraGroups = [ "audio" "utmp" ]; }; }; }; sound = { enable = true; }; hardware.enableAllFirmware = true; networking = { hostName = "sound"; # Define your hostname. firewall.enable = false; }; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age pciutils alsa-utils mpv ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; validateSopsFiles = false; secrets.mpdpass = { owner = "mpd"; }; }; services.navidrome = { enable = true; settings = { Address = "0.0.0.0"; Port = 4040; MusicFolder = "/media"; EnableSharing = true; EnableTranscodingConfig = true; Scanner.GroupAlbumReleases = true; ScanSchedule = "@every 1d"; # Insert these values locally as sops-nix does not work for them LastFM.ApiKey = TEMPLATE; LastFM.Secret = TEMPLATE; Spotify.ID = TEMPLATE; Spotify.Secret = TEMPLATE; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UIWelcomeMessage = "~SwarselSound~"; }; }; services.mpd = { enable = true; musicDirectory = "/media"; user = "mpd"; group = "mpd"; network = { port = 3254; listenAddress = "any"; }; credentials = [ { passwordFile = config.sops.secrets.mpdpass.path; permissions = [ "read" "add" "control" "admin" ]; } ]; }; }
- NixOS
- Spotifyd
- NixOS
{ pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; services = { xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; openssh = { enable = true; settings.PermitRootLogin = "yes"; listenAddresses = [{ port = 22; addr = "0.0.0.0"; }]; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { useDHCP = true; enableIPv6 = false; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; proxmoxLXC.privileged = true; # manage hostname myself users.groups.spotifyd = { gid = 65136; }; users.users.spotifyd = { isSystemUser = true; uid = 65136; group = "spotifyd"; extraGroups = [ "audio" "utmp" ]; }; sound = { enable = true; }; hardware.enableAllFirmware = true; networking = { hostName = "spotifyd"; # Define your hostname. firewall.enable = false; }; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age ]; services.spotifyd = { enable = true; settings = { global = { dbus_type = "session"; use_mpris = false; device = "default:CARD=PCH"; device_name = "SwarselSpot"; mixer = "alsa"; zeroconf_port = 1025; }; }; }; }
- NixOS
- Sync
- NixOS
{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age ]; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; validateSopsFiles = false; secrets.swarsel = { owner = "root"; }; secrets.dnstokenfull = { owner = "acme"; }; templates."certs.secret".content = '' CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; security.acme = { acceptTerms = true; preliminarySelfsigned = false; defaults.email = "mrswarsel@gmail.com"; defaults.dnsProvider = "cloudflare"; defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { "synki.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://localhost:27701"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "sync.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://localhost:8384/"; extraConfig = '' client_max_body_size 0; ''; }; }; }; "swagit.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "/" = { proxyPass = "http://localhost:3000"; extraConfig = '' client_max_body_size 0; ''; }; }; }; }; }; boot.tmp.cleanOnBoot = true; zramSwap.enable = false; networking = { hostName = "sync"; enableIPv6 = false; domain = "subnet03112148.vcn03112148.oraclevcn.com"; firewall.extraCommands = '' iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT ''; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; boot.loader.grub.device = "nodev"; services.anki-sync-server = { enable = true; port = 27701; address = "0.0.0.0"; openFirewall = true; users = [ { username = "Swarsel"; passwordFile = config.sops.secrets.swarsel.path; } ]; }; services.syncthing = { enable = true; guiAddress = "0.0.0.0:8384"; openDefaultPorts = true; }; services.forgejo = { enable = true; settings = { DEFAULT = { APP_NAME = "~SwaGit~"; }; server = { PROTOCOL = "http"; HTTP_PORT = 3000; HTTP_ADDR = "0.0.0.0"; DOMAIN = "swagit.swarsel.win"; ROOT_URL = "https://swagit.swarsel.win"; }; service = { DISABLE_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; }; }; }; }
- NixOS
- [Manual steps required] Swatrix
- NixOS
The files mentioned by
settings.app_service_config_files = [ "/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/whatsapp-registration.yaml" "/var/lib/matrix-synapse/signal-registration.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml" ]
need to be moved to the corresponding location. The below files are created as soon as the appservice is run once. This means that matrix will crash on the first startup; afterwards run these commands and restart the service.
cp /var/lib/mautrix-telegram/telegram-registration.yaml /var/lib/matrix-synapse/ chown matrix-synapse:matrix-synapse /var/lib/matrix-synapse/telegram-registration.yaml cp /var/lib/mautrix-signal/signal-registration.yaml /var/lib/matrix-synapse/ chown matrix-synapse:matrix-synapse /var/lib/matrix-synapse/signal-registration.yaml cp /var/lib/mautrix-whatsapp/whatsapp-registration.yaml /var/lib/matrix-synapse/ chown matrix-synapse:matrix-synapse /var/lib/matrix-synapse/whatsapp-registration.yaml
as for the contents of doublepuppet.yaml:
id: doublepuppet url: as_token: doublepuppet hs_token: notused sender_localpart: notused rate_limited: false namespaces: users: - regex: '@.*:matrix2\.swarsel\.win' exclusive: falseLastly, the machine that runs matrix needs to regularly update, as otherwise you will lose connectivity to the bridges.
{ config, pkgs, sops, ... }: let matrixDomain = "swatrix.swarsel.win"; in { imports = [ ./hardware-configuration.nix ]; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age matrix-synapse lottieconverter ffmpeg ]; services.xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; validateSopsFiles = false; secrets = { dnstokenfull = { owner = "acme"; }; matrixsharedsecret = { owner = "matrix-synapse"; }; mautrixtelegram_as = { owner = "matrix-synapse"; }; mautrixtelegram_hs = { owner = "matrix-synapse"; }; mautrixtelegram_api_id = { owner = "matrix-synapse"; }; mautrixtelegram_api_hash = { owner = "matrix-synapse"; }; }; templates = { "certs.secret".content = '' CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; "matrix_user_register.sh".content = '' register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 ''; mautrixtelegram = { owner = "matrix-synapse"; content = '' MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} ''; }; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} ''; }; }; }; documentation = { enable = false; }; security.acme = { acceptTerms = true; preliminarySelfsigned = false; defaults.email = "mrswarsel@gmail.com"; defaults.dnsProvider = "cloudflare"; defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; }; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { "swatrix.swarsel.win" = { enableACME = true; forceSSL = true; acmeRoot = null; locations = { "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://localhost:8008"; extraConfig = '' client_max_body_size 0; ''; }; }; }; }; }; boot.tmp.cleanOnBoot = true; zramSwap.enable = false; networking = { hostName = "swatrix"; enableIPv6 = false; domain = "swarsel.win"; firewall.extraCommands = '' iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT ''; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; boot.loader.grub.device = "nodev"; services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; ''; }; services.matrix-synapse = { settings.app_service_config_files = [ "/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/whatsapp-registration.yaml" "/var/lib/matrix-synapse/signal-registration.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml" ]; enable = true; settings = { server_name = matrixDomain; public_baseurl = "https://${matrixDomain}"; }; listeners = [ { port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = true; } ]; } ]; extraConfigFiles = [ config.sops.templates.matrixshared.path ]; }; services.mautrix-telegram = { enable = true; environmentFile = config.sops.templates.mautrixtelegram.path; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; id = "telegram"; # ephemeral_events = true; # not needed due to double puppeting public = { enabled = false; }; database = "postgresql:///mautrix-telegram?host=/run/postgresql"; }; bridge = { relaybot.authless_portals = true; allow_avatar_remove = true; allow_contact_info = true; sync_channel_members = true; startup_sync = true; sync_create_limit = 0; sync_direct_chats = true; telegram_link_preview = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; animated_sticker = { target = "gif"; args = { width = 256; height = 256; fps = 30; # only for webm background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ lottieconverter # for animated stickers conversion, unfree package ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { enable = true; settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { type = "postgres"; uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; }; }; bridge = { displayname_template = "{{or .FullName .PushName .JID}} (WA)"; history_sync = { backfill = true; max_initial_conversations = -1; message_count = -1; request_full_sync = true; full_sync_config = { days_limit = 900; size_mb_limit = 5000; storage_quota_mb = 5000; }; }; login_shared_secret_map = { matrixDomain = "as_token:doublepuppet"; }; sync_manual_marked_unread = true; send_presence_on_typing = true; parallel_member_sync = true; url_previews = true; caption_in_message = true; extev_polls = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; }; }; }; services.mautrix-signal = { enable = true; registerToSynapse = false; # this has the same effect as registering to app_service_config_file above settings = { homeserver = { address = "http://localhost:8008"; domain = matrixDomain; }; appservice = { address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { type = "postgres"; uri = "postgresql:///mautrix-signal?host=/run/postgresql"; }; }; bridge = { displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; login_shared_secret_map = { matrixDomain = "as_token:doublepuppet"; }; caption_in_message = true; permissions = { "*" = "relaybot"; "@swarsel:${matrixDomain}" = "admin"; }; }; }; }; # restart the bridges daily. this is done for the signal bridge mainly which stops carrying # messages out after a while. systemd.timers."restart-bridges" = { wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "1d"; OnUnitActiveSec = "1d"; Unit = "restart-bridges.service"; }; }; systemd.services."restart-bridges" = { script = '' systemctl restart mautrix-whatsapp.service systemctl restart mautrix-signal.service systemctl restart mautrix-telegram.service ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; }
- NixOS
- Paperless
- NixOS
{ config, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; services = { xserver.xkb = { layout = "us"; variant = "altgr-intl"; }; openssh = { enable = true; settings.PermitRootLogin = "yes"; listenAddresses = [{ port = 22; addr = "0.0.0.0"; }]; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; networking = { useDHCP = true; enableIPv6 = false; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; users.groups.lxc_shares = { gid = 10000; members = [ "paperless" "root" ]; }; environment.systemPackages = with pkgs; [ git gnupg ssh-to-age ]; networking = { hostName = "paperless"; # Define your hostname. firewall.enable = false; }; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; validateSopsFiles = false; secrets.admin = { owner = "paperless"; }; }; services.paperless = { enable = true; mediaDir = "/media"; user = "paperless"; port = 28981; passwordFile = config.sops.secrets.admin.path; address = "0.0.0.0"; extraConfig = { PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_URL = "scan.swarsel.win"; PAPERLESS_OCR_USER_ARGS = builtins.toJSON { optimize = 1; pdfa_image_compression = "lossless"; }; }; }; }
- NixOS
3.2. Overlays, packages, and modules
In this section I define packages that I manually want to nixpkgs. This can be useful for packages that are currently awaiting a PR or public packages that I do not want to maintain.
As such, I also define three additional overlays:
additionsThese are for the aforementioned added packagesmodificationThese are for packages that are on nixpkgs, but do not fit my usecase, meaning I need to perform modifications on them.nixpkgs-stableThis is simply a mirror of the most recent stable branch of nixpkgs. Useful for packages that are broken on nixpkgs, but do not need to be on bleeding edge anyways.
3.2.1. Packages
This is the central station for self-defined packages. These are all referenced in default.nix. Wherever possible, I am keeping the shell version of these scripts in this file as well and then read it using builtin.readFile in the NixOS configurations. This lets me keep full control in this one file but also keep the separate files uncluttered.
{ pkgs, ... }:
let
inherit (pkgs) callPackage;
in
{
pass-fuzzel = callPackage ./pass-fuzzel { };
cura5 = callPackage ./cura5 { };
cdw = callPackage ./cdw { };
cdb = callPackage ./cdb { };
bak = callPackage ./bak { };
timer = callPackage ./timer { };
e = callPackage ./e { };
swarselcheck = callPackage ./swarselcheck { };
waybarupdate = callPackage ./waybarupdate { };
opacitytoggle = callPackage ./opacitytoggle { };
fs-diff = callPackage ./fs-diff { };
update-checker = callPackage ./update-checker { };
github-notifications = callPackage ./github-notifications { };
}
- pass-fuzzel
This app allows me, in conjunction with my Yubikey, to quickly enter passwords when the need arises. Normal and TOTP passwords are supported, and they can either be printed directly or copied to the clipboard.
# Adapted from https://code.kulupu.party/thesuess/home-manager/src/branch/main/modules/river.nix shopt -s nullglob globstar otp=0 typeit=0 while :; do case ${1:-} in -t|--type) typeit=1 ;; -o|--otp) otp=1 ;; *) break esac shift done export PASSWORD_STORE_DIR=~/.local/share/password-store prefix=${PASSWORD_STORE_DIR-~/.local/share/password-store} if [[ $otp -eq 0 ]]; then password_files=( "$prefix"/**/*.gpg ) else password_files=( "$prefix"/otp/**/*.gpg ) fi password_files=( "${password_files[@]#"$prefix"/}" ) password_files=( "${password_files[@]%.gpg}" ) password=$(printf '%s\n' "${password_files[@]}" | fuzzel --dmenu "$@") [[ -n $password ]] || exit if [[ $otp -eq 0 ]]; then if [[ $typeit -eq 0 ]]; then pass show -c "$password" &>/tmp/pass-fuzzel else pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - fi else if [[ $typeit -eq 0 ]]; then pass otp -c "$password" &>/tmp/pass-fuzzel else pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - fi fi notify-send -u critical -a pass -t 1000 "Copied/Typed Password"{ writeShellApplication, libnotify, pass, fuzzel, wtype }: writeShellApplication { name = "pass-fuzzel"; runtimeInputs = [ libnotify (pass.withExtensions (exts: [ exts.pass-otp ])) fuzzel wtype ]; text = builtins.readFile ../../scripts/pass-fuzzel.sh; } - cura5
The version of
curaused to be quite outdated in nixpkgs. I am fetching a newer AppImage here and use that instead.{ appimageTools, fetchurl, writeScriptBin, pkgs }: let cura5 = appimageTools.wrapType2 rec { name = "cura5"; version = "5.4.0"; src = fetchurl { url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; }; extraPkgs = pkgs: with pkgs; [ ]; }; in writeScriptBin "cura" '' #! ${pkgs.bash}/bin/bash # AppImage version of Cura loses current working directory and treats all paths relative to $HOME. # So we convert each of the files passed as argument to an absolute path. # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. args=() for a in "$@"; do if [ -e "$a" ]; then a="$(realpath "$a")" fi args+=("$a") done exec "${cura5}/bin/cura5" "''${args[@]}" '' - cdw
This script allows for quick git worktree switching.
{ writeShellApplication, fzf }: writeShellApplication { name = "cdw"; runtimeInputs = [ fzf ]; text = '' cd "$(git worktree list | fzf | awk '{print $1}')" ''; } - cdb
This script allows for quick git branch switching.
{ writeShellApplication, fzf }: writeShellApplication { name = "cdb"; runtimeInputs = [ fzf ]; text = '' git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" ''; } - bak
This script lets me quickly backup files by appending
.bakto the filename.{ writeShellApplication }: writeShellApplication { name = "bak"; text = '' cp "$1"{,.bak} ''; } - timer
This app starts a configuratble timer and uses TTS to say something once the timer runs out.
{ writeShellApplication, speechd }: writeShellApplication { name = "timer"; runtimeInputs = [ speechd ]; text = '' sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; ''; } - e
This is a shorthand for calling emacsclient mostly. Also, it hides the kittyterm scratchpad window that I sometimes use for calling a command quickly, in case it is on the screen. After emacs closes, the kittyterm window is then shown again if it was visible earlier.
wait=0 while :; do case ${1:-} in -w|--wait) wait=1 ;; *) break esac shift done STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep kittyterm || true ) if [ "$STR" == "" ]; then swaymsg '[title="kittyterm"]' scratchpad show emacsclient -c -a "" "$@" swaymsg '[title="kittyterm"]' scratchpad show else if [[ $wait -eq 0 ]]; then emacsclient -n -c -a "" "$@" else emacsclient -c -a "" "$@" fi fi{ writeShellApplication, emacs-pgtk, sway, jq }: writeShellApplication { name = "e"; runtimeInputs = [ emacs-pgtk sway jq ]; text = builtins.readFile ../../scripts/e.sh; } - command-not-found
The normal
command-not-found.shuses the outdatednix-shellcommands as suggestions. This version supplies me with the more modernnixpkgs#<name>version.# Adapted from https://github.com/bennofs/nix-index/blob/master/command-not-found.sh command_not_found_handle () { if [ -n "${MC_SID-}" ] || ! [ -t 1 ]; then >&2 echo "$1: command not found" return 127 fi echo -n "searching nix-index..." ATTRS=$(@nix-locate@ --minimal --no-group --type x --type s --top-level --whole-name --at-root "/bin/$1") case $(echo -n "$ATTRS" | grep -c "^") in 0) >&2 echo -ne "$(@tput@ el1)\r" >&2 echo "$1: command not found" ;; *) >&2 echo -ne "$(@tput@ el1)\r" >&2 echo "The program ‘$(@tput@ setaf 4)$1$(@tput@ sgr0)’ is currently not installed." >&2 echo "It is provided by the following derivation(s):" while read -r ATTR; do ATTR=${ATTR%.out} >&2 echo " $(@tput@ setaf 12)nixpkgs#$(@tput@ setaf 4)$ATTR$(@tput@ sgr0)" done <<< "$ATTRS" esac return 127 } command_not_found_handler () { command_not_found_handle "$@" return $? } - swarselcheck
This app checks for different apps that I keep around in the scratchpad for quick viewing and hiding (messengers and music players mostly) and then behaves like the kittyterm hider that I described in e.
kitty=0 element=0 vesktop=0 spotifyplayer=0 while :; do case ${1:-} in -k|--kitty) kitty=1 ;; -e|--element) element=1 ;; -d|--vesktop) vesktop=1 ;; -s|--spotifyplayer) spotifyplayer=1 ;; *) break esac shift done if [[ $kitty -eq 1 ]]; then STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep kittyterm || true) CHECK=$(swaymsg -t get_tree | grep kittyterm || true) if [ "$CHECK" == "" ]; then exec kitty -T kittyterm & sleep 1 fi if [ "$STR" == "" ]; then exec swaymsg '[title="kittyterm"]' scratchpad show else exec swaymsg '[title="kittyterm"]' scratchpad show fi elif [[ $element -eq 1 ]]; then STR=$(swaymsg -t get_tree | grep Element || true) if [ "$STR" == "" ]; then exec element-desktop else exec swaymsg '[app_id=Element]' kill fi elif [[ $vesktop -eq 1 ]]; then STR=$(swaymsg -t get_tree | grep vesktop || true) if [ "$STR" == "" ]; then exec vesktop else exec swaymsg '[app_id=vesktop]' kill fi elif [[ $spotifyplayer -eq 1 ]]; then STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep spotifytui || true) CHECK=$(swaymsg -t get_tree | grep spotifytui || true) if [ "$CHECK" == "" ]; then exec kitty -T spotifytui -o confirm_os_window_close=0 spotify_player & sleep 1 fi if [ "$STR" == "" ]; then exec swaymsg '[title="spotifytui"]' scratchpad show else exec swaymsg '[title="spotifytui"]' scratchpad show fi fi{ writeShellApplication, kitty, element-desktop-wayland, vesktop, spotify-player, sway, jq }: writeShellApplication { name = "swarselcheck"; runtimeInputs = [ kitty element-desktop-wayland vesktop spotify-player jq ]; text = builtins.readFile ../../scripts/swarselcheck.sh; } - waybarupdate
This scripts checks if there are uncommited changes in either my dotfile repo, my university repo, or my passfile repo. In that case a warning will be shown in waybar.
CFG=$(git --git-dir="$HOME"/.dotfiles/.git --work-tree="$HOME"/.dotfiles/ status -s | wc -l) CSE=$(git --git-dir="$HOME"/Documents/GitHub/CSE_TUWIEN/.git --work-tree="$HOME"/Documents/GitHub/CSE_TUWIEN/ status -s | wc -l) PASS=$(( $(git --git-dir="$HOME"/.local/share/password-store/.git --work-tree="$HOME"/.local/share/password-store/ status -s | wc -l) + $(git --git-dir="$HOME"/.local/share/password-store/.git --work-tree="$HOME"/.local/share/password-store/ diff origin/main..HEAD | wc -l) )) if [[ $CFG != 0 ]]; then CFG_STR='CONFIG' else CFG_STR='' fi if [[ $CSE != 0 ]]; then CSE_STR=' CSE' else CSE_STR='' fi if [[ $PASS != 0 ]]; then PASS_STR=' PASS' else PASS_STR='' fi OUT="$CFG_STR""$CSE_STR""$PASS_STR" echo "$OUT"{ writeShellApplication, git }: writeShellApplication { name = "waybarupdate"; runtimeInputs = [ git ]; text = builtins.readFile ../../scripts/waybarupdate.sh; } - opacitytoggle
This app quickly toggles between 5% and 0% transparency.
if swaymsg opacity plus 0.01 -q; then swaymsg opacity 1 else swaymsg opacity 0.95 fi{ writeShellApplication, sway }: writeShellApplication { name = "opacitytoggle"; runtimeInputs = [ sway ]; text = builtins.readFile ../../scripts/opacitytoggle.sh; } - fs-diff
This utility is used to compare the current state of the root directory with the blanket state that is stored in /root-blank (the snapshot that is restored on each reboot of an impermanence machine). Using this, I can find files that I will lose once I reboot - if there are important files in that list, I can then easily add them to the persist options.
set -euo pipefail OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999) OLD_TRANSID=${OLD_TRANSID#transid marker was } sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" | sed '$d' | cut -f17- -d' ' | sort | uniq | while read -r path; do path="/$path" if [ -L "$path" ]; then : # The path is a symbolic link, so is probably handled by NixOS already elif [ -d "$path" ]; then : # The path is a directory, ignore else echo "$path" fi done{ writeShellApplication, sway }: writeShellApplication { name = "fs-diff"; text = builtins.readFile ../../scripts/fs-diff.sh; } - update-checker
This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
updates="$( { cd /home/swarsel/.dotfiles && nix flake lock --update-input nixpkgs && nix build .#nixosConfigurations."$(eval hostname)".config.system.build.toplevel && nvd diff /run/current-system ./result | grep -c '\[U'; } || true)" alt="has-updates" if [[ $updates -eq 0 ]]; then alt="updated" fi tooltip="System updated" if [[ $updates != 0 ]]; then tooltip=$(cd ~/.dotfiles && nvd diff /run/current-system ./result | grep -e '\[U' | awk '{ for (i=3; i<NF; i++) printf $i " "; if (NF >= 3) print $NF; }' ORS='\\n' ) echo "{ \"text\":\"$updates\", \"alt\":\"$alt\", \"tooltip\":\"$tooltip\" }" else echo "{ \"text\":\"\", \"alt\":\"$alt\", \"tooltip\":\"\" }" fi{ writeShellApplication, nvd }: writeShellApplication { name = "update-checker"; runtimeInputs = [ nvd ]; text = builtins.readFile ../../scripts/update-checker.sh; } - github-notifications
This utility checks if there are updated packages in nixpkgs-unstable. It does so by fully building the most recent configuration, which I do not love, but it has its merits once I am willing to switch to the newer version.
{ writeShellApplication, jq }: writeShellApplication { name = "github-notifications"; runtimeInputs = [ jq ]; text = '' count=$(curl -u Swarsel:"$(cat /run/user/1000/secrets/github_notif)" https://api.github.com/notifications | jq '. | length') if [[ "$count" != "0" ]]; then echo "{\"text\":\"$count\"}" fi ''; }
3.2.2. Overlays (additions, overrides, nixpkgs-stable)
This file now holds all of the "nixpkgs-changes" that I am using across the configurations. Most notable here are the modifications, where I am editing derivations according to my needs.
{ inputs, ... }: {
additions = final: _prev: import ../pkgs { pkgs = final; };
modifications = final: _prev: {
vesktop = _prev.vesktop.override {
withSystemVencord = true;
};
nerdfonts = _prev.nerdfonts.override {
fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ];
};
firefox = _prev.firefox.override {
nativeMessagingHosts = [
_prev.tridactyl-native
_prev.browserpass
_prev.plasma5Packages.plasma-browser-integration
];
};
prismlauncher = _prev.prismlauncher.override {
glfw = _prev.glfw-wayland-minecraft;
};
# river = prev.river.overrideAttrs (oldAttrs: rec {
# pname = "river";
# version = "git";
# src = prev.fetchFromGitHub {
# owner = "riverwm";
# repo = pname;
# rev = "c16628c7f57c51d50f2d10a96c265fb0afaddb02";
# hash = "sha256-E3Xtv7JeCmafiNmpuS5VuLgh1TDAbibPtMo6A9Pz6EQ=";
# fetchSubmodules = true;
# };
# });
};
nixpkgs-stable = final: _prev: {
stable = import inputs.nixpkgs-stable { inherit (final) system; };
};
}
3.2.3. Modules
In this section I define custom modules under the swarsel attribute. These are mostly used to define settings specific to a host. I keep these settings confined to either home-manager or nixos to maintain compatibility with non-NixOS machines.
- NixOS
Modules that need to be loaded on the NixOS level. Note that these will not be available on systems that are not running NixOS
{ wallpaper = import ./wallpaper.nix; hardware = import ./hardware.nix; setup = import ./setup.nix; impermanence = import ./impermanence.nix; filesystem = import ./filesystem.nix; }- Wallpaper
This lets me set the wallpaper that I want to use. Duplicated with home-manager options because mixing system and user level configuration is not a good idea.
{ lib, ... }: { options.swarselsystems.wallpaper = lib.mkOption { type = lib.types.path; default = ""; }; } - Hardware
This lets me set some basic flags about the hardware of the configured systems.
{ lib, ... }: { options.swarselsystems.hasBluetooth = lib.mkEnableOption "bluetooth availability"; options.swarselsystems.hasFingerprint = lib.mkEnableOption "fingerprint sensor availability"; options.swarselsystems.trackpoint.isAvailable = lib.mkEnableOption "trackpoint availability"; options.swarselsystems.trackpoint.device = lib.mkOption { type = lib.types.str; default = ""; }; } - Setup
I usually use
mutableUsers = falsein my NixOS configuration. However, on a new system where sops-keys have not been deployed, this would immediately lock me out of the system. Hence this flag can be used until sops-keys are created.{ lib, ... }: { options.swarselsystems.initialSetup = lib.mkEnableOption "initial setup (no sops keys available)"; } - Impermanence
Option to enable impermanence configurations. This could also be done via optional imports, but impermanence is a "big enough" change to warrant a line in the machine
default.nix.{ lib, ... }: { options.swarselsystems.impermanence = lib.mkEnableOption "use impermanence on this system"; } - Filesystem
This lets me quickly set flags for "special" file systems. These options mostly function in conjunction with other settings (for example, the
isBtrfsfunction is mostly used for impermanence configuration).{ lib, ... }: { options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem"; }
- Wallpaper
- home-manager
This holds modules that are to be used on most hosts. These are also the most important options to configure, as these allow me easy access to monitor, keyboard, and other setups.
{ laptop = import ./laptop.nix; hardware = import ./hardware.nix; monitors = import ./monitors.nix; input = import ./input.nix; nixos = import ./nixos.nix; waybar = import ./waybar.nix; startup = import ./startup.nix; wallpaper = import ./wallpaper.nix; filesystem = import ./filesystem.nix; }- Laptop
Laptops are not always plugged in, so they should show a battery icon in Waybar. Also, most laptops have a touchpad which usually needs to be configured.
{ lib, config, ... }: { options.swarselsystems.isLaptop = lib.mkEnableOption "laptop host"; config.swarselsystems.touchpad = lib.mkIf config.swarselsystems.isLaptop { "type:touchpad" = { dwt = "enabled"; tap = "enabled"; natural_scroll = "enabled"; middle_emulation = "enabled"; }; }; config.swarselsystems.waybarModules = lib.mkIf config.swarselsystems.isLaptop [ "custom/outer-left-arrow-dark" "mpris" "custom/left-arrow-light" "network" "custom/vpn" "custom/left-arrow-dark" "pulseaudio" "custom/left-arrow-light" "battery" "custom/left-arrow-dark" "group/hardware" "custom/left-arrow-light" "clock#2" "custom/left-arrow-dark" "clock#1" ]; } - Hardware
This section is mostly used to deliver the correct information to Waybar. AMD systems have changing hwmon paths that can be specifically set here. Also the cpu count can be set here for Waybars cpu module, but 8 is usually a good setting to show
{ lib, ... }: { options.swarselsystems.cpuCount = lib.mkOption { type = lib.types.int; default = 8; }; options.swarselsystems.temperatureHwmon.isAbsolutePath = lib.mkEnableOption "absolute temperature path"; options.swarselsystems.temperatureHwmon.path = lib.mkOption { type = lib.types.str; default = ""; }; options.swarselsystems.temperatureHwmon.input-filename = lib.mkOption { type = lib.types.str; default = ""; }; } - Waybar
These are explicit waybar options. Laptops do not need the battery module. However, this leads to a slight problem with theming: my waybar modules alternate their background-color between black and grey. The battery module is usually on grey background. If I were to simply delete that, I would now have two modules on black background. To avoid this, I define a pseudo-module
custom/pseudobatthat simply shows a static image and callswlogouton right click. This wastes a little bit of screen space, but that is a price I am willing to pay for consistency.The most part of this configuration is done here: Waybar
{ lib, config, ... }: let generateIcons = n: lib.concatStringsSep " " (builtins.map (x: "{icon" + toString x + "}") (lib.range 0 (n - 1))); in { options.swarselsystems.cpuString = lib.mkOption { type = lib.types.str; default = generateIcons config.swarselsystems.cpuCount; description = "The generated icons string for use by Waybar."; internal = true; }; options.swarselsystems.waybarModules = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ "custom/outer-left-arrow-dark" "mpris" "custom/left-arrow-light" "network" "custom/vpn" "custom/left-arrow-dark" "pulseaudio" "custom/left-arrow-light" "custom/pseudobat" "battery" "custom/left-arrow-dark" "group/hardware" "custom/left-arrow-light" "clock#2" "custom/left-arrow-dark" "clock#1" ]; }; } - Monitors
This allows me to define my monitors in the machine's
default.nix.{ lib, ... }: let inherit (lib) mkOption types; in { options.swarselsystems.monitors = mkOption { type = types.attrsOf (types.attrsOf types.str); default = { }; }; } - Input
This allows me to configure input options. Here, I am globally defining my split keyboards. Then, I am joining some attribute sets so that they can be easier used in the rest of the configurations.
{ lib, config, ... }: let inherit (lib) mkOption types; in { options.swarselsystems.inputs = mkOption { type = types.attrsOf (types.attrsOf types.str); default = { }; }; options.swarselsystems.kyria = mkOption { type = types.attrsOf (types.attrsOf types.str); default = { "36125:53060:splitkb.com_splitkb.com_Kyria_rev3" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; }; }; }; options.swarselsystems.touchpad = mkOption { type = types.attrsOf (types.attrsOf types.str); default = { }; }; options.swarselsystems.standardinputs = mkOption { type = types.attrsOf (types.attrsOf types.str); default = lib.recursiveUpdate (lib.recursiveUpdate config.swarselsystems.touchpad config.swarselsystems.kyria) config.swarselsystems.inputs; internal = true; }; options.swarselsystems.keybindings = mkOption { type = types.attrsOf types.str; default = { }; }; } - Nixos
These are some extra options that will be used if the machine also runs NixOS. For example, non-NixOS hosts need
nixGLprepended to most graphic commands, andswayfxworks less nicely on these machines.{ lib, config, ... }: { options.swarselsystems.isNixos = lib.mkEnableOption "nixos host"; config.swarselsystems.startup = lib.mkIf (!config.swarselsystems.isNixos) [ { command = "sleep 60 && nixGL nextcloud --background"; } { command = "sleep 60 && nixGL vesktop --start-minimized -enable-features=UseOzonePlatform -ozone-platform=wayland"; } { command = "sleep 60 && nixGL syncthingtray --wait"; } { command = "sleep 60 && ANKI_WAYLAND=1 nixGL anki"; } { command = "nm-applet --indicator"; } { command = "sleep 60 && OBSIDIAN_USE_WAYLAND=1 nixGL obsidian -enable-features=UseOzonePlatform -ozone-platform=wayland"; } { command = "sleep 60 && element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } ]; options.swarselsystems.swayfxConfig = lib.mkOption { type = lib.types.str; default = " blur enable blur_xray disable blur_passes 1 blur_radius 1 shadows enable corner_radius 2 titlebar_separator disable default_dim_inactive 0.02 "; internal = true; }; config.swarselsystems.swayfxConfig = lib.mkIf (!config.swarselsystems.isNixos) " "; } - System startup
This defines programs I want to have starting when I start the system
Part of the startup is also defined in Sway. The distinction is as follows. As this configuration also needs to work on systems that are running only home manager, I probably need to run nixGL or something similar on those systems to get these graphic apps to display properly. In this section we only define such graphical programs, in the other location we only put shell applications and such.
These other apps currently include:
- spotifytui
- kitty
Do not that
syncthingtrayis also not mentioned here. It is installed as a home manager package that automatically starts at system start.{ lib, ... }: let inherit (lib) mkOption types; in { options.swarselsystems.startup = mkOption { type = types.listOf (types.attrsOf types.str); default = [ { command = "nextcloud --background"; } { command = "vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; } { command = "element-desktop --hidden --enable-features=UseOzonePlatform --ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } { command = "ANKI_WAYLAND=1 anki"; } { command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } { command = "nm-applet"; } ]; }; } - Wallpaper
Again, I set the wallpaper here for
stylix.{ lib, ... }: { options.swarselsystems.wallpaper = lib.mkOption { type = lib.types.path; default = ""; }; } - Filesystem
Another duplicated option for the filesystem.
{ lib, ... }: { options.swarselsystems.isBtrfs = lib.mkEnableOption "use btrfs filesystem"; }
- Laptop
3.3. NixOS
Here we have NixOS options. All options are split into smaller files that are loaded by the general default.nix. Common files are used by all user hosts equally, optionals need to be added to the machine's default.nix on a case-by-case basis.
3.3.1. Common
These are system-level settings specific to NixOS machines. All settings that are required on all machines go here.
- Imports, enable home-manager module, stateVersion
:CUSTOMID: h:45e4315b-0929-4c47-b65a-c8f0a685f4df
First, we enable the use of
home-manageras a NixoS module.Also, we disable the warnings that trigger when rebuilding with a dirty flake. At this point, I am also disabling channels and pinning the flake registry - the latter lets me use the local version of nixpkgs for commands like
nix shell(without it, we will always download the newest version of nixpkgs for these commands).Also, the system state version is set here. No need to touch it.
{ lib, inputs, ... }: { imports = [ ./xserver.nix ./users.nix ./env.nix ./stylix.nix ./polkit.nix ./gc.nix ./store.nix ./systemd.nix ./network.nix ./time.nix ./hardware.nix ./pipewire.nix ./sops.nix ./packages.nix ./programs.nix ./zsh.nix ./syncthing.nix ./blueman.nix ./networkdevices.nix ./gvfs.nix ./interceptiontools.nix ./hardwarecompatibility.nix ./login.nix ./stylix.nix ./power-profiles-daemon.nix # ./impermanence.nix ./nvd-rebuild.nix ./nix-ld.nix ./gnome-keyring.nix ./sway.nix ./xdg-portal.nix # ./yubikey-touch-detector.nix ./safeeyes.nix ]; nix = let flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; in { settings = { experimental-features = [ "nix-command" "flakes" "ca-derivations" ]; trusted-users = [ "swarsel" ]; flake-registry = ""; warn-dirty = false; }; channel.enable = false; registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; }; nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" "electron-29.4.6" ]; home-manager = { useGlobalPkgs = true; useUserPackages = true; }; system.stateVersion = lib.mkDefault "23.05"; } - Setup login keymap
Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is extremly comfortable to use
_: { services.xserver = { xkb = { layout = "us"; variant = "altgr-intl"; }; }; } - Make users non-mutable
This ensures that all user-configuration happens here in the config file.
{ pkgs, config, lib, ... }: { users = { mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false; users.swarsel = { isNormalUser = true; description = "Leon S"; hashedPasswordFile = lib.mkIf (!config.swarselsystems.initialSetup) config.sops.secrets.swarseluser.path; extraGroups = [ "networkmanager" "root" "docker""wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; packages = with pkgs; [ ]; }; }; } - Environment setup
Next, we will setup some environment variables that need to be set on the system-side. We apply some compatibility options for chromium apps on wayland, enable the wordlist and make metadata reading possible for my file explorer (nautilus).
{ lib, pkgs, ... }: { environment = { wordlist.enable = true; sessionVariables = { NIXOS_OZONE_WL = "1"; GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav ]); }; }; # gstreamer plugins for nautilus (used for file metadata) } - Security
Needed for control over system-wide privileges etc.
_: { security.pam.services = { login.u2fAuth = true; sudo.u2fAuth = true; swaylock.u2fAuth = true; swaylock.fprintAuth = false; }; security.polkit.enable = true; } - Enable automatic garbage collection
The nix store fills up over time, until
/boot/efiis filled. This snippet cleans it automatically on a weekly basis._: { nix.gc = { automatic = true; randomizedDelaySec = "14m"; dates = "weekly"; options = "--delete-older-than 10d"; }; } - Enable automatic store optimisation
This enables hardlinking identical files in the nix store, to save on disk space. I have read this incurs a significant I/O overhead, I need to keep an eye on this.
_: { nix.optimise = { automatic = true; dates = [ "weekly" ]; }; } - Reduce systemd timeouts
There is a persistent bug over Linux kernels that makes the user wait 1m30s on system shutdown due to the reason
a stop job is running for session 1 of user .... I do not want to wait that long and am confident no important data is lost by doing this._: { # systemd systemd.extraConfig = '' DefaultTimeoutStartSec=60s DefaultTimeoutStopSec=15s ''; } - Hardware settings
Enable OpenGL, Sound, Bluetooth and various drivers.
{ pkgs, config, lib, ... }: { hardware = { graphics = { enable = true; enable32Bit = true; }; trackpoint = lib.mkIf config.swarselsystems.trackpoint.isAvailable { enable = true; inherit (config.swarselsystems.trackpoint) device; }; keyboard.qmk.enable = true; pulseaudio = { enable = lib.mkIf (!config.services.pipewire.enable) true; package = pkgs.pulseaudioFull; }; enableAllFirmware = true; bluetooth = lib.mkIf config.swarselsystems.hasBluetooth { enable = true; powerOnBoot = true; settings = { General = { Enable = "Source,Sink,Media,Socket"; }; }; }; }; services.fprintd.enable = lib.mkIf config.swarselsystems.hasFingerprint true; } - Pipewire
Pipewire handles communication on Wayland. This enables several sound tools as well as screen sharing in combinaton with
xdg-desktop-portal-wlr._: { security.rtkit.enable = true; # this is required for pipewire real-time access services.pipewire = { enable = true; pulse.enable = true; jack.enable = true; audio.enable = true; alsa = { enable = true; support32Bit = true; }; }; } - Common network settings
Here I only enable
networkmanager. Most of the 'real' network config is done in System specific configuration.{ lib, config, ... }: { networking = { nftables.enable = lib.mkDefault true; enableIPv6 = lib.mkDefault true; firewall = { checkReversePath = lib.mkDefault false; enable = lib.mkDefault true; allowedUDPPorts = [ 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard }; networkmanager = { enable = true; ensureProfiles = { environmentFiles = [ "${config.sops.templates."network-manager.env".path}" ]; profiles = { "Ernest Routerford" = { connection = { id = "Ernest Routerford"; permissions = ""; type = "wifi"; }; ipv4 = { dns-search = ""; method = "auto"; }; ipv6 = { addr-gen-mode = "stable-privacy"; dns-search = ""; method = "auto"; }; wifi = { mac-address-blacklist = ""; mode = "infrastructure"; ssid = "Ernest Routerford"; }; wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; psk = "$ERNEST"; }; }; LAN-Party = { connection = { autoconnect = "false"; id = "LAN-Party"; type = "ethernet"; }; ethernet = { auto-negotiate = "true"; cloned-mac-address = "preserve"; mac-address = "90:2E:16:D0:A1:87"; }; ipv4 = { method = "shared"; }; ipv6 = { addr-gen-mode = "stable-privacy"; method = "auto"; }; proxy = { }; }; eduroam = { "802-1x" = { eap = "ttls;"; identity = "$EDUID"; password = "$EDUPASS"; phase2-auth = "mschapv2"; }; connection = { id = "eduroam"; type = "wifi"; }; ipv4 = { method = "auto"; }; ipv6 = { addr-gen-mode = "default"; method = "auto"; }; proxy = { }; wifi = { mode = "infrastructure"; ssid = "eduroam"; }; wifi-security = { auth-alg = "open"; key-mgmt = "wpa-eap"; }; }; local = { connection = { autoconnect = "false"; id = "local"; type = "ethernet"; }; ethernet = { }; ipv4 = { address1 = "10.42.1.1/24"; method = "shared"; }; ipv6 = { addr-gen-mode = "stable-privacy"; method = "auto"; }; proxy = { }; }; HH40V_39F5 = { connection = { id = "HH40V_39F5"; type = "wifi"; }; ipv4 = { method = "auto"; }; ipv6 = { addr-gen-mode = "stable-privacy"; method = "auto"; }; proxy = { }; wifi = { band = "bg"; mode = "infrastructure"; ssid = "HH40V_39F5"; }; wifi-security = { key-mgmt = "wpa-psk"; psk = "$FRAUNS"; }; }; magicant = { connection = { id = "magicant"; type = "wifi"; }; ipv4 = { method = "auto"; }; ipv6 = { addr-gen-mode = "default"; method = "auto"; }; proxy = { }; wifi = { mode = "infrastructure"; ssid = "magicant"; }; wifi-security = { auth-alg = "open"; key-mgmt = "wpa-psk"; psk = "$HANDYHOTSPOT"; }; }; "sweden-aes-128-cbc-udp-dns" = { connection = { autoconnect = "false"; id = "PIA Sweden"; type = "vpn"; }; ipv4 = { method = "auto"; }; ipv6 = { addr-gen-mode = "stable-privacy"; method = "auto"; }; proxy = { }; vpn = { auth = "sha1"; ca = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; challenge-response-flags = "2"; cipher = "aes-128-cbc"; compress = "yes"; connection-type = "password"; crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; dev = "tun"; password-flags = "0"; remote = "sweden.privacy.network:1198"; remote-cert-tls = "server"; reneg-seconds = "0"; service-type = "org.freedesktop.NetworkManager.openvpn"; username = "$VPNUSER"; }; vpn-secrets = { password = "$VPNPASS"; }; }; Hotspot = { connection = { autoconnect = "false"; id = "Hotspot"; type = "wifi"; }; ipv4 = { method = "shared"; }; ipv6 = { addr-gen-mode = "default"; method = "ignore"; }; proxy = { }; wifi = { mode = "ap"; ssid = "Hotspot-fourside"; }; wifi-security = { group = "ccmp;"; key-mgmt = "wpa-psk"; pairwise = "ccmp;"; proto = "rsn;"; psk = "$HOTSPOT"; }; }; }; }; }; }; systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; } - Time, locale settings
Setup timezone and locale. I want to use the US layout, but have the rest adapted to my country and timezone. Also, there is an issue with running Windows/Linux dualboot on the same machine where the hardware clock desyncs between the two OS'es. We fix that bug here as well.
_: { time = { timeZone = "Europe/Vienna"; hardwareClockInLocalTime = true; }; i18n = { defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "de_AT.UTF-8"; LC_IDENTIFICATION = "de_AT.UTF-8"; LC_MEASUREMENT = "de_AT.UTF-8"; LC_MONETARY = "de_AT.UTF-8"; LC_NAME = "de_AT.UTF-8"; LC_NUMERIC = "de_AT.UTF-8"; LC_PAPER = "de_AT.UTF-8"; LC_TELEPHONE = "de_AT.UTF-8"; LC_TIME = "de_AT.UTF-8"; }; }; } - sops
I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine:
- `ssh-keygen -t ed25519 -C "NAME sops"` in .ssh directory (or wherever) - name e.g. "sops"
- cat ~/.ssh/sops.pub | ssh-to-age | wl-copy
- add the output to .sops.yaml
- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub
- update entry for sops.age.sshKeyPaths
{ config, lib, ... }: let mkIfElse = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) ]; in { sops = { age.sshKeyPaths = mkIfElse config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" ] [ "${config.users.users.swarsel.home}/.ssh/sops" ]; defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; secrets = { swarseluser = { neededForUsers = true; }; ernest = { }; frauns = { }; hotspot = { }; eduid = { }; edupass = { }; handyhotspot = { }; vpnuser = { }; vpnpass = { }; }; templates = { "network-manager.env".content = '' ERNEST=${config.sops.placeholder.ernest} FRAUNS=${config.sops.placeholder.frauns} HOTSPOT=${config.sops.placeholder.hotspot} EDUID=${config.sops.placeholder.eduid} EDUPASS=${config.sops.placeholder.edupass} HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} VPNUSER=${config.sops.placeholder.vpnuser} VPNPASS=${config.sops.placeholder.vpnpass} ''; }; }; } - Theme (stylix)
By default, stylix wants to style GRUB as well. However, I think that looks horrible.
themeis defined in Theme (stylix).{ pkgs, home-manager, config, ... }: { stylix = { enable = true; base16Scheme = ../../../wallpaper/swarsel.yaml; # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml"; polarity = "dark"; opacity.popups = 0.5; cursor = { package = pkgs.capitaine-cursors; name = "capitaine-cursors"; size = 16; }; fonts = { sizes = { terminal = 10; applications = 11; }; serif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; # package = pkgs.montserrat; name = "Cantarell"; # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; sansSerif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; # package = pkgs.montserrat; name = "Cantarell"; # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; monospace = { package = pkgs.nerdfonts; # has overrides name = "FiraCode Nerd Font Mono"; }; emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; targets.grub.enable = false; # the styling makes grub more ugly image = config.swarselsystems.wallpaper; }; home-manager.users.swarsel = { stylix = { targets = { emacs.enable = false; waybar.enable = false; }; }; }; } - System Packages
Mostly used to install some compilers and lsp's that I want to have available when not using a devShell flake. Most other packages should go in Installed packages.
{ pkgs, ... }: { environment.systemPackages = with pkgs; [ # yubikey packages gnupg yubikey-personalization yubikey-personalization-gui yubico-pam yubioath-flutter yubikey-manager yubikey-manager-qt yubikey-touch-detector yubico-piv-tool cfssl pcsctools pcscliteWithPolkit.out # ledger packages ledger-live-desktop # pinentry dbus swaylock-effects syncthingtray-minimal # secure boot sbctl nix-index # keyboards qmk vial via # theme related adwaita-icon-theme # kde-connect xdg-desktop-portal xdg-desktop-portal-wlr # bluetooth bluez # lsp-related ------------------------------- # nix # latex texlab ghostscript_headless # wireguard wireguard-tools # rust rust-analyzer clippy rustfmt # go go gopls # zig zig zls # cpp clang-tools # + cuda cudatoolkit # ansible ansible-language-server #lsp-bridge / python gcc gdb (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) # -------------------------------------------- (stdenv.mkDerivation { name = "oama"; src = pkgs.fetchurl { name = "oama"; url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; }; phases = [ "unpackPhase" ]; unpackPhase = '' mkdir -p $out/bin tar xvf $src -C $out/ mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ ''; }) ]; } - Programs (including zsh setup)
Some programs profit from being installed through dedicated NixOS settings on system-level; these go here. Notably the zsh setup goes here and cannot be deleted under any circumstances.
_: { programs = { dconf.enable = true; evince.enable = true; kdeconnect.enable = true; }; }- zsh
Do not touch this.
{ pkgs, ... }: { programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; environment.shells = with pkgs; [ zsh ]; environment.pathsToLink = [ "/share/zsh" ]; } - syncthing
_: { services.syncthing = { enable = true; user = "swarsel"; dataDir = "/home/swarsel"; configDir = "/home/swarsel/.config/syncthing"; openDefaultPorts = true; settings = { devices = { "magicant" = { id = "SEH2NMT-IVRQUU5-VPW2HUQ-3GQYDBF-F6H6OY6-X3DZTUZ-LCRE2DJ-QNIXIQ2"; }; "sync (@oracle)" = { id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; }; "server1" = { id = "ZXWVC4X-IIARITZ-MERZPHN-HD55Y6G-QJM2GTB-6BWYXMR-DTO3TS2-QDBREQQ"; }; }; folders = { "Default Folder" = { path = "/home/swarsel/Sync"; devices = [ "sync (@oracle)" "magicant" ]; id = "default"; }; "Obsidian" = { path = "/home/swarsel/Nextcloud/Obsidian"; devices = [ "sync (@oracle)" "magicant" ]; id = "yjvni-9eaa7"; }; "Org" = { path = "/home/swarsel/Nextcloud/Org"; devices = [ "sync (@oracle)" "magicant" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "/home/swarsel/Vpn"; devices = [ "sync (@oracle)" "magicant" ]; id = "hgp9s-fyq3p"; }; }; }; }; }
- zsh
- Services
Setting up some hardware services as well as keyboard related settings. Here we make sure that we can use the CAPS key as a ESC/CTRL double key, which is a lifesaver.
- blueman
Enables the blueman service including the nice system tray icon.
_: { services.blueman.enable = true; } - Network devices
In this section we enable compatibility with several network devices I have at home, mainly printers and scanners.
- Scanners
This allows me to use my big scanner/printer's scanning function over the network.
{ pkgs, ... }: { # enable scanners over network hardware.sane = { enable = true; extraBackends = [ pkgs.sane-airscan ]; }; - Printers
This allows me to use my big scanner/printer's printing function over the network. Most of the settings are driver related.
# enable discovery and usage of network devices (esp. printers) services.printing = { enable = true; drivers = [ pkgs.gutenprint pkgs.gutenprintBin ]; browsedConf = '' BrowseDNSSDSubTypes _cups,_print BrowseLocalProtocols all BrowseRemoteProtocols all CreateIPPPrinterQueues All BrowseProtocols all ''; }; - Avahi (device discovery)
Avahi is the service used for the network discovery.
services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; }
- Scanners
- enable GVfs
This is being set to allow myself to use all functions of nautilus in NixOS
_: { services.gvfs.enable = true; } - interception-tools: Make CAPS work as ESC/CTRL
This is a super-convenient package that lets my remap my
CAPSkey toESCif pressed shortly, andCTRLif being held.{ pkgs, ... }: { # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; udevmonConfig = let dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' TIMING: TAP_MILLISEC: 200 DOUBLE_TAP_MILLISEC: 0 MAPPINGS: - KEY: KEY_CAPSLOCK TAP: KEY_ESC HOLD: KEY_LEFTCTRL ''; in '' - JOB: | ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE DEVICE: EVENTS: EV_KEY: [KEY_CAPSLOCK] ''; }; } - power-profiles-daemon
This enables power profile management. The available modes are:
- power-saver
- balanced
- performance
Most of the time I am using
power-saver, however, it is good to be able to choose._: { services.power-profiles-daemon.enable = true; }
- blueman
- Hardware compatibility settings (Yubikey, Ledger, Keyboards) - udev rules
It makes sense to house these settings in their own section, since they are all needed really. Note that the starting of the gpg-agent is done in the sway settings, to also perform this step of the setup for non NixOS-machines at the same time.
pcscdis needed to use the smartcard mode (CCID) of the Yubikey.The exception is the system packages, since that cannot be defined twice in the same file (common.nix). The comment is left in as a remider for that.
Also, this is a good place to setup the udev rules.
{ pkgs, ... }: { programs.ssh.startAgent = false; services.pcscd.enable = true; hardware.ledger.enable = true; services.udev.packages = with pkgs; [ yubikey-personalization ledger-udev-rules qmk-udev-rules vial via ]; } - System Login
This section houses the greetd related settings. I do not really want to use a display manager, but it is useful to have setup in some ways - in my case for starting sway on system startup. Notably the default user login setting that is commented out here goes into the system specific settings, make sure to update it there
{ pkgs, ... }: { services.greetd = { enable = true; settings = { initial_session.command = "sway"; # initial_session.user ="swarsel"; default_session.command = '' ${pkgs.greetd.tuigreet}/bin/tuigreet \ --time \ --asterisks \ --user-menu \ --cmd sway ''; }; }; environment.etc."greetd/environments".text = '' sway ''; } - nix-ld
This provides libraries for binaries that are not patched for use on NixOS. This really makes the biggest gripe with NixOS go away, that being having to run a binary that is only found in a single spot. It is most of the times possible to patch such a file, but this makes such a situation take much less time to resolve.
Only some binaries that touch system settings might still not work, apart from that, the list of libraries I have curated here should be quite exhaustive.
When a program does not work, start with
nix-ldd <program>. This will tell you which library is missing. Afterwards, continue withnix-locate <program>to find which packages provide that library. Add it to libraries below and rebuild. After a reboot, it will be visible usingnix-ldd. It can also be useful to take a look atlddto see which libraries are needed in general.{ pkgs, ... }: { programs.nix-ld = { enable = true; libraries = with pkgs; [ SDL SDL2 SDL2_image SDL2_mixer SDL2_ttf SDL_image SDL_mixer SDL_ttf alsa-lib alsaLib at-spi2-atk at-spi2-core atk bzip2 cairo cups curl dbus dbus-glib expat ffmpeg flac fontconfig freeglut freetype fuse3 gdk-pixbuf glew110 glib gnome2.GConf gnome2.pango gtk2 gtk3 icu libGL libappindicator-gtk2 libappindicator-gtk3 libcaca libcanberra libcap libdbusmenu-gtk2 libdrm libelf libgcrypt libglvnd libidn libindicator-gtk2 libjpeg libmikmod libnotify libogg libpng libpng12 libpulseaudio librsvg libsamplerate libtheora libtiff libudev0-shim libunwind libusb1 libuuid libva libvdpau libvorbis libvpx libxkbcommon libxml2 mesa nspr nss openssl pango pipewire pixman speex stdenv.cc.cc systemd tbb vulkan-loader xorg.libICE xorg.libSM xorg.libX11 xorg.libXScrnSaver xorg.libXcomposite xorg.libXcursor xorg.libXdamage xorg.libXext xorg.libXfixes xorg.libXft xorg.libXi xorg.libXinerama xorg.libXmu xorg.libXrandr xorg.libXrender xorg.libXt xorg.libXtst xorg.libXxf86vm xorg.libxcb xorg.libxshmfence zlib ]; }; } - Impermanence
This is where the impermanence magic happens. When this is enabled, the root directory is rolled back to a blanket state on each reboot.
Normally, doing that also resets the lecture that happens on the first use of
sudo, so we disable that at this point. Also, here we can set files to be persisted. Do note that you should still pay attention to files that need sudo access, as these need to be copied manually.{ config, lib, ... }: { security.sudo.extraConfig = lib.mkIf config.swarselsystems.impermanence '' # rollback results in sudo lectures after each reboot Defaults lecture = never ''; # This script does the actual wipe of the system # So if it doesn't run, the btrfs system effectively acts like a normal system # Taken from https://github.com/NotAShelf/nyx/blob/2a8273ed3f11a4b4ca027a68405d9eb35eba567b/modules/core/common/system/impermanence/default.nix boot.initrd.systemd.enable = true; boot.initrd.systemd.services.rollback = lib.mkIf config.swarselsystems.impermanence { description = "Rollback BTRFS root subvolume to a pristine state"; wantedBy = [ "initrd.target" ]; # make sure it's done after encryption # i.e. LUKS/TPM process after = [ "systemd-cryptsetup@enc.service" ]; # mount the root fs before clearing before = [ "sysroot.mount" ]; unitConfig.DefaultDependencies = "no"; serviceConfig.Type = "oneshot"; script = '' mkdir -p /mnt # We first mount the btrfs root to /mnt # so we can manipulate btrfs subvolumes. mount -o subvol=/ /dev/mapper/cryptroot /mnt btrfs subvolume list -o /mnt/root # While we're tempted to just delete /root and create # a new snapshot from /root-blank, /root is already # populated at this point with a number of subvolumes, # which makes `btrfs subvolume delete` fail. # So, we remove them first. # # /root contains subvolumes: # - /root/var/lib/portables # - /root/var/lib/machines btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do echo "deleting /$subvolume subvolume..." # btrfs subvolume delete "/mnt/$subvolume" done && echo "deleting /root subvolume..." && # btrfs subvolume delete /mnt/root echo "restoring blank /root subvolume..." # btrfs subvolume snapshot /mnt/root-blank /mnt/root # Once we're done rolling back to a blank snapshot, # we can unmount /mnt and continue on the boot process. umount /mnt ''; }; environment.persistence."/persist" = lib.mkIf config.swarselsystems.impermanence { hideMounts = true; directories = [ "/.cache/nix" "/srv" "/etc/nixos" "/etc/nix" "/home/swarsel/.dotfiles" "/etc/NetworkManager/system-connections" "/etc/secureboot" "/var/db/sudo" "/var/cache" "/var/lib" ]; files = [ # ssh stuff /* "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" */ ]; }; } - Summary of nixos-rebuild diff
This snipped is added to the activation script that is run after every rebuild and shows what packages have been added and removed. This is actually not the optimal place to add that snipped, but the correct spot is in some perl file that I have not had the leisure to take a look at yet.
{ pkgs, ... }: { system.activationScripts.diff = { supportsDryActivation = true; text = '' ${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff \ /run/current-system "$systemConfig" ''; }; } - gnome-keyring
Used for storing sessions in e.g. Nextcloud. Using this on a system level keeps the login information when logging out of the session as well.
_: { services.gnome.gnome-keyring = { enable = true; }; programs.seahorse.enable = true; } - Sway
This is used to better integrate Sway into the system on NixOS hosts. On the home-manager side, the
packageattribute will benullfor such an host, using the systems derivation instead.{ pkgs, ... }: { programs.sway = { enable = true; package = pkgs.swayfx; wrapperFeatures = { base = true; gtk = true; }; extraSessionCommands = '' export XDG_SESSION_DESKTOP=sway export SDL_VIDEODRIVER=wayland export QT_QPA_PLATFORM=wayland-egl export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 export MOZ_ENABLE_WAYLAND=1 export MOZ_DISABLE_RDD_SANDBOX=1 ''; }; } - xdg-portal
This allows me to use screen sharing on Wayland. The implementation is a bit crude and only the whole screen can be shared. However, most of the time that is all I need to do anyways.
{ pkgs, ... }: { xdg.portal = { enable = true; config = { common = { default = "wlr"; }; }; wlr.enable = true; wlr.settings.screencast = { output_name = "eDP-1"; chooser_type = "simple"; chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; }; }; } - safeeyes
A friend of mine used this service and I used to make fun of him. But I have to admit this is actually a nice program. It forces you to look away from the screen from time to time, reducing eye strain.
_: { services.safeeyes.enable = true; }
3.3.2. Optional
These sets of configuration do not need to be deployed on every host, for a multitude of reasons.
- The gaming set is not needed on weak machines, and also not on my work machine.
- The VirtualBox package takes forever to build, and I do not need virtual machines on every host.
- There are some hosts that I do not want to autologin to.
nswitch-rcmis a tool I wrote for easy payload flashing of a Nintendo Switch in RCM mode. However, that is not needed on every machine.- The work profile is only used on my work laptop.
- gaming
This opens a few gaming ports and installs the steam configuration suite for gaming. There are more options in Gaming (home-manager side).
{ pkgs, ... }: { networking = { firewall = { allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma; allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPortRanges = [ { from = 27015; to = 27030; } # barotrauma { from = 27036; to = 27037; } # barotrauma ]; allowedUDPPortRanges = [ { from = 27000; to = 27031; } # barotrauma { from = 58962; to = 58964; } # barotrauma ]; }; }; programs.steam = { enable = true; extraCompatPackages = [ pkgs.proton-ge-bin ]; }; hardware.xone.enable = true; environment.systemPackages = [ linuxKernel.packages.linux_6_10.xone ]; } - VirtualBox
This sets the VirtualBox configuration. Guest should not be enabled if not direly needed, it will make rebuilds unbearably slow.
_: { virtualisation.virtualbox = { host = { enable = true; enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; }; }; } - Auto-login
Auto login for the initial session.
_: { services = { getty.autologinUser = "swarsel"; greetd.settings.initial_session.user = "swarsel"; }; } - nswitch-rcm
This smashes Atmosphere 1.3.2 on the switch, which is what I am currenty using.
{ pkgs, ... }: { services.nswitch-rcm = { enable = true; package = pkgs.fetchurl { url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; }; }; } - work
Integrates 1password mostly. There are more options at Work (home-manager side).
{ pkgs, ... }: { # boot.initrd.luks.yubikeySupport = true; programs._1password.enable = true; programs._1password-gui = { enable = true; polkitPolicyOwners = [ "swarsel" ]; }; virtualisation.docker.enable = true; environment.systemPackages = with pkgs; [ python39 docker ]; specialisation = { cgroup_v1.configuration = { boot.kernelParams = [ "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" "systemd.unified_cgroup_hierarchy=0" ]; }; }; }
3.4. Home-manager
The general structure is the same as in the NixOS section.
3.4.1. Common
- Imports
This section sets up all the imports that are used in the home-manager section. Again, we adapt
nixto our needs, enable the home-manager command for non-NixOS machines (NixOS machines are using it as a module) and setting user information that I always keep the same.{ lib, pkgs, config, ... }: { imports = [ ./packages.nix ./custom-packages.nix ./sops.nix ./ssh.nix ./stylix.nix ./desktop.nix ./symlink.nix ./env.nix ./programs.nix ./nix-index.nix ./password-store.nix ./direnv.nix ./eza.nix ./git.nix ./fuzzel.nix ./starship.nix ./kitty.nix ./zsh.nix ./mail.nix ./emacs.nix ./waybar.nix ./firefox.nix ./gnome-keyring.nix ./kdeconnect.nix ./mako.nix ./sway.nix ./gpg-agent.nix ./gammastep.nix # ./safeeyes.nix ./yubikey-touch-detector.nix ]; nix = { package = lib.mkDefault pkgs.nix; settings = { experimental-features = [ "nix-command" "flakes" "ca-derivations" ]; }; }; programs.home-manager.enable = lib.mkIf (!config.swarselsystems.isNixos) true; home = { username = lib.mkDefault "swarsel"; homeDirectory = lib.mkDefault "/home/${config.home.username}"; stateVersion = lib.mkDefault "23.05"; keyboard.layout = "us"; sessionVariables = { FLAKE = "$HOME/.dotfiles"; }; }; } - Installed packages
Here are defined some packages that I would like to use across all my machines. Most of these should not require further setup. Notably the cura package is severely outdated on nixpkgs, so I just fetch a more recent AppImage and run that instead.
Also, I define some useful shell scripts here.
Programming languages and default lsp's are defined here: System Packages
- Packaged
This holds packages that I can use as provided, or with small modifications (as in the
texlivepackage that needs special configuration).{ pkgs, ... }: { home.packages = with pkgs; [ # audio stuff spek # spectrum analyzer losslessaudiochecker ffmpeg_7-full flac mediainfo picard-tools audacity sox google-chrome # printing cups simple-scan # dict (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) # utilities util-linux nmap lsof nvd # nix alejandra nixpkgs-fmt deadnix statix nix-tree # local file sharing wormhole-rs # b2 backup @backblaze restic # "big" programs gimp inkscape zoom-us # nomacs libreoffice-qt xournalpp obsidian spotify vesktop # discord client stable.nextcloud-client spotify-player element-desktop-wayland nicotine-plus stable.transmission mktorrent hexchat hugo # kyria qmk qmk-udev-rules # firefox related tridactyl-native # mako related mako libnotify # general utilities unrar samba cifs-utils zbar # qr codes readline autotiling brightnessctl libappindicator-gtk3 sqlite speechd networkmanagerapplet psmisc # kill etc lm_sensors # jq # used for searching the i3 tree in check<xxx>.sh files # specifically needed for anki # mpv anki-bin # dirvish file previews fd imagemagick poppler ffmpegthumbnailer mediainfo gnutar unzip #nautilus nautilus xfce.tumbler libgsf # wayland stuff wtype wl-clipboard wl-mirror # screenshotting tools grim slurp # the following packages are used (in some way) by waybar playerctl pavucontrol pamixer # gnome.gnome-clocks # wlogout # jdiskreport # monitor #keychain qalculate-gtk gcr # needed for gnome-secrets to work seahorse # sops-related sops ssh-to-age # mail related packages mu # latex and related packages (texlive.combine { inherit (pkgs.texlive) scheme-full dvisvgm dvipng# for preview and export as html wrapfig amsmath ulem hyperref capt-of; }) # font stuff nerdfonts # has overrides noto-fonts-emoji font-awesome_5 noto-fonts noto-fonts-cjk-sans ]; } - Self-defined
This is just a separate container for derivations defined in Packages. This is a good idea so that I do not lose track of package names I have defined myself, as this was once a problem in the past already.
{ pkgs, ... }: { home.packages = with pkgs; [ pass-fuzzel cura5 cdw cdb bak timer e swarselcheck waybarupdate opacitytoggle fs-diff update-checker github-notifications (pkgs.writeScriptBin "project" '' #! ${pkgs.bash}/bin/bash if [ "$1" == "rust" ]; then cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix cp ~/.dotfiles/templates/toolchain.toml . elif [ "$1" == "cpp" ]; then cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix elif [ "$1" == "python" ]; then cp ~/.dotfiles/templates/py_flake.nix ./flake.nix elif [ "$1" == "cuda" ]; then cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix elif [ "$1" == "other" ]; then cp ~/.dotfiles/templates/other_flake.nix ./flake.nix elif [ "$1" == "latex" ]; then if [ "$2" == "" ]; then echo "No filename specified, usage: 'project latex <NAME>'" exit 0 fi cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex exit 0 else echo "No valid argument given. Valid arguments are rust cpp python, cuda" exit 0 fi echo "use flake" >> .envrc direnv allow '') ]; }
- Packaged
- sops
I use sops-nix to handle secrets that I want to have available on my machines at all times. Procedure to add a new machine:
- `ssh-keygen -t ed25519 -C "NAME sops"` in .ssh directory (or wherever) - name e.g. "sops"
- cat ~/.ssh/sops.pub | ssh-to-age | wl-copy
- add the output to .sops.yaml
- cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub
update entry for sops.age.sshKeyPaths
Since we are using the home-manager implementation here, we need to specify the runtime path.
{ config, lib, ... }: let mkIfElse = p: yes: no: lib.mkMerge [ (lib.mkIf p yes) (lib.mkIf (!p) no) ]; in { sops = { age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; secrets = { mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; nautilus = { path = "/run/user/1000/secrets/nautilus"; }; leon = { path = "/run/user/1000/secrets/leon"; }; swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; github_notif = { path = "/run/user/1000/secrets/github_notif"; }; caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; }; }; } - SSH Machines
It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
_: { programs.ssh = { enable = true; forwardAgent = true; extraConfig = '' SetEnv TERM=xterm-256color ''; matchBlocks = { "nginx" = { hostname = "192.168.1.14"; user = "root"; }; "jellyfin" = { hostname = "192.168.1.16"; user = "root"; }; "pfsense" = { hostname = "192.168.1.1"; user = "root"; }; "proxmox" = { hostname = "192.168.1.2"; user = "root"; }; "transmission" = { hostname = "192.168.1.6"; user = "root"; }; "fetcher" = { hostname = "192.168.1.7"; user = "root"; }; "omv" = { hostname = "192.168.1.3"; user = "root"; }; "webbot" = { hostname = "192.168.1.11"; user = "root"; }; "nextcloud" = { hostname = "192.168.1.5"; user = "root"; }; "sound" = { hostname = "192.168.1.13"; user = "root"; }; "spotify" = { hostname = "192.168.1.17"; user = "root"; }; "wordpress" = { hostname = "192.168.1.9"; user = "root"; }; "turn" = { hostname = "192.168.1.18"; user = "root"; }; "hugo" = { hostname = "192.168.1.19"; user = "root"; }; "matrix" = { hostname = "192.168.1.23"; user = "root"; }; "scroll" = { hostname = "192.168.1.22"; user = "root"; }; "minecraft" = { hostname = "130.61.119.129"; user = "opc"; }; "sync" = { hostname = "193.122.53.173"; user = "root"; #this is a oracle vm server but needs root due to nixos-infect }; "songdiver" = { hostname = "89.168.100.65"; user = "ubuntu"; }; "pkv" = { hostname = "46.232.248.161"; user = "root"; }; "efficient" = { hostname = "g0.complang.tuwien.ac.at"; forwardAgent = true; user = "ep01427399"; }; }; }; } - Theme (stylix)
These section allows home-manager to allow theme settings, and handles some other appearance-related settings like cursor styles. Interestingly, system icons (adwaita) still need to be setup on system-level, and will break if defined here.
This section has been notably empty ever since switching to stylix. Only Emacs is not allowed to be styled by it, because it becomes more ugly compared to my handcrafted setup.
themeis defined in Theme (stylix).{ lib, config, pkgs, ... }: { stylix = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; base16Scheme = ../../../wallpaper/swarsel.yaml; # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml"; polarity = "dark"; opacity.popups = 0.5; cursor = { package = pkgs.capitaine-cursors; name = "capitaine-cursors"; size = 16; }; fonts = { sizes = { terminal = 10; applications = 11; }; serif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; # package = pkgs.montserrat; name = "Cantarell"; # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; sansSerif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; # package = pkgs.montserrat; name = "Cantarell"; # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; monospace = { package = pkgs.nerdfonts; # has overrides name = "FiraCode Nerd Font Mono"; }; emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; image = config.swarselsystems.wallpaper; targets = { emacs.enable = false; waybar.enable = false; }; }; } - Desktop Entries
Some programs lack a dmenu launcher - I define them myself here.
TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the programs prefixed with "nixGL". I need to figure out how to automate this process, as it is not feasible to write desktop entries for all programs installed on that machine.
_: { xdg.desktopEntries = { cura = { name = "Ultimaker Cura"; genericName = "Cura"; exec = "cura"; terminal = false; categories = [ "Application" ]; }; anki = { name = "Anki Flashcards"; genericName = "Anki"; exec = "anki"; terminal = false; categories = [ "Application" ]; }; element = { name = "Element Matrix Client"; genericName = "Element"; exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; terminal = false; categories = [ "Application" ]; }; emacsclient-newframe = { name = "Emacs (Client, New Frame)"; genericName = "Emacs (Client, New Frame)"; exec = "emacsclient -r %u"; icon = "emacs"; terminal = false; categories = [ "Development" "TextEditor" ]; }; }; } - Linking dotfiles
This section should be used in order to symlink already existing configuration files using `home.file` and setting session variables using `home.sessionVariables`.
As for the `home.sessionVariables`, it should be noted that environment variables that are needed at system start should NOT be loaded here, but instead in `programs.zsh.config.extraSessionCommands` (in the home-manager programs section). This is also where all the wayland related variables are stored.
_: { home.file = { "init.el" = { source = ../../../programs/emacs/init.el; target = ".emacs.d/init.el"; }; "early-init.el" = { source = ../../../programs/emacs/early-init.el; target = ".emacs.d/early-init.el"; }; # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually ".aspell.conf" = { source = ../../../programs/config/.aspell.conf; target = ".aspell.conf"; }; ".gitmessage" = { source = ../../../programs/git/.gitmessage; target = ".gitmessage"; }; "swayidle/config" = { source = ../../../programs/swayidle/config; target = ".config/swayidle/config"; }; };Also, we link some files to the users XDG configuration home:
xdg.configFile = { "tridactyl/tridactylrc".source = ../../../programs/firefox/tridactyl/tridactylrc; "tridactyl/themes/base16-codeschool.css".source = ../../../programs/firefox/tridactyl/themes/base16-codeschool.css; }; } - Sourcing environment variables
Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the Sway section.
_: { home.sessionVariables = { EDITOR = "e -w"; }; } - General Programs: bottom, imv, sioyek, bat, carapace, wlogout, swayr, yt-dlp, mpv, jq, nix-index, ripgrep, pandoc, fzf
This section is for programs that require no further configuration. zsh Integration is enabled by default for these.
_: { programs = { bottom.enable = true; imv.enable = true; sioyek.enable = true; bat.enable = true; carapace.enable = true; wlogout.enable = true; swayr.enable = true; yt-dlp.enable = true; mpv.enable = true; jq.enable = true; ripgrep.enable = true; pandoc.enable = true; fzf.enable = true; zoxide.enable = true; }; } - nix-index
nix-index provides a way to find out which packages are provided by which derivations. By default it also comes with a replacement for
command-not-found.sh, however, the implementation is based on a channel based setup. I like consistency, so I replace the command with one that provides a flakes-based output.{ pkgs, ... }: { programs.nix-index = let commandNotFound = pkgs.runCommandLocal "command-not-found.sh" { } '' mkdir -p $out/etc/profile.d substitute ${../../../scripts/command-not-found.sh} \ $out/etc/profile.d/command-not-found.sh \ --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ --replace @tput@ ${pkgs.ncurses}/bin/tput ''; in { enable = true; package = pkgs.symlinkJoin { name = "nix-index"; paths = [ commandNotFound ]; }; }; } - password-store
Enables password store with the
pass-otpextension which allows me to store and generate one-time-passwords.{ pkgs, ... }: { programs.password-store = { enable = true; settings = { PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; }; package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; } - direnv
Enables direnv, which I use for nearly all of my nix dev flakes.
_: { programs.direnv = { enable = true; nix-direnv.enable = true; }; } - eza
Eza provides me with a better
lscommand and some other useful aliases._: { programs.eza = { enable = true; icons = true; git = true; extraOptions = [ "-l" "--group-directories-first" ]; }; } - git
Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using Magit) as well as a git template defined in Linking dotfiles.
{ lib, ... }: { programs.git = { enable = true; aliases = { a = "add"; c = "commit"; cl = "clone"; co = "checkout"; b = "branch"; i = "init"; m = "merge"; s = "status"; r = "restore"; p = "pull"; pp = "push"; }; signing = { key = "0x76FD3810215AE097"; signByDefault = true; }; userEmail = lib.mkDefault "leon.schwarzaeugl@gmail.com"; userName = "Leon Schwarzäugl"; difftastic.enable = true; lfs.enable = true; includes = [ { contents = { github = { user = "Swarsel"; }; commit = { template = "~/.gitmessage"; }; }; } ]; }; } - Fuzzel
Here I only need to set basic layout options - the rest is being managed by stylix.
_: { programs.fuzzel = { enable = true; settings = { main = { layer = "overlay"; lines = "10"; width = "40"; }; border.radius = "0"; }; }; } - Starship
Starship makes my
zshlook cooler! I have symbols for most programming languages and toolchains, also I build my own powerline._: { programs.starship = { enable = true; enableZshIntegration = true; settings = { add_newline = false; format = "$character"; right_format = "$all"; command_timeout = 3000; directory.substitutions = { "Documents" = " "; "Downloads" = " "; "Music" = " "; "Pictures" = " "; }; git_status = { style = "bg:#394260"; format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; }; character = { success_symbol = "[λ](bold green)"; error_symbol = "[λ](bold red)"; }; aws.symbol = " "; buf.symbol = " "; c.symbol = " "; conda.symbol = " "; dart.symbol = " "; directory.read_only = " "; docker_context.symbol = " "; elixir.symbol = " "; elm.symbol = " "; fossil_branch.symbol = " "; git_branch.symbol = " "; golang.symbol = " "; guix_shell.symbol = " "; haskell.symbol = " "; haxe.symbol = " "; hg_branch.symbol = " "; hostname.ssh_symbol = " "; java.symbol = " "; julia.symbol = " "; lua.symbol = " "; memory_usage.symbol = " "; meson.symbol = " "; nim.symbol = " "; nix_shell.symbol = " "; nodejs.symbol = " "; os.symbols = { Alpaquita = " "; Alpine = " "; Amazon = " "; Android = " "; Arch = " "; Artix = " "; CentOS = " "; Debian = " "; DragonFly = " "; Emscripten = " "; EndeavourOS = " "; Fedora = " "; FreeBSD = " "; Garuda = " "; Gentoo = " "; HardenedBSD = " "; Illumos = " "; Linux = " "; Mabox = " "; Macos = " "; Manjaro = " "; Mariner = " "; MidnightBSD = " "; Mint = " "; NetBSD = " "; NixOS = " "; OpenBSD = " "; openSUSE = " "; OracleLinux = " "; Pop = " "; Raspbian = " "; Redhat = " "; RedHatEnterprise = " "; Redox = " "; Solus = " "; SUSE = " "; Ubuntu = " "; Unknown = " "; Windows = " "; }; package.symbol = " "; pijul_channel.symbol = " "; python.symbol = " "; rlang.symbol = " "; ruby.symbol = " "; rust.symbol = " "; scala.symbol = " "; }; }; } - Kitty
Kitty is the terminal emulator of choice for me, it is nice to configure using nix, fast, and has a nice style.
The theme is handled by stylix.
_: { programs.kitty = { enable = true; keybindings = { "ctrl+shift+left" = "no_op"; "ctrl+shift+right" = "no_op"; "ctrl+shift+home" = "no_op"; "ctrl+shift+end" = "no_op"; }; }; } - zsh
zsh is the most convenient shell for me and it happens to be super neat to configure within home manager.
Here we set some aliases (some of them should be shellApplications instead) as well as some zsh plugins like
fzf-tab.{ pkgs, ... }: { programs.zsh = { enable = true; shellAliases = { hg = "history | grep"; hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch-stay = "cd ~/.dotfiles; git restore flake.lock; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; edithome = "e -w ~/.dotfiles/SwarselSystems.org"; magit = "emacsclient -nc -e \"(magit-status)\""; config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; g = "git"; c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; passpull = "cd ~/.local/share/password-store; git pull; cd -;"; hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; cd = "z"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd"; fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff"; }; autosuggestion.enable = true; enableCompletion = true; syntaxHighlighting.enable = true; autocd = false; cdpath = [ "~/.dotfiles" # "~/Documents/GitHub" ]; defaultKeymap = "emacs"; dirHashes = { dl = "$HOME/Downloads"; gh = "$HOME/Documents/GitHub"; }; history = { expireDuplicatesFirst = true; path = "$HOME/.histfile"; save = 10000; size = 10000; }; historySubstringSearch.enable = true; plugins = [ { name = "fzf-tab"; src = pkgs.zsh-fzf-tab; } ]; initExtra = '' bindkey "^[[1;5D" backward-word bindkey "^[[1;5C" forward-word ''; }; } - Mail
Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here.
{ config, ... }: { programs.mbsync = { enable = true; }; services.mbsync = { enable = true; }; # this is needed so that mbsync can use the passwords from sops systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; programs.msmtp = { enable = true; }; programs.mu = { enable = true; }; accounts.email = { maildirBasePath = "Mail"; accounts.leon = { primary = true; address = "leon.schwarzaeugl@gmail.com"; userName = "leon.schwarzaeugl@gmail.com"; realName = "Leon Schwarzäugl"; passwordCommand = "cat ${config.sops.secrets.leon.path}"; # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg"; gpg = { key = "0x76FD3810215AE097"; signByDefault = true; }; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; mu.enable = true; msmtp = { enable = true; }; mbsync = { enable = true; create = "maildir"; expunge = "both"; patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; }; account = { Timeout = 120; PipelineDepth = 1; }; }; }; }; accounts.swarsel = { address = "leon@swarsel.win"; userName = "8227dc594dd515ce232eda1471cb9a19"; realName = "Leon Schwarzäugl"; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; smtp = { host = "in-v3.mailjet.com"; port = 587; tls = { enable = true; useStartTls = true; }; }; mu.enable = false; msmtp = { enable = true; }; mbsync = { enable = false; }; }; accounts.nautilus = { primary = false; address = "nautilus.dw@gmail.com"; userName = "nautilus.dw@gmail.com"; realName = "Nautilus"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; mu.enable = true; mbsync = { enable = true; create = "maildir"; expunge = "both"; patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; }; account = { Timeout = 120; PipelineDepth = 1; }; }; }; }; accounts.mrswarsel = { primary = false; address = "mrswarsel@gmail.com"; userName = "mrswarsel@gmail.com"; realName = "Swarsel"; # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; imap.host = "imap.gmail.com"; smtp.host = "smtp.gmail.com"; msmtp.enable = true; mu.enable = true; mbsync = { enable = true; create = "maildir"; expunge = "both"; patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; }; account = { Timeout = 120; PipelineDepth = 1; }; }; }; }; }; } - Home-manager: Emacs
By using the emacs-overlay NixOS module, I can install all Emacs packages that I want to use right through NixOS. This is done by passing my
init.elfile to the configuration which will then be parsed upon system rebuild, looking foruse-packagesections in the Elisp code. Also I define here the style of Emacs that I want to run - I am going with native Wayland Emacs here (emacs-pgtk). All of the nice options such astree-sittersupport are enabled by default, so I do not need to adjust the build process.Lastly, I am defining some more packages here that the parser has problems finding. Also there are some packages that are not in ELPA or MELPA that I still want to use, like
calfwandfast-scroll, so I build them here.{ pkgs, ... }: { # enable emacs overlay for bleeding edge features # also read init.el file and install use-package packages programs.emacs = { enable = true; package = pkgs.emacsWithPackagesFromUsePackage { config = ../../../programs/emacs/init.el; package = pkgs.emacs-pgtk; alwaysEnsure = true; alwaysTangle = true; extraEmacsPackages = epkgs: [ epkgs.mu4e epkgs.use-package # epkgs.lsp-bridge epkgs.doom-themes # build the rest of the packages myself # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup # build the package from the haji-ali fork, which is well-maintained (epkgs.trivialBuild rec { pname = "calfw"; version = "1.0.0-20231002"; src = pkgs.fetchFromGitHub { owner = "haji-ali"; repo = "emacs-calfw"; rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; }; packageRequires = [ epkgs.howm ]; }) (epkgs.trivialBuild rec { pname = "fast-scroll"; version = "1.0.0-20191016"; src = pkgs.fetchFromGitHub { owner = "ahungry"; repo = "fast-scroll"; rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; }; packageRequires = [ ]; }) ]; }; }; services.emacs = { enable = true; # socketActivation.enable = false; # startWithUserSession = "graphical"; }; } - Waybar
Again I am just using the first bar option here that I was able to find good understandable documentation for. Of note is that the `cpu` section's `format` is not defined here, but in section 1 (since not every machine has the same number of cores)
The rest of the related configuration is found here:
{ config, lib, pkgs, ... }: { programs.waybar = { enable = true; systemd = { enable = true; target = "sway-sessions.target"; }; settings = { mainBar = { layer = "top"; position = "top"; modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; modules-center = [ "sway/mode" "privacy" "custom/github" "custom/configwarn" "custom/nix-updates" ]; "sway/mode" = { format = "<span style=\"italic\" font-weight=\"bold\">{}</span>"; }; modules-right = config.swarselsystems.waybarModules; "custom/pseudobat" = lib.mkIf (!config.swarselsystems.isLaptop) { format = ""; on-click-right = "wlogout -p layer-shell"; }; "custom/configwarn" = { exec = "waybarupdate"; interval = 60; }; "custom/scratchpad-indicator" = { interval = 3; exec = "swaymsg -t get_tree | jq 'recurse(.nodes[]) | first(select(.name==\"__i3_scratch\")) | .floating_nodes | length | select(. >= 1)'"; format = "{} "; on-click = "swaymsg 'scratchpad show'"; on-click-right = "swaymsg 'move scratchpad'"; }; "custom/github" = { format = "{} "; return-type = "json"; interval = 60; exec = "github-notifications"; on-click = "xdg-open https://github.com/notifications"; }; "custom/nix-updates" = { exec = "update-checker"; on-click = "update-checker && notify-send 'The system has been updated'"; interval = "once"; tooltip = true; return-type = "json"; format = "{} {icon}"; format-icon = { "has-updates" = ""; "updated" = " "; }; }; idle_inhibitor = { format = "{icon}"; format-icons = { activated = ""; deactivated = ""; }; }; "group/hardware" = { orientation = "inherit"; drawer = { "transition-left-to-right" = false; }; modules = [ "tray" "temperature" "power-profiles-daemon" "custom/left-arrow-light" "custom/left-arrow-dark" "custom/scratchpad-indicator" "custom/left-arrow-light" "disk" "custom/left-arrow-dark" "memory" "custom/left-arrow-light" "cpu" "custom/left-arrow-dark" "backlight/slider" "idle_inhibitor" ]; }; "backlight/slider" = { min = 0; max = 100; orientation = "horizontal"; device = "intel_backlight"; }; power-profiles-daemon = { format = "{icon}"; tooltip-format = "Power profile: {profile}\nDriver: {driver}"; tooltip = true; format-icons = { "default" = ""; "performance" = ""; "balanced" = ""; "power-saver" = ""; }; }; temperature = { hwmon-path = lib.mkIf (!config.swarselsystems.temperatureHwmon.isAbsolutePath) config.swarselsystems.temperatureHwmon.path; hwmon-path-abs = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.path; input-filename = lib.mkIf config.swarselsystems.temperatureHwmon.isAbsolutePath config.swarselsystems.temperatureHwmon.input-filename; critical-threshold = 80; format-critical = " {temperatureC}°C"; format = " {temperatureC}°C"; }; mpris = { format = "{player_icon} {title} <small>[{position}/{length}]</small>"; format-paused = "{player_icon} <i>{title} <small>[{position}/{length}]</small></i>"; player-icons = { "default" = "▶ "; "mpv" = "🎵 "; "spotify" = " "; }; status-icons = { "paused" = " "; }; interval = 1; title-len = 20; artist-len = 20; album-len = 10; }; "custom/left-arrow-dark" = { format = ""; tooltip = false; }; "custom/outer-left-arrow-dark" = { format = ""; tooltip = false; }; "custom/left-arrow-light" = { format = ""; tooltip = false; }; "custom/right-arrow-dark" = { format = ""; tooltip = false; }; "custom/outer-right-arrow-dark" = { format = ""; tooltip = false; }; "custom/right-arrow-light" = { format = ""; tooltip = false; }; "sway/workspaces" = { disable-scroll = true; format = "{name}"; }; "clock#1" = { min-length = 8; interval = 1; format = "{:%H:%M:%S}"; # on-click-right= "gnome-clocks"; tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; }; "clock#2" = { format = "{:%d. %B %Y}"; # on-click-right= "gnome-clocks"; tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; }; pulseaudio = { format = "{icon} {volume:2}%"; format-bluetooth = "{icon} {volume}%"; format-muted = "MUTE"; format-icons = { headphones = ""; default = [ "" "" ]; }; scroll-step = 1; on-click = "pamixer -t"; on-click-right = "pavucontrol"; }; memory = { interval = 5; format = " {}%"; tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; }; cpu = { format = config.swarselsystems.cpuString; min-length = 6; interval = 5; format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; # on-click-right= "com.github.stsdc.monitor"; on-click-right = "kitty -o confirm_os_window_close=0 btm"; }; "custom/vpn" = { format = "()"; exec = "echo '{\"class\": \"connected\"}'"; exec-if = "test -d /proc/sys/net/ipv4/conf/tun0"; return-type = "json"; interval = 5; }; battery = { states = { "warning" = 60; "error" = 30; "critical" = 15; }; interval = 5; format = "{icon} {capacity}%"; format-charging = "{capacity}% "; format-plugged = "{capacity}% "; format-icons = [ "" "" "" "" "" ]; on-click-right = "wlogout -p layer-shell"; }; disk = { interval = 30; format = "Disk {percentage_used:2}%"; path = "/"; states = { "warning" = 80; "critical" = 90; }; tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; }; tray = { icon-size = 20; }; network = { interval = 5; format-wifi = "{signalStrength}% "; format-ethernet = ""; format-linked = "{ifname} (No IP) "; format-disconnected = "Disconnected ⚠"; format-alt = "{ifname}: {ipaddr}/{cidr}"; tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; }; }; }; style = builtins.readFile ../../../programs/waybar/style.css; }; } - Firefox
Setting up firefox along with some policies that are important to me (mostly disabling telemetry related stuff as well as Pocket). I also enable some integrations that enable super useful packages, namely
tridactylandbrowserpass.Also, using NUR with rycee's firefox addons, it is very convenient for me to add firefox addons here that will be automatically installed.
Also, I setup some search aliases for functions I often use, such as NixOS options search (
@no)I used to build the firefox addon
bypass-paywalls-cleanmyself here, but the maintainer always deletes old packages, and it became a chore for me to maintain here, so I no longer do that.{ pkgs, ... }: { programs.firefox = { enable = true; package = pkgs.firefox; # uses overrides policies = { CaptivePortal = false; DisableFirefoxStudies = true; DisablePocket = true; DisableTelemetry = true; DisableFirefoxAccounts = false; NoDefaultBookmarks = true; OfferToSaveLogins = false; OfferToSaveLoginsDefault = false; EnableTrackingProtection = true; }; profiles.default = { id = 0; isDefault = true; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ tridactyl browserpass clearurls darkreader enhancer-for-youtube istilldontcareaboutcookies translate-web-pages ublock-origin reddit-enhancement-suite sponsorblock web-archives single-file widegithub enhanced-github unpaywall don-t-fuck-with-paste plasma-integration ]; search.engines = { "Nix Packages" = { urls = [{ template = "https://search.nixos.org/packages"; params = [ { name = "type"; value = "packages"; } { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@np" ]; }; "NixOS Wiki" = { urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; iconUpdateURL = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@nw" ]; }; "NixOS Options" = { urls = [{ template = "https://search.nixos.org/options"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@no" ]; }; "Home Manager Options" = { urls = [{ template = "https://home-manager-options.extranix.com/"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@hm" "@ho" "@hmo" ]; }; "Google".metaData.alias = "@g"; }; search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; }; } - Services
Services that can be defined through home-manager should be defined here.
- gnome-keyring
Used for storing sessions in e.g. Nextcloud
{ lib, config, ... }: { services.gnome-keyring = lib.mkIf (!config.swarselsystems.isNixos) { enable = true; }; } - KDE Connect
This enables phone/computer communication, including sending clipboard, files etc. Sadly on Wayland many of the features are broken (like remote control).
_: { services.kdeconnect = { enable = true; indicator = true; }; } - Mako
Desktop notifications!
The `extraConfig` section here CANNOT be reindented. This has something to do with how nix handles multiline strings, when indented Mako will fail to start. This might be a mako bug as well.
_: { services.mako = { enable = true; # backgroundColor = "#2e3440"; # borderColor = "#88c0d0"; borderRadius = 15; borderSize = 1; defaultTimeout = 5000; height = 150; icons = true; ignoreTimeout = true; layer = "overlay"; maxIconSize = 64; sort = "-time"; width = 300; # font = "monospace 10"; extraConfig = '' [urgency=low] border-color=#cccccc [urgency=normal] border-color=#d08770 [urgency=high] border-color=#bf616a default-timeout=3000 [category=mpd] default-timeout=2000 group-by=category ''; }; } - yubikey-touch-detector
{ pkgs, ... }: { systemd.user.services.yubikey-touch-detector = { Unit = { Description = "Detects when your YubiKey is waiting for a touch"; Requires = [ "yubikey-touch-detector.socket" ]; }; Service = { ExecStart = "${pkgs.yubikey-touch-detector}/bin/yubikey-touch-detector --libnotify"; EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; }; Install = { Also = [ "yubikey-touch-detector.socket" ]; WantedBy = [ "default.target" ]; }; }; systemd.user.sockets.yubikey-touch-detector = { Unit = { Description = "Unix socket activation for YubiKey touch detector service"; }; Socket = { ListenStream = "%t/yubikey-touch-detector.socket"; RemoveOnStop = true; }; Install = { WantedBy = [ "sockets.target" ]; }; }; }
- gnome-keyring
- Sway
I am currently using SwayFX, which adds some nice effects to sway, like rounded corners and hiding the separator between title and content of a window.
Currently, I am too lazy to explain every option here, but most of it is very self-explaining in any case.
{ config, pkgs, lib, ... }: let inherit (config.swarselsystems) monitors; eachMonitor = _name: monitor: { inherit (monitor) name; value = builtins.removeAttrs monitor [ "workspace" "name" "output" ]; }; eachOutput = _name: monitor: { inherit (monitor) name; value = builtins.removeAttrs monitor [ "mode" "name" "scale" "transform" "position" ]; }; workplaceSets = lib.mapAttrs' eachOutput monitors; workplaceOutputs = map (key: lib.getAttr key workplaceSets) (lib.attrNames workplaceSets); in { wayland.windowManager.sway = { enable = true; checkConfig = false; # delete this line once SwayFX is fixed upstream package = lib.mkIf config.swarselsystems.isNixos null; systemd = { enable = true; xdgAutostart = true; }; wrapperFeatures.gtk = true; config = rec { modifier = "Mod4"; terminal = "kitty"; menu = "fuzzel"; bars = [{ command = "waybar"; }]; keybindings = let inherit (config.wayland.windowManager.sway.config) modifier; in lib.recursiveUpdate { "${modifier}+q" = "kill"; "${modifier}+f" = "exec firefox"; "${modifier}+Shift+f" = "exec swaymsg fullscreen"; "${modifier}+Space" = "exec fuzzel"; "${modifier}+Shift+Space" = "floating toggle"; "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; "${modifier}+m" = "exec swarselcheck -s"; "${modifier}+x" = "exec swarselcheck -k"; "${modifier}+d" = "exec swarselcheck -d"; "${modifier}+w" = "exec swarselcheck -e"; "${modifier}+Shift+t" = "exec opacitytoggle"; "${modifier}+Shift+F12" = "move scratchpad"; "${modifier}+F12" = "scratchpad show"; "${modifier}+c" = "exec qalculate-gtk"; "${modifier}+p" = "exec pass-fuzzel"; "${modifier}+o" = "exec pass-fuzzel --otp"; "${modifier}+Shift+p" = "exec pass-fuzzel --type"; "${modifier}+Shift+o" = "exec pass-fuzzel --otp --type"; "${modifier}+Escape" = "mode $exit"; "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; "${modifier}+1" = "workspace 1:一"; "${modifier}+Shift+1" = "move container to workspace 1:一"; "${modifier}+2" = "workspace 2:二"; "${modifier}+Shift+2" = "move container to workspace 2:二"; "${modifier}+3" = "workspace 3:三"; "${modifier}+Shift+3" = "move container to workspace 3:三"; "${modifier}+4" = "workspace 4:四"; "${modifier}+Shift+4" = "move container to workspace 4:四"; "${modifier}+5" = "workspace 5:五"; "${modifier}+Shift+5" = "move container to workspace 5:五"; "${modifier}+6" = "workspace 6:六"; "${modifier}+Shift+6" = "move container to workspace 6:六"; "${modifier}+7" = "workspace 7:七"; "${modifier}+Shift+7" = "move container to workspace 7:七"; "${modifier}+8" = "workspace 8:八"; "${modifier}+Shift+8" = "move container to workspace 8:八"; "${modifier}+9" = "workspace 9:九"; "${modifier}+Shift+9" = "move container to workspace 9:九"; "${modifier}+0" = "workspace 10:十"; "${modifier}+Shift+0" = "move container to workspace 10:十"; "${modifier}+Ctrl+m" = "workspace 11:M"; "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; "${modifier}+Ctrl+s" = "workspace 12:S"; "${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; "${modifier}+Left" = "focus left"; "${modifier}+Right" = "focus right"; "${modifier}+Down" = "focus down"; "${modifier}+Up" = "focus up"; "${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Right" = "move right 40px"; "${modifier}+Shift+Down" = "move down 40px"; "${modifier}+Shift+Up" = "move up 40px"; "${modifier}+h" = "focus left"; "${modifier}+l" = "focus right"; "${modifier}+j" = "focus down"; "${modifier}+k" = "focus up"; "${modifier}+Shift+h" = "move left 40px"; "${modifier}+Shift+l" = "move right 40px"; "${modifier}+Shift+j" = "move down 40px"; "${modifier}+Shift+k" = "move up 40px"; "${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; "${modifier}+r" = "mode resize"; "${modifier}+Return" = "exec kitty"; # "XF86AudioRaiseVolume" = "exec pa 5%"; "XF86AudioRaiseVolume" = "exec pamixer -i 5"; # "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; "XF86AudioLowerVolume" = "exec pamixer -d 5"; # "XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; "XF86AudioMute" = "exec pamixer -t"; "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; "XF86Display" = "exec wl-mirror eDP-1"; } config.swarselsystems.keybindings; modes = { resize = { Down = "resize grow height 10 px or 10 ppt"; Escape = "mode default"; Left = "resize shrink width 10 px or 10 ppt"; Return = "mode default"; Right = "resize grow width 10 px or 10 ppt"; Up = "resize shrink height 10 px or 10 ppt"; Tab = "move position center, resize set width 50 ppt height 50 ppt"; }; }; defaultWorkspace = "workspace 1:一"; output = lib.mapAttrs' eachMonitor monitors; input = config.swarselsystems.standardinputs; workspaceOutputAssign = workplaceOutputs; startup = config.swarselsystems.startup ++ [ { command = "kitty -T kittyterm"; } { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } ]; window = { border = 1; titlebar = false; }; assigns = { "1:一" = [{ app_id = "firefox"; }]; "10:十" = [{ app_id = "teams-for-linux"; }]; }; floating = { border = 1; criteria = [ { title = "^Picture-in-Picture$"; } { app_id = "qalculate-gtk"; } { app_id = "org.gnome.clocks"; } { app_id = "com.github.stsdc.monitor"; } { app_id = "blueman"; } { app_id = "pavucontrol"; } { app_id = "syncthingtray"; } { title = "Syncthing Tray"; } { app_id = "SchildiChat"; } { app_id = "Element"; } { app_id = "com.nextcloud.desktopclient.nextcloud"; } { app_id = "gnome-system-monitor"; } { title = "(?:Open|Save) (?:File|Folder|As)"; } { title = "^Add$"; } { title = "com-jgoodies-jdiskreport-JDiskReport"; } { app_id = "vesktop"; } { window_role = "pop-up"; } { window_role = "bubble"; } { window_role = "dialog"; } { window_role = "task_dialog"; } { window_role = "menu"; } { window_role = "Preferences"; } ]; titlebar = false; }; window = { commands = [ { command = "opacity 0.95"; criteria = { class = ".*"; }; } { command = "opacity 1"; criteria = { app_id = "Gimp-2.10"; }; } { command = "opacity 0.99"; criteria = { app_id = "firefox"; }; } { command = "sticky enable, shadows enable"; criteria = { title = "^Picture-in-Picture$"; }; } { command = "resize set width 60 ppt height 60 ppt, opacity 0.8, sticky enable, border normal, move container to scratchpad"; criteria = { title = "^kittyterm$"; }; } { command = "resize set width 60 ppt height 60 ppt, opacity 0.95, sticky enable, border normal, move container to scratchpad"; criteria = { title = "^spotifytui$"; }; } # { # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; # criteria = { # app_id="^$"; # class="^$"; # }; # } { command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; criteria = { class = "Spotify"; }; } { command = "resize set width 60 ppt height 60 ppt, sticky enable"; criteria = { app_id = "vesktop"; }; } { command = "resize set width 60 ppt height 60 ppt, sticky enable"; criteria = { class = "Element"; }; } { command = "resize set width 60 ppt height 60 ppt, sticky enable"; criteria = { app_id = "SchildiChat"; }; } ]; }; gaps = { inner = 5; }; }; extraSessionCommands = '' export SDL_VIDEODRIVER=wayland export QT_QPA_PLATFORM=wayland export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" export _JAVA_AWT_WM_NONREPARENTING=1 export XDG_CURRENT_DESKTOP=sway export XDG_SESSION_DESKTOP=sway export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; export ANKI_WAYLAND=1; export OBSIDIAN_USE_WAYLAND=1; ''; # extraConfigEarly = " # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK # "; extraConfig = let inherit (config.wayland.windowManager.sway.config) modifier; swayfxSettings = config.swarselsystems.swayfxConfig; in " exec_always autotiling set $exit \"exit: [s]leep, [l]ock, [p]oweroff, [r]eboot, [u]ser logout\" mode $exit { bindsym --to-code { s exec \"systemctl suspend\", mode \"default\" l exec \"swaylock --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2 --daemonize && systemctl suspend \", mode \"default \" p exec \"systemctl poweroff\" r exec \"systemctl reboot\" u exec \"swaymsg exit\" Return mode \"default\" Escape mode \"default\" ${modifier}+Escape mode \"default\" } } exec systemctl --user import-environment exec swayidle -w ${swayfxSettings} "; }; } - gpg-agent
Settinfs that are needed for the gpg-agent. Also we are enabling emacs support for unlocking my Yubikey here.
{ pkgs, ... }: { services.gpg-agent = { enable = true; enableSshSupport = true; enableExtraSocket = true; pinentryPackage = pkgs.pinentry.gtk2; defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' allow-loopback-pinentry allow-emacs-pinentry ''; }; } - gammastep
This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways.
_: { services.gammastep = { enable = true; provider = "manual"; latitude = 48.210033; longitude = 16.363449; }; }
3.4.2. Optional
Akin to the optional NixOS modules.
- Gaming
The rest of the settings is at gaming.
{ pkgs, ... }: { home.packages = with pkgs; [ lutris wine libudev-zero dwarfs fuse-overlayfs # steam # steam-run patchelf gamescope vulkan-tools moonlight-qt ns-usbloader # gog games installing heroic # minecraft prismlauncher # has overrides temurin-bin-17 ]; } - Work
The rest of the settings is at work. Here, I am setting up the different firefox profiles that I need for the SSO sites that I need to access at work as well as a few ssh shorthands.
{ pkgs, ... }: { home.packages = with pkgs; [ stable.teams-for-linux google-chrome shellcheck dig docker ]; programs.ssh = { matchBlocks = { "uc" = { hostname = "uc.clip.vbc.ac.at"; user = "stack"; }; "uc-stg" = { hostname = "uc.staging.clip.vbc.ac.at"; user = "stack"; }; "cbe" = { hostname = "cbe.vbc.ac.at"; user = "dc_adm_schwarzaeugl"; }; "cbe-stg" = { hostname = "cbe.staging.vbc.ac.at"; user = "dc_adm_schwarzaeugl"; }; "*.vbc.ac.at" = { user = "dc_adm_schwarzaeugl"; }; }; }; programs.firefox = { profiles = { dc_adm = { id = 1; isDefault = false; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ tridactyl browserpass clearurls darkreader enhancer-for-youtube istilldontcareaboutcookies translate-web-pages ublock-origin reddit-enhancement-suite sponsorblock web-archives onepassword-password-manager single-file widegithub enhanced-github unpaywall don-t-fuck-with-paste plasma-integration ]; search.engines = { "Nix Packages" = { urls = [{ template = "https://search.nixos.org/packages"; params = [ { name = "type"; value = "packages"; } { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@np" ]; }; "NixOS Wiki" = { urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; iconUpdateURL = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@nw" ]; }; "NixOS Options" = { urls = [{ template = "https://search.nixos.org/options"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@no" ]; }; "Home Manager Options" = { urls = [{ template = "https://home-manager-options.extranix.com/"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@hm" "@ho" "@hmo" ]; }; "Google".metaData.alias = "@g"; }; search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; cl_adm = { id = 2; isDefault = false; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ tridactyl browserpass clearurls darkreader enhancer-for-youtube istilldontcareaboutcookies translate-web-pages ublock-origin reddit-enhancement-suite sponsorblock web-archives onepassword-password-manager single-file widegithub enhanced-github unpaywall don-t-fuck-with-paste plasma-integration ]; search.engines = { "Nix Packages" = { urls = [{ template = "https://search.nixos.org/packages"; params = [ { name = "type"; value = "packages"; } { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@np" ]; }; "NixOS Wiki" = { urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; iconUpdateURL = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@nw" ]; }; "NixOS Options" = { urls = [{ template = "https://search.nixos.org/options"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@no" ]; }; "Home Manager Options" = { urls = [{ template = "https://home-manager-options.extranix.com/"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@hm" "@ho" "@hmo" ]; }; "Google".metaData.alias = "@g"; }; search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; ws_adm = { id = 3; isDefault = false; userChrome = builtins.readFile ../../../programs/firefox/chrome/userChrome.css; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ tridactyl browserpass clearurls darkreader enhancer-for-youtube istilldontcareaboutcookies translate-web-pages ublock-origin reddit-enhancement-suite sponsorblock web-archives onepassword-password-manager single-file widegithub enhanced-github unpaywall don-t-fuck-with-paste plasma-integration ]; search.engines = { "Nix Packages" = { urls = [{ template = "https://search.nixos.org/packages"; params = [ { name = "type"; value = "packages"; } { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@np" ]; }; "NixOS Wiki" = { urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; iconUpdateURL = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = [ "@nw" ]; }; "NixOS Options" = { urls = [{ template = "https://search.nixos.org/options"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@no" ]; }; "Home Manager Options" = { urls = [{ template = "https://home-manager-options.extranix.com/"; params = [ { name = "query"; value = "{searchTerms}"; } ]; }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@hm" "@ho" "@hmo" ]; }; "Google".metaData.alias = "@g"; }; search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; }; }; xdg.desktopEntries = let terminal = false; categories = [ "Application" ]; icon = "firefox"; in { firefox_dc = { name = "Firefox (dc_adm)"; genericName = "Firefox dc"; exec = "firefox -p dc_adm"; inherit terminal categories icon; }; firefox_ws = { name = "Firefox (ws_adm)"; genericName = "Firefox ws"; exec = "firefox -p ws_adm"; inherit terminal categories icon; }; firefox_cl = { name = "Firefox (cl_adm)"; genericName = "Firefox cl"; exec = "firefox -p cl_adm"; inherit terminal categories icon; }; }; programs.git.userEmail = "leon.schwarzaeugl@imba.oeaw.ac.at"; }
3.5. flake.nix template
This sections puts together the flake.nix file from the Noweb-Ref blocks section.
3.5.1. flake.nix
This tangles the flake.nix file; This block only needs to be touched when updating the general structure of the flake. For everything else, see the respective noweb-ref block.
{
description = "SwarseFlake - Nix Flake for all SwarselSystems";
nixConfig = {
extra-substituters = [
"https://nix-community.cachix.org"
"https://cache.ngi0.nixos.org/"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="
];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
systems.url = "github:nix-systems/default-linux";
# user-level configuration
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
# overlay to access bleeding edge emacs
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
# nix user repository
# i use this mainly to not have to build all firefox extensions
# myself as well as for the emacs-init package (tbd)
nur.url = "github:nix-community/NUR";
# provides GL to non-NixOS hosts
nixgl.url = "github:guibou/nixGL";
# manages all theming using Home-Manager
stylix.url = "github:danth/stylix";
# nix secrets management
sops-nix.url = "github:Mic92/sops-nix";
# enable secure boot on NixOS
lanzaboote.url = "github:nix-community/lanzaboote";
# nix for android
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# generate NixOS images
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
# hardware quirks on nix
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
};
# dynamic library loading
nix-alien = {
url = "github:thiagokokada/nix-alien";
};
# automatic nintendo switch payload injection
nswitch-rcm-nix = {
url = "github:Swarsel/nswitch-rcm-nix";
};
# weekly updated nix-index database
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
};
outputs =
inputs@{ self
, nixpkgs
, home-manager
, systems
, ...
}:
let
inherit (self) outputs;
lib = nixpkgs.lib // home-manager.lib;
forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
pkgsFor = lib.genAttrs (import systems) (
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
}
);
# NixOS modules that can only be used on NixOS systems
nixModules = [
inputs.stylix.nixosModules.stylix
inputs.lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
# inputs.impermanence.nixosModules.impermanence
inputs.sops-nix.nixosModules.sops
inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
./profiles/common/nixos
];
# Home-Manager modules wanted on non-NixOS systems
homeModules = [
inputs.stylix.homeManagerModules.stylix
];
# Home-Manager modules wanted on both NixOS and non-NixOS systems
mixedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
./profiles/common/home
];
in
{
inherit lib;
inherit mixedModules;
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home;
packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
devShells = forEachSystem
(pkgs:
{
default = pkgs.mkShell {
NIX_CONFIG = "experimental-features = nix-command flakes";
nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git ];
};
});
formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = [
(import ./overlays { inherit inputs; }).additions
(import ./overlays { inherit inputs; }).modifications
(import ./overlays { inherit inputs; }).nixpkgs-stable
inputs.nur.overlay
inputs.emacs-overlay.overlay
inputs.nixgl.overlay
];
# NixOS setups - run home-manager as a NixOS module for better compatibility
# another benefit - full rebuild on nixos-rebuild switch
# run rebuild using `nswitch`
# NEW HOSTS: For a new host, decide whether a NixOS (nixosConfigurations) or non-NixOS (homeConfigurations) is used.
# Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/.
nixosConfigurations = {
sandbox = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./profiles/sandbox/disk-config.nix
inputs.sops-nix.nixosModules.sops
./profiles/sandbox/nixos.nix
];
};
threed = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = nixModules ++ [
inputs.lanzaboote.nixosModules.lanzaboote
./profiles/threed/nixos.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.users.swarsel.imports = mixedModules ++ [
./profiles/threed/home.nix
];
}
];
};
fourside = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = nixModules ++ [
./profiles/fourside
];
};
nbl-imba-2 = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = nixModules ++ [
./profiles/nbl-imba-2
];
};
nginx = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/nginx/nixos.nix
];
};
calibre = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/calibre/nixos.nix
];
};
jellyfin = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./profiles/server1/jellyfin/nixos.nix
];
};
transmission = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/transmission/nixos.nix
];
};
matrix = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/matrix/nixos.nix
];
};
sound = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/sound/nixos.nix
];
};
spotifyd = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/spotifyd/nixos.nix
];
};
paperless = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/paperless/nixos.nix
];
};
#ovm swarsel
sync = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/remote/oracle/sync/nixos.nix
];
};
#ovm swarsel
swatrix = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/remote/oracle/matrix/nixos.nix
];
};
};
# pure Home Manager setups - for non-NixOS machines
# run rebuild using `hmswitch`
homeConfigurations = {
"swarsel@home-manager" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = pkgsFor.x86_64-linux;
extraSpecialArgs = { inherit inputs outputs; };
modules = homeModules ++ mixedModules ++ [
./profiles/home-manager
];
};
};
nixOnDroidConfigurations = {
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./profiles/mysticant/configuration.nix
];
};
};
};
}
4. Emacs
4.1. Initialization (early-init.el)
In this section I handle my early init file; it takes care of frame-setup for emacsclient buffers.
4.1.1. Increase startup performance
First, I use some advice from doomemacs regarding garbace collection; here I make sure that during startup, the garbace collectur will not run, which will improve startup times. Now, that might not really be needed since I will usually only start the emacs server once during startup and then not touch it again, however, since I am building my emacs configuration using NixOS, there is some merit to this since I will usually need to restart the server once I rebuild my configuration.
Also, inspired by a setting I have seen in protesilaos' configuration, I apply the same idea to the file-name-handler-alist and vc-handled-backends.
In the end, we need to restore those values to values that will work during normal operation. For that, I add a hook to the startup function that will revert the values once Emacs has finished initialization.
Also packed into the hook function is the line (fset 'epg-wait-for-status 'ignore). This line is needed at the end of the configuration in order to allow for my Yubikey to be used to encrypt and decrypt .gpg files. Without it, Emacs will just hang forever and basically crash.
(defvar swarsel-file-name-handler-alist file-name-handler-alist)
(defvar swarsel-vc-handled-backends vc-handled-backends)
(setq gc-cons-threshold most-positive-fixnum
gc-cons-percentage 0.6
file-name-handler-alist nil
vc-handled-backends nil)
(add-hook 'emacs-startup-hook
(lambda ()
(progn
(setq gc-cons-threshold (* 1000 1000 8)
gc-cons-percentage 0.1
file-name-handler-alist swarsel-file-name-handler-alist
vc-handled-backends swarsel-vc-handled-backends)
(fset 'epg-wait-for-status 'ignore)
)))
4.1.2. Setup frames
Next, I will setup the basic frame for my emacs buffers. Note that I use a tiling window manager, so I do not need to hold myself up with sizing the windows myself. I also disable some GUI tools that I (like many others) do not find to be particularly useful. Also I inhibit many startup functions here, even though it does not affect me greatly since I use another solution for that.
We also make require immediate compilation of native code.
For the default-frame-alist, I used to also set '(right-divider-width . 4) and '(bottom-divider-width . 4), but I did not like the look of the divider bar and usually know my splits anyways, so this is no longer set.
(tool-bar-mode 0)
(menu-bar-mode 0)
(scroll-bar-mode 0)
(setq frame-inhibit-implied-resize t
ring-bell-function 'ignore
use-dialog-box nil
use-file-dialog nil
use-short-answers t
inhibit-startup-message t
inhibit-splash-screen t
inhibit-startup-screen t
inhibit-x-resources t
inhibit-startup-buffer-menu t
inhibit-startup-echo-area-message user-login-name ; this needs to be set to the username or it will not have an effect
comp-deferred-compilation nil ; compile all Elisp to native code immediately
)
(setq-default left-margin-width 1
right-margin-width 1)
(setq-default default-frame-alist
(append
(list
'(undecorated . t) ; no title bar, borders etc.
'(background-color . "#1D252C") ; load doom-citylight colors to avoid white flash
'(foreground-color . "#A0B3C5") ; load doom-citylight colors to avoid white flash
'(vertical-scroll-bars . nil)
'(horizontal-scroll-bars . nil)
'(internal-border-width . 5)
'(tool-bar-lines . 0)
'(menu-bar-lines . 0))))
4.1.3. Make C-i, C-m, C-[ available in graphic sessions
By default, emacs binds
C-ito theTABkeyC-mto theRETkeyC-[to theECSkey
These keybinds exist to make Emacs work well in terminal mode. However, most of the time I am using Emacs in a graphic session, and I would hence like to have these keybinds available for personal use.
NOTE: To use these keybinds, you need to enclose the binding in angled brackets (<>). Then they can be used normally
(add-hook
'after-make-frame-functions
(lambda (frame)
(with-selected-frame frame
(when (display-graphic-p)
(define-key input-decode-map (kbd "C-i") [DUMMY-i])
(define-key input-decode-map (kbd "C-[") [DUMMY-lsb])
(define-key input-decode-map (kbd "C-m") [DUMMY-m])
))))
4.2. Personal settings
This section is used to define my own functions, own variables, and own keybindings.
4.2.1. Custom functions
In this section I define extra functions that I need. Some of these functions I wrote myself, some I found after internet reseach. For functions I found on the internet, I will link the original source I found it in.
- Emacs/Evil state toggle
Since I am rebinding the
C-zhotkey for emacs-evil-state toggling, I want to have a function that still lets me perform this action quickly.(defun swarsel/toggle-evil-state () (interactive) (if (or (evil-emacs-state-p) (evil-insert-state-p)) (evil-normal-state) (evil-emacs-state))) - Switching to last used buffer
I often find myself bouncing between two buffers when I do not want to use a window split. This funnction simply jumps to the last used buffer.
(defun swarsel/last-buffer () (interactive) (switch-to-buffer nil))
- mu4e functions
I use these functions to let me switch between my main email accounts, as mu4e by itself has trouble doing so.
mu4e-switch-accountallows for manual choosing of the sender account, whilemu4e-rfs--matching-addressandmu4e-send-from-correct-addressare used when replying to a mail; they switch the sender account to the one that received the mail.By default, the sender email will not be changed after sending a mail; however, I want Emacs to always use my main address when not replying to another email. For that I use
mu4e-restore-default.Used here: mu4e
(defun swarsel/mu4e-switch-account () (interactive) (let ((account (completing-read "Select account: " mu4e-user-mail-address-list))) (setq user-mail-address account))) (defun swarsel/mu4e-rfs--matching-address () (cl-loop for to-data in (mu4e-message-field mu4e-compose-parent-message :to) for to-email = (pcase to-data (`(_ . email) email) (x (mu4e-contact-email x))) for to-name = (pcase to-data (`(_ . name) name) (x (mu4e-contact-name x))) when (mu4e-user-mail-address-p to-email) return (list to-name to-email))) (defun swarsel/mu4e-send-from-correct-address () (when mu4e-compose-parent-message (save-excursion (when-let ((dest (swarsel/mu4e-rfs--matching-address))) (cl-destructuring-bind (from-user from-addr) dest (setq user-mail-address from-addr) (message-position-on-field "From") (message-beginning-of-line) (delete-region (point) (line-end-position)) (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () (setq user-mail-address "leon@swarsel.win" user-full-name "Leon Schwarzäugl")) - Create non-existant directories when finding file
This function will check if a directory for which a file we want to open exists; if not, it will offer to create the directories for me.
(defun swarsel/with-buffer-name-prompt-and-make-subdirs () (let ((parent-directory (file-name-directory buffer-file-name))) (when (and (not (file-exists-p parent-directory)) (y-or-n-p (format "Directory `%s' does not exist! Create it? " parent-directory))) (make-directory parent-directory t)))) (add-to-list 'find-file-not-found-functions #'swarsel/with-buffer-name-prompt-and-make-subdirs) - [crux] Duplicate Lines
When programming, I like to be able to duplicate a line. There are easier functions than the one below, but they either
- screw with undo/redo
- move the cursor wildly
The below function avoids these problems. Originally I used the function
duplicate-linefound here: https://stackoverflow.com/questions/88399/how-do-i-duplicate-a-whole-line-in-emacsHowever, this function does not work on regions. Later, I found a solution implemented by crux. I do not need the whole package, so I just extracted the three functions I needed from it.
(defun crux-get-positions-of-line-or-region () "Return positions (beg . end) of the current line or region." (let (beg end) (if (and mark-active (> (point) (mark))) (exchange-point-and-mark)) (setq beg (line-beginning-position)) (if mark-active (exchange-point-and-mark)) (setq end (line-end-position)) (cons beg end))) (defun crux-duplicate-current-line-or-region (arg) "Duplicates the current line or region ARG times. If there's no region, the current line will be duplicated. However, if there's a region, all lines that region covers will be duplicated." (interactive "p") (pcase-let* ((origin (point)) (`(,beg . ,end) (crux-get-positions-of-line-or-region)) (region (buffer-substring-no-properties beg end))) (dotimes (_i arg) (goto-char end) (newline) (insert region) (setq end (point))) (goto-char (+ origin (* (length region) arg) arg)))) (defun crux-duplicate-and-comment-current-line-or-region (arg) "Duplicates and comments the current line or region ARG times. If there's no region, the current line will be duplicated. However, if there's a region, all lines that region covers will be duplicated." (interactive "p") (pcase-let* ((origin (point)) (`(,beg . ,end) (crux-get-positions-of-line-or-region)) (region (buffer-substring-no-properties beg end))) (comment-or-uncomment-region beg end) (setq end (line-end-position)) (dotimes (_ arg) (goto-char end) (newline) (insert region) (setq end (point))) (goto-char (+ origin (* (length region) arg) arg)))) - [prot] org-id-headings
These functions by protesilaos generate heading links in an org-file similar to the normal
org-store-linkapproach when not using properties. This approach has a weakness however - if the heading name is changed, the link breaks. These functions generate a unique identifier for each heading which will not break and also works when exporting the file to html, for example.(defun prot-org--id-get () "Get the CUSTOM_ID of the current entry. If the entry already has a CUSTOM_ID, return it as-is, else create a new one." (let* ((pos (point)) (id (org-entry-get pos "CUSTOM_ID"))) (if (and id (stringp id) (string-match-p "\\S-" id)) id (setq id (org-id-new "h")) (org-entry-put pos "CUSTOM_ID" id) id))) (declare-function org-map-entries "org") (defun prot-org-id-headlines () "Add missing CUSTOM_ID to all headlines in current file." (interactive) (org-map-entries (lambda () (prot-org--id-get)))) (defun prot-org-id-headline () "Add missing CUSTOM_ID to headline at point." (interactive) (prot-org--id-get)) - Inhibit Messages in Echo Area
Emacs likes to send messages to the echo area; this is generally a good thing. However, it bothers me a lot when I am currently working in minibuffer where I receive an echo area message that is actually important and it is then overwritten by e.g. the mu4e update message. This section makes it possible to find the root function calling the message function and disabling it here.
Usage: Enable the
(advice-add 'message :around #'who-called-me?)by running this code block, which will show a full trace of all messages being sent to the echo area:(advice-add 'message :around #'who-called-me?)
Once the root function has been found, it can be disabled via
advice=addas in the last block in this section. To disable the stack tracing, run(advice-remove 'message #'who-called-me?)or the following code block:(advice-remove 'message #'who-called-me?)
Lastly, individual messages can be reenabled using the
(advice-remove '<FUNCTION-NAME> #'suppress-messages)approach. Use this when you accidentally disabled a helpful message.(defun suppress-messages (old-fun &rest args) (cl-flet ((silence (&rest args1) (ignore))) (advice-add 'message :around #'silence) (unwind-protect (apply old-fun args) (advice-remove 'message #'silence)))) (advice-add 'pixel-scroll-precision :around #'suppress-messages) (advice-add 'mu4e--server-filter :around #'suppress-messages) (advice-add 'org-unlogged-message :around #'suppress-messages) (advice-add 'magit-auto-revert-mode--init-kludge :around #'suppress-messages) (advice-add 'push-mark :around #'suppress-messages) (advice-add 'evil-insert :around #'suppress-messages) (advice-add 'evil-visual-char :around #'suppress-messages) ;; to reenable ;; (advice-remove 'timer-event-handler #'suppress-messages) (defun who-called-me? (old-fun format &rest args) (let ((trace nil) (n 1) (frame nil)) (while (setf frame (backtrace-frame n)) (setf n (1+ n) trace (cons (cadr frame) trace)) ) (apply old-fun (concat "<<%S>>\n" format) (cons trace args)))) ;; enable to get message backtrace, the first function shown in backtrace calls the other functions ;; (advice-add 'message :around #'who-called-me?) ;; disable to stop receiving backtrace (advice-remove 'message #'who-called-me?) - Move up one directory for find-file
I find it very annoying that the standard behavior for M-DEL only deletes one word when using find-file. This function makes it so that we always go up by one directory level instead.
This function was found here: https://www.reddit.com/r/emacs/comments/re31i6/how_to_go_up_one_directory_when_using_findfile_cx/
(defun up-directory (path) "Move up a directory in PATH without affecting the kill buffer." (interactive "p") (if (string-match-p "/." (minibuffer-contents)) (let ((end (point))) (re-search-backward "/.") (forward-char) (delete-region (point) end)))) (define-key minibuffer-local-filename-completion-map [C-backspace] #'up-directory) - org-mode: General setup
Sets up the basic settings that I want to have active in org-mode buffers.
Used here: General org-mode
(defun swarsel/org-mode-setup () (org-indent-mode) (variable-pitch-mode 1) ;;(auto-fill-mode 0) (setq display-line-numbers-type 'relative display-line-numbers-current-absolute 1 display-line-numbers-width-start nil display-line-numbers-width 6 display-line-numbers-grow-only 1) (add-hook 'org-tab-first-hook 'org-end-of-line) (visual-line-mode 1)) - org-mode: Visual-fill column
This function sets the width of buffers in org-mode.
Used in: Centered org-mode Buffers
(defun swarsel/org-mode-visual-fill () (setq visual-fill-column-width 150 visual-fill-column-center-text t) (visual-fill-column-mode 1)) - org-mode: Upon-save actions (Auto-tangle, export to html, formatting)
This section handles everything that shoudld happen when I save
SwarselSystems.org. It:- automatically tangles all configuration blocks in this file
- exports the configuration file as html for an easier reading experience with working links and index
- formats the generated
.nixfiles in accordance to theAlejandra-style.
We set a hook that runs everytime we save the file. It would be a bit more efficient to only export and format when we enter a magit window for instance (since especially the html export takes times), however, since I cannot be sure to only ever commit from magit (I do indeed sometimes use git from the command line), I prefer this approach.
(defun swarsel/run-formatting () (interactive) (let ((default-directory (expand-file-name "~/.dotfiles"))) (shell-command "nixpkgs-fmt . > /dev/null"))) (defun swarsel/org-babel-tangle-config () (when (string-equal (buffer-file-name) swarsel-swarsel-org-filepath) ;; Dynamic scoping to the rescue (let ((org-confirm-babel-evaluate nil)) ;; (org-html-export-to-html) (org-babel-tangle) (swarsel/run-formatting)))) (setq org-html-htmlize-output-type nil) (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) - org-mode: Fold current heading
Normally emacs cycles between three states:
- fully folded
- One heading expanded
- All headings expanded
However, I want to be able to fold a single heading consistently.
(defun org-fold-outer () (interactive) (org-beginning-of-line) (if (string-match "^*+" (thing-at-point 'line t)) (outline-up-heading 1)) (outline-hide-subtree) ) - corfu: Do not interrupt navigation
These three functions allow me to keep using the normal navigation keys even when a corfu completion pops up.
These functions are used here: Corfu
(defun swarsel/corfu-normal-return (&optional arg) (interactive) (corfu-quit) (newline) ) (defun swarsel/corfu-quit-and-up (&optional arg) (interactive) (corfu-quit) (evil-previous-visual-line)) (defun swarsel/corfu-quit-and-down (&optional arg) (interactive) (corfu-quit) (evil-next-visual-line))
- python shell reloading
The standard Emacs behaviour for the Python process shell is a bit annoying. This is my attempt at making it show automatically on opening a python buffer and making it refresh on its own as well. This does not nicely work yet.
;; run the python inferior shell immediately upon entering a python buffer ;; (add-hook 'python-mode-hook 'swarsel/run-python) ;; (defun swarsel/run-python () ;; (save-selected-window ;; (switch-to-buffer-other-window (process-buffer (python-shell-get-or-create-process (python-shell-parse-command)))))) ;; reload python shell automatically (defun my-python-shell-run () (interactive) (when (get-buffer-process "*Python*") (set-process-query-on-exit-flag (get-buffer-process "*Python*") nil) (kill-process (get-buffer-process "*Python*")) ;; Uncomment If you want to clean the buffer too. ;;(kill-buffer "*Python*") ;; Not so fast! (sleep-for 0.5)) (run-python (python-shell-parse-command) nil nil) (python-shell-send-buffer) ;; Pop new window only if shell isnt visible ;; in any frame. (unless (get-buffer-window "*Python*" t) (python-shell-switch-to-shell))) (defun my-python-shell-run-region () (interactive) (python-shell-send-region (region-beginning) (region-end)) (python-shell-switch-to-shell)) - Nix common prefix bracketer
This function searches for common delimiters in region and removes them, summarizing all captured lines by it.
(defun swarsel/prefix-block (start end) (interactive "r") (save-excursion (goto-char start) (setq start (line-beginning-position)) (goto-char end) (setq end (line-end-position)) (let ((common-prefix (save-excursion (goto-char start) (if (re-search-forward "^\\([^.\n]+\\)\\." end t) (match-string 1) (error "No common prefix found"))))) (save-excursion (goto-char start) (insert common-prefix " = {\n") (goto-char (+ end (length common-prefix) 6)) (insert "};\n") (goto-char start) (while (re-search-forward (concat "^" (regexp-quote common-prefix) "\\.") end t) (replace-match "")))))) - Nix formatters
This formats the org code block at
pointin accordance to thenixpkgs-fmtformatter(defun swarsel/org-nixpkgs-fmt-block-lite () (interactive) (org-babel-mark-block) (call-interactively 'nixpkgs-fmt-region)) (defun swarsel/org-nixpkgs-fmt-block () (interactive) (save-excursion (let* ((element (org-element-at-point)) (begin (org-element-property :begin element)) (end (org-element-property :end element)) (lang (org-element-property :language element))) (when lang (goto-char begin) (forward-line) (insert "{") (goto-char end) (forward-line -1) (beginning-of-line) (forward-char -1) (insert "}") (org-babel-mark-block) (call-interactively 'nixpkgs-fmt-region)))))
4.2.2. Custom Keybindings
This defines a set of keybinds that I want to have available globally. I have one set of keys that is globally available through the C-SPC prefix. This set is used mostly for functions that I have trouble remembering the original keybind for, or that I just want to have gathered in a common space.
I also define some keybinds to some combinations directly. Those are used mostly for custom functions that I call often enough to warrant this.
;; Make ESC quit prompts
(global-set-key (kbd "<escape>") 'keyboard-escape-quit)
;; Set up general keybindings
(use-package general
:config
(general-create-definer swarsel/leader-keys
:keymaps '(normal insert visual emacs)
:prefix "SPC"
:global-prefix "C-SPC")
(swarsel/leader-keys
"e" '(:ignore e :which-key "evil")
"eo" '(evil-jump-backward :which-key "cursor jump backwards")
"eO" '(evil-jump-forward :which-key "cursor jump forwards")
"t" '(:ignore t :which-key "toggles")
"ts" '(hydra-text-scale/body :which-key "scale text")
"te" '(swarsel/toggle-evil-state :which-key "emacs/evil")
"tl" '(display-line-numbers-mode :which-key "line numbers")
"tp" '(evil-cleverparens-mode :wk "cleverparens")
"to" '(olivetti-mode :wk "olivetti")
"td" '(darkroom-tentative-mode :wk "darkroom")
"tw" '((lambda () (interactive) (toggle-truncate-lines)) :which-key "line wrapping")
"m" '(:ignore m :which-key "modes/programs")
"mm" '((lambda () (interactive) (mu4e)) :which-key "mu4e")
"mg" '((lambda () (interactive) (magit-list-repositories)) :which-key "magit-list-repos")
"mc" '((lambda () (interactive) (swarsel/open-calendar)) :which-key "calendar")
"mp" '(popper-toggle :which-key "popper")
"md" '(dirvish :which-key "dirvish")
"o" '(:ignore o :which-key "org")
"op" '((lambda () (interactive) (org-present)) :which-key "org-present")
"oa" '((lambda () (interactive) (org-agenda)) :which-key "org-agenda")
"oa" '((lambda () (interactive) (org-refile)) :which-key "org-refile")
"ob" '((lambda () (interactive) (org-babel-mark-block)) :which-key "Mark whole src-block")
"ol" '((lambda () (interactive) (org-insert-link)) :which-key "insert link")
"os" '((lambda () (interactive) (org-store-link)) :which-key "store link")
"od" '((lambda () (interactive) (org-babel-demarcate-block)) :which-key "demarcate (split) src-block")
"on" '((lambda () (interactive) (nixpkgs-fmt-region)) :which-key "format nix-block")
"c" '(:ignore c :which-key "capture")
"ct" '((lambda () (interactive) (org-capture nil "tt")) :which-key "task")
;; "cj" '((lambda () (interactive) (org-capture nil "jj")) :which-key "journal")
;; "cs" '(markdown-download-screenshot :which-key "screenshot")
"l" '(:ignore l :which-key "links")
"lc" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (org-overview) )) :which-key "SwarselSystems.org")
"le" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "Emacs") ) (org-overview) (org-cycle) )) :which-key "Emacs.org")
"ln" '((lambda () (interactive) (progn (find-file swarsel-swarsel-org-filepath) (goto-char (org-find-exact-headline-in-buffer "System") ) (org-overview) (org-cycle))) :which-key "Nixos.org")
"ls" '((lambda () (interactive) (find-file "/smb:Swarsel@192.168.1.3:")) :which-key "Server")
"lo" '(dired swarsel-obsidian-vault-directory :which-key "obsidian")
;; "la" '((lambda () (interactive) (find-file swarsel-org-anki-filepath)) :which-key "anki")
;; "ln" '((lambda () (interactive) (find-file swarsel-nix-org-filepath)) :which-key "Nix.org")
"lp" '((lambda () (interactive) (projectile-switch-project)) :which-key "switch project")
"lg" '((lambda () (interactive) (magit-list-repositories)) :which-key "list git repos")
;; "a" '(:ignore a :which-key "anki")
;; "ap" '(anki-editor-push-tree :which-key "push new cards")
;; "an" '((lambda () (interactive) (org-capture nil "a")) :which-key "new card")
;; "as" '(swarsel-anki-set-deck-and-notetype :which-key "change deck and notetype")
"h" '(:ignore h :which-key "help")
"hy" '(yas-describe-tables :which-key "yas tables")
"hb" '(embark-bindings :which-key "current key bindings")
"h" '(:ignore t :which-key "describe")
"he" 'view-echo-area-messages
"hf" 'describe-function
"hF" 'describe-face
"hl" '(view-lossage :which-key "show command keypresses")
"hL" 'find-library
"hm" 'describe-mode
"ho" 'describe-symbol
"hk" 'describe-key
"hK" 'describe-keymap
"hp" 'describe-package
"hv" 'describe-variable
"hd" 'devdocs-lookup
"w" '(:ignore t :which-key "window")
"wl" 'windmove-right
"w <right>" 'windmove-right
"wh" 'windmove-left
"w <left>" 'windmove-left
"wk" 'windmove-up
"w <up>" 'windmove-up
"wj" 'windmove-down
"w <down>" 'windmove-down
"wr" 'winner-redo
"wd" 'delete-window
"w=" 'balance-windows-area
"wD" 'kill-buffer-and-window
"wu" 'winner-undo
"wr" 'winner-redo
"w/" 'evil-window-vsplit
"w\\" 'evil-window-vsplit
"w-" 'evil-window-split
"wm" '(delete-other-windows :wk "maximize")
"<right>" 'up-list
"<left>" 'down-list
))
;; General often used hotkeys
(general-define-key
"C-M-a" (lambda () (interactive) (org-capture nil "a")) ; make new anki card
;; "C-M-d" 'swarsel-obsidian-daily ; open daily obsidian file and create if not exist
;; "C-M-S" 'swarsel-anki-set-deck-and-notetype ; switch deck and notetype for new anki cards
;; "C-M-s" 'markdown-download-screenshot ; wrapper for org-download-screenshot
"C-c d" 'crux-duplicate-current-line-or-region
"C-c D" 'crux-duplicate-and-comment-current-line-or-region
"<DUMMY-m>" 'swarsel/last-buffer
"M-\\" 'indent-region
"C-<f9>" 'my-python-shell-run
)
4.2.3. Directory setup / File structure
In this section I setup some aliases that I use for various directories on my system. Some of these are actually used for magit repository finding etc., but many of them serve no real use and I need to clean this up someday.
;; set Nextcloud directory for journals etc.
(setq swarsel-sync-directory "~/Nextcloud"
swarsel-emacs-directory "~/.emacs.d"
swarsel-dotfiles-directory "~/.dotfiles"
swarsel-projects-directory "~/Documents/GitHub")
(setq swarsel-emacs-org-filepath (expand-file-name "Emacs.org" swarsel-dotfiles-directory)
swarsel-nix-org-filepath (expand-file-name "Nix.org" swarsel-dotfiles-directory)
swarsel-swarsel-org-filepath (expand-file-name "SwarselSystems.org" swarsel-dotfiles-directory)
)
;; set Emacs main configuration .org names
(setq swarsel-emacs-org-file "Emacs.org"
swarsel-anki-org-file "Anki.org"
swarsel-tasks-org-file "Tasks.org"
swarsel-archive-org-file "Archive.org"
swarsel-org-folder-name "Org"
swarsel-obsidian-daily-folder-name "⭐ Personal/Journal"
swarsel-obsidian-folder-name "Obsidian"
swarsel-obsidian-vault-name "Main")
;; set directory paths
(setq swarsel-org-directory (expand-file-name swarsel-org-folder-name swarsel-sync-directory)) ; path to org folder
(setq swarsel-obsidian-directory (expand-file-name swarsel-obsidian-folder-name swarsel-sync-directory)) ; path to obsidian
(setq swarsel-obsidian-vault-directory (expand-file-name swarsel-obsidian-vault-name swarsel-obsidian-directory)) ; path to obsidian vault
(setq swarsel-obsidian-daily-directory (expand-file-name swarsel-obsidian-daily-folder-name swarsel-obsidian-vault-directory)) ; path to obsidian daily folder
;; filepaths to certain documents
(setq swarsel-org-anki-filepath (expand-file-name swarsel-anki-org-file swarsel-org-directory) ; path to anki export file
swarsel-org-tasks-filepath (expand-file-name swarsel-tasks-org-file swarsel-org-directory)
swarsel-org-archive-filepath (expand-file-name swarsel-archive-org-file swarsel-org-directory))
4.2.4. Unclutter .emacs.d
In this section I move the custom.el out of it's standard location in .emacs.d. Firstly, I dislike using this file at all since I would rather have fully stateful configuration as commanded by this file. Secondly, this file is too easily permanently changed. Recently I figured out the last bits that I needed to remove from custom.el to no longer be reliant on it, so I now just write it to a temporary file (through make-temp=file) which will be cleaned on shutdown. However, I like to retain the custom framework because it is nice for testing out theme customizations, hence why I still load the file.
This section also sets the emacs directory to the ~/.cache/ directory which is useful for files that I do not want to have lying around in my .emacs.d.
;; Change the user-emacs-directory to keep unwanted things out of ~/.emacs.d
(setq user-emacs-directory (expand-file-name "~/.cache/emacs/")
url-history-file (expand-file-name "url/history" user-emacs-directory))
;; Use no-littering to automatically set common paths to the new user-emacs-directory
(use-package no-littering)
(setq custom-file (make-temp-file "emacs-custom-"))
(load custom-file t)
4.2.5. Move backup files to another location
Many people dislike the Emacs backup files; I do enjoy them, but have to admit that they clutter the filesystem a little too much. Also, I rarely need to access these over different sessions. Hence I move them to /tmp - if Emacs unexpectedly crashes, the files can be recovered, but the backup files will not gather everywhere and will be deleted upon shutdown.
(let ((backup-dir "~/tmp/emacs/backups")
(auto-saves-dir "~/tmp/emacs/auto-saves/"))
(dolist (dir (list backup-dir auto-saves-dir))
(when (not (file-directory-p dir))
(make-directory dir t)))
(setq backup-directory-alist `(("." . ,backup-dir))
auto-save-file-name-transforms `((".*" ,auto-saves-dir t))
auto-save-list-file-prefix (concat auto-saves-dir ".saves-")
tramp-backup-directory-alist `((".*" . ,backup-dir))
tramp-auto-save-directory auto-saves-dir))
(setq backup-by-copying t ; Don't delink hardlinks
delete-old-versions t ; Clean up the backups
version-control t ; Use version numbers on backups,
kept-new-versions 5 ; keep some new versions
kept-old-versions 2) ; and some old ones, too
4.3. General init.el setup + UI
In this general section I have settings that I either consider to be integral to my experience when using emacs or have no other section that I feel they belong to.
4.3.1. General setup
Here I set up some things that are too minor to put under other categories.
- Firstly we disable to having to type `yes` and `no` and switch it to `y` and `n`.
- We also enable the marking of trailing whitespaces.
- Also, make emacs highlight the current line globally
- Emacs defaults to pausing all display redrawing on any input. This may have been useful previously, but is not necessary nowadays.
- I also disable the suspend-frame function, as I never use it and it is quite confusing when accidentally hitting the keys for it.
;; use UTF-8 everywhere
(set-language-environment "UTF-8")
;; set default font size
(defvar swarsel/default-font-size 130)
(setq swarsel-standard-font "FiraCode Nerd Font Mono"
swarsel-alt-font "FiraCode Nerd Font Mono")
;; (defalias 'yes-or-no-p 'y-or-n-p)
;;(setq-default show-trailing-whitespace t)
(add-hook 'before-save-hook 'delete-trailing-whitespace)
(global-hl-line-mode 1)
;; (setq redisplay-dont-pause t) ;; obsolete
(setq blink-cursor-mode nil) ;; blink-cursor is an unexpected source of slowdown
(global-subword-mode 1) ; Iterate through CamelCase words
(setq blink-matching-paren nil) ;; this makes the cursor jump around annoyingly
(delete-selection-mode 1)
(setq vc-follow-symlinks t)
(setq require-final-newline t)
(winner-mode 1)
(setq load-prefer-newer t)
(setq undo-limit 80000000
evil-want-fine-undo t
auto-save-default t
password-cache-expiry nil
)
(setq browse-url-browser-function 'browse-url-firefox)
;; disable a keybind that does more harm than good
(global-set-key [remap suspend-frame]
(lambda ()
(interactive)
(message "This keybinding is disabled (was 'suspend-frame')")))
(setq visible-bell nil)
(setq initial-major-mode 'fundamental-mode
initial-scratch-message nil)
(add-hook 'prog-mode-hook 'display-line-numbers-mode)
(add-hook 'text-mode-hook 'display-line-numbers-mode)
(global-visual-line-mode 1)
4.3.2. Mark all themes as safe
Normally when switching themes in emacs, the user will be warned that themes can run malicious code. I only run one theme really and deem it safe. It is however annoying to be asked this on every new system and it also creates lines in custom.el to answer that query, so here I declare all themes as safe.
(setq custom-safe-themes t)
4.3.3. Show less compilation warnings
When Emacs compiles stuff, it often shows a bunch of warnings that I do not need to deal with. Here we silence those. Some will be disabled completely, and some only when we have native compilation available (which should be most of the time, however).
(setq byte-compile-warnings '(not free-vars unresolved noruntime lexical make-local)) ;; Make native compilation silent and prune its cache. (when (native-comp-available-p) (setq native-comp-async-report-warnings-errors 'silent) ; Emacs 28 with native compilation (setq native-compile-prune-cache t)) ; Emacs 29
4.3.4. Indentation
Here I define several options related to indentation; I first make it so that only whitespace will be used instead of tab characters for indentation, and I also set a small standard indent.
We set tab-always-indent to 'complete in order to indent first and then do completion if there are any. Also we make it so that python will not complain about missing indentation info.
Lastly, I load the highlight-indent-guides package. This adds a neat visual indicator of the indentation level, which is useful for languages like python.
(setq-default indent-tabs-mode nil
tab-width 2)
(setq tab-always-indent 'complete)
(setq python-indent-guess-indent-offset-verbose nil)
(use-package highlight-indent-guides
:hook (prog-mode . highlight-indent-guides-mode)
:init
(setq highlight-indent-guides-method 'column)
(setq highlight-indent-guides-responsive 'top)
)
(with-eval-after-load 'highlight-indent-guides
(set-face-attribute 'highlight-indent-guides-even-face nil :background "gray10")
(set-face-attribute 'highlight-indent-guides-odd-face nil :background "gray20")
(set-face-attribute 'highlight-indent-guides-stack-even-face nil :background "gray40")
(set-face-attribute 'highlight-indent-guides-stack-odd-face nil :background "gray50"))
(use-package aggressive-indent)
(global-aggressive-indent-mode 1)
4.3.5. Scrolling
By default, emacs scrolls half a page when reaching the bottom of the buffer. This is extremely annoying. This sets up more granular scrolling that allows scrolling with a mouse wheel or the two-finger touchscreen gesture. This now also works in buffers with a very small frame.
(setq mouse-wheel-scroll-amount
'(1
((shift) . 5)
((meta) . 0.5)
((control) . text-scale))
mouse-drag-copy-region nil
make-pointer-invisible t
mouse-wheel-progressive-speed t
mouse-wheel-follow-mouse t)
(setq-default scroll-preserve-screen-position t
scroll-conservatively 1
scroll-margin 0
next-screen-context-lines 0)
(pixel-scroll-precision-mode 1)
4.3.6. Evil
- General evil
This setups up evil, which brings vim-like keybindings to emacs. In the same location, I also unbind the
C-zkey (I am very unhappy with this implementation, but it is the only thing that works consistently so far) to make it available for cape later.Also, I setup initial modes for several major-modes depending on what I deem fit.
;; Emulate vim in emacs (use-package evil :init (setq evil-want-integration t) ; loads evil (setq evil-want-keybinding nil) ; loads "helpful bindings" for other modes (setq evil-want-C-u-scroll t) ; scrolling using C-u (setq evil-want-C-i-jump nil) ; jumping with C-i (setq evil-want-Y-yank-to-eol t) ; give Y some utility (setq evil-shift-width 2) ; uniform indent (setq evil-respect-visual-line-mode t) ; i am torn on this one (setq evil-split-window-below t) (setq evil-vsplit-window-right t) :config (evil-mode 1) (define-key evil-normal-state-map (kbd "C-z") nil) (define-key evil-insert-state-map (kbd "C-z") nil) (define-key evil-visual-state-map (kbd "C-z") nil) (define-key evil-motion-state-map (kbd "C-z") nil) (define-key evil-operator-state-map (kbd "C-z") nil) (define-key evil-replace-state-map (kbd "C-z") nil) (define-key global-map (kbd "C-z") nil) (evil-set-undo-system 'undo-tree) ;; Don't use evil-mode in these contexts, or use it in a specific mode (evil-set-initial-state 'messages-buffer-mode 'emacs) (evil-set-initial-state 'dashboard-mode 'emacs) (evil-set-initial-state 'dired-mode 'emacs) (evil-set-initial-state 'cfw:details-mode 'emacs) (evil-set-initial-state 'Custom-mode 'emacs) ; god knows why this mode is in uppercase (evil-set-initial-state 'mu4e-headers-mode 'normal) (evil-set-initial-state 'python-inferior-mode 'normal) (add-hook 'org-capture-mode-hook 'evil-insert-state) (add-to-list 'evil-buffer-regexps '("COMMIT_EDITMSG" . insert))) - evil-collection
This gives support for many different modes, and works beautifully out of the box.
(use-package evil-collection :after evil :config (evil-collection-init) (setq forge-add-default-bindings nil))
- evil-snipe
This package changes the char-search commands like
fby showing the results in a more visual manner. It also gives a 2-character search usingsandS.;; enables 2-char inline search (use-package evil-snipe :after evil :demand :config (evil-snipe-mode +1) ;; replace 1-char searches (f&t) with this better UI (evil-snipe-override-mode +1))
- evil-cleverparens
This helps keeping parentheses balanced which is useful when writing in languages like Elisp. I do not activate this by default, as most languages do not profit from this enough in my eyes.
;; for parentheses-heavy languades modify evil commands to keep balance of parantheses (use-package evil-cleverparens)
- evil-surround
This minor-mode adds functionality for doing better surround-commands; for example
ci[will let you change the word within square brackets.;; enables surrounding text with S (use-package evil-surround :config (global-evil-surround-mode 1))
4.3.7. ispell
This should setup a wordlist that can be used as a dictionary. However, for some reason this does not work, and I will need to further investigate this issue.
;; set the NixOS wordlist by hand (setq ispell-alternate-dictionary (getenv "WORDLIST"))
4.3.8. Font Configuration
Here I define my fonts to be used. Honestly I do not understand the face-attributes and pitches of emacs all too well. It seems this configuration works fine, but I might have to revisit this at some point in the future.
(dolist (face '(default fixed-pitch))
(set-face-attribute face nil
:font "FiraCode Nerd Font Mono"))
(add-to-list 'default-frame-alist '(font . "FiraCode Nerd Font Mono"))
(set-face-attribute 'default nil :height 100)
(set-face-attribute 'fixed-pitch nil :height 1.0)
(set-face-attribute 'variable-pitch nil
:family "IBM Plex Sans"
:weight 'regular
:height 1.06)
;; these settings used to be in custom.el
4.3.9. Theme
I have grown to love the doom-citylights theme and have modeled my whole system after it. Also solaire-mode is a nice mode that inverts the alt-faces with the normal faces for specific 'minor' buffers (like Help-buffers).
(use-package solaire-mode
:custom
(solaire-global-mode +1))
(use-package doom-themes
:hook
(server-after-make-frame . (lambda () (load-theme
'doom-city-lights t)))
:config
(load-theme 'doom-city-lights t)
(doom-themes-treemacs-config)
(doom-themes-org-config))
4.3.10. Icons
This section loads the base icons used in my configuration. I am using nerd-icons over all-the-icons since the former seems to have more integrations with different packages than the latter.
Used in:
(use-package nerd-icons)
4.3.11. Variable Pitch Mode
This minor mode allows mixing fixed and variable pitch fonts within the same buffer.
(use-package mixed-pitch :custom (mixed-pitch-set-height nil) (mixed-pitch-variable-pitch-cursor nil) :hook (text-mode . mixed-pitch-mode))
4.3.12. Modeline
Here I set up the modeline with some information that I find useful. Specficially I am using the doom modeline. Most informations I disable for it, except for the cursor information (row + column) as well as a widget for mu4e and git information.
(use-package doom-modeline :init (doom-modeline-mode) (column-number-mode) :custom ((doom-modeline-height 22) (doom-modeline-indent-info nil) (doom-modeline-buffer-encoding nil)))
4.3.13. Helper Modes
- Vertico, Orderless, Marginalia, Consult, Embark
This set of packages uses the default emacs completion framework and works together to provide a very nice user experience:
- Vertico simply provides a vertically stacking completion
- Marginalia adds more information to completion results
- Orderless allows for fuzzy matching
- Consult provides better implementations for several user functions, e.g.
consult-lineorconsult-outline - Embark allows acting on the results in the minibuffer while the completion is still ongoing - this is extremely useful since it allows to, for example, read the documentation for several functions without closing the help search. It can also collect the results of a grep operation into a seperate buffer that edits the result in their original location.
Nerd icons is originally enabled here: Icons
- vertico
(setq read-buffer-completion-ignore-case t read-file-name-completion-ignore-case t completion-ignore-case t) (use-package vertico :custom (vertico-scroll-margin 0) (vertico-count 10) (vertico-resize t) (vertico-cycle t) :init (vertico-mode) (vertico-mouse-mode)) - vertico-directory
This package allows for
Ido-like directory navigation.(use-package vertico-directory :ensure nil :after vertico :bind (:map vertico-map ("RET" . vertico-directory-enter) ("C-DEL" . vertico-directory-delete-word) ("DEL" . vertico-directory-delete-char)) ;; Tidy shadowed file names :hook (rfn-eshadow-update-overlay . vertico-directory-tidy)) - orderless
When first installing orderless, I often times faced the problem, that when editing long files and calling
consult-line, Emacs would hang when changing a search term in the middle (e.g. fromservicse.xservertoservic.xserverin order to fix the typo). The below orderless rules have a more strict matching that has a positive impact on performance.(use-package orderless :config (orderless-define-completion-style orderless+initialism (orderless-matching-styles '(orderless-initialism orderless-literal orderless-regexp))) (setq completion-styles '(orderless) completion-category-defaults nil completion-category-overrides '((file (styles partial-completion orderless+initialism)) (buffer (styles orderless+initialism)) (consult-multi (styles orderless+initialism)) (command (styles orderless+initialism)) (eglot (styles orderless+initialism)) (variable (styles orderless+initialism)) (symbol (styles orderless+initialism))) orderless-matching-styles '(orderless-literal orderless-regexp))) - consult
The big winner here are the convenient keybinds being setup here for general use. Also, I setup vim-navigation for minibuffer completions.
consult-bufferis set twice because I am still used to that weirdC-M-jcommand that I chose forivy-switch-bufferwhen I first started using Emacs. I want to move to the other command but for now it is not feasible to delete the other one.(use-package consult :config (setq consult-fontify-max-size 1024) :bind (("C-x b" . consult-buffer) ("C-c <C-m>" . consult-global-mark) ("C-c C-a" . consult-org-agenda) ("C-x O" . consult-org-heading) ("C-M-j" . consult-buffer) ("C-s" . consult-line) ("M-g M-g" . consult-goto-line) ("M-g i" . consult-imenu) ("M-s M-s" . consult-line-multi) :map minibuffer-local-map ("C-j" . next-line) ("C-k" . previous-line))) - embark
I have stripped down the embark keybinds heavily. It is very useful to me even in it's current state, but it quickly becomes overwhelming.
embark-dwimacts on a candidate without closing the minibuffer, which is very useful.embark-actlets the user choose from all actions, but has an overwhelming interface.(use-package embark :bind (("C-." . embark-act) ("M-." . embark-dwim) ("C-h B" . embark-bindings) ("C-c c" . embark-collect)) :custom (prefix-help-command #'embark-prefix-help-command) (embark-quit-after-action '((t . nil))) :config (add-to-list 'display-buffer-alist '("\\`\\*Embark Collect \\(Live\\|Completions\\)\\*" nil (window-parameters (mode-line-format . none))))) - embark-consult
Provides previews for embark.
(use-package embark-consult :after (embark consult) :demand t ; only necessary if you have the hook below ;; if you want to have consult previews as you move around an ;; auto-updating embark collect buffer :hook (embark-collect-mode . consult-preview-at-point-mode))
- marginalia
I set the annotation-mode of marginalia to
heavy. This gives even more information on the stuff that you are looking at. One thing I am missing from ivy is the highlighting onmode-commands based on the current state of the mode. Also, I do not understand all the shorthands used by marginalia yet.(use-package marginalia :after vertico :init (marginalia-mode) (setq marginalia-annotators '(marginalia-annotators-heavy marginalia-annotators-light nil)))
- nerd-icons-completion
As stated above, this simply provides nerd-icons to the completion framework.
(use-package nerd-icons-completion :after (marginalia nerd-icons) :hook (marginalia-mode . nerd-icons-completion-marginalia-setup) :init (nerd-icons-completion-mode))
- Helpful + which-key: Better help defaults
This pair of packages provides information on keybinds in addition to function names, which makes it easier to remember keybinds (
which-key). Thehelpfulpackage provides a betterHelpframework for Emacs. For some reason, the Help windows are always being focused by the cursor even though I have sethelp-window-selectto nil. I do not understand why.(use-package which-key :init (which-key-mode) :diminish which-key-mode :config (setq which-key-idle-delay 0.3)) (use-package helpful :bind (("C-h f" . helpful-callable) ("C-h v" . helpful-variable) ("C-h k" . helpful-key) ("C-h C-." . helpful-at-point)) :config (setq help-window-select nil))
4.3.14. Ligatures
Personally, I think ligatures are fancy. With this mode, they stay 'cursorable'. However, I do not need them in all modes, so I only use them in programming modes.
(use-package ligature
:init
(global-ligature-mode t)
:config
(ligature-set-ligatures 'prog-mode
'("|||>" "<|||" "<==>" "<!--" "####" "~~>" "***" "||=" "||>"
":::" "::=" "=:=" "===" "==>" "=!=" "=>>" "=<<" "=/=" "!=="
"!!." ">=>" ">>=" ">>>" ">>-" ">->" "->>" "-->" "---" "-<<"
"<~~" "<~>" "<*>" "<||" "<|>" "<$>" "<==" "<=>" "<=<" "<->"
"<--" "<-<" "<<=" "<<-" "<<<" "<+>" "</>" "###" "#_(" "..<"
"..." "+++" "/==" "///" "_|_" "www" "&&" "^=" "~~" "~@" "~="
"~>" "~-" "**" "*>" "*/" "||" "|}" "|]" "|=" "|>" "|-" "{|"
"[|" "]#" "::" ":=" ":>" ":<" "$>" "==" "=>" "!=" "!!" ">:"
">=" ">>" ">-" "-~" "-|" "->" "--" "-<" "<~" "<*" "<|" "<:"
"<$" "<=" "<>" "<-" "<<" "<+" "</" "#{" "#[" "#:" "#=" "#!"
"##" "#(" "#?" "#_" "%%" ".=" ".." ".?" "+>" "++" "?:" "?="
"?." "??" "/*" "/=" "/>" "//" "__" "~~" "(*" "*)" "\\\\"
"://" ";;")))
4.3.15. Popup (popper) + Shackle Buffers
The popper package allows to declare different buffers as 'popup-type', which sort of acts like a scratchpad. It can be toggled at any time using popper-toggle and the resulting frame can be freely customized (with shackle) to a certain size. It is also possible to prevent a buffer from appearing - I do this for example to the *Warnings* buffer, since usually I am not interested in it's output.
popper-echo-mode shows all buffers that are currently stored as a popup in the echo area when a popup is opened - this is useful since you can cycle between all popup buffers.
(use-package popper
:bind (("M-[" . popper-toggle))
:init
(setq popper-reference-buffers
'("\\*Messages\\*"
("\\*Warnings\\*" . hide)
"Output\\*$"
"\\*Async Shell Command\\*"
"\\*Async-native-compile-log\\*"
help-mode
helpful-mode
"*Occur*"
"*scratch*"
"*julia*"
"*Python*"
"*rustic-compilation*"
"*cargo-run*"
;; ("*tex-shell*" . hide)
(compilation-mode . hide)))
(popper-mode +1)
(popper-echo-mode +1))
(use-package shackle
:config
(setq shackle-rules '(("*Messages*" :select t :popup t :align right :size 0.3)
("*Warnings*" :ignore t :popup t :align right :size 0.3)
("*Occur*" :select t :popup t :align below :size 0.2)
("*scratch*" :select t :popup t :align below :size 0.2)
("*Python*" :select t :popup t :align below :size 0.2)
("*rustic-compilation*" :select t :popup t :align below :size 0.4)
("*cargo-run*" :select t :popup t :align below :size 0.2)
("*tex-shell*" :ignore t :popup t :align below :size 0.2)
(helpful-mode :select t :popup t :align right :size 0.35)
(help-mode :select t :popup t :align right :size 0.4)))
(shackle-mode 1))
4.3.16. Indicate first and last line of buffer
This places little angled indicators on the fringe of a window which indicate buffer boundaries. This is not super useful, but makes use of a space that I want to keep for aesthetic reasons anyways and makes it a bit more useful in the process.
(setq-default indicate-buffer-boundaries t)
4.4. Modules
This section houses all configuration bits that are related to a specific package that is not fundamental to my Emacs experience.
At some point this will receive further sorting, but for now this is good enough.
4.4.1. Org Mode
org-mode is probably my most-used mode in Emcas. It acts as my organizer, config management tool and calender even.
Note that nearly all headings within the Org-mode heading are coded within the use-package setup, so be very careful about moving stuff about here.
- General org-mode
This sets up the basic org-mode. I wrote a function to handle some of the initial org-mode behaviour in org-mode setup. This part of the configuration mostly makes some aesthetic changes, enables neat LaTeX and points Emacs to some files that it needs for org-mode
(use-package org ;;:diminish (org-indent-mode) :hook (org-mode . swarsel/org-mode-setup) :bind (("C-<tab>" . org-fold-outer) ("C-c s" . org-store-link)) :config (setq org-ellipsis " ⤵" org-link-descriptive t org-hide-emphasis-markers t) (setq org-startup-folded t) (setq org-support-shift-select t) ;; (setq org-agenda-start-with-log-mode t) ;; (setq org-log-done 'time) ;; (setq org-log-into-drawer t) (setq org-startup-with-inline-images t) (setq org-image-actual-width nil) (setq org-format-latex-options '(:foreground "White" :background default :scale 2.0 :html-foreground "Black" :html-background "Transparent" :html-scale 1.0 :matchers ("begin" "$1" "$" "$$" "\\(" "\\["))) - org-agenda
Here I setup a plethora of keywords, keybinds and paths to give my org-agenda more power.
(setq org-agenda-files '("/home/swarsel/Nextcloud/Org/Tasks.org" "/home/swarsel/Nextcloud/Org/Archive.org" "/home/swarsel/Nextcloud/Org/Anki.org" "/home/swarsel/Calendars/leon_cal.org")) (setq org-refile-targets '((swarsel-archive-org-file :maxlevel . 1) (swarsel-anki-org-file :maxlevel . 1) (swarsel-tasks-org-file :maxlevel . 1))) (setq org-todo-keywords '((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d!)") (sequence "BACKLOG(b)" "PLAN(p)" "READY(r)" "ACTIVE(a)" "REVIEW(v)" "WAIT(w@/!)" "HOLD(h)" "|" "COMPLETED(c)" "CANC(k@)"))) ;; Configure custom agenda views (setq org-agenda-custom-commands '(("d" "Dashboard" ((agenda "" ((org-deadline-warning-days 7))) (todo "NEXT" ((org-agenda-overriding-header "Next Tasks"))) (tags-todo "agenda/ACTIVE" ((org-agenda-overriding-header "Active Projects"))))) ("n" "Next Tasks" ((todo "NEXT" ((org-agenda-overriding-header "Next Tasks"))))) ("W" "Work Tasks" tags-todo "+work-email") ("w" "Workflow Status" ((todo "WAIT" ((org-agenda-overriding-header "Waiting on External") (org-agenda-files org-agenda-files))) (todo "REVIEW" ((org-agenda-overriding-header "In Review") (org-agenda-files org-agenda-files))) (todo "PLAN" ((org-agenda-overriding-header "In Planning") (org-agenda-todo-list-sublevels nil) (org-agenda-files org-agenda-files))) (todo "BACKLOG" ((org-agenda-overriding-header "Project Backlog") (org-agenda-todo-list-sublevels nil) (org-agenda-files org-agenda-files))) (todo "READY" ((org-agenda-overriding-header "Ready for Work") (org-agenda-files org-agenda-files))) (todo "ACTIVE" ((org-agenda-overriding-header "Active Projects") (org-agenda-files org-agenda-files))) (todo "COMPLETED" ((org-agenda-overriding-header "Completed Projects") (org-agenda-files org-agenda-files))) (todo "CANC" ((org-agenda-overriding-header "Cancelled Projects") (org-agenda-files org-agenda-files))))))) - org capture templates
I wrote these capture templates to allow myself to quickly create Anki cards from within Emacs. I nearly never use this feature, but it cannot hurt to have.
(setq org-capture-templates `( ("a" "Anki basic" entry (file+headline swarsel-org-anki-filepath "Dispatch") (function swarsel-anki-make-template-string)) ("A" "Anki cloze" entry (file+headline org-swarsel-anki-file "Dispatch") "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: Cloze\n:ANKI_DECK: 🦁 All::01 ❤️ Various::00 ✨ Allgemein\n:END:\n** Text\n%?\n** Extra\n") ("t" "Tasks / Projects") ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox") "* TODO %?\n %U\n %a\n %i" :empty-lines 1) )) ) - Font Faces
Again, my understanding of the font-faces in Emacs is limited. This is mostly just tuned so that my org-files look acceptable.
;; Set faces for heading levels (with-eval-after-load 'org-faces (dolist (face '((org-level-1 . 1.1) (org-level-2 . 0.9) (org-level-3 . 0.9) (org-level-4 . 0.9) (org-level-5 . 0.9) (org-level-6 . 0.9) (org-level-7 . 0.9) (org-level-8 . 0.9))) (set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face))) ;; Ensure that anything that should be fixed-pitch in Org files appears that way (set-face-attribute 'org-block nil :inherit 'fixed-pitch) (set-face-attribute 'org-table nil :inherit 'fixed-pitch) (set-face-attribute 'org-formula nil :inherit 'fixed-pitch) (set-face-attribute 'org-code nil :inherit '(shadow fixed-pitch)) (set-face-attribute 'org-verbatim nil :inherit '(shadow fixed-pitch)) (set-face-attribute 'org-special-keyword nil :inherit '(font-lock-comment-face fixed-pitch)) (set-face-attribute 'org-meta-line nil :inherit '(font-lock-comment-face fixed-pitch)) (set-face-attribute 'org-checkbox nil :inherit 'fixed-pitch)) - org-appear
This package makes emphasis-markers appear when the cursor moves over them. Very useful as I enjoy the clean look of not always seeing them, but it is annoying not to be able to edit them properly.
(use-package org-appear :hook (org-mode . org-appear-mode) :init (setq org-appear-autolinks t) (setq org-appear-autokeywords t) (setq org-appear-autoentities t) (setq org-appear-autosubmarkers t))
- Centered org-mode Buffers
I like org-mode buffers to be centered, as I do not find that enormous lines are of big use.
Function definition in: Visual-fill column
(use-package visual-fill-column :hook (org-mode . swarsel/org-mode-visual-fill))
- Fix headings not folding sometimes
There is a weird bug in org-mode that makes it so that headings were not folding correctly sometimes. This setting seems to fix it.
(setq org-fold-core-style 'overlays)
- Babel
org-babel allows to run blocks in other programming languages within an org-mode buffer, similar to what e.g. jupyterhub offers for python.
It also offers a very useful utility of exporting org-mode buffers to different formats; the feature I enjoy most is what makes this file useful: the tangling functionality.
- Language Configuration
- This configures the languages that babel recognizes.
(org-babel-do-load-languages 'org-babel-load-languages '((emacs-lisp . t) (python . t) (js . t) (shell . t) )) (push '("conf-unix" . conf-unix) org-src-lang-modes) (setq org-export-with-broken-links 'mark) - old easy structure templates
org 9.2 changed the way structure templates work. This brings back the old way it worked.
Usage: Type
<, followed by one of the below keywords and pressRET. The corresponding source block should appear.(require 'org-tempo) (add-to-list 'org-structure-template-alist '("sh" . "src shell")) (add-to-list 'org-structure-template-alist '("el" . "src emacs-lisp")) (add-to-list 'org-structure-template-alist '("py" . "src python :results output")) (add-to-list 'org-structure-template-alist '("nix" . "src nix :tangle"))
- Language Configuration
- aucTex
This provides several utilities for LaTeX in Emacs, including many completions and convenience functions for math-mode.
(use-package auctex) (setq TeX-auto-save t) (setq TeX-save-query nil) (setq TeX-parse-self t) (setq-default TeX-master nil) (add-hook 'LaTeX-mode-hook 'visual-line-mode) (add-hook 'LaTeX-mode-hook 'flyspell-mode) (add-hook 'LaTeX-mode-hook 'LaTeX-math-mode) (add-hook 'LaTeX-mode-hook 'reftex-mode) (setq LaTeX-electric-left-right-brace t) (setq font-latex-fontify-script nil) (setq TeX-electric-sub-and-superscript t) ;; (setq reftex-plug-into-AUCTeX t)
- org-download
This package allows to download and copy images into org-mode buffers. Sadly it does not work in a very stable manner - if you copy images that are also links to another page (like is often the case in a Google image search), Emacs might crash from this.
(use-package org-download :after org :defer nil :custom (org-download-method 'directory) (org-download-image-dir "./images") (org-download-heading-lvl 0) (org-download-timestamp "org_%Y%m%d-%H%M%S_") ;;(org-image-actual-width 500) (org-download-screenshot-method "grim -g \"$(slurp)\" %s") :bind ("C-M-y" . org-download-screenshot) :config (require 'org-download)) - org-fragtog
This package automatically toggles LaTeX-fragments in org-files. It seems to also work in markdown-files which is a nice addition, as my Obsidian notes are held in markdown.
(use-package org-fragtog) (add-hook 'org-mode-hook 'org-fragtog-mode) (add-hook 'markdown-mode-hook 'org-fragtog-mode)
- org-modern
This just makes org-mode a little bit more beautiful, mostly by making the
begin_srcandend_srctags in source-blocks turn into more beautiful icons, as well as hiding#+tags before them, as well as in the properties section of the file.(use-package org-modern :config (setq org-modern-block-name '((t . t) ("src" "»" "∥"))) :hook (org-mode . org-modern-mode)) - Presentations
Recently I have grown fond of holding presentations using Emacs :)
(use-package org-present :bind (:map org-present-mode-keymap ("q" . org-present-quit) ("<left>" . swarsel/org-present-prev) ("<up>" . 'ignore) ("<down>" . 'ignore) ("<right>" . swarsel/org-present-next)) :hook ((org-present-mode . swarsel/org-present-start) (org-present-mode-quit . swarsel/org-present-end)) ) (use-package hide-mode-line) (defun swarsel/org-present-start () (setq-local face-remapping-alist '((default (:height 1.5) variable-pitch) (header-line (:height 4.0) variable-pitch) (org-document-title (:height 1.75) org-document-title) (org-code (:height 1.55) org-code) (org-verbatim (:height 1.55) org-verbatim) (org-block (:height 1.25) org-block) (org-block-begin-line (:height 0.7) org-block) )) (dolist (face '((org-level-1 . 1.1) (org-level-2 . 1.2) (org-level-3 . 1.2) (org-level-4 . 1.2) (org-level-5 . 1.2) (org-level-6 . 1.2) (org-level-7 . 1.2) (org-level-8 . 1.2))) (set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face))) (setq header-line-format " ") (setq visual-fill-column-width 90) (setq indicate-buffer-boundaries nil) (setq inhibit-message nil) (breadcrumb-mode 0) (org-display-inline-images) (global-hl-line-mode 0) (display-line-numbers-mode 0) (org-modern-mode 0) (evil-insert-state 1) (beginning-of-buffer) (org-present-read-only) ;; (org-present-hide-cursor) (swarsel/org-present-slide) ) (defun swarsel/org-present-end () (setq-local face-remapping-alist '((default variable-pitch default))) (dolist (face '((org-level-1 . 1.1) (org-level-2 . 0.9) (org-level-3 . 0.9) (org-level-4 . 0.9) (org-level-5 . 0.9) (org-level-6 . 0.9) (org-level-7 . 0.9) (org-level-8 . 0.9))) (set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face))) (setq header-line-format nil) (setq visual-fill-column-width 150) (setq indicate-buffer-boundaries t) (setq inhibit-message nil) (breadcrumb-mode 1) (global-hl-line-mode 1) (display-line-numbers-mode 1) (org-remove-inline-images) (org-modern-mode 1) (evil-normal-state 1) ;; (org-present-show-cursor) ) (defun swarsel/org-present-slide () (org-overview) (org-show-entry) (org-show-children) ) (defun swarsel/org-present-prev () (interactive) (org-present-prev) (swarsel/org-present-slide)) (defun swarsel/org-present-next () (interactive) (unless (eobp) (org-next-visible-heading 1) (org-fold-show-entry)) (when (eobp) (org-present-next) (swarsel/org-present-slide) )) (defun clojure-leave-clojure-mode-function () ) (add-hook 'buffer-list-update-hook #'clojure-leave-clojure-mode-function) (add-hook 'org-present-mode-hook 'swarsel/org-present-start) (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide)
4.4.2. Nix Mode
This adds a rudimentary nix-mode to Emacs. I have not really tried this out, as I am mostly editing nix-files in org-mode anyways.
(use-package nix-mode :mode "\\.nix\\'")
4.4.3. nixpkgs-fmt
Adds functions for formatting nix code.
(use-package nixpkgs-fmt)
4.4.4. Markdown Mode
- Mode
(setq markdown-command "pandoc") (use-package markdown-mode :ensure t :mode ("README\\.md\\'" . gfm-mode) :init (setq markdown-command "multimarkdown") :bind (:map markdown-mode-map ("C-c C-e" . markdown-do))) - LaTeX in Markdown
(add-hook 'markdown-mode-hook (lambda () (local-set-key (kbd "C-c C-x C-l") 'org-latex-preview) (local-set-key (kbd "C-c C-x C-u") 'markdown-toggle-url-hiding) ))
4.4.5. Olivetti
Olivetti is a mode specialized for writing prose in Emacs. I went for a very simple setup with little distractions.
This mode is not automatically activated anywhere because I only rarely need it.
(use-package olivetti :init (setq olivetti-body-width 100) (setq olivetti-recall-visual-line-mode-entry-state t))
4.4.6. darkroom
Darkroom is package that reduces all forms of distraction to a minimum - this can be useful when simply reading a file for example. For this mode I have increased the text scale by a large margin to make for comfortable reading This mode is not automatically activated anywhere because I only rarely need it.
(use-package darkroom :init (setq darkroom-text-scale-increase 3))
4.4.7. Ripgrep
This is the ripgrep command for Emacs.
(use-package rg)
4.4.8. Tree-sitter
Tree-sitter is a parsing library integrated into Emacs to provide better syntax highlighting and code analysis. It generates concrete syntax trees for source code, enabling more accurate and efficient text processing. Emacs' tree-sitter integration enhances language support, offering features like incremental parsing and precise syntax-aware editing. This improves the development experience by providing robust and dynamic syntax features, making it easier for me to navigate and manipulate code.
In order to update the language grammars, run the next command below.
(mapc #'treesit-install-language-grammar (mapcar #'car treesit-language-source-alist))
(use-package emacs
:ensure nil
:init
(setq treesit-language-source-alist
'((bash . ("https://github.com/tree-sitter/tree-sitter-bash"))
(c . ("https://github.com/tree-sitter/tree-sitter-c"))
(cmake . ("https://github.com/uyha/tree-sitter-cmake"))
(cpp . ("https://github.com/tree-sitter/tree-sitter-cpp"))
(css . ("https://github.com/tree-sitter/tree-sitter-css"))
(elisp . ("https://github.com/Wilfred/tree-sitter-elisp"))
(go . ("https://github.com/tree-sitter/tree-sitter-go"))
(html . ("https://github.com/tree-sitter/tree-sitter-html"))
(javascript . ("https://github.com/tree-sitter/tree-sitter-javascript"))
(json . ("https://github.com/tree-sitter/tree-sitter-json"))
(julia . ("https://github.com/tree-sitter/tree-sitter-julia"))
(latex . ("https://github.com/latex-lsp/tree-sitter-latex"))
(make . ("https://github.com/alemuller/tree-sitter-make"))
(markdown . ("https://github.com/ikatyang/tree-sitter-markdown"))
(R . ("https://github.com/r-lib/tree-sitter-r"))
(python . ("https://github.com/tree-sitter/tree-sitter-python"))
(typescript . ("https://github.com/tree-sitter/tree-sitter-typescript" "typescript/src" "typescript"))
(rust . ("https://github.com/tree-sitter/tree-sitter-rust"))
(sql . ("https://github.com/m-novikov/tree-sitter-sql"))
(toml . ("https://github.com/tree-sitter/tree-sitter-toml"))
(tsx . ("https://github.com/tree-sitter/tree-sitter-typescript" "master" "typescript/src"))
(yaml . ("https://github.com/ikatyang/tree-sitter-yaml"))))
)
(use-package treesit-auto
:config
(global-treesit-auto-mode)
(setq treesit-auto-install 'prompt))
4.4.9. direnv (envrc)
(use-package direnv :custom (direnv-always-show-summary nil) :config (direnv-mode))
4.4.10. avy
avy provides the ability to search for any character on the screen (not only in the current buffer!) - I enjoy this utility a lot and use it possibly even more often than the native vim commands.
(use-package avy
:bind
(("M-o" . avy-goto-char-timer))
:config
(setq avy-all-windows 'all-frames))
4.4.11. crdt (Collaborative Editing)
With this it is possible to work on the same file collaboratively. I have never tried it out, but it sounds cool.
(use-package crdt)
4.4.12. devdocs
devdocs is a very nice package that provides documentation from https:devdocs.io. This is very useful since e.g. pyright provides only a very bad documentation and I do not want to leave Emacs all the time just to read documentation.
To install a documentation, use the devdocs=install command and select the appropriate version. devdocs-update-all can be used to download and reinstall all installed documents if a newer version is available. Check documentation with devdocs-lookup (C-SPC h d).
(use-package devdocs)
(add-hook 'python-mode-hook
(lambda () (setq-local devdocs-current-docs '("python~3.12" "numpy~1.23" "matplotlib~3.7" "pandas~1"))))
(add-hook 'python-ts-mode-hook
(lambda () (setq-local devdocs-current-docs '("python~3.12" "numpy~1.23" "matplotlib~3.7" "pandas~1"))))
(add-hook 'c-mode-hook
(lambda () (setq-local devdocs-current-docs '("c"))))
(add-hook 'c-ts-mode-hook
(lambda () (setq-local devdocs-current-docs '("c"))))
(add-hook 'c++-mode-hook
(lambda () (setq-local devdocs-current-docs '("cpp"))))
(add-hook 'c++-ts-mode-hook
(lambda () (setq-local devdocs-current-docs '("cpp"))))
; (devdocs-update-all)
4.4.13. Projectile
projectile is useful for keeping track of your git projects within Emacs. I mostly use it to quickly switch between projects.
(use-package projectile
:diminish projectile-mode
:config (projectile-mode)
:custom ((projectile-completion-system 'auto)) ;; integrate ivy into completion system
:bind-keymap
("C-c p" . projectile-command-map) ; all projectile commands under this
:init
;; NOTE: Set this to the folder where you keep your Git repos!
(when (file-directory-p swarsel-projects-directory)
(setq projectile-project-search-path (list swarsel-projects-directory)))
(setq projectile-switch-project-action #'magit-status))
4.4.14. Magit
magit is the best git utility I have ever used - it has a beautiful interface and is very verbose. Here I mostly just setup the list of repositories that I want to expost to magit.
Also, Emacs needs a little extra love to accept my Yubikey for git commits etc. We also set that here.
(use-package magit
:config
(setq magit-repository-directories `((,swarsel-projects-directory . 1)
(,swarsel-emacs-directory . 0)
(,swarsel-obsidian-directory . 0)
("~/.dotfiles/" . 0)))
:custom
(magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window
4.4.15. Yubikey support
The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least.
;; yubikey support for pushing commits ;; commiting is enabled through nixos gpg-agent config (use-package pinentry) (pinentry-start) (setq epg-pinentry-mode 'loopback) (setenv "SSH_AUTH_SOCK" (string-chop-newline (shell-command-to-string "gpgconf --list-dirs agent-ssh-socket")))
4.4.16. Forge
NOTE: Make sure to configure a GitHub token before using this package!
- https://magit.vc/manual/forge/Token-Creation.html#Token-Creation
- https://magit.vc/manual/ghub/Getting-Started.html#Getting-Started
- https://magit.vc/manual/ghub/Storing-a-Token.html
https://www.emacswiki.org/emacs/GnuPG
(1) in practice: github -<> settings -<> developer option -<> create classic token with repo; user; read:org permissions (2) install GnuGP (and add to PATH) (3) create ~/.authinfo.gpg with the following info scheme: machine api.github.com login USERNAMEforge password 012345abcdef…
(use-package forge
:after magit)
(with-eval-after-load 'forge
(add-to-list 'forge-alist
'("sgit.iue.tuwien.ac.at"
"sgit.iue.tuwien.ac.at/api/v1"
"sgit.iue.tuwien.ac.at"
forge-gitea-repository)))
4.4.17. git-timemachine
This is just a nice utility to browse different versions of a file of a git project within Emacs.
(use-package git-timemachine :hook (git-time-machine-mode . evil-normalize-keymaps) :init (setq git-timemachine-show-minibuffer-details t))
4.4.18. Delimiters (brackets): rainbow-delimiters, highlight-parentheses
- rainbow-delimiters colors all delimiters, also ones not in current selection
- paren highlights the current delimiter selection especially bold
- highlight-parentheses boldly highlights all delimiters in current selection
I am not completely sure on electric-pair-mode yet, sometimes it is very helpful, sometimes it annoys me to no end.
(use-package rainbow-delimiters
:hook (prog-mode . rainbow-delimiters-mode))
(use-package highlight-parentheses
:config
(setq highlight-parentheses-colors '("black" "white" "black" "black" "black" "black" "black"))
(setq highlight-parentheses-background-colors '("magenta" "blue" "cyan" "green" "yellow" "orange" "red"))
(global-highlight-parentheses-mode t))
(electric-pair-mode 1)
(setq electric-pair-preserve-balance t)
(setq electric-pair-skip-self nil)
(setq electric-pair-delete-adjacent-pairs t)
;; don't skip newline when auto-pairing parenthesis
(setq electric-pair-skip-whitespace-chars '(9 32))
;; in org-mode buffers, do not pair < and > in order not to interfere with org-tempo
(add-hook 'org-mode-hook (lambda ()
(setq-local electric-pair-inhibit-predicate
`(lambda (c)
(if (char-equal c ?<) t (,electric-pair-inhibit-predicate c))))))
4.4.19. rainbow-mode
Complimentary to the delimiters-packages above, this package sets the background color of the delimiters, which makes it easier to see at a glance where we are in a delimiter-tree.
(use-package rainbow-mode :config (rainbow-mode))
4.4.20. Corfu
This is the company equivalent to the vertico gang.
I dislike the standard behaviour that makes the cursor move into the completion framework on presses of <up> and <down>.
Nerd icons is originally enabled here: Icons
Navigation functions defined here: corfu: Do not interrupt navigation
;; (use-package corfu
;; :custom
;; (corfu-cycle t)
;; :init
;; (global-corfu-mode))
(use-package corfu
:init
(global-corfu-mode)
(corfu-history-mode)
(corfu-popupinfo-mode) ; Popup completion info
:custom
(corfu-auto t)
(corfu-auto-prefix 3)
(corfu-auto-delay 0.3)
(corfu-cycle t)
(corfu-quit-no-match 'separator)
(corfu-separator ?\s)
;; (corfu-quit-no-match t)
(corfu-popupinfo-max-height 70)
(corfu-popupinfo-delay '(0.5 . 0.2))
;; (corfu-preview-current 'insert) ; insert previewed candidate
(corfu-preselect 'prompt)
(corfu-on-exact-match nil) ; Don't auto expand tempel snippets
;; Optionally use TAB for cycling, default is `corfu-complete'.
:bind (:map corfu-map
("M-SPC" . corfu-insert-separator)
("<return>" . swarsel/corfu-normal-return)
;; ("C-<return>" . swarsel/corfu-complete)
("S-<up>" . corfu-popupinfo-scroll-down)
("S-<down>" . corfu-popupinfo-scroll-up)
("C-<up>" . corfu-previous)
("C-<down>" . corfu-next)
("<insert-state> <up>" . swarsel/corfu-quit-and-up)
("<insert-state> <down>" . swarsel/corfu-quit-and-down))
)
(use-package nerd-icons-corfu)
(add-to-list 'corfu-margin-formatters #'nerd-icons-corfu-formatter)
(setq nerd-icons-corfu-mapping
'((array :style "cod" :icon "symbol_array" :face font-lock-type-face)
(boolean :style "cod" :icon "symbol_boolean" :face font-lock-builtin-face)
;; ...
(t :style "cod" :icon "code" :face font-lock-warning-face)))
4.4.21. cape
cape adds even more completion capabilities by adding a lot of completion logic that is exposed as separate functions. I tried out adding these to the completion-at-points-functions alist, but I felt like it cluttered my suggestions too much. Hence I now just call the respective functions when I need them. For this I setup the C-z keybinding in General evil.
I leave the commented out alist extensions here in case I want to try them out at some point in the future.
(use-package cape
:bind
("C-z p" . completion-at-point) ;; capf
("C-z t" . complete-tag) ;; etags
("C-z d" . cape-dabbrev) ;; or dabbrev-completion
("C-z h" . cape-history)
("C-z f" . cape-file)
("C-z k" . cape-keyword)
("C-z s" . cape-elisp-symbol)
("C-z e" . cape-elisp-block)
("C-z a" . cape-abbrev)
("C-z l" . cape-line)
("C-z w" . cape-dict)
("C-z :" . cape-emoji)
("C-z \\" . cape-tex)
("C-z _" . cape-tex)
("C-z ^" . cape-tex)
("C-z &" . cape-sgml)
("C-z r" . cape-rfc1345)
;; Add to the global default value of `completion-at-point-functions' which is
;; used by `completion-at-point'. The order of the functions matters, the
;; first function returning a result wins. Note that the list of buffer-local
;; completion functions takes precedence over the global list.
;; (add-to-list 'completion-at-point-functions #'cape-dabbrev)
;; (add-to-list 'completion-at-point-functions #'cape-file)
;; (add-to-list 'completion-at-point-functions #'cape-elisp-block)
;; (add-to-list 'completion-at-point-functions #'cape-history)
;; (add-to-list 'completion-at-point-functions #'cape-keyword)
;; (add-to-list 'completion-at-point-functions #'cape-tex)
;; (add-to-list 'completion-at-point-functions #'cape-sgml)
;; (add-to-list 'completion-at-point-functions #'cape-rfc1345)
;; (add-to-list 'completion-at-point-functions #'cape-abbrev)
;; (add-to-list 'completion-at-point-functions #'cape-dict)
;; (add-to-list 'completion-at-point-functions #'cape-elisp-symbol)
;; (add-to-list 'completion-at-point-functions #'cape-line)
)
4.4.22. rust
This sets up rustic-mode with tree-sitter support - there is still one issue to iron out with automatic adding of dependency crates, but everything else works fine now.
(use-package rustic
:init
(setq rust-mode-treesitter-derive t)
:config
(define-key rust-ts-mode-map (kbd "C-c C-c C-r") 'rustic-cargo-run)
(define-key rust-ts-mode-map (kbd "C-c C-c C-b") 'rustic-cargo-build)
(define-key rust-ts-mode-map (kbd "C-c C-c C-k") 'rustic-cargo-check)
(define-key rust-ts-mode-map (kbd "C-c C-c d") 'rustic-cargo-doc)
(define-key rust-ts-mode-map (kbd "C-c C-c a") 'rustic-cargo-add)
(setq rustic-format-on-save t)
(setq rustic-lsp-client 'eglot)
:mode ("\\.rs" . rustic-mode))
4.4.23. Tramp
Tramp allows for SSH access of files over Emacs. I have no ideas what the options here mean, but this is a recommended configuration that I found (sadly I lost the link). I need to research more what these options really do.
(use-package tramp
:init
(setq vc-ignore-dir-regexp
(format "\\(%s\\)\\|\\(%s\\)"
vc-ignore-dir-regexp
tramp-file-name-regexp))
(setq tramp-default-method "ssh")
(setq tramp-auto-save-directory
(expand-file-name "tramp-auto-save" user-emacs-directory))
(setq tramp-persistency-file-name
(expand-file-name "tramp-connection-history" user-emacs-directory))
(setq password-cache-expiry nil)
(setq tramp-use-ssh-controlmaster-options nil)
(setq remote-file-name-inhibit-cache nil)
:config
(customize-set-variable 'tramp-ssh-controlmaster-options
(concat
"-o ControlPath=/tmp/ssh-tramp-%%r@%%h:%%p "
"-o ControlMaster=auto -o ControlPersist=yes"))
)
4.4.24. diff-hl
This is a simple highlighting utility that uses the margin to visually show the differences since the last git commit.
(use-package diff-hl
:hook
((prog-mode
org-mode) . diff-hl-mode)
:init
(diff-hl-flydiff-mode)
(diff-hl-margin-mode)
(diff-hl-show-hunk-mouse-mode))
4.4.25. Commenting
This package allows for swift commenting out and in of code snippets. For some reason, it is a bit broken in my config, as it sometimes comments out too much, sometimes too little, and sometimes it splits lines during commenting. Also, in org-mode when inside a src-block, it often times jumps to the top of the block.
Still, this is avery convenient package.
(use-package evil-nerd-commenter
:bind ("M-/" . evilnc-comment-or-uncomment-lines))
4.4.26. yasnippet
yasnippet allows to define snippets that can be quickly expanded by hitting the TAB key after inputting a keyword.
I used to run this together with the yasnippet-snippets package, but the snippets in there I did not find all too useful for myself. I need to create some custom snippets here one day.
(use-package yasnippet :init (yas-global-mode 1) :config (yas-reload-all))
- yasnippet math-snippets
The following block is mostly inspired from https://code.kulupu.party/thesuess/WTFmacs/ and sets up a few prefixes that make LaTeX-math-mode nicer to use even with auctex and cape enabled.
(setq wtf/latex-mathbb-prefix "''") (setq swarsel/latex-mathcal-prefix "``") (use-package yasnippet :config (setq wtf/english-alphabet '("a" "b" "c" "d" "e" "f" "g" "h" "i" "j" "k" "l" "m" "n" "o" "p" "q" "r" "s" "t" "u" "v" "w" "x" "y" "z")) (dolist (elem wtf/english-alphabet) (when (string-equal elem (downcase elem)) (add-to-list 'wtf/english-alphabet (upcase elem)))) (yas-define-snippets 'latex-mode (mapcar (lambda (elem) (list (concat wtf/latex-mathbb-prefix elem) (concat "\\mathbb{" elem "}") (concat "Mathbb letter " elem))) wtf/english-alphabet)) (yas-define-snippets 'latex-mode (mapcar (lambda (elem) (list (concat swarsel/latex-mathcal-prefix elem) (concat "\\mathcal{" elem "}") (concat "Mathcal letter " elem))) wtf/english-alphabet)) (setq swtf/latex-math-symbols '(("x" . "\\times") ("*" . "\\cdot") ("." . "\\ldots") ("op" . "\\operatorname{$1}$0") ("o" . "\\circ") ("V" . "\\forall") ("v" . "\\vee") ("w" . "\\wedge") ("q" . "\\quad") ("f" . "\\frac{$1}{$2}$0") ("s" . "\\sum_{$1}^{$2}$0") ("p" . "\\prod_{$1}^{$2}$0") ("e" . "\\exists") ("i" . "\\int_{$1}^{$2}$0") ("c" . "\\cap") ("u" . "\\cup") ("0" . "\\emptyset"))) )
4.4.27. eglot
After having tried out lsp-mode and lsp-bridge for a while each, I must say that eglot feels the most clean and fast to me.
:CUSTOMID: h:424fbc62-84e2-42c7-a1ca-e43ea04c43e5
(use-package eglot
:ensure nil
:config
(add-to-list 'eglot-server-programs
'(yaml-ts-mode . ("ansible-language-server" "--stdio")))
:hook
((python-mode
python-ts-mode
c-mode
c-ts-mode
c++-mode
c++-ts-mode
rust-ts-mode
rustic-mode
tex-mode
LaTeX-mode
yaml-ts-mode
) . (lambda () (progn
(eglot-ensure)
(add-hook 'before-save-hook 'eglot-format nil 'local))))
:custom
(eldoc-echo-area-use-multiline-p nil)
(completion-category-defaults nil)
:bind (:map eglot-mode-map
("M-(" . flymake-goto-next-error)
("C-c ," . eglot-code-actions)))
(defalias 'start-lsp-server #'eglot)
4.4.28. Breadcrumb
This simple shows the path to the current file on the top of the buffer - I just think it looks kind of neat, even though it is not extremely useful :)
(use-package breadcrumb :config (breadcrumb-mode))
4.4.29. Prevent breaking of hardlinks
This setting ensures that hard links are preserved during the backup process, which is useful for maintaining the integrity of files that are linked in multiple locations.
(setq backup-by-copying-when-linked t)
4.4.30. Dirvish
Dirvish is an improvement upon the dired-framework and has more features like file preview etc. Sadly it has an incompatibility with openwith which is why I have disabled that package.
(use-package dirvish
:init
(dirvish-override-dired-mode)
:config
(dirvish-peek-mode)
(dirvish-side-follow-mode)
(setq dirvish-open-with-programs
(append dirvish-open-with-programs '(
(("xlsx" "docx" "doc" "odt" "ods") "libreoffice" "%f")
(("jpg" "jpeg" "png") "imv" "%f")
(("pdf") "sioyek" "%f")
(("xopp") "xournalpp" "%f"))))
:custom
(delete-by-moving-to-trash t)
(dired-listing-switches
"-l --almost-all --human-readable --group-directories-first --no-group")
(dirvish-attributes
'(vc-state subtree-state nerd-icons collapse file-time file-size))
(dirvish-quick-access-entries
'(("h" "~/" "Home")
("c" "~/.dotfiles/" "Config")
("d" "~/Downloads/" "Downloads")
("D" "~/Documents/" "Documents")
("p" "~/Documents/GitHub/" "Projects")
("/" "/" "Root")))
:bind
(("<DUMMY-i> d" . 'dirvish)
("C-=" . 'dirvish-side)
:map dirvish-mode-map
("h" . dired-up-directory)
("<left>" . dired-up-directory)
("l" . dired-find-file)
("<right>" . dired-find-file)
("j" . evil-next-visual-line)
("k" . evil-previous-visual-line)
("a" . dirvish-quick-access)
("f" . dirvish-file-info-menu)
("z" . dirvish-history-last)
("J" . dirvish-history-jump)
("y" . dirvish-yank-menu)
("/" . dirvish-narrow)
("TAB" . dirvish-subtree-toggle)
("M-f" . dirvish-history-go-forward)
("M-b" . dirvish-history-go-backward)
("M-l" . dirvish-ls-switches-menu)
("M-m" . dirvish-mark-menu)
("M-t" . dirvish-layout-toggle)
("M-s" . dirvish-setup-menu)
("M-e" . dirvish-emerge-menu)
("M-j" . dirvish-fd-jump)))
4.4.31. pdf-tools: pdf-viewer and support for dirvish
This enables pdf-previewing in dirvish and gives a much better pdf-viewer than is shipped normally by emacs.
;; (use-package pdf-tools
;; :init
;; (if (not (boundp 'pdf-tools-directory))
;; (pdf-tools-install))
;; :mode ("\\.pdf" . pdf-view-mode))
4.4.32. Jupyter
This is a jupyter client. Using it is a bit cumbersome though, so I have not fully explored all features.
(use-package ein)
4.4.33. undo-tree
Base emacs undo logic is very useful, but not easy to understand for me. I prefer undo-tree, which makes switching between branches easier and also allows quickly switching back to a much older state using the visualizer.
Evil needs to be told to use this mode, see (evil-set-undo-system 'undo-tree) in Evil/General.
By default, I am not using undo-tree-mode in every buffer. This might change in the future, but for now this is fine. It can be enabled manually should the need arise.
While we are at it, we are also setting up a persistent undo-file for every file that we are working with.
(use-package undo-tree
;; :init (global-undo-tree-mode)
:bind (:map undo-tree-visualizer-mode-map
("h" . undo-tree-visualize-switch-branch-left)
("l" . undo-tree-visualize-switch-branch-left)
("j" . undo-tree-visualize-redo)
("k" . undo-tree-visualize-undo))
:config
(setq undo-tree-history-directory-alist '(("." . "~/.emacs.d/undo"))))
(add-hook 'prog-mode-hook 'undo-tree-mode)
(add-hook 'text-mode-hook 'undo-tree-mode)
(add-hook 'org-mode-hook 'undo-tree-mode)
(add-hook 'latex-mode-hook 'undo-tree-mode)
4.4.34. Hydra
Hydra allows for the writing of macro-style functions. I have not yet looked into this all too much, but it seems to be a potent feature.
(use-package hydra)
- Text scaling
I only wrote this in order to try out hydra; rarely do I really need this. However, it can be useful for Presentations. It simply scales the text size.
;; change the text size of the current buffer (defhydra hydra-text-scale (:timeout 4) "scale text" ("j" text-scale-increase "in") ("k" text-scale-decrease "out") ("f" nil "finished" :exit t))
4.4.35. External Applications
- Obsidian
This provides an interface to Obsidian for Emacs - as much as I want to like it, I actually enjoy using the official Obsidian app more - even though that cannot be used by Emacs directly.
My workflow for Obsidian is now as follows:
- create notes either in Emacs or Obsidian
look at them in the official client
I hope that this package will improve, then I will come back to it one day.
;; (use-package obsidian ;; :ensure t ;; :demand t ;; :config ;; (obsidian-specify-path swarsel-obsidian-vault-directory) ;; (global-obsidian-mode t) ;; :custom ;; ;; This directory will be used for `obsidian-capture' if set. ;; (obsidian-inbox-directory "Inbox") ;; (bind-key (kbd "C-c M-o") 'obsidian-hydra/body 'obsidian-mode-map) ;; :bind (:map obsidian-mode-map ;; ;; Replace C-c C-o with Obsidian.el's implementation. It's ok to use another key binding. ;; ("C-c C-o" . obsidian-follow-link-at-point) ;; ;; Jump to backlinks ;; ("C-c C-b" . obsidian-backlink-jump) ;; ;; If you prefer you can use `obsidian-insert-link' ;; ("C-c C-l" . obsidian-insert-wikilink))) - Anki
This section is here to make Anki usable from within Emacs - an endeavour that I have mostly given up on.
- Basic Anki setup
;; (use-package anki-editor ;; :after org ;; :bind (:map org-mode-map ;; ("<f12>" . anki-editor-cloze-region-auto-incr) ;; ("<f11>" . anki-editor-cloze-region-dont-incr) ;; ("<f10>" . anki-editor-reset-cloze-number) ;; ("<f9>" . anki-editor-push-tree)) ;; :hook (org-capture-after-finalize . anki-editor-reset-cloze-number) ; Reset cloze-number after each capture. ;; :config ;; (setq anki-editor-create-decks t ;; Allow anki-editor to create a new deck if it doesn't exist ;; anki-editor-org-tags-as-anki-tags t) ;; (defun anki-editor-cloze-region-auto-incr (&optional arg) ;; "Cloze region without hint and increase card number." ;; (interactive) ;; (anki-editor-cloze-region swarsel-anki-editor-cloze-number "") ;; (setq swarsel-anki-editor-cloze-number (1+ swarsel-anki-editor-cloze-number)) ;; (forward-sexp)) ;; (defun anki-editor-cloze-region-dont-incr (&optional arg) ;; "Cloze region without hint using the previous card number." ;; (interactive) ;; (anki-editor-cloze-region (1- swarsel-anki-editor-cloze-number) "") ;; (forward-sexp)) ;; (defun anki-editor-reset-cloze-number (&optional arg) ;; "Reset cloze number to ARG or 1" ;; (interactive) ;; (setq swarsel-anki-editor-cloze-number (or arg 1))) ;; (defun anki-editor-push-tree () ;; "Push all notes under a tree." ;; (interactive) ;; (anki-editor-push-notes '(4)) ;; (anki-editor-reset-cloze-number)) ;; ;; Initialize ;; (anki-editor-reset-cloze-number) ;; ) ;; (require 'anki-editor) - Own Anki functions
- These functions enable you to quickly set the destination note type and deck
;; (defvar swarsel-anki-deck nil) ;; (defvar swarsel-anki-notetype nil) ;; (defvar swarsel-anki-fields nil) ;; (defun swarsel-anki-set-deck-and-notetype () ;; (interactive) ;; (setq swarsel-anki-deck (completing-read "Choose a deck: " ;; (sort (anki-editor-deck-names) #'string-lessp))) ;; (setq swarsel-anki-notetype (completing-read "Choose a note type: " ;; (sort (anki-editor-note-types) #'string-lessp))) ;; (setq swarsel-anki-fields (progn ;; (anki-editor--anki-connect-invoke-result "modelFieldNames" `((modelName . ,swarsel-anki-notetype))))) ;; ) ;; (defun swarsel-anki-make-template-string () ;; (if (not swarsel-anki-deck) ;; (call-interactively 'swarsel-anki-set-deck-and-notetype)) ;; (setq swarsel-temp swarsel-anki-fields) ;; (concat (concat "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: " swarsel-anki-notetype "\n:ANKI_DECK: " swarsel-anki-deck "\n:END:\n** ")(pop swarsel-temp) "\n%?\n** " (mapconcat 'identity swarsel-temp "\n\n** ") "\n\n")) ;; (defun swarsel-today() ;; (format-time-string "%Y-%m-%d")) ;; (defun swarsel-obsidian-daily () ;; (interactive) ;; (if (not (file-exists-p (expand-file-name (concat (swarsel-today) ".md") swarsel-obsidian-daily-directory))) ;; (write-region "" nil (expand-file-name (concat (swarsel-today) ".md") swarsel-obsidian-daily-directory)) ;; ) ;; (find-file (expand-file-name (concat (swarsel-today) ".md") swarsel-obsidian-daily-directory)))
- Basic Anki setup
4.4.36. Email
- make sure mu4e is found
This seems not to be needed - I do not yet dare to delete it though.
;; (let ((mu4epath ;; (concat ;; (f-dirname ;; (file-truename ;; (executable-find "mu"))) ;; "/../share/emacs/site-lisp/mu4e"))) ;; (when (and ;; (string-prefix-p "/nix/store/" mu4epath) ;; (file-directory-p mu4epath)) ;; (add-to-list 'load-path mu4epath)))
- mu4e
In this section we are setting up mu4e, a mail client for emacs using mu with mbsync as backend. The mail accounts themselves are setup in the NixOS configuration, so we only need to add Emacs specific settings here.
The hook functions are defined here: mu4e functions
(use-package mu4e :ensure nil ;; :load-path "/usr/share/emacs/site-lisp/mu4e/" ;;:defer 20 ; Wait until 20 seconds after startup :config ;; This is set to 't' to avoid mail syncing issues when using mbsync (setq send-mail-function 'sendmail-send-it) (setq mu4e-change-filenames-when-moving t) (setq mu4e-mu-binary (executable-find "mu")) (setq mu4e-hide-index-messages t) (setq mu4e-update-interval 180) (setq mu4e-get-mail-command "mbsync -a") (setq mu4e-maildir "~/Mail") ;; enable inline images (setq mu4e-view-show-images t) ;; use imagemagick, if available (when (fboundp 'imagemagick-register-types) (imagemagick-register-types)) (setq mu4e-drafts-folder "/Drafts") (setq mu4e-sent-folder "/Sent Mail") (setq mu4e-refile-folder "/All Mail") (setq mu4e-trash-folder "/Trash") (setq mu4e-maildir-shortcuts '((:maildir "/leon/Inbox" :key ?1) (:maildir "/nautilus/Inbox" :key ?2) (:maildir "/mrswarsel/Inbox" :key ?3) (:maildir "/Sent Mail" :key ?s) (:maildir "/Trash" :key ?t) (:maildir "/Drafts" :key ?d) (:maildir "/All Mail" :key ?a))) (setq user-mail-address "leon@swarsel.win" user-full-name "Leon Schwarzäugl") (setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com))) (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address) (add-hook 'mu4e-compose-post-hook #'swarsel/mu4e-restore-default) - mu4e-alert
This adds the simple utility of sending desktop notifications whenever a new mail is received. I am using
libnotifybecause I want to use this withnotify-send.(use-package mu4e-alert :config (setq mu4e-alert-set-default-style 'libnotify)) (add-hook 'after-init-hook #'mu4e-alert-enable-notifications) (mu4e t)
4.4.37. Calendar
This provides a beautiful calender to emacs.
Yes, I am aware that I am exposing my university-calendar to the public here. I can imagine worse things ;) if you however know how to obscure this, let me know!
(use-package org-caldav
:init
;; set org-caldav-sync-initalization
(setq swarsel-caldav-synced 0)
(setq org-caldav-url "https://stash.swarsel.win/remote.php/dav/calendars/Swarsele")
(setq org-caldav-calendars
'((:calendar-id "personal"
:inbox "~/Calendars/leon_cal.org")))
(setq org-caldav-files '("~/Calendars/leon_cal.org"))
;; (setq org-caldav-backup-file "~/org-caldav/org-caldav-backup.org")
;; (setq org-caldav-save-directory "~/org-caldav/")
:config
(setq org-icalendar-alarm-time 1)
;; This makes sure to-do items as a category can show up on the calendar
(setq org-icalendar-include-todo t)
;; This ensures all org "deadlines" show up, and show up as due dates
(setq org-icalendar-use-deadline '(event-if-todo event-if-not-todo todo-due))
;; This ensures "scheduled" org items show up, and show up as start times
(setq org-icalendar-use-scheduled '(todo-start event-if-todo event-if-not-todo))
)
(use-package calfw
:ensure nil
:bind ("C-c A" . swarsel/open-calendar)
:init
(use-package calfw-cal
:ensure nil)
(use-package calfw-org
:ensure nil)
(use-package calfw-ical
:ensure nil)
:config
(bind-key "g" 'cfw:refresh-calendar-buffer cfw:calendar-mode-map)
(bind-key "q" 'evil-quit cfw:details-mode-map)
;; (custom-set-faces
;; '(cfw:face-title ((t (:foreground "#f0dfaf" :weight bold :height 65))))
;; )
)
(defun swarsel/open-calendar ()
(interactive)
(unless (eq swarsel-caldav-synced 1) (org-caldav-sync) (setq swarsel-caldav-synced 1))
;; (select-frame (make-frame '((name . "calendar")))) ; makes a new frame and selects it
;; (set-face-attribute 'default (selected-frame) :height 65) ; reduces the font size of the new frame
(cfw:open-calendar-buffer
:contents-sources
(list
(cfw:org-create-source "Purple") ; orgmode source
(cfw:ical-create-source "TISS" "https://tiss.tuwien.ac.at/events/rest/calendar/personal?locale=de&token=4463bf7a-87a3-490a-b54c-99b4a65192f3" "Cyan"))))
4.4.38. Dashboard: emacs startup screen
This sets up the dashboard, which is really quite useless. But, it looks cool and makes me happy whenever I start an emacsclient without a file name as argument :)
(use-package dashboard
:ensure t
:config
(dashboard-setup-startup-hook)
;; (setq initial-buffer-choice (lambda () (get-buffer-create "*dashboard*")))
(setq dashboard-display-icons-p t ;; display icons on both GUI and terminal
dashboard-icon-type 'nerd-icons ;; use `nerd-icons' package
dashboard-set-file-icons t
dashboard-items '((recents . 5)
(projects . 5)
(agenda . 5))
dashboard-set-footer nil
dashboard-banner-logo-title "Welcome to SwarsEmacs!"
dashboard-image-banner-max-height 300
dashboard-startup-banner "~/.dotfiles/wallpaper/swarsel.png"
dashboard-projects-backend 'projectile
dashboard-projects-switch-function 'magit-status
dashboard-set-navigator t
dashboard-startupify-list '(dashboard-insert-banner
dashboard-insert-newline
dashboard-insert-banner-title
dashboard-insert-newline
dashboard-insert-navigator
dashboard-insert-newline
dashboard-insert-init-info
dashboard-insert-items
)
dashboard-navigator-buttons
`(;; line1
((,""
"SwarselSocial"
"Browse Swarsele"
(lambda (&rest _) (browse-url "instagram.com/Swarsele")))
(,""
"SwarselSound"
"Browse SwarselSound"
(lambda (&rest _) (browse-url "sound.swarsel.win")) )
(,""
"SwarselSwarsel"
"Browse Swarsel"
(lambda (&rest _) (browse-url "github.com/Swarsel")) )
(,""
"SwarselStash"
"Browse SwarselStash"
(lambda (&rest _) (browse-url "stash.swarsel.win")) )
(,""
"SwarselSport"
"Browse SwarselSports"
(lambda (&rest _) (browse-url "social.parkour.wien/@Lenno")))
)
(
(,""
"swarsel.win"
"Browse swarsel.win"
(lambda (&rest _) (browse-url "swarsel.win")))
)
)))
4.4.39. ansible
(use-package ansible
:hook
(yaml-ts-mode . ansible))