merge north master

configuration.nix

@@ -1,4 +1,4 @@
-{  pkgs, pkgs-unstable, inputs, ... }:
+{ pkgs, pkgs-unstable, lib, inputs, allowed, nvidia, ... }:
 {
   imports = [
     inputs.sops-nix.nixosModules.sops
@@ -17,7 +17,7 @@
     ./system-modules/gpg.nix
     ./system-modules/sops.nix
     ./system-modules/syncthing.nix
-    # ./system-modules/hsmw.nix # old
+    ./system-modules/hsmw.nix # old
     ./system-modules/docker.nix
     ./system-modules/health_reminder.nix
     ./system-modules/ydotool.nix
@@ -62,7 +62,7 @@
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; ([
     git
     lazygit # home-manager module is bugged
     git-crypt
@@ -80,8 +80,8 @@
     blueman
     dmidecode
     file
-  ] ++ (with pkgs-unstable; [
+  # ]) ++ (with pkgs-unstable; [
-    sendme
+  # # sendme
   ]);
 
   environment.variables = {
@@ -100,7 +100,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-
   programs.bash.shellInit = ''
     source $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh
   '';

home-modules/email.nix

@@ -102,9 +102,9 @@ lib.mkIf (host != "NxACE")
       };
     };
 
-    hsmw = {
+    hsmw = with secrets.email.hsmw; {
-      address = secrets.email.hsmw.mail;
+      address = "${un}@hs-mittweida.de";
-      userName = secrets.email.hsmw.mail;
+      userName = "${un}@hs-mittweida.de";
       realName = "Lennart J. Kurzweg";
       imap = {
         port = 993;
@@ -117,8 +117,8 @@ lib.mkIf (host != "NxACE")
       };
       signature = {
         text = ''
-          MatNr: ${secrets.email.hsmw.mnr}
+          MatNr: ${mnr}
-          SemGr: ${secrets.email.hsmw.semgr}
+          SemGr: ${semgr}
           About Me: https://nx2.site/about-me
           Contact: https://nx2.site/contact
           GPG: https://nx2.site/gpg
@@ -128,6 +128,9 @@ lib.mkIf (host != "NxACE")
       thunderbird = {
         enable = true;
         profiles = [ "default" ];
+        settings = id: {
+          "mail.server.server_${id}.fcc_folder" = "imap://${un}%40hs-mittweida.de@xc.hs-mittweida.de/Sent";
+        };
       };
     };
   };

home-modules/helix.nix

@@ -99,7 +99,7 @@
         "constant" = accent.bright; 
         "constant.character.escape" = special.bright;
         "constant.numeric" = foreground; 
-        "constructor" = blue.dark; 
+        "constructor" = weird.base;
         "debug" = yellow.base;
         "diagnostic.modifiers" = [ "underlined" ];
         "diff.delta" = blue.bright; 

home-modules/hyprland-autoname-workspaces.nix

@@ -49,6 +49,7 @@ lib.mkIf (user != "tv")
     "leagueclientux.exe" = "󰰌"
     zathura = "󰈦"
     code-oss = "󰨞"
+    codium-url-handler = "󰨞"
     discord = "󰙯"
     vesktop = "󰙯"
     blueman-manager = "󰂯"

home.nix

@@ -32,7 +32,6 @@
     ./home-modules/fish.nix
     ./home-modules/bash.nix
     ./home-modules/starship.nix
-    # ./home-modules/nvim.nix
     ./home-modules/helix.nix
     ./home-modules/vale.nix
 
@@ -74,7 +73,8 @@
     swww playerctl
     
     imv mpv mediainfo exiftool ffmpeg
-    pavucontrol fontpreview gtk2fontsel
+    pavucontrol
+    fontpreview gtk2fontsel
     lynx w3m browsh
     bat du-dust eza neofetch tldr fzf figlet ripgrep lolcat jq glow
     brightnessctl wev 

system-modules/hsmw.nix

@@ -1,24 +1,31 @@
 { pkgs, lib, host, secrets, ... }: 
 lib.mkIf (host != "NxACE") 
 {
-  environment.systemPackages = [
+  environment.systemPackages = with pkgs; [
-    pkgs.strongswanNM
+    strongswanNM
   ];
   
   environment.etc = {
 
-    # Easyroam 
+  #   # Easyroam 
-    "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
+  #   "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
-    "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
+  #   "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
-    "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
+  #   "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
-    "NetworkManager/system-connections/eduroam.nmconnection" = {
+  #   "NetworkManager/system-connections/eduroam.nmconnection" = {
-      text = secrets.easyroamHSMW.nmconfig; 
+  #     text = secrets.easyroamHSMW.nmconfig; 
-      mode = "0600";
+  #     mode = "0600";
-    };
+  #   };
 
-    "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
+    # "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.un}@hs-mittweida.de : EAP "megasecret"'';
-    "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
+  #   "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
-    "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
+  #   "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
+  };
+
+
+  sops.secrets = {
+    "USERTrust/ECC" = { path = "/etc/ipsec.d/USERTrust-ECC.pem"; };
+    "USERTrust/RSA" = { path = "/etc/ipsec.d/USERTrust-RSA.pem"; };
+    "hsmw-vpn-secret" = { path = "/etc/ipsec.d/hsmw.secret"; mode = "600"; };
   };
   
   networking.networkmanager.enableStrongSwan = true;
@@ -35,7 +42,7 @@ lib.mkIf (host != "NxACE")
           left = "%defaultroute";
           leftid = "%any";
           leftauth = "eap";
-          eap_identity = secrets.email.hsmw.mail;
+          eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
           leftsourceip = "%config";
           leftdns = "%config4";
           leftfirewall = "no";
@@ -73,7 +80,7 @@ lib.mkIf (host != "NxACE")
       "openssl"
       "resolve"
     ];
-    secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
+    secrets = [ "/etc/ipsec.d/hsmw.secret" ];
     ca = {
       hsmw = {
         auto = "add";

system-modules/ollama.nix

@@ -5,41 +5,6 @@ let p = pkgs-unstable; in
     ollama
   ];
   
-  # services.ollama.environmentVariables = {
-  #   OLLAMA_ORIGINS = "*"; 
-  # };
-
-  # systemd.services.ollama = {
-  #   environment.OLLAMA_ORIGINS = "*";
-  #   description = "Ollama Service";
-  #   after = [ "network-online.target" "ollama-doesnt-respect-xdg-data-home.service" ];
-  #   serviceConfig = {
-  #     Type = "simple";
-  #     # Environment = "\"XDG_DATA_HOME=/run/current-system/sw/share\"";
-  #     ExecStart = "${pkgs.ollama}/bin/ollama serve";
-  #     User = "ollama";
-  #     Group = "ollama";
-  #     Restart = "always";
-  #     RestartSec = "3";
-  #   };
-  #   wantedBy = [ "default.target" ];
-  # };
-
-  # users.users.ollama = {
-  #   isSystemUser = true;
-  #   home = "/usr/share/ollama";
-  #   shell = "/bin/false";
-  #   group = "ollama";
-  # };
-  # users.groups.ollama = {};
-
-  # systemd.services.ollama-doesnt-respect-xdg-data-home = {
-  #   wantedBy = ["multi-user.target"];
-  #   script = ''
-  #     mkdir -p /usr/share/ollama/.ollama
-  #     chown ollama:ollama -R /usr/share/ollama
-  #   '';
-  # };
   services.ollama = {
     package = p.ollama;
     enable = true;