kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat: convert to flake

Browse Source 
feat(zaatar): convert to flake

feat(tahina, tabula): convert to flake

feat(makanek): convert to flake

feat(manakish, zaatar): convert to flake

feat(ci): build flake systems

fix: ci build

feat: secrets via submodule

foo

foo

foo
This commit is contained in:
Kierán Meinhardt
2023-02-22 10:02:55 +01:00
parent ba27e98297
commit d03c6bb0de
92 changed files with 1656 additions and 934 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
configs/aerc.nix
View File

@@ -16,8 +16,38 @@
smtp.port = 25;
smtp.tls.useStartTls = true;
};
passwordCommandFrom = path: toString (pkgs.writers.writeDash "email-credentials" "echo ${lib.escapeShellArg (lib.strings.fileContents path)}");
in {
age.secrets = {
email-password-cock = {
file = ../secrets/email-password-cock.age;
owner = config.users.users.me.name;
};
email-password-fysi = {
file = ../secrets/email-password-fysi.age;
owner = config.users.users.me.name;
};
email-password-posteo = {
file = ../secrets/email-password-posteo.age;
owner = config.users.users.me.name;
};
email-password-meinhark = {
file = ../secrets/email-password-meinhark.age;
owner = config.users.users.me.name;
};
email-password-meinhaki = {
file = ../secrets/email-password-meinhaki.age;
owner = config.users.users.me.name;
};
email-password-dslalewa = {
file = ../secrets/email-password-dslalewa.age;
owner = config.users.users.me.name;
};
email-password-fsklassp = {
file = ../secrets/email-password-fsklassp.age;
owner = config.users.users.me.name;
};
};
home-manager.users.me = {
accounts.email.accounts = rec {
hu-student =
@@ -27,7 +57,7 @@ in {
userName = "meinhark";
address = "kieran.felix.meinhardt@hu-berlin.de";
aliases = ["${userName}@hu-berlin.de"];
passwordCommand = passwordCommandFrom <secrets/eduroam/password>;
passwordCommand = "cat ${config.age.secrets.email-password-meinhark.path}";
});
hu-student-cs =
lib.recursiveUpdate defaults
@@ -38,7 +68,7 @@ in {
aliases = ["${userName}@informatik.hu-berlin.de"];
imap.host = "mailbox.informatik.hu-berlin.de";
smtp.host = "mailhost.informatik.hu-berlin.de";
passwordCommand = passwordCommandFrom <secrets/eduroam/password>;
passwordCommand = "cat ${config.age.secrets.email-password-meinhark.path}";
});
hu-employee =
lib.recursiveUpdate defaults
@@ -47,7 +77,7 @@ in {
userName = "meinhaki";
address = "kieran.meinhardt@hu-berlin.de";
aliases = ["${userName}@hu-berlin.de"];
passwordCommand = passwordCommandFrom <secrets/mail/meinhaki>;
passwordCommand = "cat ${config.age.secrets.email-password-meinhaki.path}";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
signature = {
showSignature = "append";
@@ -69,7 +99,7 @@ in {
userName = "dslalewa";
address = "admin.alew.vglsprwi@hu-berlin.de";
aliases = ["${userName}@hu-berlin.de"];
passwordCommand = passwordCommandFrom <secrets/mail/dslalewa>;
passwordCommand = "cat ${config.age.secrets.email-password-dslalewa.path}";
inherit (hu-employee) signature;
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
});
@@ -78,7 +108,7 @@ in {
(lib.recursiveUpdate hu-defaults
rec {
userName = "fsklassp";
passwordCommand = passwordCommandFrom <secrets/mail/fsklassp>;
passwordCommand = "cat ${config.age.secrets.email-password-fsklassp.path}";
address = "${userName}@hu-berlin.de";
realName = "FSI Klassische Philologie";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
@@ -100,7 +130,7 @@ in {
rec {
address = "kieran@fysi.tech";
userName = address;
passwordCommand = passwordCommandFrom <secrets/mail/fastmail>;
passwordCommand = "cat ${config.age.secrets.email-password-fysi.path}";
flavor = "fastmail.com";
};
cock =
@@ -108,7 +138,7 @@ in {
rec {
address = "2210@cock.li";
userName = address;
passwordCommand = passwordCommandFrom <secrets/mail/cock>;
passwordCommand = "cat ${config.age.secrets.email-password-cock.path}";
realName = "";
imap.host = "mail.cock.li";
smtp.host = imap.host;
@@ -122,7 +152,7 @@ in {
imap.host = "posteo.de";
smtp.host = imap.host;
primary = true;
passwordCommand = passwordCommandFrom <secrets/mail/posteo>;
passwordCommand = "cat ${config.age.secrets.email-password-posteo.path}";
# himalaya = { enable = true; backend = "imap"; sender = "smtp"; };
};
};

6
configs/alacritty.nix
View File

@@ -47,7 +47,7 @@
alacritty-pkg = pkgs.symlinkJoin {
name = "alacritty";
paths = [
(pkgs.writeDashBin "alacritty" ''
(pkgs.writers.writeDashBin "alacritty" ''
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml msg create-window "$@" ||
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml "$@"
'')
@@ -62,7 +62,7 @@ in {
];
environment.etc = {
"themes/dark/alacritty.yml".source = alacritty-cfg (import <niveum/lib/colours/papercolor-dark.nix>);
"themes/light/alacritty.yml".source = alacritty-cfg (import <niveum/lib/colours/papercolor-light.nix>);
"themes/dark/alacritty.yml".source = alacritty-cfg (import ../lib/colours/papercolor-dark.nix);
"themes/light/alacritty.yml".source = alacritty-cfg (import ../lib/colours/papercolor-light.nix);
};
}

8
configs/backup.nix
View File

@@ -3,7 +3,7 @@
config,
...
}: let
inherit (import <niveum/lib>) restic;
inherit (import ../lib) restic;
in {
services.restic.backups.niveum = {
initialize = true;
@@ -12,7 +12,7 @@ in {
OnCalendar = "8:00";
RandomizedDelaySec = "1h";
};
passwordFile = toString <secrets/restic/password>;
passwordFile = config.age.secrets.restic.path;
extraBackupArgs = [
"--exclude=/home/kfm/projects/nixpkgs/.git"
"--exclude=node_modules"
@@ -38,7 +38,7 @@ in {
environment.systemPackages = [
(pkgs.writers.writeDashBin "restic-niveum" ''
${pkgs.restic}/bin/restic -r ${restic.repository} -p ${<secrets/restic/password>} "$@"
${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} "$@"
'')
(pkgs.writers.writeDashBin "restic-mount" ''
mountdir=$(mktemp -d)
@@ -46,7 +46,7 @@ in {
clean() {
rm -r "$mountdir"
}
${pkgs.restic}/bin/restic -r ${restic.repository} -p ${<secrets/restic/password>} mount "$mountdir"
${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} mount "$mountdir"
'')
];
}

26
configs/cloud.nix
View File

@@ -4,16 +4,8 @@
pkgs,
...
}: let
inherit (import <niveum/lib>) tmpfilesConfig;
inherit (import ../lib) tmpfilesConfig;
in {
imports = [
<niveum/modules/dropbox.nix>
];
niveum = {
dropbox.enable = false;
};
systemd.tmpfiles.rules = map tmpfilesConfig [
{
type = "L+";
@@ -55,13 +47,13 @@ in {
script = let
kieran = {
user = "kieran";
password = lib.fileContents <secrets/nextcloud/password>;
passwordFile = config.age.secrets.nextcloud-password-kieran.path;
endpoint = "https://cloud.xn--kiern-0qa.de";
target = "${config.users.users.me.home}/notes";
};
in ''
mkdir -p ${lib.escapeShellArg kieran.target}
${pkgs.nextcloud-client}/bin/nextcloudcmd --non-interactive --user ${kieran.user} --password ${lib.escapeShellArg kieran.password} --path /Notes ${lib.escapeShellArg kieran.target} ${kieran.endpoint}
${pkgs.nextcloud-client}/bin/nextcloudcmd --non-interactive --user ${kieran.user} --password "$(cat ${kieran.passwordFile})" --path /Notes ${lib.escapeShellArg kieran.target} ${kieran.endpoint}
'';
serviceConfig = {
Type = "oneshot";
@@ -81,9 +73,9 @@ in {
(let
kieran = {
user = "kieran.meinhardt@gmail.com";
password = lib.fileContents <secrets/mega/password>;
passwordFile = config.age.secrets.mega-password.path;
};
megatools = command: "${pkgs.megatools}/bin/megatools ${command} --username ${lib.escapeShellArg kieran.user} --password ${lib.escapeShellArg kieran.password}";
megatools = command: ''${pkgs.megatools}/bin/megatools ${command} --username ${lib.escapeShellArg kieran.user} --password "$(cat ${kieran.passwordFile})"'';
in
pkgs.writers.writeDashBin "book-mega" ''
set -efu
@@ -104,6 +96,8 @@ in {
'')
];
age.secrets.mega-password.file = ../secrets/mega-password.age;
fileSystems."/media/moodle" = {
device = "zaatar.r:/moodle";
fsType = "nfs";
@@ -120,9 +114,9 @@ in {
openDefaultPorts = true;
configDir = "/home/kfm/.config/syncthing";
dataDir = "/home/kfm/.config/syncthing";
cert = toString <system-secrets/syncthing/cert.pem>;
key = toString <system-secrets/syncthing/key.pem>;
inherit ((import <niveum/lib>).syncthing) devices;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
inherit ((import ../lib).syncthing) devices;
folders = let
cloud-dir = "${config.users.users.me.home}/cloud";
in {

24
configs/default.nix
View File

@@ -6,13 +6,12 @@
...
}: let
inherit (lib.strings) makeBinPath;
inherit (import <niveum/lib>) localAddresses kieran;
scripts = import <niveum/packages/scripts> {inherit pkgs lib;};
defaultApplications = (import <niveum/lib>).defaultApplications {inherit pkgs;};
inherit (import ../lib) localAddresses kieran;
scripts = import ../packages/scripts {inherit config pkgs lib;};
defaultApplications = (import ../lib).defaultApplications {inherit pkgs;};
in {
imports = [
<home-manager/nixos>
<niveum/modules/system-dependent.nix>
../modules/system-dependent.nix
{
boot.supportedFilesystems = ["ntfs"];
}
@@ -28,10 +27,10 @@ in {
allowUnfree = true;
packageOverrides = pkgs: {
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
gfs-fonts = pkgs.callPackage <niveum/packages/gfs-fonts.nix> {};
tocharian-font = pkgs.callPackage <niveum/packages/tocharian-font.nix> {};
iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> {};
ix = pkgs.callPackage <niveum/packages/ix.nix> {};
gfs-fonts = pkgs.callPackage ../packages/gfs-fonts.nix {};
tocharian-font = pkgs.callPackage ../packages/tocharian-font.nix {};
iolanguage = pkgs.callPackage ../packages/iolanguage.nix {};
ix = pkgs.callPackage ../packages/ix.nix {};
};
permittedInsecurePackages = [
"qtwebkit-5.212.0-alpha4"
@@ -43,6 +42,9 @@ in {
boot.cleanTmpDir = true;
boot.loader.timeout = 1;
}
{
age.secrets.di-fm-key.file = ../secrets/di-fm-key.age;
}
{
home-manager.users.me = {
programs.zathura = {
@@ -226,7 +228,6 @@ in {
./clipboard.nix
./cloud.nix
./direnv.nix
./distrobump.nix
./docker.nix
./dunst.nix
./flix.nix
@@ -244,7 +245,7 @@ in {
./neovim.nix
./nix.nix
./newsboat.nix
./flameshot-once.nix
./flameshot.nix
./packages.nix
./picom.nix
./stardict.nix
@@ -262,7 +263,6 @@ in {
./sshd.nix
./sound.nix
./sudo.nix
./nsxiv.nix
./themes.nix
./tmux.nix
# ./traadfri.nix

2
configs/dunst.nix
View File

@@ -3,7 +3,7 @@
pkgs,
...
}: let
inherit (import <niveum/lib>) defaultApplications colours theme;
inherit (import ../lib) defaultApplications colours theme;
in {
home-manager.users.me.services.dunst = {
enable = true;

52
configs/flameshot-once.nix
View File

@@ -1,52 +0,0 @@
{
lib,
pkgs,
...
}: let
inherit (import <niveum/lib>) defaultApplications;
flameshot-once = pkgs.callPackage <stockholm/krebs/5pkgs/simple/flameshot-once> {};
in {
environment.systemPackages = [
(flameshot-once.override {
name = "flameshot-once-kmein";
config = {
imgur = {
enable = true;
createUrl = "http://p.r/image";
deleteUrl = "http://p.r/image/delete/%1";
xdg-open.browser = (defaultApplications pkgs).browser;
};
settings.General = {
autoCloseIdleDaemon = true;
drawColor = "#ff0000";
drawThickness = 2;
checkForUpdates = false;
showDesktopNotification = true;
disabledTrayIcon = true;
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
buttons = [
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COPY"
"TYPE_DRAWER"
"TYPE_EXIT"
"TYPE_IMAGEUPLOADER"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_PENCIL"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_SAVE"
"TYPE_SELECTION"
# "TYPE_SELECTIONINDICATOR"
"TYPE_TEXT"
"TYPE_UNDO"
];
};
};
})
];
}

44
configs/flameshot.nix Normal file
View File

@@ -0,0 +1,44 @@
{
lib,
pkgs,
...
}: let
inherit (import <niveum/lib>) defaultApplications;
flameshot-once = pkgs.callPackage <stockholm/krebs/5pkgs/simple/flameshot-once> {};
in {
home-manager.users.me = {
services.flameshot = {
enable = true;
settings.General = {
autoCloseIdleDaemon = true;
drawColor = "#ff0000";
drawThickness = 2;
checkForUpdates = false;
showDesktopNotification = true;
disabledTrayIcon = true;
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
buttons = lib.concatStringsSep " " [
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COPY"
"TYPE_DRAWER"
"TYPE_EXIT"
"TYPE_IMAGEUPLOADER"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_PENCIL"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_SAVE"
"TYPE_SELECTION"
# "TYPE_SELECTIONINDICATOR"
"TYPE_TEXT"
"TYPE_UNDO"
];
};
};
};
}

2
configs/flix.nix
View File

@@ -8,7 +8,7 @@
indexFilename = "index";
flixUser = "flix";
flixGroup = "users";
inherit (import <niveum/lib>) tmpfilesConfig;
inherit (import ../lib) tmpfilesConfig;
in {
fileSystems.${flixLocation} = {
device = "prism.r:/export";

5
configs/git.nix
View File

@@ -4,7 +4,8 @@
lib,
...
}: let
inherit (import <niveum/lib>) kieran ignorePaths;
inherit (import ../lib) kieran ignorePaths;
git-preview = pkgs.callPackage ../packages/git-preview.nix {};
in {
environment.systemPackages = [
pkgs.mr
@@ -18,7 +19,7 @@ in {
pkgs.gitstats
pkgs.patch
pkgs.patchutils
pkgs.git-preview
git-preview
];
environment.shellAliases = {

2
configs/hledger.nix
View File

@@ -3,7 +3,7 @@
pkgs,
...
}: {
imports = [<niveum/modules/hledger.nix>];
imports = [../modules/hledger.nix];
environment.systemPackages = let
timeLedger = "$HOME/projects/ledger/time.timeclock";

17
configs/hu-berlin.nix
View File

@@ -5,7 +5,7 @@
...
}: let
inherit (lib.strings) fileContents;
inherit (import <niveum/lib>) sshPort;
inherit (import ../lib) sshPort;
eduroam = {
identity = fileContents <secrets/eduroam/identity>;
password = fileContents <secrets/eduroam/password>;
@@ -15,8 +15,7 @@
"gid=${toString config.users.groups.users.gid}"
"sec=ntlmv2"
"workgroup=german"
"username=meinhaki"
"password=${lib.strings.fileContents <secrets/mail/meinhaki>}"
"credentials=${config.age.secrets.cifs-credentials-hu-berlin.path}"
"noauto"
"x-systemd.requires=hu-vpn.service"
"x-systemd.automount"
@@ -36,6 +35,8 @@ in {
options = hu-berlin-cifs-options;
};
age.secrets.cifs-credentials-hu-berlin.file = ../secrets/cifs-credentials-hu-berlin.age;
home-manager.users.me.programs.ssh = {
matchBlocks = {
"alew.hu-berlin.de" = {
@@ -65,14 +66,16 @@ in {
systemd.services.hu-vpn = {
enable = true;
wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhark.path}";
script = ''
${pkgs.openfortivpn}/bin/openfortivpn -c ${
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
--config=${
pkgs.writeText "hu-berlin.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
trusted-cert = 42193a913d276d9eb86217612956e1e6464d6f07bed5393a4787c87adc4bd359
username = ${eduroam.identity}
password = ${eduroam.password}
username = meinhark
trusted-cert = 9e5dea8e077970d245900839f437ef7fb9551559501c7defd70af70ea568573d
''
}
'';

40
configs/i3.nix
View File

@@ -4,9 +4,9 @@
lib,
...
}: let
inherit (import <niveum/lib>) defaultApplications colours;
scripts = import <niveum/packages/scripts> {inherit pkgs lib;};
klem = import <niveum/packages/scripts/klem.nix> {
inherit (import ../lib) defaultApplications colours;
scripts = import ../packages/scripts {inherit config pkgs lib;};
klem = import ../packages/scripts/klem.nix {
inherit pkgs lib;
config.scripts = {
"p.r" = pkgs.writers.writeDash "p.r" ''
@@ -57,6 +57,21 @@
i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
in {
age.secrets = {
github-token-i3status-rust = {
file = ../secrets/github-token-i3status-rust.age;
owner = "kfm";
group = "users";
mode = "400";
};
openweathermap-api-key = {
file = ../secrets/openweathermap-api-key.age;
owner = "kfm";
group = "users";
mode = "400";
};
};
services.xserver = {
displayManager.defaultSession = "none+i3";
windowManager.i3 = {
@@ -175,14 +190,17 @@ in {
text = colours.foreground;
};
};
statusCommand = "env I3RS_GITHUB_TOKEN=${lib.strings.fileContents <secrets/github/notification.token>} ${pkgs.i3status-rust}/bin/i3status-rs ${
(pkgs.formats.toml {}).generate "i3status-rust.toml" (import <niveum/lib/i3status-rust.nix> {
inherit (config.niveum) batteryName wirelessInterface;
inherit (config.home-manager.users.me.accounts.email) accounts;
inherit colours;
inherit pkgs;
})
}";
statusCommand = toString (pkgs.writers.writeDash "i3status-rust" ''
export I3RS_GITHUB_TOKEN="$(cat ${config.age.secrets.github-token-i3status-rust.path})"
export OPENWEATHERMAP_API_KEY="$(cat ${config.age.secrets.openweathermap-api-key.path})"
${pkgs.i3status-rust}/bin/i3status-rs ${
(pkgs.formats.toml {}).generate "i3status-rust.toml" (import ../lib/i3status-rust.nix {
inherit (config.niveum) batteryName wirelessInterface;
inherit (config.home-manager.users.me.accounts.email) accounts;
inherit colours;
inherit pkgs;
})
}'');
}
];
modes.resize = {

15
configs/khal.nix
View File

@@ -8,14 +8,19 @@
kmeinCloud = {
davEndpoint = "https://cloud.xn--kiern-0qa.de/remote.php/dav";
username = "kieran";
password = lib.fileContents <secrets/nextcloud/password>;
passwordFile = config.age.secrets.nextcloud-password-kieran.path;
};
fysiCloud = {
davEndpoint = "https://nextcloud.fysi.dev/remote.php/dav";
username = "kmein";
password = lib.fileContents <secrets/nextcloud-fysi/password>;
passwordFile = config.age.secrets.nextcloud-password-fysi.path;
};
in {
age.secrets = {
nextcloud-password-kieran.file = ../secrets/nextcloud-password-kieran.age;
nextcloud-password-fysi.file = ../secrets/nextcloud-password-fysi.age;
};
environment.systemPackages = [
pkgs.khal
pkgs.vdirsyncer
@@ -167,19 +172,19 @@ in {
type = "carddav"
url = "${kmeinCloud.davEndpoint}/addressbooks/users/${kmeinCloud.username}/"
username = "${kmeinCloud.username}"
password = "${kmeinCloud.password}"
password.fetch = ["cat", "${kmeinCloud.passwordFile}"]
[storage kalender_cloud]
type = "caldav"
url = "${kmeinCloud.davEndpoint}/calendars/${kmeinCloud.username}/"
username = "${kmeinCloud.username}"
password = "${kmeinCloud.password}"
password.fetch = ["cat", "${kmeinCloud.passwordFile}"]
[storage fysi_cloud]
type = "caldav"
url = "${fysiCloud.davEndpoint}/calendars/${fysiCloud.username}/"
username = "${fysiCloud.username}"
password = "${fysiCloud.password}"
password.fetch = ["cat", "${fysiCloud.passwordFile}"]
'';
};
};

4
configs/mpv.nix
View File

@@ -4,7 +4,7 @@
config,
...
}: let
scripts = import <niveum/packages/scripts> {inherit pkgs lib;};
scripts = import ../packages/scripts {inherit config pkgs lib;};
swallow = command: "${scripts.swallow}/bin/swallow ${command}";
in {
environment.shellAliases.smpv = swallow "mpv";
@@ -37,7 +37,7 @@ in {
};
scripts = [
pkgs.mpvScripts.youtube-quality
(pkgs.callPackage <niveum/packages/mpv-visualizer.nix> {})
(pkgs.callPackage ../packages/mpv-visualizer.nix {})
];
};
};

20
configs/neovim.nix
View File

@@ -8,15 +8,15 @@
vimPlugins =
pkgs.vimPlugins
// {
cheat-sh-vim = pkgs.callPackage <niveum/packages/vimPlugins/cheat-sh.nix> {};
vim-fetch = pkgs.callPackage <niveum/packages/vimPlugins/vim-fetch.nix> {};
vim-colors-paramount = pkgs.callPackage <niveum/packages/vimPlugins/vim-colors-paramount.nix> {};
vim-256noir = pkgs.callPackage <niveum/packages/vimPlugins/vim-256noir.nix> {};
icalendar-vim = pkgs.callPackage <niveum/packages/vimPlugins/icalendar-vim.nix> {};
jq-vim = pkgs.callPackage <niveum/packages/vimPlugins/jq-vim.nix> {};
vim-fsharp = pkgs.callPackage <niveum/packages/vimPlugins/vim-fsharp.nix> {};
vim-reason-plus = pkgs.callPackage <niveum/packages/vimPlugins/vim-reason-plus.nix> {};
vim-mail = pkgs.callPackage <niveum/packages/vimPlugins/vim-mail.nix> {};
cheat-sh-vim = pkgs.callPackage ../packages/vimPlugins/cheat-sh.nix {};
vim-fetch = pkgs.callPackage ../packages/vimPlugins/vim-fetch.nix {};
vim-colors-paramount = pkgs.callPackage ../packages/vimPlugins/vim-colors-paramount.nix {};
vim-256noir = pkgs.callPackage ../packages/vimPlugins/vim-256noir.nix {};
icalendar-vim = pkgs.callPackage ../packages/vimPlugins/icalendar-vim.nix {};
jq-vim = pkgs.callPackage ../packages/vimPlugins/jq-vim.nix {};
vim-fsharp = pkgs.callPackage ../packages/vimPlugins/vim-fsharp.nix {};
vim-reason-plus = pkgs.callPackage ../packages/vimPlugins/vim-reason-plus.nix {};
vim-mail = pkgs.callPackage ../packages/vimPlugins/vim-mail.nix {};
};
};
@@ -24,7 +24,7 @@
(pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
(pkgs.neovim.override {
configure = {
customRC = builtins.readFile <niveum/lib/vim/init.vim>;
customRC = builtins.readFile ../lib/vim/init.vim;
packages.nvim = with pkgs.vimPlugins; {
start = [
ale

35
configs/networkmanager.nix
View File

@@ -42,7 +42,7 @@
};
};
in {
imports = [<niveum/modules/networkmanager-declarative.nix>];
imports = [../modules/networkmanager-declarative.nix];
programs.nm-applet.enable = true;
@@ -55,39 +55,6 @@ in {
wifi.macAddress = "random";
ethernet.macAddress = "random";
unmanaged = ["docker*"];
profiles = lib.mapAttrs profile {
Aether = {
connection.uuid = "7138bb0f-1aeb-4905-890e-a6628427aa21";
ipv6.addr-gen-mode = "stable";
wifi.cloned-mac-address = "stable";
wifi-security = {
psk = lib.strings.fileContents <secrets/wifi/Aether.psk>;
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
FactoryCommunityGuest = {
connection.uuid = "fb1f2e52-651e-48b5-a72c-1accddf31afb";
connection.timestamp = "1631885129";
wifi.seen-bssids = "54:EC:2F:19:30:DC;54:EC:2F:19:5C:9C;54:EC:2F:58:E4:3C;";
wifi-security = {
psk = "Factory4ever";
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
o2-WLAN66 = {
connection.uuid = "c563aec3-f344-4ffb-8d1c-60a6cdac8fe0";
wifi-security = {
psk = "PK3468KV488T934U";
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
"WIFI@DB".connection.uuid = "4eff4e94-8850-4e9f-a338-1787d0d90479";
eduroam = eduroamProfile;
eduroam_5GHz = eduroamProfile;
};
};
users.users.me.extraGroups = ["networkmanager"];

6
configs/nix.nix
View File

@@ -1,13 +1,9 @@
{pkgs, ...}: {
nixpkgs = {
config.allowUnfree = true;
overlays = [
(import <nix-writers/pkgs>)
(import <stockholm/krebs/5pkgs>)
];
};
nix = {
package = pkgs.nixUnstable;
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
};
}

66
configs/nsxiv.nix
View File

@@ -1,66 +0,0 @@
{
pkgs,
lib,
...
}: let
important-directories = pkgs.writeText "directories" ''
h ~/
d ~/cloud/Dropbox/
g ~/cloud/gdrive/
s ~/cloud/Seafile/
kk ~/cloud/keybase/private/kmein/
kp ~/cloud/keybase/public/kmein/
t /tmp
D ~/Downloads
cf ''${XDG_CONFIG_HOME:-$HOME/.config}
'';
in {
environment.systemPackages = [pkgs.nsxiv];
# TODO fix
home-manager.users.me.xdg.configFile."nsxiv/exec/key-handler".source = pkgs.writers.writeDash "key-handler" ''
PATH=$PATH:${
lib.makeBinPath [
pkgs.gnused
pkgs.gawk
pkgs.dmenu
pkgs.coreutils
pkgs.libnotify
pkgs.imagemagick
pkgs.xclip
]
}
echo >&2 key "$1" pressed
while read file; do
case "$1" in
"c")
[ -z "$destdir" ] && destdir="$(sed "s/\s.*#.*$//;/^\s*$/d" ${important-directories} | awk '{print $2}' | dmenu -l 20 -i -p "Copy file(s) to where?" | sed "s|~|$HOME|g")"
[ -z "$destdir" ] && exit
[ ! -d "$destdir" ] && notify-send "$destdir is not a directory, cancelled." && exit
cp "$file" "$destdir" && notify-send -i "$(readlink -f "$file")" "$file copied to $destdir." &
;;
"m")
[ -z "$destdir" ] && destdir="$(sed "s/\s.*#.*$//;/^\s*$/d" ${important-directories} | awk '{print $2}' | dmenu -l 20 -i -p "Move file(s) to where?" | sed "s|~|$HOME|g")"
[ -z "$destdir" ] && exit
[ ! -d "$destdir" ] && notify-send "$destdir is not a directory, cancelled." && exit
mv "$file" "$destdir" && notify-send -i "$(readlink -f "$file")" "$file moved to $destdir." &
;;
"r")
convert -rotate 90 "$file" "$file" ;;
"R")
convert -rotate -90 "$file" "$file" ;;
"f")
convert -flop "$file" "$file" ;;
"y")
echo -n "$file" | xclip -selection clipboard &&
notify-send "$file copied to clipboard" & ;;
"Y")
readlink -f "$file" | xclip -selection clipboard &&
notify-send "$(readlink -f "$file") copied to clipboard" & ;;
"d")
[ "$(printf "No\\nYes" | dmenu -i -p "Really delete $file?")" = "Yes" ] && rm "$file" && notify-send "$file deleted." ;;
esac
done
'';
}

34
configs/packages.nix
View File

@@ -1,14 +1,19 @@
{
config,
pkgs,
lib,
inputs,
...
}: let
hc = pkgs.callPackage <stockholm/tv/5pkgs/simple/hc.nix> {utillinux = pkgs.util-linux;};
worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
menstruation = pkgs.callPackage <menstruation-backend> {};
pandoc-doc = pkgs.callPackage <niveum/packages/man/pandoc.nix> {};
hc = pkgs.callPackage ../packages/hc.nix {};
worldradio = pkgs.callPackage ../packages/worldradio.nix {};
pandoc-doc = pkgs.callPackage ../packages/man/pandoc.nix {};
dic = pkgs.callPackage ../packages/dic.nix {};
untilport = pkgs.callPackage ../packages/untilport.nix {};
cyberlocker-tools = pkgs.callPackage ../packages/cyberlocker-tools.nix {};
kpaste = pkgs.callPackage ../packages/kpaste.nix {};
scripts = import <niveum/packages/scripts> {inherit pkgs lib;};
scripts = import ../packages/scripts {inherit config pkgs lib;};
zoteroStyle = {
name,
@@ -56,7 +61,7 @@
'';
});
recht = pkgs.callPackage <recht> {};
recht = pkgs.callPackage inputs.recht.outPath {};
in {
home-manager.users.me.home.file = {
".csl".source = cslDirectory;
@@ -79,6 +84,7 @@ in {
ffmpeg
imagemagick
exiftool
nsxiv
# ARCHIVE TOOLS
unzip
unrar
@@ -173,7 +179,6 @@ in {
scripts.interdimensional-cable
scripts.dmenubluetooth
scripts.manual-sort
scripts.much-scripts
scripts.dns-sledgehammer
ts
scripts.vg
@@ -198,7 +203,7 @@ in {
par
qrencode
menstruation
inputs.menstruation-backend
(pkgs.writers.writeDashBin "worldradio" ''
shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
@@ -208,8 +213,8 @@ in {
${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
'')
(pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import <niveum/lib/local-network.nix>).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
(pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import <niveum/lib/local-network.nix>).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
(pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
(pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
spotify
ncspot
@@ -223,9 +228,7 @@ in {
cyberlocker-tools
untilport
kpaste
irc-announce
git-preview
ircaids
config.nur.repos.mic92.ircsink
(python3.withPackages (py: [
py.black
@@ -270,11 +273,12 @@ in {
shellcheck
(pkgs.writers.writeDashBin "hass-cli" ''
HASS_SERVER=http://zaatar.r:8123 HASS_TOKEN=${lib.strings.fileContents <secrets/hass/token>} exec ${pkgs.home-assistant-cli}/bin/hass-cli "$@"
HASS_SERVER=http://zaatar.r:8123 HASS_TOKEN="$(cat ${config.age.secrets.home-assistant-token.path})" exec ${pkgs.home-assistant-cli}/bin/hass-cli "$@"
'')
scripts.rofi-hass
];
age.secrets.home-assistant-token.file = ../secrets/home-assistant-token.age;
home-manager.users.me.xdg.configFile."pycodestyle".text = ''
[pycodestyle]
max-line-length = 110

8
configs/power-action.nix
View File

@@ -5,15 +5,15 @@
}: let
suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend";
in {
imports = [<stockholm/krebs/3modules/power-action.nix>];
imports = [../modules/power-action.nix];
krebs.power-action = {
services.power-action = {
enable = true;
plans.suspend = {
upperLimit = 7;
lowerLimit = 0;
charging = false;
action = pkgs.writeDash "suspend-wrapper" ''
action = pkgs.writers.writeDash "suspend-wrapper" ''
/run/wrappers/bin/sudo ${suspend}
'';
};
@@ -21,6 +21,6 @@ in {
};
security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}
${config.services.power-action.user} ALL= (root) NOPASSWD: ${suspend}
'';
}

2
configs/printing.nix
View File

@@ -1,5 +1,5 @@
{pkgs, ...}: let
inherit (import <niveum/lib>) localAddresses;
inherit (import ../lib) localAddresses;
hp-driver = pkgs.hplip;
in {
services.printing = {

8
configs/retiolum.nix
View File

@@ -3,14 +3,10 @@
pkgs,
...
}: {
imports = [
<retiolum/modules/retiolum>
];
networking.hosts = {"42:0:ca48:f98f:63d7:31ce:922b:245d" = ["go"];};
services.tinc.networks.retiolum = {
rsaPrivateKeyFile = toString <system-secrets/retiolum.key>;
ed25519PrivateKeyFile = toString <system-secrets/retiolum.ed25519>;
rsaPrivateKeyFile = config.age.secrets.retiolum-rsa.path;
ed25519PrivateKeyFile = config.age.secrets.retiolum-ed25519.path;
};
}

7
configs/ssh.nix
View File

@@ -4,11 +4,13 @@
lib,
...
}: let
inherit (import <niveum/lib>) sshPort kieran;
externalNetwork = import <niveum/lib/external-network.nix>;
inherit (import ../lib) sshPort kieran;
externalNetwork = import ../lib/external-network.nix;
sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
in {
/*
TODO how do I do this?
services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
#!${pkgs.expect}/bin/expect -f
spawn ${pkgs.openssh}/bin/ssh-add
@@ -17,6 +19,7 @@ in {
expect "Identity added: *"
interact
'');
*/
programs.ssh.startAgent = true;

2
configs/sshd.nix
View File

@@ -4,7 +4,7 @@
pkgs,
...
}: let
inherit (import <niveum/lib>) sshPort kieran;
inherit (import ../lib) sshPort kieran;
in {
users.motd = "Welcome to ${config.networking.hostName}!";

2
configs/stardict.nix
View File

@@ -169,7 +169,7 @@
exec ${pkgs.sdcv}/bin/sdcv --color --only-data-dir --data-dir ${makeStardictDataDir dicts} "$@"
'';
sdcvPager = pkgs.writeDash "sdcvPager" ''
sdcvPager = pkgs.writers.writeDash "sdcvPager" ''
export PATH=${lib.makeBinPath [pkgs.gnused pkgs.ncurses pkgs.less]}
sed "
s!<sup>1</sup>!¹!gI

8
configs/telegram-bots/astrology.nix
View File

@@ -4,8 +4,6 @@
lib,
...
}: let
unstable = import <nixos-unstable> {inherit (config.nixpkgs) config;};
toSymbols = pkgs.writers.writeDash "to-symbols" ''
${pkgs.gnused}/bin/sed '
s/\bTri\b//;
@@ -46,14 +44,14 @@ in {
niveum.telegramBots.transits = {
enable = true;
time = "*:0/1";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["-1001796440545"];
command = toString (pkgs.writers.writeDash "common-transits" ''
now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//')
date=$(${pkgs.coreutils}/bin/date +'%m %d %Y')
{
${unstable.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node" -A 2
${unstable.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
${pkgs.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node" -A 2
${pkgs.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
} | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || :
'');
};

5
configs/telegram-bots/autorenkalender.nix
View File

@@ -1,6 +1,7 @@
{
pkgs,
lib,
config,
...
}: let
autorenkalender-package = pkgs.fetchFromGitHub {
@@ -15,12 +16,14 @@ in {
niveum.telegramBots.autorenkalender = {
enable = true;
time = "07:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@autorenkalender"];
parseMode = "Markdown";
command = "${autorenkalender}/bin/autorenkalender";
};
age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
niveum.passport.services = [
{
title = "Autorenkalender";

3
configs/telegram-bots/celan.nix
View File

@@ -1,6 +1,7 @@
{
pkgs,
lib,
config,
...
}: let
celan = pkgs.fetchzip {
@@ -11,7 +12,7 @@ in {
niveum.telegramBots.celan = {
enable = true;
time = "08:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@PaulCelan"];
command = toString (pkgs.writers.writeDash "random-celan" ''
cd ${celan}

36
configs/telegram-bots/default.nix
View File

@@ -2,17 +2,13 @@
config,
pkgs,
lib,
inputs,
...
}: let
nixpkgs-21-11 = import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-21.11.tar.gz") {
config.permittedInsecurePackages = [
"python3.9-poetry-1.1.12"
];
};
telebots = nixpkgs-21-11.callPackage <telebots> {};
telebots = inputs.telebots.defaultPackage.x86_64-linux;
reverseDirectory = "/run/telegram-reverse";
proverbDirectory = "/run/telegram-proverb";
inherit (import <niveum/lib>) tmpfilesConfig;
inherit (import ../../lib) tmpfilesConfig;
in {
imports = [
./literature-quote.nix
@@ -23,7 +19,7 @@ in {
./nachtischsatan.nix
./tlg-wotd.nix
./celan.nix
<niveum/modules/telegram-bot.nix>
../../modules/telegram-bot.nix
];
systemd.tmpfiles.rules = map (path:
@@ -52,33 +48,45 @@ in {
}
];
age.secrets = {
telegram-token-reverse.file = ../../secrets/telegram-token-reverse.age;
telegram-token-betacode.file = ../../secrets/telegram-token-betacode.age;
telegram-token-proverb.file = ../../secrets/telegram-token-proverb.age;
};
systemd.services.telegram-reverse = {
wantedBy = ["multi-user.target"];
description = "Telegram reverse bot";
path = [pkgs.ffmpeg];
environment.TELEGRAM_BOT_TOKEN = lib.strings.fileContents <system-secrets/telegram/reverse.token>;
enable = true;
script = "${telebots}/bin/telegram-reverse";
script = ''
TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-reverse
'';
serviceConfig.Restart = "always";
serviceConfig.WorkingDirectory = reverseDirectory;
serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-reverse.path}";
};
systemd.services.telegram-betacode = {
wantedBy = ["multi-user.target"];
description = "Telegram beta code bot";
environment.TELEGRAM_BOT_TOKEN = lib.strings.fileContents <system-secrets/telegram/betacode.token>;
enable = true;
script = "${telebots}/bin/telegram-betacode";
script = ''
TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-betacode
'';
serviceConfig.Restart = "always";
serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-betacode.path}";
};
systemd.services.telegram-proverb = {
wantedBy = ["multi-user.target"];
description = "Telegram proverb bot";
environment.TELEGRAM_BOT_TOKEN = lib.strings.fileContents <system-secrets/telegram/proverb.token>;
enable = true;
script = "${telebots}/bin/telegram-proverb";
script = ''
TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-proverb
'';
serviceConfig.Restart = "always";
serviceConfig.WorkingDirectory = proverbDirectory;
serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-proverb.path}";
};
}

6
configs/telegram-bots/hesychius.nix
View File

@@ -1,14 +1,16 @@
{
pkgs,
config,
inputs,
lib,
...
}: let
hesychius = <scripts> + "/hesychius/hesychius.txt";
hesychius = inputs.scripts.outPath + "/hesychius/hesychius.txt";
in {
niveum.telegramBots.hesychius = {
enable = true;
time = "08:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@HesychiosAlexandreus"];
command = "${pkgs.coreutils}/bin/shuf -n1 ${hesychius}";
};

5
configs/telegram-bots/literature-quote.nix
View File

@@ -1,15 +1,16 @@
{
pkgs,
config,
lib,
...
}: let
scripts = import <niveum/packages/scripts> {inherit pkgs lib;};
scripts = import ../../packages/scripts {inherit config pkgs lib;};
inherit (scripts) literature-quote;
in {
niveum.telegramBots.quotebot = {
enable = true;
time = "08/6:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["-1001760262519"];
command = "${literature-quote}/bin/literature-quote";
parseMode = "Markdown";

16
configs/telegram-bots/nachtischsatan.nix
View File

@@ -1,9 +1,10 @@
{
pkgs,
config,
lib,
...
}: let
nachtischsatan-bot = {token}:
nachtischsatan-bot = {tokenFile}:
pkgs.writers.writePython3 "nachtischsatan-bot" {
libraries = [pkgs.python3Packages.python-telegram-bot];
} ''
@@ -18,11 +19,12 @@
update.message.reply_text("*flubberflubber*")
updater = Updater('${token}')
with open('${tokenFile}', 'r') as tokenFile:
updater = Updater(tokenFile.read().strip())
updater.dispatcher.add_handler(MessageHandler(Filters.all, flubber))
updater.start_polling()
updater.idle()
updater.dispatcher.add_handler(MessageHandler(Filters.all, flubber))
updater.start_polling()
updater.idle()
'';
in {
systemd.services.telegram-nachtischsatan = {
@@ -30,11 +32,13 @@ in {
description = "*flubberflubber*";
enable = true;
script = toString (nachtischsatan-bot {
token = lib.strings.fileContents <system-secrets/telegram/nachtischsatan.token>;
tokenFile = config.age.secrets.telegram-token-nachtischsatan.path;
});
serviceConfig.Restart = "always";
};
age.secrets.telegram-token-nachtischsatan.file = ../../secrets/telegram-token-nachtischsatan.age;
niveum.passport.services = [
{
title = "Nachtischsatan-Bot";

3
configs/telegram-bots/smyth.nix
View File

@@ -1,4 +1,5 @@
{
config,
pkgs,
lib,
...
@@ -6,7 +7,7 @@
niveum.telegramBots.smyth = {
enable = true;
time = "08:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@HerbertWeirSmyth"];
command = toString (pkgs.writers.writeDash "random-smyth" ''
set -efu

3
configs/telegram-bots/tlg-wotd.nix
View File

@@ -1,13 +1,14 @@
{
pkgs,
lib,
config,
...
}: {
niveum.telegramBots.tlg-wotd = {
enable = true;
time = "9:30";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
chatIds = ["@tlgwotd"];
tokenFile = config.age.secrets.telegram-token-kmein.path;
command = toString (pkgs.writers.writeDash "tlg-wotd" ''
${pkgs.curl}/bin/curl -sSL http://stephanus.tlg.uci.edu/Iris/Wotd \
| ${pkgs.recode}/bin/recode html..utf8 \

33
configs/wallpaper.nix
View File

@@ -2,18 +2,27 @@
pkgs,
lib,
...
}: {
imports = [<stockholm/krebs/3modules/fetchWallpaper.nix>];
}: let
url = "http://prism.r/realwallpaper-krebs-stars-berlin.png";
stateDir = "~/.cache/wallpaper";
in {
systemd.user.services.wallpaper = {
wantedBy = ["graphical-session.target"];
after = ["network.target"];
script = ''
set -euf
krebs.fetchWallpaper = {
enable = true;
url = "http://prism.r/realwallpaper-krebs-stars-berlin.png";
};
users.users.fetchWallpaper.isSystemUser = true;
services.xserver = {
display = lib.mkForce 0; # needed for fetchWallpaper to find the X display
displayManager.sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +LOCAL:";
mkdir -p ${stateDir}
chmod o+rx ${stateDir}
cd ${stateDir}
(${pkgs.curl}/bin/curl -s -o wallpaper.tmp -z wallpaper.tmp ${lib.escapeShellArg url} && cp wallpaper.tmp wallpaper) || :
${pkgs.feh}/bin/feh --no-fehbg --bg-scale wallpaper
'';
startAt = "*:00,10,20,30,40,50";
serviceConfig = {
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
};
};
}