Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

server stuff

Browse Source
This commit is contained in:
Grimmauld 2024-09-28 22:09:24 +02:00
parent 9524fabb85
commit 037d7fad84
18 changed files with 477 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
common/hardware/laptop.nix
View File

@ -26,9 +26,7 @@ in
wootility
];
services.udev.packages = with pkgs; [
yubikey-personalization
];
services.udev.packages = with pkgs; [ yubikey-personalization ];
hardware.i2c.enable = true;
services.libinput.enable = true;

5
common/network/default.nix
View File

@ -23,6 +23,11 @@ in
enable = true;
allowPing = true;
};
networking.nameservers = [
"1.1.1.1"
"9.9.9.9"
];
};
imports = [ ./bluetooth.nix ];

2
common/tooling/default.nix
View File

@ -93,7 +93,7 @@ in
services.dbus.implementation = "broker";
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
zramSwap.enable = false;
#programs.ssh = {
# # startAgent = true;

23
common/tooling/ranger.nix
View File

@ -7,9 +7,14 @@
}:
let
inherit (config.grimmShared) enable tooling;
inherit (lib) mkIf mapAttrs' concatLines attrNames;
inherit (lib)
mkIf
mapAttrs'
concatLines
attrNames
;
plugins = {
ranger_udisk_menu = inputs.ranger_udisk_menu;
ranger_udisk_menu = inputs.ranger_udisk_menu;
};
in
{
@ -20,11 +25,13 @@ in
};
environment.systemPackages = [ pkgs.ranger ];
environment.etc = (mapAttrs' (n: v: {
name = "ranger/plugins/${n}";
value.source = v;
}) plugins) // {
"ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins));
};
environment.etc =
(mapAttrs' (n: v: {
name = "ranger/plugins/${n}";
value.source = v;
}) plugins)
// {
"ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins));
};
};
}

2
configuration.nix
View File

@ -10,7 +10,7 @@
# Bootloader.
boot = {
loader.efi.canTouchEfiVariables = true;
kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
};
services.logrotate.checkConfig = false; # fixme: actually needed?

14
fake_flake.nix
View File

@ -35,9 +35,9 @@ let
#}
];
# enable ccache for lix if ccache is enabled
# enable_lix_ccache = true;
in
# enable ccache for lix if ccache is enabled
# enable_lix_ccache = true;
{
imports = [
"${nivSources.agenix}/modules/age.nix"
@ -48,7 +48,7 @@ in
(builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default
# (builtins.getFlake (asGithubRef nivSources.nixos-matrix-modules)).nixosModules.default
# (builtins.getFlake "git+${nivSources.nixos-mailserver.repo}").nixosModules.default
] ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target};
] ++ host_modules.grimmauld-nixos-server; # ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target};
system.nixos = {
distroId = "lixos";
@ -114,7 +114,7 @@ in
unpatched;
overlays = [
(import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; })
# (import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; })
(final: prev: { agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { }; })
];
};
@ -124,13 +124,15 @@ in
inputs = nivSources;
};
nix.package = pkgs.lix;
nix.settings.extra-substituters = [
"https://cache.lix.systems"
# "https://cache.lix.systems"
"https://nyx.chaotic.cx/"
];
nix.settings.trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
# "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
];

14
modules/default.nix
View File

@ -5,21 +5,22 @@ let
in
{
imports = [
./wireguard.nix
./matrix.nix
./puffer.nix
./gitea.nix
./grafana.nix
./nextcloud.nix
# ./prometheus.nix
./prometheus.nix
# ./mjolnir.nix
./fail2ban.nix
# ./fail2ban.nix
./email.nix
./discord-matrix-bridge.nix
# ./discord-matrix-bridge.nix
./mastodon.nix
./nix_cache.nix
./auth.nix
# ./auth.nix
./hedgedoc.nix
./factorio.nix
# ./factorio.nix
];
options.serverConfig =
@ -169,8 +170,9 @@ in
accessType = "proxy";
};
matrix_host = {
accessType = "redirect";
# accessType = "redirect";
host = "matrix.${domain}";
# port = 8008;
};
prometheus_host = {
host = "prometheus.${domain}";

4
modules/discord-matrix-bridge.nix
View File

@ -17,8 +17,8 @@ in
};
bridge = {
enableSelfServiceBridging = true;
domain = config.services.matrix-synapse-next.settings.server_name;
homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
domain = config.services.matrix-synapse.settings.server_name;
homeserverUrl = config.services.matrix-synapse.settings.public_baseurl;
disablePresence = true;
disableTypingNotifications = true;
};

24
modules/factorio.nix
View File

@ -1,13 +1,27 @@
{ pkgs, config, lib, ...}: {
{
pkgs,
config,
lib,
...
}:
{
networking.firewall.allowedTCPPorts = [
34197
34198
];
networking.firewall.allowedUDPPorts = [
34198
34197
];
services.prometheus.scrapeConfigs = [
{
job_name = "clusterio-trangar";
static_configs = [ { targets = [ "trang.ar:8080" ]; } ];
}
];
systemd.services.clusterio-trangar = {
description = "clusterio pulling its config from trang.ar";
@ -19,9 +33,11 @@
#serviceConfig.Group = "users";
serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio";
script = ''
${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio/shell.nix
export NIXPKGS_ALLOW_UNFREE=1
${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio-nonfhs/shell.nix --run "cd /home/grimmauld/clusterio-nonfhs/install && nice -19 bash run-host.sh"
# /home/grimmauld/clusterio/shell.nix
'';
wantedBy = ["multi-user.target"]; # starts after login
wantedBy = [ "multi-user.target" ]; # starts after login
enable = true;
};
}

5
modules/hedgedoc.nix
View File

@ -1,8 +1,9 @@
{ config, ... }:
let
inherit (config.serverConfig) vhosts;
in {
services.hedgedoc = {
in
{
services.hedgedoc = {
enable = true;
settings = {
domain = vhosts.hedgedoc_host.host;

240
modules/matrix_legacy.nix Normal file
View File

@ -0,0 +1,240 @@
{
lib,
config,
pkgs,
...
}:
let
inherit (config.networking) domain;
inherit (config.serverConfig) vhosts;
fqdn = vhosts.matrix_host.host;
base_url = "https://${fqdn}";
clientConfig."m.homeserver" = {inherit base_url; }; # = "https://${vhosts.matrix_host.host}";
serverConfig."m.server" = "${vhosts.matrix_host.host}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
synapse_backend = "http://[::1]:8008";
in
{
services.postgresql = {
enable = true;
ensureDatabases = [ "synapse" ];
ensureUsers = [
{
name = "synapse";
passFile = config.age.secrets.synapse_db_pass.path;
ensureDBOwnership = true;
}
];
};
services.matrix-synapse = {
enable = true;
settings.server_name = domain;
# The public base URL value must match the `base_url` value set in `clientConfig` above.
# The default value here is based on `server_name`, so if your `server_name` is different
# from the value of `fqdn` above, you will likely run into some mismatched domain names
# in client applications.
settings.public_baseurl = base_url;
settings.listeners = [
{ port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [ {
names = [ "client" "federation" ];
compress = true;
} ];
}
];
settings.database = {
name = "psycopg2";
args = { user="synapse"; database= "synapse"; };
};
settings.log_config = ./matrix_synapse_log_config.yaml;
settings.enable_registration = false;
configureRedisLocally = true;
settings.redis.enabled = true;
settings.app_service_config_files = [
# The registration file is automatically generated after starting the
# appservice for the first time.
# cp /var/lib/mautrix-telegram/telegram-registration.yaml \
# /var/lib/matrix-synapse/
# chown matrix-synapse:matrix-synapse \
# /var/lib/matrix-synapse/telegram-registration.yaml
# "/var/lib/matrix-synapse/discord-registration.yaml"
];
};
# services.matrix-synapse-next = {
# enable = true;
#
# workers.federationSenders = 1;
# workers.federationReceivers = 1;
# workers.initialSyncers = 1;
# workers.normalSyncers = 1;
# workers.eventPersisters = 2;
# workers.useUserDirectoryWorker = true;
# mainLogConfig = ./matrix_synapse_log_config.yaml;
#
# enableNginx = true;
# enableSlidingSync = false;
#
# settings = {
# suppress_key_server_warning = true;
# server_name = domain;
# public_baseurl = "https://${domain}";
# enable_registration = true;
# registration_requires_token = true;
# registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
# # enable_registration_without_verification = true;
# # mainLogConfig = ./matrix_synapse_log_config.yaml;
#
# # registrations_require_3pid = [ "email" ];
#
# database = {
# name = "psycopg2";
# args = {
# host = "localhost";
# port = config.services.postgresql.settings.port;
# dbname = "synapse";
# user = "synapse";
# cp_min = 5;
# cp_max = 10;
# client_encoding = "auto";
# passfile = config.age.secrets.synapse_db_pass_prepared.path;
# };
# };
# };
# };
services.redis.servers."".enable = true;
age.secrets.synapse_db_pass = {
file = ../secrets/synapse_db_pass.age;
owner = "postgres";
group = "postgres";
};
age.secrets.synapse_db_pass_prepared = {
file = ../secrets/synapse_db_pass_prepared.age;
owner = "matrix-synapse";
group = "matrix-synapse";
mode = "0600";
};
age.secrets.synapse_registration_shared_secret = {
file = ../secrets/synapse_registration_shared_secret.age;
owner = "matrix-synapse";
group = "matrix-synapse";
mode = "0600";
};
environment.systemPackages = with pkgs; [
matrix-synapse-tools.synadm
matrix-synapse
];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
# This section is not needed if the server_name of matrix-synapse is equal to
# the domain (i.e. example.org from @foo:example.org) and the federation port
# is 8448.
# Further reference can be found in the docs about delegation under
# https://element-hq.github.io/synapse/latest/delegate.html
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
# This is usually needed for homeserver discovery (from e.g. other Matrix clients).
# Further reference can be found in the upstream docs at
# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
virtualHosts."${fqdn}" = {
enableACME = true;
forceSSL = true;
locations."/_matrix" = {
proxyPass = synapse_backend;
#extraConfig = ''
# add_header X-debug-backend ${synapse_backend};
# add_header X-debug-group $synapse_uri_group;
# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
# proxy_read_timeout 10m;
#'';
};
locations."/_synapse/client".proxyPass = synapse_backend;
};
};
# services.nginx = {
# enable = true;
# virtualHosts."${domain}" = {
# forceSSL = true;
# enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies
# useACMEHost = domain;
# locations."/.well-known/matrix/server" = {
# return = "200 '{\"m.server\":\"${vhosts.matrix_host.host}:443\"}'";
# extraConfig = ''
# default_type application/json;
# add_header Access-Control-Allow-Origin *;
# add_header Accept-Ranges bytes;'';
# };
# locations."/.well-known/matrix/client" = {
# return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${vhosts.matrix_host.host}\"}}'";
# extraConfig = ''
# add_header Access-Control-Allow-Origin *;
# default_type application/json;
# '';
# };
# locations."/_matrix" = {
# proxyPass = "http://$synapse_backend";
# extraConfig = ''
# add_header X-debug-backend $synapse_backend;
# add_header X-debug-group $synapse_uri_group;
# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
# proxy_read_timeout 10m;
# '';
# };
# locations."/_synapse/client" = {
# proxyPass = "http://$synapse_backend";
# };
# locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
# proxyPass = "http://$synapse_backend";
# extraConfig = ''
# proxy_read_timeout 1h;
# '';
# };
# locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
# proxyPass = "http://synapse_worker_initial_sync";
# extraConfig = ''
# proxy_read_timeout 1h;
# '';
# };
# locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
# proxyPass = "http://synapse_worker_initial_sync";
# extraConfig = ''
# proxy_read_timeout 1h;
# '';
# };
# # locations."/.well-known/matrix" = {
# proxyPass = "http://$synapse_backend";
# };
# };
# };
# networking.firewall.allowedTCPPorts = [ 8448 8008 ];
}

13
modules/prometheus.nix
View File

@ -14,17 +14,24 @@ in
{
targets =
let
inherit (lib) filter isAttrs attrValues;
inherit (lib)
filter
isAttrs
attrValues
filterAttrs
;
in
map (v: "127.0.0.1:${builtins.toString v.port}") (
filter (v: (isAttrs v) && v.enable) (attrValues config.services.prometheus.exporters)
filter (v: (isAttrs v) && v.enable) (
attrValues (filterAttrs (n: v: n != "minio") config.services.prometheus.exporters)
)
);
}
];
}
];
exporters = {
nginx.enable = true;
# nginx.enable = true;
redis.enable = true;
domain.enable = true;
postgres.enable = true;

36
modules/wireguard.nix Normal file
View File

@ -0,0 +1,36 @@
{pkgs, ...}: {
# enable NAT
networking.nat.enable = true; networking.nat.externalInterface = "eth0";
networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = {
allowedUDPPorts = [ 51820 ];
};
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface
# arbitrarily.}
wg0 = {
privateKeyFile = "/home/grimmauld/wireguard.priv";
# Determines the IP address and subnet of the server's end of the tunnel
# interface.
ips = [ "10.100.0.1/24" ];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51820;
# This allows the wireguard server to route your traffic to the internet and
# hence be like a VPN For this to work you have to set the dnsserver IP of
# your router (or dnsserver of choice) in your clients
postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
'';
# This undoes the above command
postShutdown = '' ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
'';
generatePrivateKeyFile = true;
peers = [
{
publicKey="2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk=";
allowedIPs = [ "10.100.0.2/32" ];
} ];
};
};
environment.systemPackages = with pkgs; [ wireguard-tools ];
}

2
modules/wireguard.nix.save Normal file
View File

@ -0,0 +1,2 @@
{

28
nix/sources.json
View File

@ -5,10 +5,10 @@
"homepage": "https://matrix.to/#/#agenix:nixos.org",
"owner": "ryantm",
"repo": "agenix",
"rev": "3a56735779db467538fb2e577eda28a9daacaca6",
"sha256": "1h66zapc6im07k3kcgvhy3lhzahb70vd6m2ijhz4i0v6mn5l3fk9",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
"sha256": "0rkcx72bq7fm5b1qy1nrzp8v93nv784wh11srgi3pi0m6sr9g03f",
"type": "tarball",
"url": "https://github.com/ryantm/agenix/archive/3a56735779db467538fb2e577eda28a9daacaca6.tar.gz",
"url": "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"authentik-nix": {
@ -17,10 +17,10 @@
"homepage": "",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "bb756751b02b3138a2cba58064a28ddc6f2648df",
"sha256": "118jnqj0pxvwx7kaz6im9g4ys8sgm1xslz4figqq4nq417vjh86p",
"rev": "89cfaf2eb197a39d12422e773f867d1a7c99b048",
"sha256": "1405rzwq8fwpyc63ac76f50glc00sp18m2ska1najzqvzi9v5zpk",
"type": "tarball",
"url": "https://github.com/nix-community/authentik-nix/archive/bb756751b02b3138a2cba58064a28ddc6f2648df.tar.gz",
"url": "https://github.com/nix-community/authentik-nix/archive/89cfaf2eb197a39d12422e773f867d1a7c99b048.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"chaotic": {
@ -29,10 +29,10 @@
"homepage": "https://nyx.chaotic.cx",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "0e99464b8956307678b60ec7540e6cad730ee825",
"sha256": "1ksi4pssnxaa1pmxdk25gpbciaffjr5py3hdw0ifr0zcs8z22hyy",
"rev": "a7f32d358f6efddddd29cd977cd056da9ab040cf",
"sha256": "08gpq1bzfmis75c1lxqdsqa20m1nch1fnrl7v2f8jy10k9f332db",
"type": "tarball",
"url": "https://github.com/chaotic-cx/nyx/archive/0e99464b8956307678b60ec7540e6cad730ee825.tar.gz",
"url": "https://github.com/chaotic-cx/nyx/archive/a7f32d358f6efddddd29cd977cd056da9ab040cf.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"glibc-eac": {
@ -50,13 +50,13 @@
"lix-module": {
"branch": "main",
"repo": "https://git.lix.systems/lix-project/nixos-module.git",
"rev": "5d9d94089fb1ca96222a34bfe245ef5c5ebefd37",
"rev": "d70318fb946a0e720dfdd1fb10b0645c14e2a02a",
"type": "git"
},
"lix-pkg": {
"branch": "main",
"repo": "https://git.lix.systems/lix-project/lix.git",
"rev": "865a3732faca16a79bf24982011adf100de04463",
"rev": "5ee1e6ea9887a54f0af3a66528abc04b17611516",
"type": "git"
},
"nixos-mailserver": {
@ -83,10 +83,10 @@
"homepage": null,
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
"sha256": "19z8yxgjm9jx7dls8942k6d8vp4dgh52azj1d6jgsy1vb27rw56k",
"rev": "ad0b5eed1b6031efaed382844806550c3dcb4206",
"sha256": "105856b6lrbhn6q6cdbxrmnwbxjd8jy8qs79qp864yk1x1j5wvpr",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/2741b4b489b55df32afac57bc4bfd220e8bf617e.tar.gz",
"url": "https://github.com/NixOS/nixpkgs/archive/ad0b5eed1b6031efaed382844806550c3dcb4206.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"ranger_udisk_menu": {

3
specific/grimmauld-nixos-server/configuration.nix
View File

@ -1,4 +1,4 @@
{ lib, ... }:
{ lib, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];
@ -11,6 +11,7 @@
services.openssh.enable = true;
system.stateVersion = "23.11";
networking.networkmanager.enable = lib.mkForce false;
boot.kernelPackages = pkgs.linuxPackages_latest;
# users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
}

5
specific/grimmauld-nixos-server/hardware-configuration.nix
View File

@ -14,6 +14,11 @@
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/d6bf7aad-cd46-458c-98e8-a321eb77858a";
fsType = "ext4";
};
environment.sessionVariables = {
OMP_NUM_THREADS = "8";
};

199
sway/default.nix
View File

@ -51,113 +51,122 @@
urgentcol = "#9e3c3c";
realwhite = "#C7D3E3";
};
keybinds = {
"$mod+d" = "exec $menu";
"$mod+Shift+d" = "exec $menu_run";
"$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy'';
"$mod+Shift+Return" = "exec ${getExe xdg-terminal-exec} xonsh";
"$mod+Return" = "exec ${getExe xdg-terminal-exec}";
"$mod+Shift+q" = "kill";
"$mod+Shift+c" = "reload";
"$mod+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'";
keybinds =
{
"$mod+d" = "exec $menu";
"$mod+Shift+d" = "exec $menu_run";
"$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy'';
"$mod+Shift+Return" = "exec ${getExe xdg-terminal-exec} xonsh";
"$mod+Return" = "exec ${getExe xdg-terminal-exec}";
"$mod+Shift+q" = "kill";
"$mod+Shift+c" = "reload";
"$mod+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'";
# Move your focus around
"$mod+$left" = "focus left";
"$mod+$down" = "focus down";
"$mod+$up" = "focus up";
"$mod+$right" = "focus right";
# Or use $mod+[up|down|left|right]
"$mod+Left" = "focus left";
"$mod+Down" = "focus down";
"$mod+Up" = "focus up";
"$mod+Right" = "focus right";
# Move your focus around
"$mod+$left" = "focus left";
"$mod+$down" = "focus down";
"$mod+$up" = "focus up";
"$mod+$right" = "focus right";
# Or use $mod+[up|down|left|right]
"$mod+Left" = "focus left";
"$mod+Down" = "focus down";
"$mod+Up" = "focus up";
"$mod+Right" = "focus right";
# Move the focused window with the same, but add Shift
"$mod+Shift+$left" = "move left";
"$mod+Shift+$down" = "move down";
"$mod+Shift+$up" = "move up";
"$mod+Shift+$right" = "move right";
# Ditto, with arrow keys
"$mod+Shift+Left" = "move left";
"$mod+Shift+Down" = "move down";
"$mod+Shift+Up" = "move up";
"$mod+Shift+Right" = "move right";
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
"$mod+b" = "splith";
"$mod+v" = "splitv";
# Move the focused window with the same, but add Shift
"$mod+Shift+$left" = "move left";
"$mod+Shift+$down" = "move down";
"$mod+Shift+$up" = "move up";
"$mod+Shift+$right" = "move right";
# Ditto, with arrow keys
"$mod+Shift+Left" = "move left";
"$mod+Shift+Down" = "move down";
"$mod+Shift+Up" = "move up";
"$mod+Shift+Right" = "move right";
# Switch the current container between different layout styles
"$mod+s" = "layout stacking";
"$mod+w" = "layout tabbed";
"$mod+e" = "layout toggle split";
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
"$mod+b" = "splith";
"$mod+v" = "splitv";
# Make the current focus fullscreen
"$mod+f" = "fullscreen";
# Switch the current container between different layout styles
"$mod+s" = "layout stacking";
"$mod+w" = "layout tabbed";
"$mod+e" = "layout toggle split";
# Toggle the current focus between tiling and floating mode
"$mod+Shift+space" = "floating toggle";
# Make the current focus fullscreen
"$mod+f" = "fullscreen";
# Swap focus between the tiling area and the floating area
"$mod+space" = "focus mode_toggle";
# Toggle the current focus between tiling and floating mode
"$mod+Shift+space" = "floating toggle";
# Move focus to the parent container
"$mod+a" = "focus parent";
# Swap focus between the tiling area and the floating area
"$mod+space" = "focus mode_toggle";
"$mod+Shift+minus" = "move scratchpad";
"$mod+minus" = "scratchpad show";
# Move focus to the parent container
"$mod+a" = "focus parent";
"$mod+r" = "mode \"resize\"";
"$mod+Shift+minus" = "move scratchpad";
"$mod+minus" = "scratchpad show";
XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"Shift+XF86AudioLowerVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ -5%";
"Shift+XF86AudioRaiseVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ +5%";
XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
XF86AudioPlay = "exec playerctl play-pause";
XF86AudioNext = "exec playerctl next";
XF86AudioPrev = "exec playerctl previous";
"$mod+c" = "exec ${getExe swaymux}";
XF86MonBrightnessUp = "exec ${getExe brightnessctl} s 10+%";
XF86MonBrightnessDown = "exec ${getExe brightnessctl} s 10-%";
XF86Explorer = "exec ${getExe xdg-terminal-exec} ${getExe ranger}";
XF86Search = "exec ${getExe searchclip}";
XF86HomePage =
"$mod+r" = "mode \"resize\"";
XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"Shift+XF86AudioLowerVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ -5%";
"Shift+XF86AudioRaiseVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ +5%";
XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
XF86AudioPlay = "exec playerctl play-pause";
XF86AudioNext = "exec playerctl next";
XF86AudioPrev = "exec playerctl previous";
"$mod+c" = "exec ${getExe swaymux}";
XF86MonBrightnessUp = "exec ${getExe brightnessctl} s 10+%";
XF86MonBrightnessDown = "exec ${getExe brightnessctl} s 10-%";
XF86Explorer = "exec ${getExe xdg-terminal-exec} ${getExe ranger}";
XF86Search = "exec ${getExe searchclip}";
XF86HomePage =
let
open = pkgs.writeShellScriptBin "open_or_switch_browser" ''
browser=$(xdg-settings get default-web-browser | sed "s/\.desktop//")
swaymsg [app_id="$browser"] focus || ${getExe deskwhich} $browser | xargs gio launch
'';
in
"exec ${getExe open}";
XF86Tools =
let
open = pkgs.writeShellScriptBin "open_or_switch_spotify" ''
# FIXME: spotify is being weird
while IFS= read -r pid; do
swaymsg [pid=$pid] focus && exit 0
done <<< $(pgrep spotify -u "$(whoami)")
${getExe deskwhich} spotify | xargs gio launch
'';
in
"exec ${getExe open}"; # for some reason tools = audio media on my keyboard??
XF86Mail =
let
open = pkgs.writeShellScriptBin "open_or_switch_mail" ''
desk=$(xdg-settings get default-url-scheme-handler mailto | sed "s/\.desktop//")
swaymsg [app_id="$desk"] focus || ${getExe deskwhich} $desk | xargs gio launch
'';
in
"exec ${getExe open}";
# XF86Bluetooth = "exec blueman-manager";
}
// (
let
open = pkgs.writeShellScriptBin "open_or_switch_browser" ''
browser=$(xdg-settings get default-web-browser | sed "s/\.desktop//")
swaymsg [app_id="$browser"] focus || ${getExe deskwhich} $browser | xargs gio launch
'';
inherit (builtins) toString;
in
"exec ${getExe open}";
XF86Tools =
let
open = pkgs.writeShellScriptBin "open_or_switch_spotify" ''
# FIXME: spotify is being weird
while IFS= read -r pid; do
swaymsg [pid=$pid] focus && exit 0
done <<< $(pgrep spotify -u "$(whoami)")
${getExe deskwhich} spotify | xargs gio launch
'';
in
"exec ${getExe open}"; # for some reason tools = audio media on my keyboard??
XF86Mail =
let
open = pkgs.writeShellScriptBin "open_or_switch_mail" ''
desk=$(xdg-settings get default-url-scheme-handler mailto | sed "s/\.desktop//")
swaymsg [app_id="$desk"] focus || ${getExe deskwhich} $desk | xargs gio launch
'';
in
"exec ${getExe open}";
# XF86Bluetooth = "exec blueman-manager";
} // (let inherit (builtins) toString; in lib.mergeAttrsList (map (n: {
"$mod+${toString n}" = "workspace number ${toString n}";
"$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
}) (lib.range 0 9)));
lib.mergeAttrsList (
map (n: {
"$mod+${toString n}" = "workspace number ${toString n}";
"$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
}) (lib.range 0 9)
)
);
autolaunch = with pkgs; [
# fixme: absolute paths
"blueman-applet"