diff --git a/config/hosts/samhain/nixos.nix b/config/hosts/samhain/nixos.nix index 39b21f1e..4fde1b2d 100644 --- a/config/hosts/samhain/nixos.nix +++ b/config/hosts/samhain/nixos.nix @@ -108,6 +108,8 @@ in home.persistence."/persist/home" = { allowOther = true; directories = [ + ".cache/kat/secrets" + ".cache/rbw" ".local/share/z" ".local/share/dino" ".local/share/weechat" diff --git a/config/modules/home/secrets.nix b/config/modules/home/secrets.nix index ea13d16c..48e3fbd0 100644 --- a/config/modules/home/secrets.nix +++ b/config/modules/home/secrets.nix @@ -1,15 +1,33 @@ -{ config, lib, ... }: +{ config, lib, nixos, ... }: with lib; + +let + secretType = types.submodule ({ name, ... }: { + options = { + source = mkOption { + type = types.path; + }; + text = mkOption { + type = types.str; + }; + }; + }); +in { options.kw = { secrets = mkOption { type = types.nullOr (types.listOf types.str); default = null; }; + repoSecrets = mkOption { + type = types.nullOr (types.attrsOf secretType); + default = null; + }; }; config = mkIf (config.kw.secrets != null) { deploy.tf.variables = genAttrs config.kw.secrets (n: { externalSecret = true; }); + kw.repoSecrets = nixos.kw.repoSecrets; }; } diff --git a/config/modules/nixos/secrets.nix b/config/modules/nixos/secrets.nix index ea13d16c..e79b23cf 100644 --- a/config/modules/nixos/secrets.nix +++ b/config/modules/nixos/secrets.nix @@ -2,12 +2,28 @@ with lib; +let + secretType = types.submodule ({ name, ... }: { + options = { + source = mkOption { + type = types.path; + }; + text = mkOption { + type = types.str; + }; + }; + }); +in { options.kw = { secrets = mkOption { type = types.nullOr (types.listOf types.str); default = null; }; + repoSecrets = mkOption { + type = types.nullOr (types.attrsOf secretType); + default = null; + }; }; config = mkIf (config.kw.secrets != null) { deploy.tf.variables = genAttrs config.kw.secrets (n: { externalSecret = true; }); diff --git a/config/services/nfs/default.nix b/config/services/nfs/default.nix index 84890b94..7448388d 100644 --- a/config/services/nfs/default.nix +++ b/config/services/nfs/default.nix @@ -1,6 +1,10 @@ { config, lib, kw, ... }: { + imports = [ + config.kw.repoSecrets.nfs.source + ]; + network.firewall = { private.tcp.ports = [ 111 2049 ]; public.tcp.ports = [ 111 2049 ]; diff --git a/config/services/znc/default.nix b/config/services/znc/default.nix index 190aac00..135aa0e3 100644 --- a/config/services/znc/default.nix +++ b/config/services/znc/default.nix @@ -1,6 +1,113 @@ -{ config, pkgs, ... }: +{ config, tf, lib, pkgs, ... }: + +with lib; + +let + sortedAttrs = set: sort + (l: r: + if l == "extraConfig" then false # Always put extraConfig last + else if isAttrs set.${l} == isAttrs set.${r} then l < r + else isAttrs set.${r} # Attrsets should be last, makes for a nice config + # This last case occurs when any side (but not both) is an attrset + # The order of these is correct when the attrset is on the right + # which we're just returning + ) + (attrNames set); + + # Specifies an attrset that encodes the value according to its type + encode = name: value: { + null = [ ]; + bool = [ "${name} = ${boolToString value}" ]; + int = [ "${name} = ${toString value}" ]; + + # extraConfig should be inserted verbatim + string = [ (if name == "extraConfig" then value else "${name} = ${value}") ]; + + # Values like `Foo = [ "bar" "baz" ];` should be transformed into + # Foo=bar + # Foo=baz + list = concatMap (encode name) value; + + # Values like `Foo = { bar = { Baz = "baz"; Qux = "qux"; Florps = null; }; };` should be transmed into + # + # Baz=baz + # Qux=qux + # + set = concatMap + (subname: optionals (value.${subname} != null) ([ + "<${name} ${subname}>" + ] ++ map (line: "\t${line}") (toLines value.${subname}) ++ [ + "" + ])) + (filter (v: v != null) (attrNames value)); + + }.${builtins.typeOf value}; + + # One level "above" encode, acts upon a set and uses encode on each name,value pair + toLines = set: concatMap (name: encode name set.${name}) (sortedAttrs set); + +in { + network.firewall.public.tcp.ports = singleton 5001; + + kw.secrets = [ "znc-softnet-address" "znc-espernet-pass" "znc-liberachat-pass" "znc-savebuff-pass" "znc-espernet-cert" "znc-liberachat-cert" "znc-softnet-cert" ]; + + secrets.files.softnet-cert = { + text = tf.variables.znc-softnet-cert.ref; + owner = "znc"; + group = "znc"; + }; + + secrets.files.espernet-cert = { + text = tf.variables.znc-espernet-cert.ref; + owner = "znc"; + group = "znc"; + }; + + secrets.files.liberachat-cert = { + text = tf.variables.znc-liberachat-cert.ref; + owner = "znc"; + group = "znc"; + }; + + system.activationScripts = { + softnet-cert-deploy = { + text = '' + mkdir -p /var/lib/znc/users/kat/networks/softnet/moddata/cert + ln -fs ${config.secrets.files.softnet-cert.path} /var/lib/znc/users/kat/networks/softnet/moddata/cert/user.pem + ''; + }; + esperrnet-cert-deploy = { + text = '' + mkdir -p /var/lib/znc/users/kat/networks/espernet/moddata/cert + ln -fs ${config.secrets.files.espernet-cert.path} /var/lib/znc/users/kat/networks/espernet/moddata/cert/user.pem + ''; + }; + liberachat-cert-deploy = { + text = '' + mkdir -p /var/lib/znc/users/kat/networks/liberachat/moddata/cert + ln -fs ${config.secrets.files.liberachat-cert.path} /var/lib/znc/users/kat/networks/liberachat/moddata/cert/user.pem + ''; + }; + }; + + secrets.files.znc-config = { + text = concatStringsSep "\n" (toLines config.services.znc.config); + owner = "znc"; + group = "znc"; + }; + + services.nginx.virtualHosts."znc.${config.network.dns.domain}" = { + enableACME = true; + forceSSL = true; + locations = { "/".proxyPass = "http://127.0.0.1:5002"; }; + }; + + deploy.tf.dns.records.services_znc = { + tld = config.network.dns.tld; + domain = "znc"; + cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + }; -{ services.znc = { enable = true; mutable = false; @@ -9,6 +116,57 @@ modulePackages = with pkgs.zncModules; [ clientbuffer clientaway + playback + privmsg ]; + config = lib.mkMerge [ + ({ + Version = lib.getVersion pkgs.znc; + Listener.l = { + Port = 5002; + SSL = false; + AllowWeb = true; + }; + Listener.j = { + Port = 5001; + SSL = true; + AllowWeb = false; + }; + modules = [ "webadmin" "adminlog" "cert" "clientbuffer" "clientaway" "savebuff" "playback" "privmsg" ]; + User = { + kat = { + Admin = true; + Nick = "kat"; + AltNick = "katrin"; + AutoClearChanBuffer = false; + AutoClearQueryBuffer = false; + LoadModule = [ "clientbuffer autoadd" "clientaway" "savebuff ${tf.variables.znc-savebuff-pass.ref}" ]; + Network.softnet = { + Server = "${tf.variables.znc-softnet-address.ref}"; + Nick = "kat"; + AltNick = "kat_"; + JoinDelay = 2; + LoadModule = [ "simple_away" "cert" ]; + }; + Network.liberachat = { + Server = "irc.libera.chat +6697 ${tf.variables.znc-liberachat-pass.ref}"; + Nick = "kat"; + AltNick = "kat_"; + JoinDelay = 2; + LoadModule = [ "cert" "simple_away" "nickserv" ]; + }; + Network.espernet = { + Server = "anarchy.esper.net +6697 ${tf.variables.znc-espernet-pass.ref}"; + Nick = "kat"; + AltNick = "katrin"; + JoinDelay = 2; + LoadModule = [ "simple_away" "nickserv" "cert" ]; + }; + }; + }; + }) + (import config.kw.repoSecrets.znc.source) + ]; + configFile = config.secrets.files.znc-config.path; }; } diff --git a/config/trusted b/config/trusted index 97ac097d..8ac5f9b8 160000 --- a/config/trusted +++ b/config/trusted @@ -1 +1 @@ -Subproject commit 97ac097d39b25551fca668100774236ce3b24cc8 +Subproject commit 8ac5f9b8fbabd49d3199cc61182c39ca389ca47d diff --git a/config/users/kat/base/default.nix b/config/users/kat/base/default.nix index 42b2c17a..ea9983e9 100644 --- a/config/users/kat/base/default.nix +++ b/config/users/kat/base/default.nix @@ -13,7 +13,6 @@ ./weechat.nix ./inputrc.nix ./rink.nix - ./pass.nix ./secrets.nix ]; diff --git a/config/users/kat/base/weechat.nix b/config/users/kat/base/weechat.nix index 46a94ceb..69b9356e 100644 --- a/config/users/kat/base/weechat.nix +++ b/config/users/kat/base/weechat.nix @@ -7,11 +7,13 @@ with lib; init = lib.mkMerge [ (lib.mkBefore '' /server add espernet athame.kittywit.ch/5001 -ssl -autoconnect + /server add softnet athame.kittywit.ch/5001 -ssl -autoconnect + /server add liberachat athame.kittywit.ch/5001 -ssl -autoconnect /matrix server add kittywitch kittywit.ch /key bind meta-g /go /key bind meta-v /input jump_last_buffer_displayed /key bind meta-c /buffer close - /key bind meta-n /bar toggle nicklist + /key bind meta-n /bar toggle nicklist /key bind meta-b /bar toggle buflist /relay add weechat 9000 '') @@ -42,6 +44,7 @@ with lib; weechat-matrix title highmon + zncplayback ]; config = with mapAttrs (_: toString) pkgs.base16.shell.shell256; { logger.level.irc = 0; diff --git a/config/users/kat/default.nix b/config/users/kat/default.nix index 211d2354..62f3e337 100644 --- a/config/users/kat/default.nix +++ b/config/users/kat/default.nix @@ -1,10 +1,5 @@ let katUser = { lib }: let - trustedImport = { - config.home-manager.users.kat = { - imports = lib.optional (builtins.pathExists ../../trusted/users/kat) (import ../../trusted/users/kat/home.nix); - }; - }; userImport = profile: { config, ... }: { config.home-manager.users.kat = { imports = [ @@ -24,7 +19,7 @@ let katUser = { lib }: userProfiles = with userProfiles; lib.genAttrs profileNames userImport // { services = lib.genAttrs serviceNames serviceImport; - base = { imports = [ ./nixos.nix (userImport "base") trustedImport ]; }; + base = { imports = [ ./nixos.nix (userImport "base") ]; }; server = { imports = [ personal ]; }; guiFull = { imports = [ gui sway dev media personal ]; }; }; diff --git a/config/users/kat/personal/bitw.nix b/config/users/kat/personal/bitw.nix new file mode 100644 index 00000000..bb42033f --- /dev/null +++ b/config/users/kat/personal/bitw.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: { + programs.rbw = { + enable = true; + package = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.repoSecrets.bitw.source} "$@"''; + settings = { + email = "kat@kittywit.ch"; + base_url = "https://vault.kittywit.ch"; + identity_url = null; + lock_timeout = 3600; + }; + }; +} diff --git a/config/users/kat/personal/default.nix b/config/users/kat/personal/default.nix index 53284b7f..f7eed602 100644 --- a/config/users/kat/personal/default.nix +++ b/config/users/kat/personal/default.nix @@ -1,5 +1,13 @@ { ... }: { - imports = [ ./gpg.nix ./weechat.nix ./email.nix ./zsh.nix ]; + imports = [ + ./gpg.nix + ./weechat.nix + ./email.nix + ./zsh.nix + ./pass.nix + ./taskwarrior.nix + ./bitw.nix + ]; } diff --git a/config/users/kat/base/pass.nix b/config/users/kat/personal/pass.nix similarity index 100% rename from config/users/kat/base/pass.nix rename to config/users/kat/personal/pass.nix diff --git a/config/users/kat/personal/taskwarrior.nix b/config/users/kat/personal/taskwarrior.nix new file mode 100644 index 00000000..c041089a --- /dev/null +++ b/config/users/kat/personal/taskwarrior.nix @@ -0,0 +1,97 @@ +{ config, pkgs, tf, lib, ... }: + +{ + kw.secrets = [ "taskwarrior-key" "taskwarrior-creds" ]; + + secrets.files = { + taskw_key = { + text = "${tf.variables.taskwarrior-key.ref}"; + owner = "kat"; + group = "users"; + }; + taskw_config = { + text = '' + taskd.credentials=${tf.variables.taskwarrior-creds.ref} + ''; + owner = "kat"; + group = "users"; + }; + }; + + programs.taskwarrior = { + enable = true; + config = { + taskd = { + certificate = "${pkgs.writeText "taskd_cert.pem" '' + -----BEGIN CERTIFICATE----- + MIIFRzCCAy+gAwIBAgIULP2UcJYZuZqRI505UwRf+RWdc7gwDQYJKoZIhvcNAQEM + BQAwFjEUMBIGA1UEAxMLa2l0dHl3aXQuY2gwIBcNMjEwMzE0MDA1MjUxWhgPOTk5 + OTEyMzEyMzU5NTlaMCsxFDASBgNVBAMTC2tpdHR5d2l0LmNoMRMwEQYDVQQKEwpr + aXR0eXdpdGNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvVZZgWRA + XHWzWVkGb/go1ynVYY9U/AItgc0DuKt/9glb/bGA+VkFYknd3djM0NrUqLWwR3Ln + pUBH95SVOzJTkF4Sri6vCG6r9YjyIw22iwQQeYcnR9MRy5BuTRsLhwPJWl1pJVHC + tdqDLUqaP1P6UAlYXYxtZDFN3Y8iW22xe+8+/Ew1GiXGdeFrfRgo3TAp9PbKy0wq + Kqe1V/mcCcDcUEFrujL+6soeSZAs2AffMPfl23kC8MB08DHRv06d97DlDGXd2tql + 5OkJHZehwIiTBeJMXHyjRRXyam2DY4/ucVMbXgHi7nUn0FmfYPyljzU1kYiwUxxf + 6/rIGXOYQJkq6AKsih8p1h5NmL0PRtd7E074Zh1ABvY79k6a+uawIKk+nhyu4Gil + IIvYbJqpXDHeZ4m/UBIjcxQZEcDgnR3jlqBZshB6hyaPRy0EBgcOJxOefLzOpcD+ + tul39AIaK6InM4ftdb1W6GXiuXr+JBH0rNe52s8G7AiZZxjsQhIaRvsNcq+dX9fT + 0NLOmCF8lqKCoEha50ELfSyUtfR/jKTvmiuxPT3mUgqP5DeDErgTJ+x1Hr6nqH7g + VL0jrYhf7UcmmVC236H8yjkad7rx70B5JVzA4yMcE1qoUXEAxJfXoVyjbyDPAg8P + VL3pSRYV+RIyQ9XevZiF6dFjlJsyIRUJlUkCAwEAAaN2MHQwDAYDVR0TAQH/BAIw + ADATBgNVHSUEDDAKBggrBgEFBQcDAjAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW + BBRkudH4JVQy6akuhU0Me++nUknMWzAfBgNVHSMEGDAWgBRmz2varlp5iPH6DGES + WjtTVUs3jjANBgkqhkiG9w0BAQwFAAOCAgEATuASvWkbS0x3NJGRuxhHBF7svBdL + Gd72AbN2oiqPs0pRkRE/oar/osNRqCClv6GqWt/yGbFHCIeE+8UkmqBYYps8N5G0 + mqaQU9okafoNqEvQUIxRtJByG9RNlEZD4qB0pw/QUTkCn77a75hyVy5/x9zi75Ya + XS5djO5zA7st1rBzvWVCWdFH4Mk00aZbh66IoWpG+YO6kuTdd8ZKAL+UO5Q5PBjM + /ZgwVyuQBTA5LbLLHPoCRhgWbSv/DRhDZUlWslRU/NkulE5ju4lX2Uuxj4yc2rT2 + 8b3hrHI6IC0hMYCrDynbws71LNEjG/lejBhOLnbBOHOGq+hl1CMNWaLedlH2xFa0 + sJorShW5IarJ/Pthj/FEX7U8LcmnKkbNXL1qwfVU4NVXQSMkqSc+GOxDPYUeFgMt + atpIo3PjucdPpqqSly4yuZZJritVVpm0IvLdE2euDAuLPyQEhqBeMn50zS9seGhw + +heTRZjt0zhDU1MK790cYdWBqfttvOFF4pUTlWiIuBGl6Wn/bzZFatscSrj1r42y + rs819ej8Ey8Us9bRFJC21q712AIPetSM3BnmM4oT6mkQZ8e2Zn1K41GP0r7MLFaB + KpwGEQxfo+rAiUsnF/FS8a9pCmlYIFdfSN3eLh6c9WQdzWm76BFubYyN1g3WTtRh + kuLR6WeghnkGENo= + -----END CERTIFICATE----- + ''}"; + key = config.secrets.files.taskw_key.path; + ca = "${pkgs.writeText "taskd_ca.pem" '' + -----BEGIN CERTIFICATE----- + MIIE/zCCAuegAwIBAgIUO/FZVcMIwnusVeiMGNOHznpUH7UwDQYJKoZIhvcNAQEM + BQAwFjEUMBIGA1UEAxMLa2l0dHl3aXQuY2gwIBcNMjEwMzE0MDA1MjUwWhgPOTk5 + OTEyMzEyMzU5NTlaMBYxFDASBgNVBAMTC2tpdHR5d2l0LmNoMIICIjANBgkqhkiG + 9w0BAQEFAAOCAg8AMIICCgKCAgEA1ui/3U5yhyd2J2Z1ahq6uMyS8HHpuX8TSxNV + mbNPTc1D+jGHa3W7sp0GHRDM6Ct9A0BJkkWAjegWJBZRXAeryZg++xoPma4AK908 + /8uq1WTgchy74Or6luTFKHhxkNXZcjNCjsVGeaogK1KvBLapP83L8mBVb1n5DjlN + I4XhREe4kTWhMJuoG1yUca3g2iIezKa+b1GYY/jOpEOQiciqxjcwgSZSpRTH2kC9 + 3d9JFzJBU+kTDVjuaC3SWgu9tqk2WiBRr3ERUdBvEIRq90xax1ChSAEZgrb3k3yS + vE5IsZ3F85piDbS7tBh6PgbaWf9Bxp4rVJ6FeypSNFyBwzgQP3jiKLJcgChjFIDx + imkJmdQJEmSNImgofkO5l3ZYwXal4G1qT1na+ashrQAbYdDdbgg0XDctVKQBY6oP + YSbyp1aJTed7I2Tm9xm/pSFwR5JrWv7qMB8/4XwziraRL13KGoCmWcfqcUWm6hKW + cTnaA6J5gbNQC3R0+yJXZE+lrUL2QBkM7QtLRHB8FIBQcwKxLmEIB702B+X41EAL + 2gmzV8PpoQvUDQ8w0jZ3HB0f7R5MTYhv44qF4KM30i6gdUPFeiy6lnaqs17yfu8x + kNm2SD7NwmSrDUpAnmvuq7Iq7xvkdr0+qi2p7N7RolJOHw9jYJnU9YXj6CDS2ofg + ur+eWBsCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA + MB0GA1UdDgQWBBRmz2varlp5iPH6DGESWjtTVUs3jjANBgkqhkiG9w0BAQwFAAOC + AgEAATViuvVGa1p5CBTghmp51VfMOcQoAOiTe+tIOVJMRc379uPfESMJ5nsVlZCt + rP+XhDA6gGToEjcUBZIwfLzrKSmbmTpmVK+X5EMGldbytBkdbhQkUaLqD3LnxNNr + WnwhHKcMKAJlZ/523AjFURA3cGf7anhghJHJbr3En45jfrYabKX9gpBpmnOVrBNG + cd5ZmwLMJKrASQ14Px+XHX7+S5y6D2dM6qvXG4y6YMwlROqoy3gcG7j+uvdCzWuC + sSpOj0gVOcCdeOZuSD0lFXbh4WnrS2SDG6M2Zj2tLRsn8nq76RqxIKz9dWSV7nXM + xTSSZOs01rvyrwd1Ydez+qYg5db0ZcD4mF2b78QJU8gKevh53UvHv1PK8I1S6+1E + i5qnduRrX8FaKcD0+UkvLG9ZeE855K1cnquy9vAiuHgKp90R+yzyQfj7w1ofigCR + YSADxgw7w/s5OBIeUYw43SmkmL5nLCAETm36mr2l1g6ixtjN3qDJXnGWHvAHUdhY + 4vhBNNwEtvLp73skkmj5+5qaxn5e8jR9WoNxr8ajoRFaH6LlpoI4/+fWhmfTCpXj + UkdGJClj76VuB1PAg0xCnuLDT2xCA6leF07bn+P8Xzhh21AR1oq2eTyUGkgA2oqi + kmKyccoP1SQXAZd96EFArlzalVt+h+fOuOxuulmqVskK+w0= + -----END CERTIFICATE----- + ''}"; + server = "${config.network.dns.domain}:53589"; + }; + }; + extraConfig = '' + include ${config.secrets.files.taskw_config.path} + ''; + }; +} diff --git a/config/users/kat/personal/weechat.nix b/config/users/kat/personal/weechat.nix index 9d021a37..8d0b207c 100644 --- a/config/users/kat/personal/weechat.nix +++ b/config/users/kat/personal/weechat.nix @@ -1,8 +1,9 @@ { config, nixos, pkgs, lib, ... }: { - home.file = { - ".local/share/weechat/sec.conf".text = '' + home.file = let + bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.repoSecrets.bitw.source} "$@"''; + in { ".local/share/weechat/sec.conf".text = '' # # weechat -- sec.conf # @@ -17,7 +18,7 @@ [crypt] cipher = aes256 hash_algo = sha512 - passphrase_command = "${pkgs.pass}/bin/pass secrets/weechat-pass" + passphrase_command = "${bitw}/bin/bitw get comms/weechat" salt = on [data] @@ -29,10 +30,6 @@ programs.weechat = { enable = true; - init = lib.mkBefore '' - /server add softnet athame.kittywit.ch/5001 -ssl -autoconnect - /server add liberachat athame.kittywit.ch/5001 -ssl -autoconnect - ''; scripts = with pkgs.weechatScripts; [ weechat-notify-send ]; diff --git a/config/users/kat/services/weechat/default.nix b/config/users/kat/services/weechat/default.nix index d0861543..9aa01885 100644 --- a/config/users/kat/services/weechat/default.nix +++ b/config/users/kat/services/weechat/default.nix @@ -39,32 +39,8 @@ services.weechat.enable = true; - systemd.user.services.weechat-tmux = let scfg = config.services.weechat; in - lib.mkForce { - Unit = { - Description = "Weechat tmux session"; - After = [ "network.target" ]; - }; - Service = { - Type = "oneshot"; - Environment = [ - "TMUX_TMPDIR=%t" - "WEECHAT_HOME=${toString config.programs.weechat.homeDirectory}" - ]; - RemainAfterExit = true; - X-RestartIfChanged = false; - ExecStart = "${scfg.tmuxPackage}/bin/tmux -2 new-session -d -s ${scfg.sessionName} ${scfg.binary}"; - ExecStop = "${scfg.tmuxPackage}/bin/tmux kill-session -t ${scfg.sessionName}"; - }; - Install.WantedBy = [ "default.target" ]; - }; - programs.weechat = { enable = true; - init = lib.mkBefore '' - /server add softnet athame.kittywit.ch/5001 -ssl -autoconnect - /server add liberachat athame.kittywit.ch/5001 -ssl -autoconnect - ''; scripts = with pkgs.weechatScripts; [ weechat-notify-send ]; diff --git a/config/users/kat/sway/konawall.nix b/config/users/kat/sway/konawall.nix index 2a5f0db4..132f3f62 100644 --- a/config/users/kat/sway/konawall.nix +++ b/config/users/kat/sway/konawall.nix @@ -1,7 +1,15 @@ -{ config, pkgs, ... }: +{ config, lib, ... }: + +with lib; { services.konawall = { enable = true; + interval = "30m"; + mode = "shuffle"; + commonTags = [ "width:>=1600" ]; + tagList = map (toList) [ + "score:>=50" + ]; }; }