moritz/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/nixos' into nixos-work

Browse source
This commit is contained in:
Moritz Böhme 2023-10-09 09:10:36 +02:00
commit 89991861ed
40 changed files with 1149 additions and 768 deletions
Download patch file Download diff file Expand all files Collapse all files

63
modules/profiles/base.nix
View file

@ -6,21 +6,6 @@
with lib;
let
nom-system = pkgs.writeFishApplication {
name = "nom-system";
runtimeInputs = with pkgs; [ nix-output-monitor ];
text = /* fish */ ''
nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel" $argv
'';
};
nom-system-command = name: command: pkgs.writeFishApplication {
inherit name;
runtimeInputs = with pkgs; [ nom-system nix ];
text = /* fish */ ''
nom-system $argv && ${command}
'';
};
f = pkgs.writeFishApplication {
name = "f";
runtimeInputs = with pkgs; [ fzf bat ];
@ -46,7 +31,7 @@ let
recurse (readlink $path)
end
end
for arg in $argv
recurse (which $arg)
end
@ -84,6 +69,9 @@ let
};
in
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoAqa2m7hIzZ2LS96Z+RCIlRvhBM/j7h27tMBCwMT+a" # Moritz
];
users.users.moritz = {
isNormalUser = true;
home = "/home/moritz";
@ -105,17 +93,17 @@ in
abbreviations = {
us = "systemctl --user";
rs = "sudo systemctl";
uj = "journalctl --user";
rj = "sudo journalctl";
};
aliases = {
ls = "exa -lh --icons --git";
ls = "${getExe pkgs.eza} -lh --icons --git";
cat = "bat";
rm = "rm -i";
mv = "mv -i";
cd = "__zoxide_z";
nixos-update = "pushd ~/.dotfiles && nix flake update && popd";
latexwatch = ''find -type f -name "*.tex" | entr -c latexmk -pdf -silent'';
};
variables = { EDITOR = "vim"; };
};
@ -135,6 +123,8 @@ in
"|" = "split-window -h";
"C-l" = "send-keys C-l";
"R" = "source-file $XDG_CONFIG_HOME/tmux/tmux.conf \\; display-message 'Reloaded tmux.conf'";
"f" = "new-window ts";
"a" = "new-window ta";
};
copy-mode-vi = {
"v" = "send -X begin-selection";
@ -151,48 +141,35 @@ in
# archives
ouch
# file management
trash-cli
# monitoring
htop
bottom
# nix
(nom-system-command "nixos-boot" "sudo nixos-rebuild boot --flake ~/.dotfiles")
(nom-system-command "nixos-switch" "sudo nixos-rebuild switch --flake ~/.dotfiles")
(nom-system-command "nixos-test" "sudo nixos-rebuild test --flake ~/.dotfiles")
manix
nix-index
nix-output-monitor
nixpkgs-fmt
statix
which-nix
# other
# utils
bat
cht-sh
du-dust
duf
entr
exa
f
fd
gi
gparted
neofetch
reptyr
parallel
ripgrep
up
vim
viu
wget
];
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [ "FiraCode" ];
})
];
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
(nerdfonts.override {
fonts = [ "FiraCode" ];
})
];
};
programs = {
mtr.enable = true;

4
modules/profiles/desktop.nix
View file

@ -84,11 +84,7 @@ in
};
environment.systemPackages = with pkgs; [
anki
calibre
fd
keepassxc
nixpkgs-review
pavucontrol
stable.libreoffice # NOTE breaks often
stable.signal-desktop # NOTE breaks often

19
modules/profiles/personal.nix
View file

@ -69,24 +69,5 @@ in
};
};
};
nix.buildMachines = [{
hostName = "builder";
systems = [ "aarch64-linux" "x86_64-linux" ];
protocol = "ssh-ng";
maxJobs = 1;
speedFactor = 1;
supportedFeatures = [ "nixos-test" "benchmark" "kvm" ];
mandatoryFeatures = [ ];
}];
nix.distributedBuilds = true;
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
age.secrets."ssh-builder" = {
file = ../../secrets/ssh-builder.age;
owner = "0";
path = "/root/.ssh/config";
};
};
}

34
modules/programs/fish.nix
View file

@ -46,14 +46,46 @@ in
# visual mode, but due to fish_cursor_default, is redundant here
set fish_cursor_visual block
# Complex abbreviations
function last_history_item
echo $history[1]
end
abbr -a !! --position anywhere --function last_history_item
function sed_history_item
echo $history[1] | perl -p -e (string trim -l --chars=! $argv)
end
abbr -a sed_history --position command --regex '^!s/.+/.*/g?' --function sed_history_item
function multicd
echo cd (string repeat -n (math (string length -- $argv[1]) - 1) ../)
end
abbr --add dotdot --regex '^\.\.+$' --function multicd
abbr -a P --position anywhere --set-cursor "% | $PAGER"
function editor_edit
echo $EDITOR $argv
end
abbr -a editor_edit_files --position command --regex ".+\.(txt|md|org)" --function editor_edit
function editor
echo $EDITOR
end
abbr -a e --function editor
# Completions
complete -c c -kfa '(zoxide query -l | sed "s|$HOME|~|")'
${optionalString config.virtualisation.podman.dockerCompat /* fish */ "complete -c docker -w podman"}
complete -c nom -fn "not __fish_seen_subcommand_from build shell develop" -a "build shell develop"
complete -c nom -fn "__fish_seen_subcommand_from build" -w "nix build"
complete -c nom -fn "__fish_seen_subcommand_from shell" -w "nix shell"
complete -c nom -fn "__fish_seen_subcommand_from develop" -w "nix develop"
complete -c timers \
-n "__fish_seen_subcommand_from toggle" \
-fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)'
complete -c timers \
-n "__fish_seen_subcommand_from remove" \
-fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)'

15
modules/programs/hyprland/_config.nix
View file

@ -17,7 +17,7 @@ in
#
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,1
${concatLines (map (x: "monitor=${x}") cfg.monitors)}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
@ -110,6 +110,13 @@ in
workspace_swipe = on
}
misc {
# disable_hypr_chan = true
vrr = 1
mouse_move_enables_dpms = true
key_press_enables_dpms = true
}
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Firefox Sharing Indicator
${mkRules ["float" "move 49% 40" "noborder" "nofullscreenrequest"] ["title:^(.*Sharing Indicator.*)$"]}
@ -207,5 +214,9 @@ in
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
exec-once=${getExe config.my.programs.wallpaper.package} -r
# Toggle waybar
bindr = $mainMod, SUPER_L, exec, pkill -USR1 waybar
# Extra Config
${cfg.extraConfig}
''

70
modules/programs/hyprland/default.nix
View file

@ -31,6 +31,15 @@ in
description = "list of keyboard layouts";
default = [ "de" "us" ];
};
monitors = mkOption {
type = types.listOf types.str;
description = "monitor settings";
default = [ ",preferred,auto,1" ];
};
extraConfig = mkOption {
type = types.str;
default = "";
};
};
config = mkIf cfg.enable {
@ -42,46 +51,52 @@ in
};
wallpapers.enable = true;
services.dunst.enable = true;
services.wallpaper.enable = true;
};
# enable home-manager module
home-manager.users.moritz = {
# import home-manager module
imports = [ inputs.hyprland.homeManagerModules.default ];
# enable home-manager module
wayland.windowManager.hyprland = {
enable = true;
package = hyprland;
recommendedEnvironment = true;
extraConfig = import ./_config.nix args;
};
};
# add waybar as a status bar
home-manager.users.moritz.programs.waybar = {
enable = true;
# start using systemd service
systemd = {
# add waybar as a status bar
programs.waybar = {
enable = true;
target = "graphical-session.target";
};
settings = {
mainBar = {
layer = "top";
position = "top";
height = 20;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "hyprland/window" ];
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
# start using systemd service
systemd = {
enable = true;
target = "graphical-session.target";
};
settings = {
mainBar = {
start_hidden = true;
layer = "top";
position = "top";
height = 20;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "hyprland/window" ];
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
};
};
};
};
# lock screen after timeout
home-manager.users.moritz = {
# lock screen after timeout
programs.swaylock = {
enable = true;
settings = {
color = "000000";
};
};
services.swayidle = {
enable = true;
events = [
@ -120,8 +135,14 @@ in
};
systemdTarget = "hyprland-session.target";
};
systemd.user.services.nextcloud-client.Service = {
RestartSec = "500ms";
Restart = "on-failure";
};
};
# adds pam module for swaylock
security.pam.services.swaylock = { };
@ -137,11 +158,6 @@ in
requiredBy = [ "xdg-desktop-portal.service" ];
};
home-manager.users.moritz.systemd.user.services.nextcloud-client.Service = {
RestartSec = "500ms";
Restart = "on-failure";
};
# add user packages for wayland and hyprland in particular
users.users.moritz.packages = with pkgs; [
brightnessctl # control brightness

8
modules/programs/nix.nix
View file

@ -57,17 +57,9 @@ in
settings = {
substituters = [
"https://cache.nixos.org/"
"https://jupyterwith.cachix.org"
"https://nix-community.cachix.org"
"https://pre-commit-hooks.cachix.org"
"https://hyprland.cachix.org"
];
trusted-public-keys = [
"jupyterwith.cachix.org-1:/kDy2B6YEhXGJuNguG1qyqIodMyO4w8KwWH4/vAc7CI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
trusted-users = [ "root" "@wheel" ];

8
modules/programs/nvim/default.nix
View file

@ -30,12 +30,17 @@ in
[
alejandra
black
checkmake
deadnix
dotenv-linter
fish
isort
jq
nil
nixd
nixpkgs-fmt
nodePackages.bash-language-server
nodePackages.jsonlint
ruff-lsp
rustfmt
shellcheck
shfmt
@ -46,6 +51,7 @@ in
typst
typst-lsp
yamlfmt
yamllint
];
extraLuaConfig = readFile ./options.lua;
lazy.enable = true;

8
modules/programs/nvim/options.lua
View file

@ -1,14 +1,8 @@
vim.g.mapleader = " "
vim.g.maplocalleader = ","
-- FIX to create spell dir if not existent
local spelldir = vim.fn.stdpath("config") .. "/spell"
if not vim.loop.fs_stat(spelldir) then
vim.fn.mkdir(spelldir, "p")
end
vim.opt.autoindent = true
vim.opt.backupdir = { vim.fn.stdpath("state") .. "/nvim/backup/" } -- don't store backup in files dir
vim.opt.backupdir = { vim.fn.stdpath("state") .. "/backup/" } -- don't store backup in files dir
vim.opt.clipboard = "unnamedplus" -- sync with system clipboard
vim.opt.conceallevel = 2
vim.opt.expandtab = true -- spaces instead of tabs

26
modules/programs/nvim/plugins/coding.nix
View file

@ -86,26 +86,13 @@ with builtins;
{ plugin = cmp-cmdline; }
{ plugin = cmp-nvim-lsp; }
{ plugin = cmp_luasnip; }
{
plugin = codeium-nvim;
opts = { };
}
{ plugin = friendly-snippets; }
{ plugin = lspkind-nvim; }
{ plugin = luasnip; }
{
plugin = copilot-cmp;
opts = { };
dependencies = [
{
plugin = copilot-lua;
opts = {
suggestion = { enabled = false; };
panel = { enabled = false; };
};
conf = /* lua */ ''
require("copilot").setup(opts)
vim.cmd("Copilot disable")
'';
}
];
}
];
}
{
@ -117,7 +104,6 @@ with builtins;
event = [ "BufRead" "BufNewFile" ];
conf = readFile ./lua/nvim-lspconfig.lua;
dependencies = [
{ plugin = lsp_signature-nvim; }
{
plugin = null-ls-nvim;
conf = readFile ./lua/null-ls-nvim.lua;
@ -313,5 +299,9 @@ with builtins;
];
opts = { };
}
{
plugin = nvim-puppeteer;
lazy = false; # NOTE: plugin lazy-loads itself.
}
];
}

6
modules/programs/nvim/plugins/lua/null-ls-nvim.lua
View file

@ -8,9 +8,15 @@ null_ls.setup({
-- Completion
null_ls.builtins.completion.spell,
-- Diagnostics
null_ls.builtins.diagnostics.checkmake,
null_ls.builtins.diagnostics.deadnix,
null_ls.builtins.diagnostics.dotenv_linter,
null_ls.builtins.diagnostics.fish,
null_ls.builtins.diagnostics.jsonlint,
null_ls.builtins.diagnostics.shellcheck,
null_ls.builtins.diagnostics.statix,
null_ls.builtins.diagnostics.trail_space,
null_ls.builtins.diagnostics.yamllint,
},
})

6
modules/programs/nvim/plugins/lua/nvim-cmp.lua
View file

@ -17,7 +17,7 @@ cmp.setup({
maxwidth = 50, -- prevent the popup from showing more than provided characters
ellipsis_char = "...", -- when popup menu exceed maxwidth, the truncated part would show ellipsis_char instead
symbol_map = {
Copilot = "",
Codeium = "",
},
}),
},
@ -56,8 +56,8 @@ cmp.setup({
{ name = "async_path", priority = 1 },
{ name = "buffer", priority = 1 },
{ name = "luasnip", priority = 2 },
{ name = "copilot", group_index = 3 },
{ name = "nvim_lsp", priority = 4 },
{ name = "codeium", priority = 3 },
{ name = "nvim_lsp", priority = 3 },
},
})

2
modules/programs/nvim/plugins/lua/nvim-lspconfig.lua
View file

@ -134,7 +134,7 @@ end
local servers = {
"bashls",
"nil_ls",
"nixd",
"pylsp",
"ruff_lsp",
"typst_lsp",

6
modules/programs/tmux/default.nix
View file

@ -19,14 +19,14 @@ let
tmux-sessionizer = pkgs.writeFishApplication {
name = "ts";
runtimeInputs = with pkgs; [ tmux findutils coreutils procps fd fzf1 tmux-switch ];
runtimeInputs = with pkgs; [ tmux findutils coreutils procps fd tmux-switch gawk ];
text = readFile ./tmux-sessionizer/script.fish;
completions = readFile ./tmux-sessionizer/completions.fish;
};
tmux-attach = pkgs.writeFishApplication {
name = "ta";
runtimeInputs = with pkgs; [ tmux fzf1 tmux-switch ];
runtimeInputs = with pkgs; [ tmux tmux-switch ];
text = readFile ./tmux-attach/script.fish;
completions = readFile ./tmux-attach/completions.fish;
};
@ -97,7 +97,7 @@ in
if ! fish_is_root_user && test "$TERM_PROGRAM" != 'vscode' && ${insideVariableMissing}
if test -z $tmux_autostarted
set -x tmux_autostarted true
ts
tmux new -A -s home
end
end
'';

2
modules/programs/tmux/tmux-attach/script.fish
View file

@ -1,4 +1,4 @@
set selected (tmux list-sessions -F '#{session_name}' 2>/dev/null | fzf1 $argv)
set selected (tmux list-sessions -F '#{session_name}' 2>/dev/null | fzf --query "$argv")
if not test -n "$selected"
exit 1
end

9
modules/programs/tmux/tmux-sessionizer/script.fish Normal file → Executable file
View file

@ -1,4 +1,11 @@
set selected (fd -HIg '.git' ~/ --min-depth 1 --max-depth 5 --type d --prune --exec dirname {} | fzf1 $argv)
#!/usr/bin/env fish
set pipe (mktemp --dry-run)
mkfifo $pipe
fd -HIg '.git' ~/ --min-depth 1 --max-depth 5 --type d --prune --exec-batch dirname {} | tee $pipe >/dev/null &
fd . ~/ --min-depth 1 --max-depth 3 --type d --exec-batch realpath {} | tee $pipe >/dev/null &
set selected (cat $pipe | awk '!seen[$0]++' | fzf --query "$argv")
rm -f "$pipe"
set selected_name (basename $selected 2>/dev/null | string replace "." "_")

11
modules/programs/wallpaper/wallpaper.sh
View file

@ -2,6 +2,7 @@
WALLPAPERS_PATH="$HOME/.config/wallpapers"
WALLPAPERS=$(find "$WALLPAPERS_PATH" -type f,l)
DEBUG=0
function help() {
echo "Usage:"
@ -22,7 +23,11 @@ function setWallpaperX {
}
function setWallpaperWayland {
swaybg --mode fill -i "$1" 2>/dev/null &
if [[ $DEBUG -eq 1 ]]; then
swaybg --mode fill -i "$1" &
else
swaybg --mode fill -i "$1" 2>/dev/null &
fi
}
function setWallpaper() {
@ -53,6 +58,10 @@ while [[ $# -gt 0 ]]; do
shift # past argument
shift # past value
;;
-v | --verbose)
DEBUG=1
shift # past argument
;;
*)
POSITIONAL+=("$1") # save it in an array for later
shift # past argument

102
modules/security/default.nix
View file

@ -5,62 +5,64 @@
## System security tweaks
# Prevent replacing the running kernel w/o reboot
# security.protectKernelImage = lib.mkDefault true; # NOTE disabled for now to enable hibernate
boot = {
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot.
boot.tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot.
tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
boot.loader.systemd-boot.editor = false;
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
loader.systemd-boot.editor = false;
boot.kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
# Log martian packages
"net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.default.log_martians" = 1;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
# Log martian packages
"net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.default.log_martians" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
kernelModules = [ "tcp_bbr" ];
};
boot.kernelModules = [ "tcp_bbr" ];
# So we don't have to do this later...
security.acme.acceptTerms = true;

26
modules/services/wallpaper.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, config, ... }:
with lib;
let
cfg = config.my.services.wallpaper;
in
{
options.my.services.wallpaper = {
enable = mkEnableOption "wallpaper changer";
frequency = mkOption {
type = types.str;
default = "30m";
};
};
config = mkIf cfg.enable {
systemd.user.services.wallpaper = {
script = "${getExe config.my.programs.wallpaper.package} -r -v";
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
Restart = "always";
RuntimeMaxSec = cfg.frequency;
ExitType = "cgroup";
};
};
};
}