Remove calibre-web service

flake.nix

@@ -249,6 +249,7 @@
           };
           swayimg = pkgs.callPackage ./packages/swayimg/default.nix { };
           layman = pkgs.callPackage ./packages/layman/default.nix { };
+          sommelier = pkgs.callPackage ./packages/sommelier/default.nix { };
         };
       });
 }

home-manager/linux/programs/sway.nix

@@ -50,6 +50,10 @@ in with lib; {
       font-awesome
       layman-package
       inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.wob
+      # For fancy x11 scaling
+      inputs.self.packages.${pkgs.system}.sommelier
+      # Polkit
+      polkit_gnome
     ];
     #########################
     ## Sway
@@ -276,6 +280,20 @@ in with lib; {
         ${layman-package}/bin/layman || true
       '';
     };
+    # Setup polkit as a service
+    systemd.user.services.polkit-gnome = {
+      Unit = {
+        Description = "Polkit gnome authentication agent";
+        After = [ "graphical-session.target" ];
+      };
+      Service = {
+        Type = "simple";
+        ExecStart =
+          "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+      };
+      Install = { WantedBy = [ "graphical-session.target" ]; };
+    };
     #########################
     ## Mako (notifications)
     #########################

machines/levitation/configuration.nix

@@ -1,6 +1,11 @@
 { config, lib, pkgs, inputs, ... }:
-
+let
-{
+  system = pkgs.system;
+  unstable = import inputs.nixpkgs-unstable {
+    config = { allowUnfree = true; };
+    inherit system;
+  };
+in {
   # Sops setup for this machine
   sops.secrets = {
     "borg-ssh-key" = {
@@ -83,17 +88,9 @@
     max-jobs = 4;
   };
 
-  # Calibre
+  # vmware
-  services.calibre-web = {
+  virtualisation.vmware.host = {
     enable = true;
-    user = "nathan";
+    package = unstable.vmware-workstation;
-    group = "users";
-    openFirewall = true;
-    listen = { ip = "100.95.223.6"; };
-    options = {
-      calibreLibrary = "/home/nathan/Books";
-      enableBookConversion = true;
-      enableBookUploading = true;
-    };
   };
 }

machines/levitation/home.nix

@@ -1,6 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }: {
-
-{
   nathan = {
     services = { email = { enable = true; }; };
     config = { isDesktop = true; };
@@ -11,7 +9,17 @@
     };
   };
 
-  home.packages = with pkgs; [ gammastep fido2luks ];
+  home.packages = with pkgs; [
+    gammastep
+    fido2luks
+    (pkgs.makeDesktopItem rec {
+      name = "VMWare Workstation (Wrapped)";
+      exec = "${
+          inputs.self.packages.${pkgs.system}.sommelier
+        }/bin/sommelier -X --scale 1 vmware";
+      desktopName = name;
+    })
+  ];
 
   # Sway outputs
   wayland.windowManager.sway.config = {

machines/tounge/configuration.nix

@@ -229,17 +229,6 @@
           '';
         };
       };
-      "calibre.mccarty.io" = {
-        forceSSL = true;
-        useACMEHost = "mccarty.io";
-        locations."/" = {
-          proxyPass = "http://100.95.223.6:8083";
-          extraConfig = ''
-            allow 100.64.0.0/10;
-            deny all;
-          '';
-        };
-      };
     };
   };
   # Now we can configure ACME so we can get a star cert

modules/linux/user.nix

@@ -5,6 +5,19 @@ let
 in with lib; {
   config = mkMerge [
     {
+      security.polkit = {
+        enable = true;
+        # TODO: Refine the wheel branch to only include nessicary actions
+        # extraConfig = ''
+        #   polkit.addRule(function(action, subject) {
+        #     if (subject.isInGroup("wheel"))
+        #     {
+        #       return polkit.Result.YES;
+        #     }
+        #   })
+        # '';
+      };
+      environment.shells = [ pkgs.fish ];
       users = {
         # If we install the user and the system is hardended, then disable mutable users
         mutableUsers = !(nc.installUser && nc.harden);

packages/sommelier/default.nix

@@ -0,0 +1,29 @@
+  { lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, wayland-scanner
+  , libxkbcommon, mesa, pixman, xorg, wayland, gtest }:
+
+  stdenv.mkDerivation {
+    pname = "sommelier";
+    version = "104.0";
+
+    src = fetchFromGitHub {
+      owner = "akvadrako";
+      repo = "sommelier";
+      rev = "31a42a2f8c649ae82a3239284bced7ef39a569ef";
+      sha256 = "sha256-ZTvH4mn7eK2e/1u6FVVpR7aaeAQ+JxSa4nhXWLxSfvo=";
+    };
+
+    nativeBuildInputs = [ meson ninja pkg-config wayland-scanner ];
+    buildInputs = [ libxkbcommon mesa pixman wayland xorg.libxcb ];
+
+    doCheck = true;
+    nativeCheckInputs = [ gtest ];
+
+    meta = with lib; {
+      homepage =
+        "https://chromium.googlesource.com/chromiumos/platform2/+/refs/heads/main/vm_tools/sommelier/";
+      description = "Nested Wayland compositor with support for X11 forwarding";
+      maintainers = with maintainers; [ qyliss ];
+      license = licenses.bsd3;
+      platforms = platforms.linux;
+    };
+  }