Refactor, add librem5

This commit is contained in:
Alexander Bantyev 2023-02-16 18:51:34 +04:00
parent bff853aaba
commit 4bca58e145
No known key found for this signature in database
GPG Key ID: 48ABA304F3A30FE9
33 changed files with 686 additions and 429 deletions

29
flake.lock generated
View File

@ -635,11 +635,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1672935906,
"narHash": "sha256-YYxhjBppTVEsqElmuBxDrBwqYe/nLXdkMzMQI8gRA8E=",
"lastModified": 1676450680,
"narHash": "sha256-wOd+EPkY6VpxeIf+bCuV2lHleSoK0hI/hTsvJ6Ntf6Q=",
"owner": "nixos",
"repo": "nix",
"rev": "d02c5a41da68908bd88d7a697abc52a04826894e",
"rev": "601849b95afc3d173ea34ff5dba6353f9b71b495",
"type": "github"
},
"original": {
@ -701,6 +701,22 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1676478725,
"narHash": "sha256-tiuxFhkGt0UADAGm4YXuETk9R8TsTZSUSTFJgDMxebo=",
"owner": "balsoft",
"repo": "nixos-hardware",
"rev": "8488234ec45c71456d3eae0329b1cc56caa40799",
"type": "github"
},
"original": {
"owner": "balsoft",
"ref": "add-librem-5",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1671417167,
@ -941,11 +957,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1672791794,
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
"lastModified": 1675942811,
"narHash": "sha256-/v4Z9mJmADTpXrdIlAjFa1e+gkpIIROR670UVDQFwIw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
"rev": "724bfc0892363087709bd3a5a1666296759154b1",
"type": "github"
},
"original": {
@ -1015,6 +1031,7 @@
"nix-direnv": "nix-direnv",
"nix-vscode-marketplace": "nix-vscode-marketplace",
"nixos-fhs-compat": "nixos-fhs-compat",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_9",
"nixpkgs-old": "nixpkgs-old",
"nixpkgs-wayland": "nixpkgs-wayland",

View File

@ -105,6 +105,7 @@
flake = false;
};
nixos-hardware.url = "github:balsoft/nixos-hardware/add-librem-5";
};
outputs = { nixpkgs, self, nix, deploy-rs, ... }@inputs:
@ -145,6 +146,8 @@
in nixosSystem {
inherit system;
modules = __attrValues self.nixosModules ++ [
inputs.home-manager.nixosModules.home-manager
(import (./machines + "/${name}"))
{ nixpkgs.pkgs = pkgs; }
{ device = name; }
@ -168,6 +171,25 @@
deploy-rs.defaultPackage.x86_64-linux
nixfmt
];
shellHook = ''
linkFile() {
source="$(nix build --print-out-paths "$1.source" || nix eval --raw "$1.source")"
target="$(nix eval --raw "$1.target")"
ln -fs "$source" "$HOME/$target"
}
linkHomeManagerFile() {
linkFile ".#nixosConfigurations.$(hostname).config.home-manager.users.$(whoami).$1"
}
linkConfigFile() {
linkHomeManagerFile "xdg.configFile.\"$1\""
}
linkDataFile() {
linkHomeManagerFile "xdg.dataFile.\"$1\""
}
linkHomeFile() {
linkHomeManagerFile "home.file.\"$1\""
}
'';
};
deploy = {

View File

@ -0,0 +1,51 @@
{ inputs, pkgs, lib, ... }: {
imports = with inputs.self;
with nixosProfiles; [
./hardware-configuration.nix
nixosRoles.base
inputs.nixos-hardware.nixosModules.purism-librem-5r4
applications-setup
bluetooth
power
hardware
sound
plasma-mobile
nheko
okular
gwenview
aerc
helix
angelfish
nix
kdeconnect
cursor
fonts
gtk
qt
pass-secret-service
];
programs.ssh.askPassword =
"${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass";
users.users.balsoft.password = lib.mkForce "0";
boot.kernelPackages = pkgs.linuxPackages_librem5;
system.stateVersion = "23.05";
home-manager.users.balsoft.home.stateVersion = "22.11";
themes.fonts = {
main.size = 10;
serif.size = 10;
mono.size = 10;
};
environment.systemPackages = [ pkgs.pure-maps ];
}

View File

@ -0,0 +1,32 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" = {
device = "/dev/mmcblk0p2";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/mmcblk0p1";
fsType = "ext2";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
nix.settings.max-jobs = 4;
}

View File

@ -0,0 +1 @@
aarch64-linux

View File

@ -66,7 +66,7 @@ let
with cfg; {
"${name}-secrets" = rec {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
requires = [ "user@1000.service" ];
after = requires;
@ -115,73 +115,78 @@ let
++ map (name: "${name}-secrets.service")
(builtins.attrNames config.secrets));
in {
options.secrets = lib.mkOption {
type = attrsOf (submodule secret);
default = { };
};
options.secretsConfig = {
password-store = lib.mkOption {
type = lib.types.path;
default = "/home/balsoft/.local/share/password-store";
options = {
secrets = lib.mkOption {
type = attrsOf (submodule secret);
default = { };
};
repo = lib.mkOption {
type = str;
default = "ssh://git@github.com/balsoft/pass";
secretsConfig = {
password-store = lib.mkOption {
type = lib.types.path;
default = "/home/balsoft/.local/share/password-store";
};
repo = lib.mkOption {
type = str;
default = "ssh://git@github.com/balsoft/pass";
};
};
};
config.systemd.services =
mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
config = {
config.security.sudo.extraRules = [{
users = [ "balsoft" ];
commands = [{
command = "/run/current-system/sw/bin/systemctl restart ${allServices}";
options = [ "NOPASSWD" ];
systemd.services =
mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
security.sudo.extraRules = [{
users = [ "balsoft" ];
commands = [{
command = "/run/current-system/sw/bin/systemctl restart ${allServices}";
options = [ "NOPASSWD" ];
}];
}];
}];
config.persist.derivative.directories = [ "/var/secrets" password-store ];
persist.derivative.directories = [ "/var/secrets" password-store ];
config.home-manager.users.balsoft = {
systemd.user.services.activate-secrets = {
Service = {
ExecStart = "${activate-secrets}/bin/activate-secrets";
Type = "oneshot";
home-manager.users.balsoft = {
systemd.user.services.activate-secrets = {
Service = {
ExecStart = "${activate-secrets}/bin/activate-secrets";
Type = "oneshot";
};
Unit = { PartOf = [ "graphical-session-pre.target" ]; };
Install.WantedBy = [ "graphical-session-pre.target" ];
};
Unit = {
PartOf = [ "graphical-session-pre.target" ];
systemd.user.services.pass-store-sync = {
Service = {
Environment = [
"PASSWORD_STORE_DIR=${password-store}"
"PATH=${
lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ]
}"
];
ExecStart = toString (pkgs.writeShellScript "pass-store-sync" ''
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do
sleep 0.1
pass git add --all
pass git commit -m "Change"
pass git pull --rebase
pass git push
done
'');
};
Unit = rec {
After = [ "activate-secrets.service" ];
Wants = After;
};
Install.WantedBy = [ "graphical-session-pre.target" ];
};
Install.WantedBy = [ "graphical-session-pre.target" ];
};
systemd.user.services.pass-store-sync = {
Service = {
Environment = [
"PASSWORD_STORE_DIR=${password-store}"
"PATH=${lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ]}"
];
ExecStart = toString (pkgs.writeShellScript "pass-store-sync" ''
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do
sleep 0.1
pass git add --all
pass git commit -m "Change"
pass git pull --rebase
pass git push
done
'');
programs.password-store = {
enable = true;
package = pkgs.pass-wayland;
settings.PASSWORD_STORE_DIR = password-store;
};
Unit = rec {
After = [ "activate-secrets.service" ];
Wants = After;
};
Install.WantedBy = [ "graphical-session-pre.target" ];
};
programs.password-store = {
enable = true;
package = pkgs.pass-wayland;
settings.PASSWORD_STORE_DIR = password-store;
};
};
}

View File

@ -56,27 +56,27 @@ in rec {
nerdfonts = nur.balsoft.pkgs.roboto-mono-nerd;
pass-secret-service =
prev.pass-secret-service.overrideAttrs (_: {
installCheckPhase = null;
postInstall = ''
mkdir -p $out/share/{dbus-1/services,xdg-desktop-portal/portals}
cat > $out/share/dbus-1/services/org.freedesktop.secrets.service << EOF
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=/run/current-system/sw/bin/systemctl --user start pass-secret-service
EOF
cp $out/share/dbus-1/services/{org.freedesktop.secrets.service,org.freedesktop.impl.portal.Secret.service}
cat > $out/share/xdg-desktop-portal/portals/pass-secret-service.portal << EOF
[portal]
DBusName=org.freedesktop.secrets
Interfaces=org.freedesktop.impl.portal.Secrets
UseIn=gnome
EOF
'';
});
pass-secret-service = prev.pass-secret-service.overrideAttrs (_: {
installCheckPhase = null;
postInstall = ''
mkdir -p $out/share/{dbus-1/services,xdg-desktop-portal/portals}
cat > $out/share/dbus-1/services/org.freedesktop.secrets.service << EOF
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=/run/current-system/sw/bin/systemctl --user start pass-secret-service
EOF
cp $out/share/dbus-1/services/{org.freedesktop.secrets.service,org.freedesktop.impl.portal.Secret.service}
cat > $out/share/xdg-desktop-portal/portals/pass-secret-service.portal << EOF
[portal]
DBusName=org.freedesktop.secrets
Interfaces=org.freedesktop.impl.portal.Secrets
UseIn=gnome
EOF
'';
});
nix-direnv = inputs.nix-direnv.packages.${system}.default.override { pkgs = final; };
nix-direnv =
inputs.nix-direnv.packages.${system}.default.override { pkgs = final; };
# For nix-direnv
nixFlakes = final.nix;
@ -92,8 +92,13 @@ in rec {
mtxclient = prev.mtxclient.overrideAttrs (oa: {
src = inputs.mtxclient;
cmakeFlags = oa.cmakeFlags ++ [ "-DCMAKE_CXX_FLAGS=-DSPDLOG_FMT_EXTERNAL" ];
buildInputs = oa.buildInputs
++ [ final.libevent final.curl.all final.coeurl final.spdlog.dev final.re2 ];
buildInputs = oa.buildInputs ++ [
final.libevent
final.curl.all
final.coeurl
final.spdlog.dev
final.re2
];
patches = [ ];
});
@ -116,23 +121,29 @@ in rec {
cmakeFlags = oa.cmakeFlags ++ [ "-DBUILD_SHARED_LIBS=OFF" ];
})).override { mtxclient = final.mtxclient; };
nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: {
doInstallCheck = false;
patches = [ ./profiles/nix/nix.patch ./profiles/nix/expr-context.patch ] ++ oa.patches or [ ];
});
nix = inputs.nix.packages.${system}.default;
nil = prev.nil.overrideAttrs (_: { doCheck = false; doInstallCheck = false; });
nil = prev.nil.overrideAttrs (_: {
doCheck = false;
doInstallCheck = false;
});
mako = prev.mako.overrideAttrs (_: {
postInstall =
"sed 's|Exec=.*|Exec=/run/current-system/sw/bin/systemctl --user start mako|' -i $out/share/dbus-1/services/fr.emersion.mako.service";
});
codebraid = prev.codebraid.overrideAttrs (_: {
src = inputs.codebraid;
});
codebraid = prev.codebraid.overrideAttrs (_: { src = inputs.codebraid; });
remapper = inputs.remapper.packages.${final.system}.default;
helix = inputs.helix.packages.${final.system}.default;
plasma5Packages = prev.plasma5Packages.overrideScope' (final': _: {
qmlkonsole = final'.callPackage (final.fetchurl {
url =
"https://raw.githubusercontent.com/NixOS/nixpkgs/551245d6c4636862f91ba4a0e94b8120b7e8d4d4/pkgs/applications/plasma-mobile/qmlkonsole.nix";
sha256 = "04vy12x0wjhr1c77dlhvghmlkb6aaq5dfqg1fwc5p6ma9nxqdwic";
}) { };
});
}

View File

@ -0,0 +1,16 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.plasma5Packages.angelfish ];
defaultApplications.browser = {
cmd = "${pkgs.plasma5Packages.angelfish}/bin/angelfish";
desktop = "org.kde.angelfish";
};
home-manager.users.balsoft = {
xdg.configFile.angelfishrc.text = pkgs.lib.generators.toGitINI {
NavigationBar = {
navBarBack = true;
navBarForward = true;
navBarReload = true;
};
};
};
}

View File

@ -3,6 +3,8 @@ let
thm = pkgs.my-lib.thmHash config.themes.colors;
fonts = config.themes.fonts;
in {
services.dbus.packages = [ pkgs.firefox-wayland ];
environment.sessionVariables = {
MOZ_USE_XINPUT2 = "1";
MOZ_DBUS_REMOTE = "1";

View File

@ -35,7 +35,8 @@
lambda-launcher
nix-patch
gopass
papirus-icon-theme
# papirus-icon-theme
breeze-icons
shellcheck
proselint
ripgrep

View File

@ -1,6 +1,6 @@
{
hardware.enableRedistributableFirmware = true; # For some unfree drivers
systemd.services.systemd-udev-settle.enable = false;
# systemd.services.systemd-udev-settle.enable = false;
services.fwupd.enable = true;
# sound.enable = true;
services.fstrim.enable = true;

View File

@ -17,6 +17,7 @@
'';
settings = {
use-xdg-base-directories = true;
trusted-users = [ "root" "balsoft" "@wheel" ];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="

View File

@ -1,42 +0,0 @@
diff --git a/src/libstore/profiles.cc b/src/libstore/profiles.cc
index 5d1723886..4f2e4f5db 100644
--- a/src/libstore/profiles.cc
+++ b/src/libstore/profiles.cc
@@ -250,13 +250,6 @@ Path getDefaultProfile()
{
Path profileLink = getHome() + "/.nix-profile";
try {
- if (!pathExists(profileLink)) {
- replaceSymlink(
- getuid() == 0
- ? settings.nixStateDir + "/profiles/default"
- : fmt("%s/profiles/per-user/%s/profile", settings.nixStateDir, getUserName()),
- profileLink);
- }
return absPath(readLink(profileLink), dirOf(profileLink));
} catch (Error &) {
return profileLink;
diff --git a/src/nix-env/nix-env.cc b/src/nix-env/nix-env.cc
index e04954d45..5649bd01a 100644
--- a/src/nix-env/nix-env.cc
+++ b/src/nix-env/nix-env.cc
@@ -1336,19 +1336,6 @@ static int main_nix_env(int argc, char * * argv)
globals.instSource.nixExprPath = getHome() + "/.nix-defexpr";
globals.instSource.systemFilter = "*";
- if (!pathExists(globals.instSource.nixExprPath)) {
- try {
- createDirs(globals.instSource.nixExprPath);
- replaceSymlink(
- fmt("%s/profiles/per-user/%s/channels", settings.nixStateDir, getUserName()),
- globals.instSource.nixExprPath + "/channels");
- if (getuid() != 0)
- replaceSymlink(
- fmt("%s/profiles/per-user/root/channels", settings.nixStateDir),
- globals.instSource.nixExprPath + "/channels_root");
- } catch (Error &) { }
- }
-
globals.dryRun = false;
globals.preserveInstalled = false;
globals.removeAll = false;

View File

@ -1,120 +0,0 @@
{ config, pkgs, lib, ... }: {
security.apparmor.enable = true;
programs.firejail.enable = true;
users.mutableUsers = false;
users.users.balsoft = {
isNormalUser = true;
extraGroups = [
"sudo"
"wheel"
"networkmanager"
"disk"
"dbus"
"audio"
"docker"
"sound"
"pulse"
"adbusers"
"input"
"libvirtd"
"vboxusers"
"wireshark"
"lp"
"scanner"
];
description = "Александр Бантьев";
uid = 1000;
password = "";
};
systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
home-manager.users.balsoft = {
systemd.user.services.polkit-agent = {
Unit = {
Description = "Run polkit authentication agent";
X-RestartIfChanged = true;
};
Install.WantedBy = [ "sway-session.target" ];
Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
};
home.activation.yubi = {
data = ''
mkdir -p .config/Yubico
[ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys)
'';
after = [ "linkGeneration" ];
before = [ ];
};
};
persist.state.directories = [ "/home/balsoft/.config/Yubico" ];
services.getty.autologinUser = "balsoft";
environment.loginShellInit = lib.mkBefore ''
[[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
'';
security.pam.u2f = {
control = "sufficient";
cue = true;
enable = true;
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "lock" ''
set -euo pipefail
if [[ "$1" == this ]]
then args="-s"
else args="-san"
fi
${
lib.optionalString (config.deviceSpecific.isLaptop)
''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''
}
'')
];
security.pam.services = builtins.listToAttrs (builtins.map (name: {
inherit name;
value = { unixAuth = false; };
}) [
"chpasswd"
"chsh"
"groupadd"
"groupdel"
"groupmems"
"groupmod"
"i3lock"
"i3lock-color"
"login"
"passwd"
"polkit-1"
"runuser"
"runuser-l"
"su"
"sudo"
"swaylock"
"systemd-user"
"useradd"
"userdel"
"usermod"
"vlock"
"xlock"
"xscreensaver"
]);
security.sudo = {
enable = true;
extraConfig = ''
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5
'';
};
home-manager.useUserPackages = true;
}

View File

@ -0,0 +1,18 @@
{ config, pkgs, lib, ... }: {
home-manager.users.balsoft = {
services.pass-secret-service.enable = true;
systemd.user.services.pass-secret-service = {
Service = {
Type = "dbus";
Environment = [ "GPG_TTY=/dev/tty1" "DISPLAY=:0" ];
BusName = "org.freedesktop.secrets";
};
Unit = rec {
Wants = [ "gpg-agent.service" ];
After = Wants;
PartOf = [ "graphical-session-pre.target" ];
};
};
};
}

View File

@ -0,0 +1,47 @@
{ config, pkgs, lib, ... }: {
users.mutableUsers = false;
users.users.balsoft = {
isNormalUser = true;
extraGroups = [
"sudo"
"wheel"
"networkmanager"
"disk"
"dbus"
"audio"
"docker"
"sound"
"pulse"
"adbusers"
"input"
"libvirtd"
"vboxusers"
"wireshark"
"lp"
"scanner"
];
description = "Александр Бантьев";
uid = 1000;
password = "";
};
systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
home-manager.users.balsoft = {
systemd.user.services.polkit-agent = {
Unit = {
Description = "Run polkit authentication agent";
X-RestartIfChanged = true;
};
Install.WantedBy = [ "sway-session.target" ];
Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
};
};
services.getty.autologinUser = "balsoft";
home-manager.useUserPackages = true;
}

View File

@ -0,0 +1,27 @@
{ config, pkgs, lib, ... }: {
environment.loginShellInit = lib.mkBefore ''
[[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
'';
environment.systemPackages = [
(pkgs.writeShellScriptBin "lock" ''
set -euo pipefail
if [[ "$1" == this ]]
then args="-s"
else args="-san"
fi
${lib.optionalString (config.deviceSpecific.isLaptop)
''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
'')
];
security.sudo = {
enable = true;
extraConfig = ''
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5
'';
};
}

View File

@ -0,0 +1,50 @@
{ config, pkgs, ... }: {
home-manager.users.balsoft = {
home.activation.yubi = {
data = ''
mkdir -p .config/Yubico
[ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys)
'';
after = [ "linkGeneration" ];
before = [ ];
};
};
persist.state.directories = [ "/home/balsoft/.config/Yubico" ];
security.pam.services = builtins.listToAttrs (builtins.map (name: {
inherit name;
value = { unixAuth = false; };
}) [
"chpasswd"
"chsh"
"groupadd"
"groupdel"
"groupmems"
"groupmod"
"i3lock"
"i3lock-color"
"login"
"passwd"
"polkit-1"
"runuser"
"runuser-l"
"su"
"sudo"
"swaylock"
"systemd-user"
"useradd"
"userdel"
"usermod"
"vlock"
"xlock"
"xscreensaver"
]);
security.pam.u2f = {
control = "sufficient";
cue = true;
enable = true;
};
}

View File

@ -1,5 +1,5 @@
{ pkgs, config, lib, ... }: {
hardware.pulseaudio.enable = false;
hardware.pulseaudio.enable = lib.mkForce false;
security.rtkit.enable = true;

View File

@ -22,15 +22,15 @@
themes.fonts = {
main = {
family = "IBM Plex Sans";
size = 13;
size = lib.mkDefault 13;
};
serif = {
family = "IBM Plex Serif";
size = 13;
size = lib.mkDefault 13;
};
mono = {
family = "IBM Plex Mono";
size = 13;
size = lib.mkDefault 13;
};
};
}

View File

@ -38,20 +38,6 @@
};
home-manager.users.balsoft = {
services.pass-secret-service.enable = true;
systemd.user.services.pass-secret-service = {
Service = {
Type = "dbus";
Environment = [ "GPG_TTY=/dev/tty1" "DISPLAY=:0" ];
BusName = "org.freedesktop.secrets";
};
Unit = rec {
Wants = [ "gpg-agent.service" ];
After = Wants;
PartOf = [ "graphical-session-pre.target" ];
};
};
home.activation.gnome = ''
$DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/goa-1.0"

View File

@ -8,7 +8,7 @@
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentryFlavor = "gtk2";
pinentryFlavor = "qt";
};
systemd.user.services.gpg-agent = {

View File

@ -25,8 +25,8 @@ in {
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
name = "breeze-dark";
package = pkgs.breeze-icons;
};
theme = {
name = "Generated";

View File

@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }: {
services.xserver = {
enable = true;
desktopManager.plasma5 = {
mobile.enable = true;
runUsingSystemd = false;
};
displayManager = {
autoLogin = {
enable = true;
user = "balsoft";
};
defaultSession = "plasma-mobile";
lightdm = {
enable = true;
extraSeatDefaults = ''
session-cleanup-script=${pkgs.procps}/bin/pkill -P1 -fx ${pkgs.lightdm}/sbin/lightdm
'';
};
};
libinput.enable = true;
};
powerManagement.enable = true;
home-manager.users.balsoft = {
xdg.configFile."autostart/org_kde_powerdevil.desktop".text = ''
[Desktop Entry]
DBusActivatable=true
Exec=${pkgs.powerdevil}/libexec/org_kde_powerdevil
Name=org_kde_powerdevil
Type=Application
'';
xdg.configFile."plasmarc".text =
lib.generators.toGitINI { Theme.name = "generated"; };
xdg.configFile."plasmamobilerc".text = lib.generators.toGitINI {
General = {
actionDrawerTopLeftMode = "1";
actionDrawerTopRightMode = "0";
vibrationDuration = "100";
vibrationIntensity = "0.5";
};
QuickSettings = {
disabledQuickSettings = builtins.concatStringsSep ","
[ "org.kde.plasma.quicksetting.record" ];
enabledQuickSettings = builtins.concatStringsSep "," [
"org.kde.plasma.quicksetting.wifi"
"org.kde.plasma.quicksetting.mobiledata"
"org.kde.plasma.quicksetting.bluetooth"
"org.kde.plasma.quicksetting.flashlight"
"org.kde.plasma.quicksetting.screenrotation"
"org.kde.plasma.quicksetting.settingsapp"
"org.kde.plasma.quicksetting.airplanemode"
"org.kde.plasma.quicksetting.audio"
"org.kde.plasma.quicksetting.battery"
"org.kde.plasma.quicksetting.location"
"org.kde.plasma.quicksetting.nightcolor"
"org.kde.plasma.quicksetting.screenshot"
"org.kde.plasma.quicksetting.powermenu"
"org.kde.plasma.quicksetting.donotdisturb"
"org.kde.plasma.quicksetting.caffeine"
"org.kde.plasma.quicksetting.keyboardtoggle"
];
};
};
};
}

View File

@ -1,12 +1,194 @@
{ pkgs, lib, config, ... }:
with pkgs.my-lib; {
with pkgs.my-lib;
let
colorTheme = with (thmDec config.themes.colors); {
"Colors:Button" = {
BackgroundAlternate = base01;
BackgroundNormal = base01;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base0D;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
"Colors:Complementary" = {
BackgroundAlternate = base01;
BackgroundNormal = base03;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base0D;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base0A;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base02;
};
"Colors:Selection" = {
BackgroundAlternate = base0D;
BackgroundNormal = base0D;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base05;
ForegroundInactive = base05;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base02;
};
"Colors:Tooltip" = {
BackgroundAlternate = base01;
BackgroundNormal = base00;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base0D;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
"Colors:View" = {
BackgroundAlternate = base01;
BackgroundNormal = base00;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base0D;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
"Colors:Window" = {
BackgroundAlternate = base01;
BackgroundNormal = base00;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base0D;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
General = {
ColorScheme = "Generated";
Name = "Generated";
shadeSortColumn = true;
};
KDE.contrast = 4;
WM = {
activeBackground = base00;
activeBlend = base06;
activeForeground = base05;
inactiveBackground = base01;
inactiveBlend = base02;
inactiveForeground = base04;
};
};
misc = with config.themes; {
Icons.Theme = "breeze-dark";
KDE = {
DoubleClickInterval = 400;
ShowDeleteCommand = true;
SingleClick = false;
StartDragDist = 4;
StartDragTime = 500;
WheelScrollLines = 3;
widgetStyle = "Breeze";
};
General = {
TerminalApplication = "alacritty";
fixed =
"${fonts.mono.family},${toString fonts.mono.size},-1,5,50,0,0,0,0,0";
font =
"${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0";
menuFont =
"${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0";
smallestReadableFont = "${fonts.main.family},${
toString fonts.main.size
},-1,5,57,0,0,0,0,0,Medium";
toolBarFont =
"${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0";
};
};
effects = with (thmDec config.themes.colors); {
"ColorEffects:Disabled" = {
Color = base02;
ColorAmount = "0";
ColorEffect = "0";
ContrastAmount = "0.65";
ContrastEffect = "1";
IntensityAmount = "0.1";
IntensityEffect = "2";
};
"ColorEffects:Inactive" = {
ChangeSelectionColor = "true";
Color = base03;
ColorAmount = "0.025";
ColorEffect = "2";
ContrastAmount = "0.1";
ContrastEffect = "2";
Enable = "false";
IntensityAmount = "0";
IntensityEffect = "0";
};
};
desktopThemeColors = pkgs.writeText "generated-plasma-theme-colors"
(lib.generators.toGitINI
(builtins.foldl' lib.recursiveUpdate { } [ colorTheme effects ]));
desktopThemeRc = pkgs.writeText "generated-plasma-theme-rc"
(lib.generators.toGitINI {
Wallpaper = {
defaultWallpaperTheme = "Next";
defaultFileSuffix = ".png";
defaultWidth = "1920";
defaultHeight = "1080";
};
ContrastEffect = {
enabled = "true";
contrast = "0.17";
intensity = "1.25";
saturation = "9";
};
AdaptiveTransparency.enabled = "true";
});
desktopTheme = pkgs.linkFarm "generated-plasma-theme" [
{
name = "share/plasma/desktoptheme/generated/plasmarc";
path = desktopThemeRc;
}
{
name = "share/plasma/desktoptheme/generated/colors";
path = desktopThemeColors;
}
];
in {
environment.systemPackages = [ desktopTheme ];
xdg.portal.enable = true;
services.dbus.packages =
[ pkgs.firefox pkgs.systemd pkgs.papirus-icon-theme ];
services.dbus.packages = [ pkgs.systemd pkgs.breeze-icons ];
services.udev.packages = [ pkgs.libmtp pkgs.media-player-info ];
qt5.enable = false;
qt.enable = false;
environment.sessionVariables = {
QT_XFT = "true";
@ -30,128 +212,10 @@ with pkgs.my-lib; {
};
};
home-manager.users.balsoft = let fonts = config.themes.fonts;
in {
home-manager.users.balsoft = {
home.packages = [ pkgs.ark pkgs.dolphin ];
xdg.configFile."kdeglobals".text = with (thmDec config.themes.colors);
lib.generators.toGitINI {
"Colors:Button" = {
BackgroundAlternate = base01;
BackgroundNormal = base01;
DecorationFocus = base02;
DecorationHover = base02;
ForegroundActive = base05;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
"Colors:Complementary" = {
BackgroundAlternate = base01;
BackgroundNormal = base03;
DecorationFocus = base02;
DecorationHover = base02;
ForegroundActive = base09;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base0A;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base02;
};
"Colors:Selection" = {
BackgroundAlternate = base0D;
BackgroundNormal = base0D;
DecorationFocus = base0D;
DecorationHover = base0D;
ForegroundActive = base05;
ForegroundInactive = base05;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base02;
};
"Colors:Tooltip" = {
BackgroundAlternate = base01;
BackgroundNormal = base00;
DecorationFocus = base02;
DecorationHover = base02;
ForegroundActive = base02;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
"Colors:View" = {
BackgroundAlternate = base01;
BackgroundNormal = base00;
DecorationFocus = base02;
DecorationHover = base02;
ForegroundActive = base02;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
"Colors:Window" = {
BackgroundAlternate = base01;
BackgroundNormal = base00;
DecorationFocus = base02;
DecorationHover = base02;
ForegroundActive = base02;
ForegroundInactive = base01;
ForegroundLink = base0D;
ForegroundNegative = base08;
ForegroundNeutral = base09;
ForegroundNormal = base05;
ForegroundPositive = base0B;
ForegroundVisited = base03;
};
General = {
ColorScheme = "Generated";
Name = "Generated";
fixed = "${fonts.mono.family},${
toString fonts.mono.size
},-1,5,50,0,0,0,0,0";
font = "${fonts.main.family},${
toString fonts.main.size
},-1,5,50,0,0,0,0,0";
menuFont = "${fonts.main.family},${
toString fonts.main.size
},-1,5,50,0,0,0,0,0";
shadeSortColumn = true;
smallestReadableFont = "${fonts.main.family},${
toString fonts.main.size
},-1,5,57,0,0,0,0,0,Medium";
toolBarFont = "${fonts.main.family},${
toString fonts.main.size
},-1,5,50,0,0,0,0,0";
TerminalApplication = "alacritty";
};
KDE = {
DoubleClickInterval = 400;
ShowDeleteCommand = true;
SingleClick = false;
StartDragDist = 4;
StartDragTime = 500;
WheelScrollLines = 3;
contrast = 4;
widgetStyle = "Breeze";
};
Icons = { Theme = "Papirus-Dark"; };
};
xdg.configFile."kdeglobals".text = lib.generators.toGitINI
(builtins.foldl' lib.recursiveUpdate { } [ colorTheme misc ]);
};
}

View File

@ -1,7 +1,4 @@
{ pkgs, config, lib, ... }: {
console.font = "cyr-sun16";
console.keyMap = "ruwin_cplk-UTF-8";
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS =

View File

@ -23,7 +23,7 @@
textColor = base05;
borderColor = "${base0D}AA";
progressColor = "over ${base0B}";
iconPath = "${pkgs.papirus-icon-theme}/share/icons/Papirus-Dark";
iconPath = "${pkgs.breeze-icons}/share/icons/breeze-dark";
maxIconSize = 24;
extraConfig = let
play = sound:

View File

@ -15,7 +15,7 @@
systemd.user.startServices = true;
home.stateVersion = "20.09";
home.stateVersion = lib.mkDefault "20.09";
};
home-manager.useGlobalPkgs = true;

View File

@ -1,9 +1,11 @@
{ pkgs, config, lib, ... }: {
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
forwardX11 = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
X11Forwarding = true;
};
extraConfig = "StreamLocalBindUnlink yes";
ports = [ 22 ];
};
@ -17,20 +19,17 @@
persist.state.directories = [ "/home/balsoft/.ssh" ];
users.users.balsoft.openssh.authorizedKeys.keys =
["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"];
users.users.balsoft.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"
];
secrets.ssh_key = {
services = [];
decrypted = "/root/.ssh/id_ed25519";
};
# secrets.ssh_key = {
# services = [ ];
# decrypted = "/root/.ssh/id_ed25519";
# };
home-manager.users.balsoft.programs.ssh = {
enable = true;
matchBlocks = {
"*" = {
compression = false;
};
};
matchBlocks = { "*" = { compression = false; }; };
};
}

View File

@ -159,7 +159,7 @@ in {
"F1" = ''
exec ${pkgs.pavucontrol}/bin/pavucontrol; [app_id="pavucontrol"] focus'';
"Shift+F1" = ''
exec ${pkgs.helvum}/bin/helvum; [app_id="org.freedesktop.ryuukyu.Helvum"] focus'';
exec ${pkgs.qpwgraph}/bin/qpwgraph; [app_id="org.freedesktop.ryuukyu.Helvum"] focus'';
"F3" = "exec ${pkgs.alsa-utils}/bin/amixer set Capture cap";
"Shift+F3" = "exec ${pkgs.alsa-utils}/bin/amixer set Capture nocap";
"F5" = "reload";
@ -211,7 +211,6 @@ in {
"XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 2";
"XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
"button2" = "kill";
"--whole-window button2" = "kill";
} // builtins.listToAttrs (builtins.map (x: {
name = "${builtins.elemAt x 0}";
value = "workspace ${builtins.elemAt x 1}";
@ -251,7 +250,7 @@ in {
"XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 2";
"XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
"button2" = "kill";
"--whole-window button2" = "kill";
"--whole-window ${modifier}+button2" = "kill";
};
keycodebindings = { };

View File

@ -1,19 +1,16 @@
{ inputs, ... }: {
imports = with inputs.self.nixosProfiles; [
inputs.home-manager.nixosModules.home-manager
# PROFILES
autoRun
xdg
boot
git
gpg
locale
misc
network
nix
security
user
ssh
zsh
];

View File

@ -2,6 +2,8 @@
imports = with inputs.self.nixosProfiles; [
./base.nix
boot
# PROFILES
applications-setup
bluetooth
@ -11,6 +13,9 @@
sound
virtualisation
yubikey
vlock
alacritty
aerc
# cantata
@ -26,6 +31,7 @@
packages
okular
pass-secret-service
copyq
cursor
direnv

View File

@ -1,6 +1,8 @@
{ inputs, ... }: {
imports = [
./base.nix
inputs.self.nixosProfiles.boot
];
security.sudo.wheelNeedsPassword = false;