From 4bca58e145014b01d62036df2e5384ce8efb4310 Mon Sep 17 00:00:00 2001 From: Alexander Bantyev Date: Thu, 16 Feb 2023 18:51:34 +0400 Subject: [PATCH] Refactor, add librem5 --- flake.lock | 29 +- flake.nix | 22 ++ machines/Librem5-Phone/default.nix | 51 +++ .../Librem5-Phone/hardware-configuration.nix | 32 ++ machines/Librem5-Phone/system | 1 + modules/secrets.nix | 119 +++---- overlay.nix | 71 ++-- profiles/applications/angelfish.nix | 16 + profiles/applications/firefox.nix | 2 + profiles/applications/packages.nix | 3 +- profiles/hardware.nix | 2 +- profiles/nix/default.nix | 1 + profiles/nix/nix.patch | 42 --- profiles/security.nix | 120 ------- profiles/security/pass-secret-service.nix | 18 + profiles/security/user.nix | 47 +++ profiles/security/vlock.nix | 27 ++ profiles/security/yubikey.nix | 50 +++ profiles/sound.nix | 2 +- profiles/workspace/fonts.nix | 6 +- profiles/workspace/gnome3/default.nix | 14 - profiles/workspace/gpg.nix | 2 +- profiles/workspace/gtk.nix | 4 +- profiles/workspace/kde/plasma-mobile.nix | 68 ++++ profiles/workspace/kde/qt.nix | 314 +++++++++++------- profiles/workspace/locale/default.nix | 3 - profiles/workspace/mako.nix | 2 +- profiles/workspace/misc.nix | 2 +- profiles/workspace/ssh.nix | 27 +- profiles/workspace/sway/default.nix | 5 +- roles/base.nix | 5 +- roles/desktop.nix | 6 + roles/server.nix | 2 + 33 files changed, 686 insertions(+), 429 deletions(-) create mode 100644 machines/Librem5-Phone/default.nix create mode 100644 machines/Librem5-Phone/hardware-configuration.nix create mode 100644 machines/Librem5-Phone/system create mode 100644 profiles/applications/angelfish.nix delete mode 100644 profiles/nix/nix.patch delete mode 100644 profiles/security.nix create mode 100644 profiles/security/pass-secret-service.nix create mode 100644 profiles/security/user.nix create mode 100644 profiles/security/vlock.nix create mode 100644 profiles/security/yubikey.nix create mode 100644 profiles/workspace/kde/plasma-mobile.nix diff --git a/flake.lock b/flake.lock index 2f78acf..3103298 100644 --- a/flake.lock +++ b/flake.lock @@ -635,11 +635,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1672935906, - "narHash": "sha256-YYxhjBppTVEsqElmuBxDrBwqYe/nLXdkMzMQI8gRA8E=", + "lastModified": 1676450680, + "narHash": "sha256-wOd+EPkY6VpxeIf+bCuV2lHleSoK0hI/hTsvJ6Ntf6Q=", "owner": "nixos", "repo": "nix", - "rev": "d02c5a41da68908bd88d7a697abc52a04826894e", + "rev": "601849b95afc3d173ea34ff5dba6353f9b71b495", "type": "github" }, "original": { @@ -701,6 +701,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1676478725, + "narHash": "sha256-tiuxFhkGt0UADAGm4YXuETk9R8TsTZSUSTFJgDMxebo=", + "owner": "balsoft", + "repo": "nixos-hardware", + "rev": "8488234ec45c71456d3eae0329b1cc56caa40799", + "type": "github" + }, + "original": { + "owner": "balsoft", + "ref": "add-librem-5", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1671417167, @@ -941,11 +957,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1672791794, - "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", + "lastModified": 1675942811, + "narHash": "sha256-/v4Z9mJmADTpXrdIlAjFa1e+gkpIIROR670UVDQFwIw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", + "rev": "724bfc0892363087709bd3a5a1666296759154b1", "type": "github" }, "original": { @@ -1015,6 +1031,7 @@ "nix-direnv": "nix-direnv", "nix-vscode-marketplace": "nix-vscode-marketplace", "nixos-fhs-compat": "nixos-fhs-compat", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_9", "nixpkgs-old": "nixpkgs-old", "nixpkgs-wayland": "nixpkgs-wayland", diff --git a/flake.nix b/flake.nix index 7ea192a..123bfc9 100644 --- a/flake.nix +++ b/flake.nix @@ -105,6 +105,7 @@ flake = false; }; + nixos-hardware.url = "github:balsoft/nixos-hardware/add-librem-5"; }; outputs = { nixpkgs, self, nix, deploy-rs, ... }@inputs: @@ -145,6 +146,8 @@ in nixosSystem { inherit system; modules = __attrValues self.nixosModules ++ [ + inputs.home-manager.nixosModules.home-manager + (import (./machines + "/${name}")) { nixpkgs.pkgs = pkgs; } { device = name; } @@ -168,6 +171,25 @@ deploy-rs.defaultPackage.x86_64-linux nixfmt ]; + shellHook = '' + linkFile() { + source="$(nix build --print-out-paths "$1.source" || nix eval --raw "$1.source")" + target="$(nix eval --raw "$1.target")" + ln -fs "$source" "$HOME/$target" + } + linkHomeManagerFile() { + linkFile ".#nixosConfigurations.$(hostname).config.home-manager.users.$(whoami).$1" + } + linkConfigFile() { + linkHomeManagerFile "xdg.configFile.\"$1\"" + } + linkDataFile() { + linkHomeManagerFile "xdg.dataFile.\"$1\"" + } + linkHomeFile() { + linkHomeManagerFile "home.file.\"$1\"" + } + ''; }; deploy = { diff --git a/machines/Librem5-Phone/default.nix b/machines/Librem5-Phone/default.nix new file mode 100644 index 0000000..98955f3 --- /dev/null +++ b/machines/Librem5-Phone/default.nix @@ -0,0 +1,51 @@ +{ inputs, pkgs, lib, ... }: { + imports = with inputs.self; + with nixosProfiles; [ + ./hardware-configuration.nix + + nixosRoles.base + + inputs.nixos-hardware.nixosModules.purism-librem-5r4 + + applications-setup + bluetooth + power + hardware + sound + plasma-mobile + + nheko + okular + gwenview + aerc + helix + angelfish + nix + + kdeconnect + cursor + fonts + gtk + qt + + pass-secret-service + ]; + + programs.ssh.askPassword = + "${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass"; + + users.users.balsoft.password = lib.mkForce "0"; + + boot.kernelPackages = pkgs.linuxPackages_librem5; + + system.stateVersion = "23.05"; + home-manager.users.balsoft.home.stateVersion = "22.11"; + + themes.fonts = { + main.size = 10; + serif.size = 10; + mono.size = 10; + }; + + environment.systemPackages = [ pkgs.pure-maps ]; +} diff --git a/machines/Librem5-Phone/hardware-configuration.nix b/machines/Librem5-Phone/hardware-configuration.nix new file mode 100644 index 0000000..921b632 --- /dev/null +++ b/machines/Librem5-Phone/hardware-configuration.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + + fileSystems."/" = { + device = "/dev/mmcblk0p2"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/mmcblk0p1"; + fsType = "ext2"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + + nix.settings.max-jobs = 4; +} diff --git a/machines/Librem5-Phone/system b/machines/Librem5-Phone/system new file mode 100644 index 0000000..ab65297 --- /dev/null +++ b/machines/Librem5-Phone/system @@ -0,0 +1 @@ +aarch64-linux \ No newline at end of file diff --git a/modules/secrets.nix b/modules/secrets.nix index 2f98d10..c554a1e 100755 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -66,7 +66,7 @@ let with cfg; { "${name}-secrets" = rec { - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; requires = [ "user@1000.service" ]; after = requires; @@ -115,73 +115,78 @@ let ++ map (name: "${name}-secrets.service") (builtins.attrNames config.secrets)); in { - options.secrets = lib.mkOption { - type = attrsOf (submodule secret); - default = { }; - }; - - options.secretsConfig = { - password-store = lib.mkOption { - type = lib.types.path; - default = "/home/balsoft/.local/share/password-store"; + options = { + secrets = lib.mkOption { + type = attrsOf (submodule secret); + default = { }; }; - repo = lib.mkOption { - type = str; - default = "ssh://git@github.com/balsoft/pass"; + + secretsConfig = { + password-store = lib.mkOption { + type = lib.types.path; + default = "/home/balsoft/.local/share/password-store"; + }; + repo = lib.mkOption { + type = str; + default = "ssh://git@github.com/balsoft/pass"; + }; }; }; - config.systemd.services = - mkMerge (concatLists (mapAttrsToList mkServices config.secrets)); + config = { - config.security.sudo.extraRules = [{ - users = [ "balsoft" ]; - commands = [{ - command = "/run/current-system/sw/bin/systemctl restart ${allServices}"; - options = [ "NOPASSWD" ]; + systemd.services = + mkMerge (concatLists (mapAttrsToList mkServices config.secrets)); + + security.sudo.extraRules = [{ + users = [ "balsoft" ]; + commands = [{ + command = "/run/current-system/sw/bin/systemctl restart ${allServices}"; + options = [ "NOPASSWD" ]; + }]; }]; - }]; - config.persist.derivative.directories = [ "/var/secrets" password-store ]; + persist.derivative.directories = [ "/var/secrets" password-store ]; - config.home-manager.users.balsoft = { - systemd.user.services.activate-secrets = { - Service = { - ExecStart = "${activate-secrets}/bin/activate-secrets"; - Type = "oneshot"; + home-manager.users.balsoft = { + systemd.user.services.activate-secrets = { + Service = { + ExecStart = "${activate-secrets}/bin/activate-secrets"; + Type = "oneshot"; + }; + Unit = { PartOf = [ "graphical-session-pre.target" ]; }; + Install.WantedBy = [ "graphical-session-pre.target" ]; }; - Unit = { - PartOf = [ "graphical-session-pre.target" ]; + systemd.user.services.pass-store-sync = { + Service = { + Environment = [ + "PASSWORD_STORE_DIR=${password-store}" + "PATH=${ + lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ] + }" + ]; + ExecStart = toString (pkgs.writeShellScript "pass-store-sync" '' + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" + while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do + sleep 0.1 + pass git add --all + pass git commit -m "Change" + pass git pull --rebase + pass git push + done + ''); + }; + Unit = rec { + After = [ "activate-secrets.service" ]; + Wants = After; + }; + Install.WantedBy = [ "graphical-session-pre.target" ]; }; - Install.WantedBy = [ "graphical-session-pre.target" ]; - }; - systemd.user.services.pass-store-sync = { - Service = { - Environment = [ - "PASSWORD_STORE_DIR=${password-store}" - "PATH=${lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ]}" - ]; - ExecStart = toString (pkgs.writeShellScript "pass-store-sync" '' - export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" - while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do - sleep 0.1 - pass git add --all - pass git commit -m "Change" - pass git pull --rebase - pass git push - done - ''); + programs.password-store = { + enable = true; + package = pkgs.pass-wayland; + settings.PASSWORD_STORE_DIR = password-store; }; - Unit = rec { - After = [ "activate-secrets.service" ]; - Wants = After; - }; - Install.WantedBy = [ "graphical-session-pre.target" ]; - }; - programs.password-store = { - enable = true; - package = pkgs.pass-wayland; - settings.PASSWORD_STORE_DIR = password-store; }; }; } diff --git a/overlay.nix b/overlay.nix index 165f6aa..1c5c83f 100644 --- a/overlay.nix +++ b/overlay.nix @@ -56,27 +56,27 @@ in rec { nerdfonts = nur.balsoft.pkgs.roboto-mono-nerd; - pass-secret-service = - prev.pass-secret-service.overrideAttrs (_: { - installCheckPhase = null; - postInstall = '' - mkdir -p $out/share/{dbus-1/services,xdg-desktop-portal/portals} - cat > $out/share/dbus-1/services/org.freedesktop.secrets.service << EOF - [D-BUS Service] - Name=org.freedesktop.secrets - Exec=/run/current-system/sw/bin/systemctl --user start pass-secret-service - EOF - cp $out/share/dbus-1/services/{org.freedesktop.secrets.service,org.freedesktop.impl.portal.Secret.service} - cat > $out/share/xdg-desktop-portal/portals/pass-secret-service.portal << EOF - [portal] - DBusName=org.freedesktop.secrets - Interfaces=org.freedesktop.impl.portal.Secrets - UseIn=gnome - EOF - ''; - }); + pass-secret-service = prev.pass-secret-service.overrideAttrs (_: { + installCheckPhase = null; + postInstall = '' + mkdir -p $out/share/{dbus-1/services,xdg-desktop-portal/portals} + cat > $out/share/dbus-1/services/org.freedesktop.secrets.service << EOF + [D-BUS Service] + Name=org.freedesktop.secrets + Exec=/run/current-system/sw/bin/systemctl --user start pass-secret-service + EOF + cp $out/share/dbus-1/services/{org.freedesktop.secrets.service,org.freedesktop.impl.portal.Secret.service} + cat > $out/share/xdg-desktop-portal/portals/pass-secret-service.portal << EOF + [portal] + DBusName=org.freedesktop.secrets + Interfaces=org.freedesktop.impl.portal.Secrets + UseIn=gnome + EOF + ''; + }); - nix-direnv = inputs.nix-direnv.packages.${system}.default.override { pkgs = final; }; + nix-direnv = + inputs.nix-direnv.packages.${system}.default.override { pkgs = final; }; # For nix-direnv nixFlakes = final.nix; @@ -92,8 +92,13 @@ in rec { mtxclient = prev.mtxclient.overrideAttrs (oa: { src = inputs.mtxclient; cmakeFlags = oa.cmakeFlags ++ [ "-DCMAKE_CXX_FLAGS=-DSPDLOG_FMT_EXTERNAL" ]; - buildInputs = oa.buildInputs - ++ [ final.libevent final.curl.all final.coeurl final.spdlog.dev final.re2 ]; + buildInputs = oa.buildInputs ++ [ + final.libevent + final.curl.all + final.coeurl + final.spdlog.dev + final.re2 + ]; patches = [ ]; }); @@ -116,23 +121,29 @@ in rec { cmakeFlags = oa.cmakeFlags ++ [ "-DBUILD_SHARED_LIBS=OFF" ]; })).override { mtxclient = final.mtxclient; }; - nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: { - doInstallCheck = false; - patches = [ ./profiles/nix/nix.patch ./profiles/nix/expr-context.patch ] ++ oa.patches or [ ]; - }); + nix = inputs.nix.packages.${system}.default; - nil = prev.nil.overrideAttrs (_: { doCheck = false; doInstallCheck = false; }); + nil = prev.nil.overrideAttrs (_: { + doCheck = false; + doInstallCheck = false; + }); mako = prev.mako.overrideAttrs (_: { postInstall = "sed 's|Exec=.*|Exec=/run/current-system/sw/bin/systemctl --user start mako|' -i $out/share/dbus-1/services/fr.emersion.mako.service"; }); - codebraid = prev.codebraid.overrideAttrs (_: { - src = inputs.codebraid; - }); + codebraid = prev.codebraid.overrideAttrs (_: { src = inputs.codebraid; }); remapper = inputs.remapper.packages.${final.system}.default; helix = inputs.helix.packages.${final.system}.default; + + plasma5Packages = prev.plasma5Packages.overrideScope' (final': _: { + qmlkonsole = final'.callPackage (final.fetchurl { + url = + "https://raw.githubusercontent.com/NixOS/nixpkgs/551245d6c4636862f91ba4a0e94b8120b7e8d4d4/pkgs/applications/plasma-mobile/qmlkonsole.nix"; + sha256 = "04vy12x0wjhr1c77dlhvghmlkb6aaq5dfqg1fwc5p6ma9nxqdwic"; + }) { }; + }); } diff --git a/profiles/applications/angelfish.nix b/profiles/applications/angelfish.nix new file mode 100644 index 0000000..22d995b --- /dev/null +++ b/profiles/applications/angelfish.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: { + environment.systemPackages = [ pkgs.plasma5Packages.angelfish ]; + defaultApplications.browser = { + cmd = "${pkgs.plasma5Packages.angelfish}/bin/angelfish"; + desktop = "org.kde.angelfish"; + }; + home-manager.users.balsoft = { + xdg.configFile.angelfishrc.text = pkgs.lib.generators.toGitINI { + NavigationBar = { + navBarBack = true; + navBarForward = true; + navBarReload = true; + }; + }; + }; +} diff --git a/profiles/applications/firefox.nix b/profiles/applications/firefox.nix index 2ff8d47..5ecf532 100644 --- a/profiles/applications/firefox.nix +++ b/profiles/applications/firefox.nix @@ -3,6 +3,8 @@ let thm = pkgs.my-lib.thmHash config.themes.colors; fonts = config.themes.fonts; in { + services.dbus.packages = [ pkgs.firefox-wayland ]; + environment.sessionVariables = { MOZ_USE_XINPUT2 = "1"; MOZ_DBUS_REMOTE = "1"; diff --git a/profiles/applications/packages.nix b/profiles/applications/packages.nix index bb91724..366946d 100644 --- a/profiles/applications/packages.nix +++ b/profiles/applications/packages.nix @@ -35,7 +35,8 @@ lambda-launcher nix-patch gopass - papirus-icon-theme + # papirus-icon-theme + breeze-icons shellcheck proselint ripgrep diff --git a/profiles/hardware.nix b/profiles/hardware.nix index a131f3c..661c28e 100644 --- a/profiles/hardware.nix +++ b/profiles/hardware.nix @@ -1,6 +1,6 @@ { hardware.enableRedistributableFirmware = true; # For some unfree drivers - systemd.services.systemd-udev-settle.enable = false; + # systemd.services.systemd-udev-settle.enable = false; services.fwupd.enable = true; # sound.enable = true; services.fstrim.enable = true; diff --git a/profiles/nix/default.nix b/profiles/nix/default.nix index 18d6b45..1f216a7 100644 --- a/profiles/nix/default.nix +++ b/profiles/nix/default.nix @@ -17,6 +17,7 @@ ''; settings = { + use-xdg-base-directories = true; trusted-users = [ "root" "balsoft" "@wheel" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" diff --git a/profiles/nix/nix.patch b/profiles/nix/nix.patch deleted file mode 100644 index 0702778..0000000 --- a/profiles/nix/nix.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff --git a/src/libstore/profiles.cc b/src/libstore/profiles.cc -index 5d1723886..4f2e4f5db 100644 ---- a/src/libstore/profiles.cc -+++ b/src/libstore/profiles.cc -@@ -250,13 +250,6 @@ Path getDefaultProfile() - { - Path profileLink = getHome() + "/.nix-profile"; - try { -- if (!pathExists(profileLink)) { -- replaceSymlink( -- getuid() == 0 -- ? settings.nixStateDir + "/profiles/default" -- : fmt("%s/profiles/per-user/%s/profile", settings.nixStateDir, getUserName()), -- profileLink); -- } - return absPath(readLink(profileLink), dirOf(profileLink)); - } catch (Error &) { - return profileLink; -diff --git a/src/nix-env/nix-env.cc b/src/nix-env/nix-env.cc -index e04954d45..5649bd01a 100644 ---- a/src/nix-env/nix-env.cc -+++ b/src/nix-env/nix-env.cc -@@ -1336,19 +1336,6 @@ static int main_nix_env(int argc, char * * argv) - globals.instSource.nixExprPath = getHome() + "/.nix-defexpr"; - globals.instSource.systemFilter = "*"; - -- if (!pathExists(globals.instSource.nixExprPath)) { -- try { -- createDirs(globals.instSource.nixExprPath); -- replaceSymlink( -- fmt("%s/profiles/per-user/%s/channels", settings.nixStateDir, getUserName()), -- globals.instSource.nixExprPath + "/channels"); -- if (getuid() != 0) -- replaceSymlink( -- fmt("%s/profiles/per-user/root/channels", settings.nixStateDir), -- globals.instSource.nixExprPath + "/channels_root"); -- } catch (Error &) { } -- } -- - globals.dryRun = false; - globals.preserveInstalled = false; - globals.removeAll = false; diff --git a/profiles/security.nix b/profiles/security.nix deleted file mode 100644 index 685e924..0000000 --- a/profiles/security.nix +++ /dev/null @@ -1,120 +0,0 @@ -{ config, pkgs, lib, ... }: { - security.apparmor.enable = true; - programs.firejail.enable = true; - users.mutableUsers = false; - users.users.balsoft = { - isNormalUser = true; - extraGroups = [ - "sudo" - "wheel" - "networkmanager" - "disk" - "dbus" - "audio" - "docker" - "sound" - "pulse" - "adbusers" - "input" - "libvirtd" - "vboxusers" - "wireshark" - "lp" - "scanner" - ]; - description = "Александр Бантьев"; - uid = 1000; - password = ""; - }; - - systemd.services."user@" = { serviceConfig = { Restart = "always"; }; }; - - home-manager.users.balsoft = { - systemd.user.services.polkit-agent = { - Unit = { - Description = "Run polkit authentication agent"; - X-RestartIfChanged = true; - }; - - Install.WantedBy = [ "sway-session.target" ]; - - Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; }; - }; - home.activation.yubi = { - data = '' - mkdir -p .config/Yubico - [ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys) - ''; - after = [ "linkGeneration" ]; - before = [ ]; - }; - }; - - persist.state.directories = [ "/home/balsoft/.config/Yubico" ]; - - services.getty.autologinUser = "balsoft"; - - environment.loginShellInit = lib.mkBefore '' - [[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this - ''; - - security.pam.u2f = { - control = "sufficient"; - cue = true; - enable = true; - }; - - environment.systemPackages = [ - (pkgs.writeShellScriptBin "lock" '' - set -euo pipefail - if [[ "$1" == this ]] - then args="-s" - else args="-san" - fi - ${ - lib.optionalString (config.deviceSpecific.isLaptop) - ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"'' - } - '') - ]; - - security.pam.services = builtins.listToAttrs (builtins.map (name: { - inherit name; - value = { unixAuth = false; }; - }) [ - "chpasswd" - "chsh" - "groupadd" - "groupdel" - "groupmems" - "groupmod" - "i3lock" - "i3lock-color" - "login" - "passwd" - "polkit-1" - "runuser" - "runuser-l" - "su" - "sudo" - "swaylock" - "systemd-user" - "useradd" - "userdel" - "usermod" - "vlock" - "xlock" - "xscreensaver" - ]); - - security.sudo = { - enable = true; - extraConfig = '' - balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock - balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this - balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5 - balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5 - ''; - }; - home-manager.useUserPackages = true; -} diff --git a/profiles/security/pass-secret-service.nix b/profiles/security/pass-secret-service.nix new file mode 100644 index 0000000..821c801 --- /dev/null +++ b/profiles/security/pass-secret-service.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: { + home-manager.users.balsoft = { + services.pass-secret-service.enable = true; + + systemd.user.services.pass-secret-service = { + Service = { + Type = "dbus"; + Environment = [ "GPG_TTY=/dev/tty1" "DISPLAY=:0" ]; + BusName = "org.freedesktop.secrets"; + }; + Unit = rec { + Wants = [ "gpg-agent.service" ]; + After = Wants; + PartOf = [ "graphical-session-pre.target" ]; + }; + }; + }; +} diff --git a/profiles/security/user.nix b/profiles/security/user.nix new file mode 100644 index 0000000..e9d0fb5 --- /dev/null +++ b/profiles/security/user.nix @@ -0,0 +1,47 @@ +{ config, pkgs, lib, ... }: { + users.mutableUsers = false; + users.users.balsoft = { + isNormalUser = true; + extraGroups = [ + "sudo" + "wheel" + "networkmanager" + "disk" + "dbus" + "audio" + "docker" + "sound" + "pulse" + "adbusers" + "input" + "libvirtd" + "vboxusers" + "wireshark" + "lp" + "scanner" + ]; + description = "Александр Бантьев"; + uid = 1000; + password = ""; + }; + + systemd.services."user@" = { serviceConfig = { Restart = "always"; }; }; + + home-manager.users.balsoft = { + systemd.user.services.polkit-agent = { + Unit = { + Description = "Run polkit authentication agent"; + X-RestartIfChanged = true; + }; + + Install.WantedBy = [ "sway-session.target" ]; + + Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; }; + }; + }; + + + services.getty.autologinUser = "balsoft"; + + home-manager.useUserPackages = true; +} diff --git a/profiles/security/vlock.nix b/profiles/security/vlock.nix new file mode 100644 index 0000000..93b45b1 --- /dev/null +++ b/profiles/security/vlock.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, ... }: { + environment.loginShellInit = lib.mkBefore '' + [[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this + ''; + + environment.systemPackages = [ + (pkgs.writeShellScriptBin "lock" '' + set -euo pipefail + if [[ "$1" == this ]] + then args="-s" + else args="-san" + fi + ${lib.optionalString (config.deviceSpecific.isLaptop) + ''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''} + '') + ]; + + security.sudo = { + enable = true; + extraConfig = '' + balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock + balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this + balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5 + balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5 + ''; + }; +} diff --git a/profiles/security/yubikey.nix b/profiles/security/yubikey.nix new file mode 100644 index 0000000..52b053f --- /dev/null +++ b/profiles/security/yubikey.nix @@ -0,0 +1,50 @@ +{ config, pkgs, ... }: { + home-manager.users.balsoft = { + home.activation.yubi = { + data = '' + mkdir -p .config/Yubico + [ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys) + ''; + after = [ "linkGeneration" ]; + before = [ ]; + }; + }; + + persist.state.directories = [ "/home/balsoft/.config/Yubico" ]; + + security.pam.services = builtins.listToAttrs (builtins.map (name: { + inherit name; + value = { unixAuth = false; }; + }) [ + "chpasswd" + "chsh" + "groupadd" + "groupdel" + "groupmems" + "groupmod" + "i3lock" + "i3lock-color" + "login" + "passwd" + "polkit-1" + "runuser" + "runuser-l" + "su" + "sudo" + "swaylock" + "systemd-user" + "useradd" + "userdel" + "usermod" + "vlock" + "xlock" + "xscreensaver" + ]); + + security.pam.u2f = { + control = "sufficient"; + cue = true; + enable = true; + }; + +} diff --git a/profiles/sound.nix b/profiles/sound.nix index c859411..62f8a7c 100644 --- a/profiles/sound.nix +++ b/profiles/sound.nix @@ -1,5 +1,5 @@ { pkgs, config, lib, ... }: { - hardware.pulseaudio.enable = false; + hardware.pulseaudio.enable = lib.mkForce false; security.rtkit.enable = true; diff --git a/profiles/workspace/fonts.nix b/profiles/workspace/fonts.nix index 33fdf66..4a194eb 100644 --- a/profiles/workspace/fonts.nix +++ b/profiles/workspace/fonts.nix @@ -22,15 +22,15 @@ themes.fonts = { main = { family = "IBM Plex Sans"; - size = 13; + size = lib.mkDefault 13; }; serif = { family = "IBM Plex Serif"; - size = 13; + size = lib.mkDefault 13; }; mono = { family = "IBM Plex Mono"; - size = 13; + size = lib.mkDefault 13; }; }; } diff --git a/profiles/workspace/gnome3/default.nix b/profiles/workspace/gnome3/default.nix index 18c6c9f..4684b75 100644 --- a/profiles/workspace/gnome3/default.nix +++ b/profiles/workspace/gnome3/default.nix @@ -38,20 +38,6 @@ }; home-manager.users.balsoft = { - services.pass-secret-service.enable = true; - - systemd.user.services.pass-secret-service = { - Service = { - Type = "dbus"; - Environment = [ "GPG_TTY=/dev/tty1" "DISPLAY=:0" ]; - BusName = "org.freedesktop.secrets"; - }; - Unit = rec { - Wants = [ "gpg-agent.service" ]; - After = Wants; - PartOf = [ "graphical-session-pre.target" ]; - }; - }; home.activation.gnome = '' $DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/goa-1.0" diff --git a/profiles/workspace/gpg.nix b/profiles/workspace/gpg.nix index ebce2b8..ecfb445 100644 --- a/profiles/workspace/gpg.nix +++ b/profiles/workspace/gpg.nix @@ -8,7 +8,7 @@ services.gpg-agent = { enable = true; enableSshSupport = true; - pinentryFlavor = "gtk2"; + pinentryFlavor = "qt"; }; systemd.user.services.gpg-agent = { diff --git a/profiles/workspace/gtk.nix b/profiles/workspace/gtk.nix index 368400a..7ba843f 100644 --- a/profiles/workspace/gtk.nix +++ b/profiles/workspace/gtk.nix @@ -25,8 +25,8 @@ in { gtk = { enable = true; iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; + name = "breeze-dark"; + package = pkgs.breeze-icons; }; theme = { name = "Generated"; diff --git a/profiles/workspace/kde/plasma-mobile.nix b/profiles/workspace/kde/plasma-mobile.nix new file mode 100644 index 0000000..9a636f1 --- /dev/null +++ b/profiles/workspace/kde/plasma-mobile.nix @@ -0,0 +1,68 @@ +{ config, pkgs, lib, ... }: { + + services.xserver = { + enable = true; + desktopManager.plasma5 = { + mobile.enable = true; + runUsingSystemd = false; + }; + displayManager = { + autoLogin = { + enable = true; + user = "balsoft"; + }; + defaultSession = "plasma-mobile"; + lightdm = { + enable = true; + extraSeatDefaults = '' + session-cleanup-script=${pkgs.procps}/bin/pkill -P1 -fx ${pkgs.lightdm}/sbin/lightdm + ''; + }; + }; + libinput.enable = true; + }; + + powerManagement.enable = true; + + home-manager.users.balsoft = { + xdg.configFile."autostart/org_kde_powerdevil.desktop".text = '' + [Desktop Entry] + DBusActivatable=true + Exec=${pkgs.powerdevil}/libexec/org_kde_powerdevil + Name=org_kde_powerdevil + Type=Application + ''; + xdg.configFile."plasmarc".text = + lib.generators.toGitINI { Theme.name = "generated"; }; + xdg.configFile."plasmamobilerc".text = lib.generators.toGitINI { + General = { + actionDrawerTopLeftMode = "1"; + actionDrawerTopRightMode = "0"; + vibrationDuration = "100"; + vibrationIntensity = "0.5"; + }; + QuickSettings = { + disabledQuickSettings = builtins.concatStringsSep "," + [ "org.kde.plasma.quicksetting.record" ]; + enabledQuickSettings = builtins.concatStringsSep "," [ + "org.kde.plasma.quicksetting.wifi" + "org.kde.plasma.quicksetting.mobiledata" + "org.kde.plasma.quicksetting.bluetooth" + "org.kde.plasma.quicksetting.flashlight" + "org.kde.plasma.quicksetting.screenrotation" + "org.kde.plasma.quicksetting.settingsapp" + "org.kde.plasma.quicksetting.airplanemode" + "org.kde.plasma.quicksetting.audio" + "org.kde.plasma.quicksetting.battery" + "org.kde.plasma.quicksetting.location" + "org.kde.plasma.quicksetting.nightcolor" + "org.kde.plasma.quicksetting.screenshot" + "org.kde.plasma.quicksetting.powermenu" + "org.kde.plasma.quicksetting.donotdisturb" + "org.kde.plasma.quicksetting.caffeine" + "org.kde.plasma.quicksetting.keyboardtoggle" + ]; + }; + }; + }; +} diff --git a/profiles/workspace/kde/qt.nix b/profiles/workspace/kde/qt.nix index 5a2ff63..e0e7f74 100644 --- a/profiles/workspace/kde/qt.nix +++ b/profiles/workspace/kde/qt.nix @@ -1,12 +1,194 @@ { pkgs, lib, config, ... }: -with pkgs.my-lib; { +with pkgs.my-lib; +let + colorTheme = with (thmDec config.themes.colors); { + "Colors:Button" = { + BackgroundAlternate = base01; + BackgroundNormal = base01; + DecorationFocus = base0D; + DecorationHover = base0D; + ForegroundActive = base0D; + ForegroundInactive = base01; + ForegroundLink = base0D; + ForegroundNegative = base08; + ForegroundNeutral = base09; + ForegroundNormal = base05; + ForegroundPositive = base0B; + ForegroundVisited = base03; + }; + "Colors:Complementary" = { + BackgroundAlternate = base01; + BackgroundNormal = base03; + DecorationFocus = base0D; + DecorationHover = base0D; + ForegroundActive = base0D; + ForegroundInactive = base01; + ForegroundLink = base0D; + ForegroundNegative = base08; + ForegroundNeutral = base0A; + ForegroundNormal = base05; + ForegroundPositive = base0B; + ForegroundVisited = base02; + }; + "Colors:Selection" = { + BackgroundAlternate = base0D; + BackgroundNormal = base0D; + DecorationFocus = base0D; + DecorationHover = base0D; + ForegroundActive = base05; + ForegroundInactive = base05; + ForegroundLink = base0D; + ForegroundNegative = base08; + ForegroundNeutral = base09; + ForegroundNormal = base05; + ForegroundPositive = base0B; + ForegroundVisited = base02; + }; + "Colors:Tooltip" = { + BackgroundAlternate = base01; + BackgroundNormal = base00; + DecorationFocus = base0D; + DecorationHover = base0D; + ForegroundActive = base0D; + ForegroundInactive = base01; + ForegroundLink = base0D; + ForegroundNegative = base08; + ForegroundNeutral = base09; + ForegroundNormal = base05; + ForegroundPositive = base0B; + ForegroundVisited = base03; + }; + "Colors:View" = { + BackgroundAlternate = base01; + BackgroundNormal = base00; + DecorationFocus = base0D; + DecorationHover = base0D; + ForegroundActive = base0D; + ForegroundInactive = base01; + ForegroundLink = base0D; + ForegroundNegative = base08; + ForegroundNeutral = base09; + ForegroundNormal = base05; + ForegroundPositive = base0B; + ForegroundVisited = base03; + }; + "Colors:Window" = { + BackgroundAlternate = base01; + BackgroundNormal = base00; + DecorationFocus = base0D; + DecorationHover = base0D; + ForegroundActive = base0D; + ForegroundInactive = base01; + ForegroundLink = base0D; + ForegroundNegative = base08; + ForegroundNeutral = base09; + ForegroundNormal = base05; + ForegroundPositive = base0B; + ForegroundVisited = base03; + }; + General = { + ColorScheme = "Generated"; + Name = "Generated"; + shadeSortColumn = true; + }; + KDE.contrast = 4; + WM = { + activeBackground = base00; + activeBlend = base06; + activeForeground = base05; + inactiveBackground = base01; + inactiveBlend = base02; + inactiveForeground = base04; + }; + }; + misc = with config.themes; { + Icons.Theme = "breeze-dark"; + + KDE = { + DoubleClickInterval = 400; + ShowDeleteCommand = true; + SingleClick = false; + StartDragDist = 4; + StartDragTime = 500; + WheelScrollLines = 3; + widgetStyle = "Breeze"; + }; + General = { + TerminalApplication = "alacritty"; + fixed = + "${fonts.mono.family},${toString fonts.mono.size},-1,5,50,0,0,0,0,0"; + font = + "${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0"; + menuFont = + "${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0"; + smallestReadableFont = "${fonts.main.family},${ + toString fonts.main.size + },-1,5,57,0,0,0,0,0,Medium"; + toolBarFont = + "${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0"; + }; + }; + effects = with (thmDec config.themes.colors); { + "ColorEffects:Disabled" = { + Color = base02; + ColorAmount = "0"; + ColorEffect = "0"; + ContrastAmount = "0.65"; + ContrastEffect = "1"; + IntensityAmount = "0.1"; + IntensityEffect = "2"; + }; + + "ColorEffects:Inactive" = { + ChangeSelectionColor = "true"; + Color = base03; + ColorAmount = "0.025"; + ColorEffect = "2"; + ContrastAmount = "0.1"; + ContrastEffect = "2"; + Enable = "false"; + IntensityAmount = "0"; + IntensityEffect = "0"; + }; + }; + desktopThemeColors = pkgs.writeText "generated-plasma-theme-colors" + (lib.generators.toGitINI + (builtins.foldl' lib.recursiveUpdate { } [ colorTheme effects ])); + desktopThemeRc = pkgs.writeText "generated-plasma-theme-rc" + (lib.generators.toGitINI { + Wallpaper = { + defaultWallpaperTheme = "Next"; + defaultFileSuffix = ".png"; + defaultWidth = "1920"; + defaultHeight = "1080"; + }; + ContrastEffect = { + enabled = "true"; + contrast = "0.17"; + intensity = "1.25"; + saturation = "9"; + }; + AdaptiveTransparency.enabled = "true"; + }); + desktopTheme = pkgs.linkFarm "generated-plasma-theme" [ + { + name = "share/plasma/desktoptheme/generated/plasmarc"; + path = desktopThemeRc; + } + { + name = "share/plasma/desktoptheme/generated/colors"; + path = desktopThemeColors; + } + ]; +in { + environment.systemPackages = [ desktopTheme ]; + xdg.portal.enable = true; - services.dbus.packages = - [ pkgs.firefox pkgs.systemd pkgs.papirus-icon-theme ]; + services.dbus.packages = [ pkgs.systemd pkgs.breeze-icons ]; services.udev.packages = [ pkgs.libmtp pkgs.media-player-info ]; - qt5.enable = false; + qt.enable = false; environment.sessionVariables = { QT_XFT = "true"; @@ -30,128 +212,10 @@ with pkgs.my-lib; { }; }; - home-manager.users.balsoft = let fonts = config.themes.fonts; - in { + home-manager.users.balsoft = { home.packages = [ pkgs.ark pkgs.dolphin ]; - xdg.configFile."kdeglobals".text = with (thmDec config.themes.colors); - lib.generators.toGitINI { - "Colors:Button" = { - BackgroundAlternate = base01; - BackgroundNormal = base01; - DecorationFocus = base02; - DecorationHover = base02; - ForegroundActive = base05; - ForegroundInactive = base01; - ForegroundLink = base0D; - ForegroundNegative = base08; - ForegroundNeutral = base09; - ForegroundNormal = base05; - ForegroundPositive = base0B; - ForegroundVisited = base03; - }; - "Colors:Complementary" = { - BackgroundAlternate = base01; - BackgroundNormal = base03; - DecorationFocus = base02; - DecorationHover = base02; - ForegroundActive = base09; - ForegroundInactive = base01; - ForegroundLink = base0D; - ForegroundNegative = base08; - ForegroundNeutral = base0A; - ForegroundNormal = base05; - ForegroundPositive = base0B; - ForegroundVisited = base02; - }; - "Colors:Selection" = { - BackgroundAlternate = base0D; - BackgroundNormal = base0D; - DecorationFocus = base0D; - DecorationHover = base0D; - ForegroundActive = base05; - ForegroundInactive = base05; - ForegroundLink = base0D; - ForegroundNegative = base08; - ForegroundNeutral = base09; - ForegroundNormal = base05; - ForegroundPositive = base0B; - ForegroundVisited = base02; - }; - "Colors:Tooltip" = { - BackgroundAlternate = base01; - BackgroundNormal = base00; - DecorationFocus = base02; - DecorationHover = base02; - ForegroundActive = base02; - ForegroundInactive = base01; - ForegroundLink = base0D; - ForegroundNegative = base08; - ForegroundNeutral = base09; - ForegroundNormal = base05; - ForegroundPositive = base0B; - ForegroundVisited = base03; - }; - "Colors:View" = { - BackgroundAlternate = base01; - BackgroundNormal = base00; - DecorationFocus = base02; - DecorationHover = base02; - ForegroundActive = base02; - ForegroundInactive = base01; - ForegroundLink = base0D; - ForegroundNegative = base08; - ForegroundNeutral = base09; - ForegroundNormal = base05; - ForegroundPositive = base0B; - ForegroundVisited = base03; - }; - "Colors:Window" = { - BackgroundAlternate = base01; - BackgroundNormal = base00; - DecorationFocus = base02; - DecorationHover = base02; - ForegroundActive = base02; - ForegroundInactive = base01; - ForegroundLink = base0D; - ForegroundNegative = base08; - ForegroundNeutral = base09; - ForegroundNormal = base05; - ForegroundPositive = base0B; - ForegroundVisited = base03; - }; - General = { - ColorScheme = "Generated"; - Name = "Generated"; - fixed = "${fonts.mono.family},${ - toString fonts.mono.size - },-1,5,50,0,0,0,0,0"; - font = "${fonts.main.family},${ - toString fonts.main.size - },-1,5,50,0,0,0,0,0"; - menuFont = "${fonts.main.family},${ - toString fonts.main.size - },-1,5,50,0,0,0,0,0"; - shadeSortColumn = true; - smallestReadableFont = "${fonts.main.family},${ - toString fonts.main.size - },-1,5,57,0,0,0,0,0,Medium"; - toolBarFont = "${fonts.main.family},${ - toString fonts.main.size - },-1,5,50,0,0,0,0,0"; - TerminalApplication = "alacritty"; - }; - KDE = { - DoubleClickInterval = 400; - ShowDeleteCommand = true; - SingleClick = false; - StartDragDist = 4; - StartDragTime = 500; - WheelScrollLines = 3; - contrast = 4; - widgetStyle = "Breeze"; - }; - Icons = { Theme = "Papirus-Dark"; }; - }; + xdg.configFile."kdeglobals".text = lib.generators.toGitINI + (builtins.foldl' lib.recursiveUpdate { } [ colorTheme misc ]); }; } diff --git a/profiles/workspace/locale/default.nix b/profiles/workspace/locale/default.nix index 14bf3d4..0820797 100644 --- a/profiles/workspace/locale/default.nix +++ b/profiles/workspace/locale/default.nix @@ -1,7 +1,4 @@ { pkgs, config, lib, ... }: { - console.font = "cyr-sun16"; - console.keyMap = "ruwin_cplk-UTF-8"; - environment.sessionVariables = { XKB_DEFAULT_LAYOUT = "us,ru"; XKB_DEFAULT_OPTIONS = diff --git a/profiles/workspace/mako.nix b/profiles/workspace/mako.nix index 4b8680c..e2c83bc 100644 --- a/profiles/workspace/mako.nix +++ b/profiles/workspace/mako.nix @@ -23,7 +23,7 @@ textColor = base05; borderColor = "${base0D}AA"; progressColor = "over ${base0B}"; - iconPath = "${pkgs.papirus-icon-theme}/share/icons/Papirus-Dark"; + iconPath = "${pkgs.breeze-icons}/share/icons/breeze-dark"; maxIconSize = 24; extraConfig = let play = sound: diff --git a/profiles/workspace/misc.nix b/profiles/workspace/misc.nix index d9cd06f..6c7a421 100644 --- a/profiles/workspace/misc.nix +++ b/profiles/workspace/misc.nix @@ -15,7 +15,7 @@ systemd.user.startServices = true; - home.stateVersion = "20.09"; + home.stateVersion = lib.mkDefault "20.09"; }; home-manager.useGlobalPkgs = true; diff --git a/profiles/workspace/ssh.nix b/profiles/workspace/ssh.nix index a7c70f2..5d7a6e5 100644 --- a/profiles/workspace/ssh.nix +++ b/profiles/workspace/ssh.nix @@ -1,9 +1,11 @@ { pkgs, config, lib, ... }: { services.openssh = { enable = true; - passwordAuthentication = false; - permitRootLogin = "no"; - forwardX11 = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + X11Forwarding = true; + }; extraConfig = "StreamLocalBindUnlink yes"; ports = [ 22 ]; }; @@ -17,20 +19,17 @@ persist.state.directories = [ "/home/balsoft/.ssh" ]; - users.users.balsoft.openssh.authorizedKeys.keys = - ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"]; + users.users.balsoft.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment" + ]; - secrets.ssh_key = { - services = []; - decrypted = "/root/.ssh/id_ed25519"; - }; + # secrets.ssh_key = { + # services = [ ]; + # decrypted = "/root/.ssh/id_ed25519"; + # }; home-manager.users.balsoft.programs.ssh = { enable = true; - matchBlocks = { - "*" = { - compression = false; - }; - }; + matchBlocks = { "*" = { compression = false; }; }; }; } diff --git a/profiles/workspace/sway/default.nix b/profiles/workspace/sway/default.nix index 033a434..a2fd1b9 100755 --- a/profiles/workspace/sway/default.nix +++ b/profiles/workspace/sway/default.nix @@ -159,7 +159,7 @@ in { "F1" = '' exec ${pkgs.pavucontrol}/bin/pavucontrol; [app_id="pavucontrol"] focus''; "Shift+F1" = '' - exec ${pkgs.helvum}/bin/helvum; [app_id="org.freedesktop.ryuukyu.Helvum"] focus''; + exec ${pkgs.qpwgraph}/bin/qpwgraph; [app_id="org.freedesktop.ryuukyu.Helvum"] focus''; "F3" = "exec ${pkgs.alsa-utils}/bin/amixer set Capture cap"; "Shift+F3" = "exec ${pkgs.alsa-utils}/bin/amixer set Capture nocap"; "F5" = "reload"; @@ -211,7 +211,6 @@ in { "XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 2"; "XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t"; "button2" = "kill"; - "--whole-window button2" = "kill"; } // builtins.listToAttrs (builtins.map (x: { name = "${builtins.elemAt x 0}"; value = "workspace ${builtins.elemAt x 1}"; @@ -251,7 +250,7 @@ in { "XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 2"; "XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t"; "button2" = "kill"; - "--whole-window button2" = "kill"; + "--whole-window ${modifier}+button2" = "kill"; }; keycodebindings = { }; diff --git a/roles/base.nix b/roles/base.nix index 68e5e14..fb2f84e 100644 --- a/roles/base.nix +++ b/roles/base.nix @@ -1,19 +1,16 @@ { inputs, ... }: { imports = with inputs.self.nixosProfiles; [ - inputs.home-manager.nixosModules.home-manager - # PROFILES autoRun xdg - boot git gpg locale misc network nix - security + user ssh zsh ]; diff --git a/roles/desktop.nix b/roles/desktop.nix index 1acf2d6..f3b405f 100644 --- a/roles/desktop.nix +++ b/roles/desktop.nix @@ -2,6 +2,8 @@ imports = with inputs.self.nixosProfiles; [ ./base.nix + boot + # PROFILES applications-setup bluetooth @@ -11,6 +13,9 @@ sound virtualisation + yubikey + vlock + alacritty aerc # cantata @@ -26,6 +31,7 @@ packages okular + pass-secret-service copyq cursor direnv diff --git a/roles/server.nix b/roles/server.nix index e40eeea..42c0e22 100644 --- a/roles/server.nix +++ b/roles/server.nix @@ -1,6 +1,8 @@ { inputs, ... }: { imports = [ ./base.nix + + inputs.self.nixosProfiles.boot ]; security.sudo.wheelNeedsPassword = false;