Refactor, add librem5
This commit is contained in:
parent
bff853aaba
commit
4bca58e145
29
flake.lock
29
flake.lock
@ -635,11 +635,11 @@
|
||||
"nixpkgs-regression": "nixpkgs-regression"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1672935906,
|
||||
"narHash": "sha256-YYxhjBppTVEsqElmuBxDrBwqYe/nLXdkMzMQI8gRA8E=",
|
||||
"lastModified": 1676450680,
|
||||
"narHash": "sha256-wOd+EPkY6VpxeIf+bCuV2lHleSoK0hI/hTsvJ6Ntf6Q=",
|
||||
"owner": "nixos",
|
||||
"repo": "nix",
|
||||
"rev": "d02c5a41da68908bd88d7a697abc52a04826894e",
|
||||
"rev": "601849b95afc3d173ea34ff5dba6353f9b71b495",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -701,6 +701,22 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1676478725,
|
||||
"narHash": "sha256-tiuxFhkGt0UADAGm4YXuETk9R8TsTZSUSTFJgDMxebo=",
|
||||
"owner": "balsoft",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "8488234ec45c71456d3eae0329b1cc56caa40799",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "balsoft",
|
||||
"ref": "add-librem-5",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1671417167,
|
||||
@ -941,11 +957,11 @@
|
||||
},
|
||||
"nixpkgs_9": {
|
||||
"locked": {
|
||||
"lastModified": 1672791794,
|
||||
"narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=",
|
||||
"lastModified": 1675942811,
|
||||
"narHash": "sha256-/v4Z9mJmADTpXrdIlAjFa1e+gkpIIROR670UVDQFwIw=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d",
|
||||
"rev": "724bfc0892363087709bd3a5a1666296759154b1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1015,6 +1031,7 @@
|
||||
"nix-direnv": "nix-direnv",
|
||||
"nix-vscode-marketplace": "nix-vscode-marketplace",
|
||||
"nixos-fhs-compat": "nixos-fhs-compat",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_9",
|
||||
"nixpkgs-old": "nixpkgs-old",
|
||||
"nixpkgs-wayland": "nixpkgs-wayland",
|
||||
|
22
flake.nix
22
flake.nix
@ -105,6 +105,7 @@
|
||||
flake = false;
|
||||
};
|
||||
|
||||
nixos-hardware.url = "github:balsoft/nixos-hardware/add-librem-5";
|
||||
};
|
||||
|
||||
outputs = { nixpkgs, self, nix, deploy-rs, ... }@inputs:
|
||||
@ -145,6 +146,8 @@
|
||||
in nixosSystem {
|
||||
inherit system;
|
||||
modules = __attrValues self.nixosModules ++ [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
|
||||
(import (./machines + "/${name}"))
|
||||
{ nixpkgs.pkgs = pkgs; }
|
||||
{ device = name; }
|
||||
@ -168,6 +171,25 @@
|
||||
deploy-rs.defaultPackage.x86_64-linux
|
||||
nixfmt
|
||||
];
|
||||
shellHook = ''
|
||||
linkFile() {
|
||||
source="$(nix build --print-out-paths "$1.source" || nix eval --raw "$1.source")"
|
||||
target="$(nix eval --raw "$1.target")"
|
||||
ln -fs "$source" "$HOME/$target"
|
||||
}
|
||||
linkHomeManagerFile() {
|
||||
linkFile ".#nixosConfigurations.$(hostname).config.home-manager.users.$(whoami).$1"
|
||||
}
|
||||
linkConfigFile() {
|
||||
linkHomeManagerFile "xdg.configFile.\"$1\""
|
||||
}
|
||||
linkDataFile() {
|
||||
linkHomeManagerFile "xdg.dataFile.\"$1\""
|
||||
}
|
||||
linkHomeFile() {
|
||||
linkHomeManagerFile "home.file.\"$1\""
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
deploy = {
|
||||
|
51
machines/Librem5-Phone/default.nix
Normal file
51
machines/Librem5-Phone/default.nix
Normal file
@ -0,0 +1,51 @@
|
||||
{ inputs, pkgs, lib, ... }: {
|
||||
imports = with inputs.self;
|
||||
with nixosProfiles; [
|
||||
./hardware-configuration.nix
|
||||
|
||||
nixosRoles.base
|
||||
|
||||
inputs.nixos-hardware.nixosModules.purism-librem-5r4
|
||||
|
||||
applications-setup
|
||||
bluetooth
|
||||
power
|
||||
hardware
|
||||
sound
|
||||
plasma-mobile
|
||||
|
||||
nheko
|
||||
okular
|
||||
gwenview
|
||||
aerc
|
||||
helix
|
||||
angelfish
|
||||
nix
|
||||
|
||||
kdeconnect
|
||||
cursor
|
||||
fonts
|
||||
gtk
|
||||
qt
|
||||
|
||||
pass-secret-service
|
||||
];
|
||||
|
||||
programs.ssh.askPassword =
|
||||
"${pkgs.plasma5Packages.ksshaskpass.out}/bin/ksshaskpass";
|
||||
|
||||
users.users.balsoft.password = lib.mkForce "0";
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_librem5;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
home-manager.users.balsoft.home.stateVersion = "22.11";
|
||||
|
||||
themes.fonts = {
|
||||
main.size = 10;
|
||||
serif.size = 10;
|
||||
mono.size = 10;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.pure-maps ];
|
||||
}
|
32
machines/Librem5-Phone/hardware-configuration.nix
Normal file
32
machines/Librem5-Phone/hardware-configuration.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mmcblk0p2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/mmcblk0p1";
|
||||
fsType = "ext2";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
|
||||
nix.settings.max-jobs = 4;
|
||||
}
|
1
machines/Librem5-Phone/system
Normal file
1
machines/Librem5-Phone/system
Normal file
@ -0,0 +1 @@
|
||||
aarch64-linux
|
@ -66,7 +66,7 @@ let
|
||||
with cfg; {
|
||||
"${name}-secrets" = rec {
|
||||
|
||||
wantedBy = ["multi-user.target"];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
requires = [ "user@1000.service" ];
|
||||
after = requires;
|
||||
@ -115,73 +115,78 @@ let
|
||||
++ map (name: "${name}-secrets.service")
|
||||
(builtins.attrNames config.secrets));
|
||||
in {
|
||||
options.secrets = lib.mkOption {
|
||||
type = attrsOf (submodule secret);
|
||||
default = { };
|
||||
};
|
||||
|
||||
options.secretsConfig = {
|
||||
password-store = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/home/balsoft/.local/share/password-store";
|
||||
options = {
|
||||
secrets = lib.mkOption {
|
||||
type = attrsOf (submodule secret);
|
||||
default = { };
|
||||
};
|
||||
repo = lib.mkOption {
|
||||
type = str;
|
||||
default = "ssh://git@github.com/balsoft/pass";
|
||||
|
||||
secretsConfig = {
|
||||
password-store = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/home/balsoft/.local/share/password-store";
|
||||
};
|
||||
repo = lib.mkOption {
|
||||
type = str;
|
||||
default = "ssh://git@github.com/balsoft/pass";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config.systemd.services =
|
||||
mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
|
||||
config = {
|
||||
|
||||
config.security.sudo.extraRules = [{
|
||||
users = [ "balsoft" ];
|
||||
commands = [{
|
||||
command = "/run/current-system/sw/bin/systemctl restart ${allServices}";
|
||||
options = [ "NOPASSWD" ];
|
||||
systemd.services =
|
||||
mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
|
||||
|
||||
security.sudo.extraRules = [{
|
||||
users = [ "balsoft" ];
|
||||
commands = [{
|
||||
command = "/run/current-system/sw/bin/systemctl restart ${allServices}";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
}];
|
||||
|
||||
config.persist.derivative.directories = [ "/var/secrets" password-store ];
|
||||
persist.derivative.directories = [ "/var/secrets" password-store ];
|
||||
|
||||
config.home-manager.users.balsoft = {
|
||||
systemd.user.services.activate-secrets = {
|
||||
Service = {
|
||||
ExecStart = "${activate-secrets}/bin/activate-secrets";
|
||||
Type = "oneshot";
|
||||
home-manager.users.balsoft = {
|
||||
systemd.user.services.activate-secrets = {
|
||||
Service = {
|
||||
ExecStart = "${activate-secrets}/bin/activate-secrets";
|
||||
Type = "oneshot";
|
||||
};
|
||||
Unit = { PartOf = [ "graphical-session-pre.target" ]; };
|
||||
Install.WantedBy = [ "graphical-session-pre.target" ];
|
||||
};
|
||||
Unit = {
|
||||
PartOf = [ "graphical-session-pre.target" ];
|
||||
systemd.user.services.pass-store-sync = {
|
||||
Service = {
|
||||
Environment = [
|
||||
"PASSWORD_STORE_DIR=${password-store}"
|
||||
"PATH=${
|
||||
lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ]
|
||||
}"
|
||||
];
|
||||
ExecStart = toString (pkgs.writeShellScript "pass-store-sync" ''
|
||||
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
|
||||
while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do
|
||||
sleep 0.1
|
||||
pass git add --all
|
||||
pass git commit -m "Change"
|
||||
pass git pull --rebase
|
||||
pass git push
|
||||
done
|
||||
'');
|
||||
};
|
||||
Unit = rec {
|
||||
After = [ "activate-secrets.service" ];
|
||||
Wants = After;
|
||||
};
|
||||
Install.WantedBy = [ "graphical-session-pre.target" ];
|
||||
};
|
||||
Install.WantedBy = [ "graphical-session-pre.target" ];
|
||||
};
|
||||
systemd.user.services.pass-store-sync = {
|
||||
Service = {
|
||||
Environment = [
|
||||
"PASSWORD_STORE_DIR=${password-store}"
|
||||
"PATH=${lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ]}"
|
||||
];
|
||||
ExecStart = toString (pkgs.writeShellScript "pass-store-sync" ''
|
||||
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
|
||||
while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do
|
||||
sleep 0.1
|
||||
pass git add --all
|
||||
pass git commit -m "Change"
|
||||
pass git pull --rebase
|
||||
pass git push
|
||||
done
|
||||
'');
|
||||
programs.password-store = {
|
||||
enable = true;
|
||||
package = pkgs.pass-wayland;
|
||||
settings.PASSWORD_STORE_DIR = password-store;
|
||||
};
|
||||
Unit = rec {
|
||||
After = [ "activate-secrets.service" ];
|
||||
Wants = After;
|
||||
};
|
||||
Install.WantedBy = [ "graphical-session-pre.target" ];
|
||||
};
|
||||
programs.password-store = {
|
||||
enable = true;
|
||||
package = pkgs.pass-wayland;
|
||||
settings.PASSWORD_STORE_DIR = password-store;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
71
overlay.nix
71
overlay.nix
@ -56,27 +56,27 @@ in rec {
|
||||
|
||||
nerdfonts = nur.balsoft.pkgs.roboto-mono-nerd;
|
||||
|
||||
pass-secret-service =
|
||||
prev.pass-secret-service.overrideAttrs (_: {
|
||||
installCheckPhase = null;
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/{dbus-1/services,xdg-desktop-portal/portals}
|
||||
cat > $out/share/dbus-1/services/org.freedesktop.secrets.service << EOF
|
||||
[D-BUS Service]
|
||||
Name=org.freedesktop.secrets
|
||||
Exec=/run/current-system/sw/bin/systemctl --user start pass-secret-service
|
||||
EOF
|
||||
cp $out/share/dbus-1/services/{org.freedesktop.secrets.service,org.freedesktop.impl.portal.Secret.service}
|
||||
cat > $out/share/xdg-desktop-portal/portals/pass-secret-service.portal << EOF
|
||||
[portal]
|
||||
DBusName=org.freedesktop.secrets
|
||||
Interfaces=org.freedesktop.impl.portal.Secrets
|
||||
UseIn=gnome
|
||||
EOF
|
||||
'';
|
||||
});
|
||||
pass-secret-service = prev.pass-secret-service.overrideAttrs (_: {
|
||||
installCheckPhase = null;
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/{dbus-1/services,xdg-desktop-portal/portals}
|
||||
cat > $out/share/dbus-1/services/org.freedesktop.secrets.service << EOF
|
||||
[D-BUS Service]
|
||||
Name=org.freedesktop.secrets
|
||||
Exec=/run/current-system/sw/bin/systemctl --user start pass-secret-service
|
||||
EOF
|
||||
cp $out/share/dbus-1/services/{org.freedesktop.secrets.service,org.freedesktop.impl.portal.Secret.service}
|
||||
cat > $out/share/xdg-desktop-portal/portals/pass-secret-service.portal << EOF
|
||||
[portal]
|
||||
DBusName=org.freedesktop.secrets
|
||||
Interfaces=org.freedesktop.impl.portal.Secrets
|
||||
UseIn=gnome
|
||||
EOF
|
||||
'';
|
||||
});
|
||||
|
||||
nix-direnv = inputs.nix-direnv.packages.${system}.default.override { pkgs = final; };
|
||||
nix-direnv =
|
||||
inputs.nix-direnv.packages.${system}.default.override { pkgs = final; };
|
||||
|
||||
# For nix-direnv
|
||||
nixFlakes = final.nix;
|
||||
@ -92,8 +92,13 @@ in rec {
|
||||
mtxclient = prev.mtxclient.overrideAttrs (oa: {
|
||||
src = inputs.mtxclient;
|
||||
cmakeFlags = oa.cmakeFlags ++ [ "-DCMAKE_CXX_FLAGS=-DSPDLOG_FMT_EXTERNAL" ];
|
||||
buildInputs = oa.buildInputs
|
||||
++ [ final.libevent final.curl.all final.coeurl final.spdlog.dev final.re2 ];
|
||||
buildInputs = oa.buildInputs ++ [
|
||||
final.libevent
|
||||
final.curl.all
|
||||
final.coeurl
|
||||
final.spdlog.dev
|
||||
final.re2
|
||||
];
|
||||
patches = [ ];
|
||||
});
|
||||
|
||||
@ -116,23 +121,29 @@ in rec {
|
||||
cmakeFlags = oa.cmakeFlags ++ [ "-DBUILD_SHARED_LIBS=OFF" ];
|
||||
})).override { mtxclient = final.mtxclient; };
|
||||
|
||||
nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: {
|
||||
doInstallCheck = false;
|
||||
patches = [ ./profiles/nix/nix.patch ./profiles/nix/expr-context.patch ] ++ oa.patches or [ ];
|
||||
});
|
||||
nix = inputs.nix.packages.${system}.default;
|
||||
|
||||
nil = prev.nil.overrideAttrs (_: { doCheck = false; doInstallCheck = false; });
|
||||
nil = prev.nil.overrideAttrs (_: {
|
||||
doCheck = false;
|
||||
doInstallCheck = false;
|
||||
});
|
||||
|
||||
mako = prev.mako.overrideAttrs (_: {
|
||||
postInstall =
|
||||
"sed 's|Exec=.*|Exec=/run/current-system/sw/bin/systemctl --user start mako|' -i $out/share/dbus-1/services/fr.emersion.mako.service";
|
||||
});
|
||||
|
||||
codebraid = prev.codebraid.overrideAttrs (_: {
|
||||
src = inputs.codebraid;
|
||||
});
|
||||
codebraid = prev.codebraid.overrideAttrs (_: { src = inputs.codebraid; });
|
||||
|
||||
remapper = inputs.remapper.packages.${final.system}.default;
|
||||
|
||||
helix = inputs.helix.packages.${final.system}.default;
|
||||
|
||||
plasma5Packages = prev.plasma5Packages.overrideScope' (final': _: {
|
||||
qmlkonsole = final'.callPackage (final.fetchurl {
|
||||
url =
|
||||
"https://raw.githubusercontent.com/NixOS/nixpkgs/551245d6c4636862f91ba4a0e94b8120b7e8d4d4/pkgs/applications/plasma-mobile/qmlkonsole.nix";
|
||||
sha256 = "04vy12x0wjhr1c77dlhvghmlkb6aaq5dfqg1fwc5p6ma9nxqdwic";
|
||||
}) { };
|
||||
});
|
||||
}
|
||||
|
16
profiles/applications/angelfish.nix
Normal file
16
profiles/applications/angelfish.nix
Normal file
@ -0,0 +1,16 @@
|
||||
{ config, pkgs, ... }: {
|
||||
environment.systemPackages = [ pkgs.plasma5Packages.angelfish ];
|
||||
defaultApplications.browser = {
|
||||
cmd = "${pkgs.plasma5Packages.angelfish}/bin/angelfish";
|
||||
desktop = "org.kde.angelfish";
|
||||
};
|
||||
home-manager.users.balsoft = {
|
||||
xdg.configFile.angelfishrc.text = pkgs.lib.generators.toGitINI {
|
||||
NavigationBar = {
|
||||
navBarBack = true;
|
||||
navBarForward = true;
|
||||
navBarReload = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -3,6 +3,8 @@ let
|
||||
thm = pkgs.my-lib.thmHash config.themes.colors;
|
||||
fonts = config.themes.fonts;
|
||||
in {
|
||||
services.dbus.packages = [ pkgs.firefox-wayland ];
|
||||
|
||||
environment.sessionVariables = {
|
||||
MOZ_USE_XINPUT2 = "1";
|
||||
MOZ_DBUS_REMOTE = "1";
|
||||
|
@ -35,7 +35,8 @@
|
||||
lambda-launcher
|
||||
nix-patch
|
||||
gopass
|
||||
papirus-icon-theme
|
||||
# papirus-icon-theme
|
||||
breeze-icons
|
||||
shellcheck
|
||||
proselint
|
||||
ripgrep
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
hardware.enableRedistributableFirmware = true; # For some unfree drivers
|
||||
systemd.services.systemd-udev-settle.enable = false;
|
||||
# systemd.services.systemd-udev-settle.enable = false;
|
||||
services.fwupd.enable = true;
|
||||
# sound.enable = true;
|
||||
services.fstrim.enable = true;
|
||||
|
@ -17,6 +17,7 @@
|
||||
'';
|
||||
|
||||
settings = {
|
||||
use-xdg-base-directories = true;
|
||||
trusted-users = [ "root" "balsoft" "@wheel" ];
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
|
@ -1,42 +0,0 @@
|
||||
diff --git a/src/libstore/profiles.cc b/src/libstore/profiles.cc
|
||||
index 5d1723886..4f2e4f5db 100644
|
||||
--- a/src/libstore/profiles.cc
|
||||
+++ b/src/libstore/profiles.cc
|
||||
@@ -250,13 +250,6 @@ Path getDefaultProfile()
|
||||
{
|
||||
Path profileLink = getHome() + "/.nix-profile";
|
||||
try {
|
||||
- if (!pathExists(profileLink)) {
|
||||
- replaceSymlink(
|
||||
- getuid() == 0
|
||||
- ? settings.nixStateDir + "/profiles/default"
|
||||
- : fmt("%s/profiles/per-user/%s/profile", settings.nixStateDir, getUserName()),
|
||||
- profileLink);
|
||||
- }
|
||||
return absPath(readLink(profileLink), dirOf(profileLink));
|
||||
} catch (Error &) {
|
||||
return profileLink;
|
||||
diff --git a/src/nix-env/nix-env.cc b/src/nix-env/nix-env.cc
|
||||
index e04954d45..5649bd01a 100644
|
||||
--- a/src/nix-env/nix-env.cc
|
||||
+++ b/src/nix-env/nix-env.cc
|
||||
@@ -1336,19 +1336,6 @@ static int main_nix_env(int argc, char * * argv)
|
||||
globals.instSource.nixExprPath = getHome() + "/.nix-defexpr";
|
||||
globals.instSource.systemFilter = "*";
|
||||
|
||||
- if (!pathExists(globals.instSource.nixExprPath)) {
|
||||
- try {
|
||||
- createDirs(globals.instSource.nixExprPath);
|
||||
- replaceSymlink(
|
||||
- fmt("%s/profiles/per-user/%s/channels", settings.nixStateDir, getUserName()),
|
||||
- globals.instSource.nixExprPath + "/channels");
|
||||
- if (getuid() != 0)
|
||||
- replaceSymlink(
|
||||
- fmt("%s/profiles/per-user/root/channels", settings.nixStateDir),
|
||||
- globals.instSource.nixExprPath + "/channels_root");
|
||||
- } catch (Error &) { }
|
||||
- }
|
||||
-
|
||||
globals.dryRun = false;
|
||||
globals.preserveInstalled = false;
|
||||
globals.removeAll = false;
|
@ -1,120 +0,0 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
security.apparmor.enable = true;
|
||||
programs.firejail.enable = true;
|
||||
users.mutableUsers = false;
|
||||
users.users.balsoft = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"sudo"
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"disk"
|
||||
"dbus"
|
||||
"audio"
|
||||
"docker"
|
||||
"sound"
|
||||
"pulse"
|
||||
"adbusers"
|
||||
"input"
|
||||
"libvirtd"
|
||||
"vboxusers"
|
||||
"wireshark"
|
||||
"lp"
|
||||
"scanner"
|
||||
];
|
||||
description = "Александр Бантьев";
|
||||
uid = 1000;
|
||||
password = "";
|
||||
};
|
||||
|
||||
systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
|
||||
|
||||
home-manager.users.balsoft = {
|
||||
systemd.user.services.polkit-agent = {
|
||||
Unit = {
|
||||
Description = "Run polkit authentication agent";
|
||||
X-RestartIfChanged = true;
|
||||
};
|
||||
|
||||
Install.WantedBy = [ "sway-session.target" ];
|
||||
|
||||
Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
|
||||
};
|
||||
home.activation.yubi = {
|
||||
data = ''
|
||||
mkdir -p .config/Yubico
|
||||
[ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys)
|
||||
'';
|
||||
after = [ "linkGeneration" ];
|
||||
before = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
persist.state.directories = [ "/home/balsoft/.config/Yubico" ];
|
||||
|
||||
services.getty.autologinUser = "balsoft";
|
||||
|
||||
environment.loginShellInit = lib.mkBefore ''
|
||||
[[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
|
||||
'';
|
||||
|
||||
security.pam.u2f = {
|
||||
control = "sufficient";
|
||||
cue = true;
|
||||
enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeShellScriptBin "lock" ''
|
||||
set -euo pipefail
|
||||
if [[ "$1" == this ]]
|
||||
then args="-s"
|
||||
else args="-san"
|
||||
fi
|
||||
${
|
||||
lib.optionalString (config.deviceSpecific.isLaptop)
|
||||
''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''
|
||||
}
|
||||
'')
|
||||
];
|
||||
|
||||
security.pam.services = builtins.listToAttrs (builtins.map (name: {
|
||||
inherit name;
|
||||
value = { unixAuth = false; };
|
||||
}) [
|
||||
"chpasswd"
|
||||
"chsh"
|
||||
"groupadd"
|
||||
"groupdel"
|
||||
"groupmems"
|
||||
"groupmod"
|
||||
"i3lock"
|
||||
"i3lock-color"
|
||||
"login"
|
||||
"passwd"
|
||||
"polkit-1"
|
||||
"runuser"
|
||||
"runuser-l"
|
||||
"su"
|
||||
"sudo"
|
||||
"swaylock"
|
||||
"systemd-user"
|
||||
"useradd"
|
||||
"userdel"
|
||||
"usermod"
|
||||
"vlock"
|
||||
"xlock"
|
||||
"xscreensaver"
|
||||
]);
|
||||
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock
|
||||
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this
|
||||
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5
|
||||
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5
|
||||
'';
|
||||
};
|
||||
home-manager.useUserPackages = true;
|
||||
}
|
18
profiles/security/pass-secret-service.nix
Normal file
18
profiles/security/pass-secret-service.nix
Normal file
@ -0,0 +1,18 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
home-manager.users.balsoft = {
|
||||
services.pass-secret-service.enable = true;
|
||||
|
||||
systemd.user.services.pass-secret-service = {
|
||||
Service = {
|
||||
Type = "dbus";
|
||||
Environment = [ "GPG_TTY=/dev/tty1" "DISPLAY=:0" ];
|
||||
BusName = "org.freedesktop.secrets";
|
||||
};
|
||||
Unit = rec {
|
||||
Wants = [ "gpg-agent.service" ];
|
||||
After = Wants;
|
||||
PartOf = [ "graphical-session-pre.target" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
47
profiles/security/user.nix
Normal file
47
profiles/security/user.nix
Normal file
@ -0,0 +1,47 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
users.mutableUsers = false;
|
||||
users.users.balsoft = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"sudo"
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"disk"
|
||||
"dbus"
|
||||
"audio"
|
||||
"docker"
|
||||
"sound"
|
||||
"pulse"
|
||||
"adbusers"
|
||||
"input"
|
||||
"libvirtd"
|
||||
"vboxusers"
|
||||
"wireshark"
|
||||
"lp"
|
||||
"scanner"
|
||||
];
|
||||
description = "Александр Бантьев";
|
||||
uid = 1000;
|
||||
password = "";
|
||||
};
|
||||
|
||||
systemd.services."user@" = { serviceConfig = { Restart = "always"; }; };
|
||||
|
||||
home-manager.users.balsoft = {
|
||||
systemd.user.services.polkit-agent = {
|
||||
Unit = {
|
||||
Description = "Run polkit authentication agent";
|
||||
X-RestartIfChanged = true;
|
||||
};
|
||||
|
||||
Install.WantedBy = [ "sway-session.target" ];
|
||||
|
||||
Service = { ExecStart = "${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"; };
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.getty.autologinUser = "balsoft";
|
||||
|
||||
home-manager.useUserPackages = true;
|
||||
}
|
27
profiles/security/vlock.nix
Normal file
27
profiles/security/vlock.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
environment.loginShellInit = lib.mkBefore ''
|
||||
[[ "$(tty)" == /dev/tty? ]] && sudo /run/current-system/sw/bin/lock this
|
||||
'';
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeShellScriptBin "lock" ''
|
||||
set -euo pipefail
|
||||
if [[ "$1" == this ]]
|
||||
then args="-s"
|
||||
else args="-san"
|
||||
fi
|
||||
${lib.optionalString (config.deviceSpecific.isLaptop)
|
||||
''USER=balsoft ${pkgs.vlock}/bin/vlock "$args"''}
|
||||
'')
|
||||
];
|
||||
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock
|
||||
balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/lock this
|
||||
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -A 5
|
||||
balsoft ALL = (root) NOPASSWD: ${pkgs.light}/bin/light -U 5
|
||||
'';
|
||||
};
|
||||
}
|
50
profiles/security/yubikey.nix
Normal file
50
profiles/security/yubikey.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{ config, pkgs, ... }: {
|
||||
home-manager.users.balsoft = {
|
||||
home.activation.yubi = {
|
||||
data = ''
|
||||
mkdir -p .config/Yubico
|
||||
[ -f /home/balsoft/.config/Yubico/u2f_keys ] || (pamu2fcfg > /home/balsoft/.config/Yubico/u2f_keys)
|
||||
'';
|
||||
after = [ "linkGeneration" ];
|
||||
before = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
persist.state.directories = [ "/home/balsoft/.config/Yubico" ];
|
||||
|
||||
security.pam.services = builtins.listToAttrs (builtins.map (name: {
|
||||
inherit name;
|
||||
value = { unixAuth = false; };
|
||||
}) [
|
||||
"chpasswd"
|
||||
"chsh"
|
||||
"groupadd"
|
||||
"groupdel"
|
||||
"groupmems"
|
||||
"groupmod"
|
||||
"i3lock"
|
||||
"i3lock-color"
|
||||
"login"
|
||||
"passwd"
|
||||
"polkit-1"
|
||||
"runuser"
|
||||
"runuser-l"
|
||||
"su"
|
||||
"sudo"
|
||||
"swaylock"
|
||||
"systemd-user"
|
||||
"useradd"
|
||||
"userdel"
|
||||
"usermod"
|
||||
"vlock"
|
||||
"xlock"
|
||||
"xscreensaver"
|
||||
]);
|
||||
|
||||
security.pam.u2f = {
|
||||
control = "sufficient";
|
||||
cue = true;
|
||||
enable = true;
|
||||
};
|
||||
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
{ pkgs, config, lib, ... }: {
|
||||
hardware.pulseaudio.enable = false;
|
||||
hardware.pulseaudio.enable = lib.mkForce false;
|
||||
|
||||
security.rtkit.enable = true;
|
||||
|
||||
|
@ -22,15 +22,15 @@
|
||||
themes.fonts = {
|
||||
main = {
|
||||
family = "IBM Plex Sans";
|
||||
size = 13;
|
||||
size = lib.mkDefault 13;
|
||||
};
|
||||
serif = {
|
||||
family = "IBM Plex Serif";
|
||||
size = 13;
|
||||
size = lib.mkDefault 13;
|
||||
};
|
||||
mono = {
|
||||
family = "IBM Plex Mono";
|
||||
size = 13;
|
||||
size = lib.mkDefault 13;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -38,20 +38,6 @@
|
||||
};
|
||||
|
||||
home-manager.users.balsoft = {
|
||||
services.pass-secret-service.enable = true;
|
||||
|
||||
systemd.user.services.pass-secret-service = {
|
||||
Service = {
|
||||
Type = "dbus";
|
||||
Environment = [ "GPG_TTY=/dev/tty1" "DISPLAY=:0" ];
|
||||
BusName = "org.freedesktop.secrets";
|
||||
};
|
||||
Unit = rec {
|
||||
Wants = [ "gpg-agent.service" ];
|
||||
After = Wants;
|
||||
PartOf = [ "graphical-session-pre.target" ];
|
||||
};
|
||||
};
|
||||
|
||||
home.activation.gnome = ''
|
||||
$DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/goa-1.0"
|
||||
|
@ -8,7 +8,7 @@
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
enableSshSupport = true;
|
||||
pinentryFlavor = "gtk2";
|
||||
pinentryFlavor = "qt";
|
||||
};
|
||||
|
||||
systemd.user.services.gpg-agent = {
|
||||
|
@ -25,8 +25,8 @@ in {
|
||||
gtk = {
|
||||
enable = true;
|
||||
iconTheme = {
|
||||
name = "Papirus-Dark";
|
||||
package = pkgs.papirus-icon-theme;
|
||||
name = "breeze-dark";
|
||||
package = pkgs.breeze-icons;
|
||||
};
|
||||
theme = {
|
||||
name = "Generated";
|
||||
|
68
profiles/workspace/kde/plasma-mobile.nix
Normal file
68
profiles/workspace/kde/plasma-mobile.nix
Normal file
@ -0,0 +1,68 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
desktopManager.plasma5 = {
|
||||
mobile.enable = true;
|
||||
runUsingSystemd = false;
|
||||
};
|
||||
displayManager = {
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "balsoft";
|
||||
};
|
||||
defaultSession = "plasma-mobile";
|
||||
lightdm = {
|
||||
enable = true;
|
||||
extraSeatDefaults = ''
|
||||
session-cleanup-script=${pkgs.procps}/bin/pkill -P1 -fx ${pkgs.lightdm}/sbin/lightdm
|
||||
'';
|
||||
};
|
||||
};
|
||||
libinput.enable = true;
|
||||
};
|
||||
|
||||
powerManagement.enable = true;
|
||||
|
||||
home-manager.users.balsoft = {
|
||||
xdg.configFile."autostart/org_kde_powerdevil.desktop".text = ''
|
||||
[Desktop Entry]
|
||||
DBusActivatable=true
|
||||
Exec=${pkgs.powerdevil}/libexec/org_kde_powerdevil
|
||||
Name=org_kde_powerdevil
|
||||
Type=Application
|
||||
'';
|
||||
xdg.configFile."plasmarc".text =
|
||||
lib.generators.toGitINI { Theme.name = "generated"; };
|
||||
xdg.configFile."plasmamobilerc".text = lib.generators.toGitINI {
|
||||
General = {
|
||||
actionDrawerTopLeftMode = "1";
|
||||
actionDrawerTopRightMode = "0";
|
||||
vibrationDuration = "100";
|
||||
vibrationIntensity = "0.5";
|
||||
};
|
||||
QuickSettings = {
|
||||
disabledQuickSettings = builtins.concatStringsSep ","
|
||||
[ "org.kde.plasma.quicksetting.record" ];
|
||||
enabledQuickSettings = builtins.concatStringsSep "," [
|
||||
"org.kde.plasma.quicksetting.wifi"
|
||||
"org.kde.plasma.quicksetting.mobiledata"
|
||||
"org.kde.plasma.quicksetting.bluetooth"
|
||||
"org.kde.plasma.quicksetting.flashlight"
|
||||
"org.kde.plasma.quicksetting.screenrotation"
|
||||
"org.kde.plasma.quicksetting.settingsapp"
|
||||
"org.kde.plasma.quicksetting.airplanemode"
|
||||
"org.kde.plasma.quicksetting.audio"
|
||||
"org.kde.plasma.quicksetting.battery"
|
||||
"org.kde.plasma.quicksetting.location"
|
||||
"org.kde.plasma.quicksetting.nightcolor"
|
||||
"org.kde.plasma.quicksetting.screenshot"
|
||||
"org.kde.plasma.quicksetting.powermenu"
|
||||
"org.kde.plasma.quicksetting.donotdisturb"
|
||||
"org.kde.plasma.quicksetting.caffeine"
|
||||
"org.kde.plasma.quicksetting.keyboardtoggle"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,12 +1,194 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
with pkgs.my-lib; {
|
||||
with pkgs.my-lib;
|
||||
let
|
||||
colorTheme = with (thmDec config.themes.colors); {
|
||||
"Colors:Button" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base01;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base0D;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
"Colors:Complementary" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base03;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base0D;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base0A;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base02;
|
||||
};
|
||||
"Colors:Selection" = {
|
||||
BackgroundAlternate = base0D;
|
||||
BackgroundNormal = base0D;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base05;
|
||||
ForegroundInactive = base05;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base02;
|
||||
};
|
||||
"Colors:Tooltip" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base00;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base0D;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
"Colors:View" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base00;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base0D;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
"Colors:Window" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base00;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base0D;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
General = {
|
||||
ColorScheme = "Generated";
|
||||
Name = "Generated";
|
||||
shadeSortColumn = true;
|
||||
};
|
||||
KDE.contrast = 4;
|
||||
WM = {
|
||||
activeBackground = base00;
|
||||
activeBlend = base06;
|
||||
activeForeground = base05;
|
||||
inactiveBackground = base01;
|
||||
inactiveBlend = base02;
|
||||
inactiveForeground = base04;
|
||||
};
|
||||
};
|
||||
misc = with config.themes; {
|
||||
Icons.Theme = "breeze-dark";
|
||||
|
||||
KDE = {
|
||||
DoubleClickInterval = 400;
|
||||
ShowDeleteCommand = true;
|
||||
SingleClick = false;
|
||||
StartDragDist = 4;
|
||||
StartDragTime = 500;
|
||||
WheelScrollLines = 3;
|
||||
widgetStyle = "Breeze";
|
||||
};
|
||||
General = {
|
||||
TerminalApplication = "alacritty";
|
||||
fixed =
|
||||
"${fonts.mono.family},${toString fonts.mono.size},-1,5,50,0,0,0,0,0";
|
||||
font =
|
||||
"${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0";
|
||||
menuFont =
|
||||
"${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0";
|
||||
smallestReadableFont = "${fonts.main.family},${
|
||||
toString fonts.main.size
|
||||
},-1,5,57,0,0,0,0,0,Medium";
|
||||
toolBarFont =
|
||||
"${fonts.main.family},${toString fonts.main.size},-1,5,50,0,0,0,0,0";
|
||||
};
|
||||
};
|
||||
effects = with (thmDec config.themes.colors); {
|
||||
"ColorEffects:Disabled" = {
|
||||
Color = base02;
|
||||
ColorAmount = "0";
|
||||
ColorEffect = "0";
|
||||
ContrastAmount = "0.65";
|
||||
ContrastEffect = "1";
|
||||
IntensityAmount = "0.1";
|
||||
IntensityEffect = "2";
|
||||
};
|
||||
|
||||
"ColorEffects:Inactive" = {
|
||||
ChangeSelectionColor = "true";
|
||||
Color = base03;
|
||||
ColorAmount = "0.025";
|
||||
ColorEffect = "2";
|
||||
ContrastAmount = "0.1";
|
||||
ContrastEffect = "2";
|
||||
Enable = "false";
|
||||
IntensityAmount = "0";
|
||||
IntensityEffect = "0";
|
||||
};
|
||||
};
|
||||
desktopThemeColors = pkgs.writeText "generated-plasma-theme-colors"
|
||||
(lib.generators.toGitINI
|
||||
(builtins.foldl' lib.recursiveUpdate { } [ colorTheme effects ]));
|
||||
desktopThemeRc = pkgs.writeText "generated-plasma-theme-rc"
|
||||
(lib.generators.toGitINI {
|
||||
Wallpaper = {
|
||||
defaultWallpaperTheme = "Next";
|
||||
defaultFileSuffix = ".png";
|
||||
defaultWidth = "1920";
|
||||
defaultHeight = "1080";
|
||||
};
|
||||
ContrastEffect = {
|
||||
enabled = "true";
|
||||
contrast = "0.17";
|
||||
intensity = "1.25";
|
||||
saturation = "9";
|
||||
};
|
||||
AdaptiveTransparency.enabled = "true";
|
||||
});
|
||||
desktopTheme = pkgs.linkFarm "generated-plasma-theme" [
|
||||
{
|
||||
name = "share/plasma/desktoptheme/generated/plasmarc";
|
||||
path = desktopThemeRc;
|
||||
}
|
||||
{
|
||||
name = "share/plasma/desktoptheme/generated/colors";
|
||||
path = desktopThemeColors;
|
||||
}
|
||||
];
|
||||
in {
|
||||
environment.systemPackages = [ desktopTheme ];
|
||||
|
||||
xdg.portal.enable = true;
|
||||
|
||||
services.dbus.packages =
|
||||
[ pkgs.firefox pkgs.systemd pkgs.papirus-icon-theme ];
|
||||
services.dbus.packages = [ pkgs.systemd pkgs.breeze-icons ];
|
||||
services.udev.packages = [ pkgs.libmtp pkgs.media-player-info ];
|
||||
|
||||
qt5.enable = false;
|
||||
qt.enable = false;
|
||||
|
||||
environment.sessionVariables = {
|
||||
QT_XFT = "true";
|
||||
@ -30,128 +212,10 @@ with pkgs.my-lib; {
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users.balsoft = let fonts = config.themes.fonts;
|
||||
in {
|
||||
home-manager.users.balsoft = {
|
||||
home.packages = [ pkgs.ark pkgs.dolphin ];
|
||||
|
||||
xdg.configFile."kdeglobals".text = with (thmDec config.themes.colors);
|
||||
lib.generators.toGitINI {
|
||||
"Colors:Button" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base01;
|
||||
DecorationFocus = base02;
|
||||
DecorationHover = base02;
|
||||
ForegroundActive = base05;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
"Colors:Complementary" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base03;
|
||||
DecorationFocus = base02;
|
||||
DecorationHover = base02;
|
||||
ForegroundActive = base09;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base0A;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base02;
|
||||
};
|
||||
"Colors:Selection" = {
|
||||
BackgroundAlternate = base0D;
|
||||
BackgroundNormal = base0D;
|
||||
DecorationFocus = base0D;
|
||||
DecorationHover = base0D;
|
||||
ForegroundActive = base05;
|
||||
ForegroundInactive = base05;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base02;
|
||||
};
|
||||
"Colors:Tooltip" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base00;
|
||||
DecorationFocus = base02;
|
||||
DecorationHover = base02;
|
||||
ForegroundActive = base02;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
"Colors:View" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base00;
|
||||
DecorationFocus = base02;
|
||||
DecorationHover = base02;
|
||||
ForegroundActive = base02;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
"Colors:Window" = {
|
||||
BackgroundAlternate = base01;
|
||||
BackgroundNormal = base00;
|
||||
DecorationFocus = base02;
|
||||
DecorationHover = base02;
|
||||
ForegroundActive = base02;
|
||||
ForegroundInactive = base01;
|
||||
ForegroundLink = base0D;
|
||||
ForegroundNegative = base08;
|
||||
ForegroundNeutral = base09;
|
||||
ForegroundNormal = base05;
|
||||
ForegroundPositive = base0B;
|
||||
ForegroundVisited = base03;
|
||||
};
|
||||
General = {
|
||||
ColorScheme = "Generated";
|
||||
Name = "Generated";
|
||||
fixed = "${fonts.mono.family},${
|
||||
toString fonts.mono.size
|
||||
},-1,5,50,0,0,0,0,0";
|
||||
font = "${fonts.main.family},${
|
||||
toString fonts.main.size
|
||||
},-1,5,50,0,0,0,0,0";
|
||||
menuFont = "${fonts.main.family},${
|
||||
toString fonts.main.size
|
||||
},-1,5,50,0,0,0,0,0";
|
||||
shadeSortColumn = true;
|
||||
smallestReadableFont = "${fonts.main.family},${
|
||||
toString fonts.main.size
|
||||
},-1,5,57,0,0,0,0,0,Medium";
|
||||
toolBarFont = "${fonts.main.family},${
|
||||
toString fonts.main.size
|
||||
},-1,5,50,0,0,0,0,0";
|
||||
TerminalApplication = "alacritty";
|
||||
};
|
||||
KDE = {
|
||||
DoubleClickInterval = 400;
|
||||
ShowDeleteCommand = true;
|
||||
SingleClick = false;
|
||||
StartDragDist = 4;
|
||||
StartDragTime = 500;
|
||||
WheelScrollLines = 3;
|
||||
contrast = 4;
|
||||
widgetStyle = "Breeze";
|
||||
};
|
||||
Icons = { Theme = "Papirus-Dark"; };
|
||||
};
|
||||
xdg.configFile."kdeglobals".text = lib.generators.toGitINI
|
||||
(builtins.foldl' lib.recursiveUpdate { } [ colorTheme misc ]);
|
||||
};
|
||||
}
|
||||
|
@ -1,7 +1,4 @@
|
||||
{ pkgs, config, lib, ... }: {
|
||||
console.font = "cyr-sun16";
|
||||
console.keyMap = "ruwin_cplk-UTF-8";
|
||||
|
||||
environment.sessionVariables = {
|
||||
XKB_DEFAULT_LAYOUT = "us,ru";
|
||||
XKB_DEFAULT_OPTIONS =
|
||||
|
@ -23,7 +23,7 @@
|
||||
textColor = base05;
|
||||
borderColor = "${base0D}AA";
|
||||
progressColor = "over ${base0B}";
|
||||
iconPath = "${pkgs.papirus-icon-theme}/share/icons/Papirus-Dark";
|
||||
iconPath = "${pkgs.breeze-icons}/share/icons/breeze-dark";
|
||||
maxIconSize = 24;
|
||||
extraConfig = let
|
||||
play = sound:
|
||||
|
@ -15,7 +15,7 @@
|
||||
|
||||
systemd.user.startServices = true;
|
||||
|
||||
home.stateVersion = "20.09";
|
||||
home.stateVersion = lib.mkDefault "20.09";
|
||||
};
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
@ -1,9 +1,11 @@
|
||||
{ pkgs, config, lib, ... }: {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
permitRootLogin = "no";
|
||||
forwardX11 = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
X11Forwarding = true;
|
||||
};
|
||||
extraConfig = "StreamLocalBindUnlink yes";
|
||||
ports = [ 22 ];
|
||||
};
|
||||
@ -17,20 +19,17 @@
|
||||
|
||||
persist.state.directories = [ "/home/balsoft/.ssh" ];
|
||||
|
||||
users.users.balsoft.openssh.authorizedKeys.keys =
|
||||
["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"];
|
||||
users.users.balsoft.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"
|
||||
];
|
||||
|
||||
secrets.ssh_key = {
|
||||
services = [];
|
||||
decrypted = "/root/.ssh/id_ed25519";
|
||||
};
|
||||
# secrets.ssh_key = {
|
||||
# services = [ ];
|
||||
# decrypted = "/root/.ssh/id_ed25519";
|
||||
# };
|
||||
|
||||
home-manager.users.balsoft.programs.ssh = {
|
||||
enable = true;
|
||||
matchBlocks = {
|
||||
"*" = {
|
||||
compression = false;
|
||||
};
|
||||
};
|
||||
matchBlocks = { "*" = { compression = false; }; };
|
||||
};
|
||||
}
|
||||
|
@ -159,7 +159,7 @@ in {
|
||||
"F1" = ''
|
||||
exec ${pkgs.pavucontrol}/bin/pavucontrol; [app_id="pavucontrol"] focus'';
|
||||
"Shift+F1" = ''
|
||||
exec ${pkgs.helvum}/bin/helvum; [app_id="org.freedesktop.ryuukyu.Helvum"] focus'';
|
||||
exec ${pkgs.qpwgraph}/bin/qpwgraph; [app_id="org.freedesktop.ryuukyu.Helvum"] focus'';
|
||||
"F3" = "exec ${pkgs.alsa-utils}/bin/amixer set Capture cap";
|
||||
"Shift+F3" = "exec ${pkgs.alsa-utils}/bin/amixer set Capture nocap";
|
||||
"F5" = "reload";
|
||||
@ -211,7 +211,6 @@ in {
|
||||
"XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 2";
|
||||
"XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
|
||||
"button2" = "kill";
|
||||
"--whole-window button2" = "kill";
|
||||
} // builtins.listToAttrs (builtins.map (x: {
|
||||
name = "${builtins.elemAt x 0}";
|
||||
value = "workspace ${builtins.elemAt x 1}";
|
||||
@ -251,7 +250,7 @@ in {
|
||||
"XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 2";
|
||||
"XF86AudioMute" = "exec ${pkgs.pamixer}/bin/pamixer -t";
|
||||
"button2" = "kill";
|
||||
"--whole-window button2" = "kill";
|
||||
"--whole-window ${modifier}+button2" = "kill";
|
||||
};
|
||||
|
||||
keycodebindings = { };
|
||||
|
@ -1,19 +1,16 @@
|
||||
{ inputs, ... }: {
|
||||
imports = with inputs.self.nixosProfiles; [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
|
||||
# PROFILES
|
||||
autoRun
|
||||
xdg
|
||||
|
||||
boot
|
||||
git
|
||||
gpg
|
||||
locale
|
||||
misc
|
||||
network
|
||||
nix
|
||||
security
|
||||
user
|
||||
ssh
|
||||
zsh
|
||||
];
|
||||
|
@ -2,6 +2,8 @@
|
||||
imports = with inputs.self.nixosProfiles; [
|
||||
./base.nix
|
||||
|
||||
boot
|
||||
|
||||
# PROFILES
|
||||
applications-setup
|
||||
bluetooth
|
||||
@ -11,6 +13,9 @@
|
||||
sound
|
||||
virtualisation
|
||||
|
||||
yubikey
|
||||
vlock
|
||||
|
||||
alacritty
|
||||
aerc
|
||||
# cantata
|
||||
@ -26,6 +31,7 @@
|
||||
packages
|
||||
okular
|
||||
|
||||
pass-secret-service
|
||||
copyq
|
||||
cursor
|
||||
direnv
|
||||
|
@ -1,6 +1,8 @@
|
||||
{ inputs, ... }: {
|
||||
imports = [
|
||||
./base.nix
|
||||
|
||||
inputs.self.nixosProfiles.boot
|
||||
];
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
Loading…
Reference in New Issue
Block a user