Mostly security changes, add nouveau as a boot option, simplify settings and prepare for home-manager options

This commit is contained in:
Jimbo 2024-11-29 01:49:18 -05:00
parent e48ac95c34
commit 129e5e0d27
58 changed files with 281 additions and 269 deletions

View file

@ -61,11 +61,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732221404, "lastModified": 1732742778,
"narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -208,11 +208,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731880681, "lastModified": 1732466619,
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", "rev": "f3111f62a23451114433888902a55cf0692b408d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -237,25 +237,6 @@
"type": "github" "type": "github"
} }
}, },
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1732032028,
"narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "65dc04371cf914c9af4f073638821e4787303005",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -287,7 +268,7 @@
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixpkgs-24_05": "nixpkgs-24_05", "nixpkgs-24_05": "nixpkgs-24_05",
"utils": "utils" "utils": "utils"
}, },
@ -310,14 +291,14 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1732153840, "lastModified": 1732688645,
"narHash": "sha256-lt8Gdx6TNheby/9lRNE1GMP3vkdpLaXmyHQk+ZvYNAY=", "narHash": "sha256-SQBVnfTAhVmNs5mKjoe942GykhAh9RQbcqScK9XlsWM=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "8325d463c1c424f2e6edeef2010c0d902a37b3d3", "rev": "6adec7f87f6c1d455f89f57bd697740bd6dc88fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -326,28 +307,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729697500,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1722221733, "lastModified": 1722221733,
@ -394,22 +353,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1729665710,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1717602782, "lastModified": 1717602782,
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
@ -424,7 +367,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1715266358, "lastModified": 1715266358,
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
@ -440,13 +383,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1731755305, "lastModified": 1732350895,
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -457,11 +400,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1732220928, "lastModified": 1732745437,
"narHash": "sha256-OOFqnjTax0132/mBsRpVD1QTMlZUCbVexKgKUVUxJNg=", "narHash": "sha256-o0xF2tQ4dibaVWk7T9yLIDJZ68VpRwSY0T7q892m4MM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "8439fca0da7f67b331edcca08eb2a47249be72f4", "rev": "fbe88c0dba3181daf3ef9760e548329fcc320f9d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -503,11 +446,10 @@
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"jovian": "jovian",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"mailserver": "mailserver", "mailserver": "mailserver",
"minecraft": "minecraft", "minecraft": "minecraft",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"nur": "nur", "nur": "nur",
"unstable": "unstable" "unstable": "unstable"
} }
@ -584,11 +526,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1732014248, "lastModified": 1732521221,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -17,7 +17,6 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
minecraft.url = "github:Infinidoge/nix-minecraft"; minecraft.url = "github:Infinidoge/nix-minecraft";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
# Home inputs # Home inputs
home-manager = { home-manager = {
@ -37,7 +36,6 @@
impermanence, impermanence,
mailserver, mailserver,
minecraft, minecraft,
jovian,
home-manager, home-manager,
nur, nur,
blender-bin, blender-bin,
@ -54,7 +52,6 @@
impermanence impermanence
mailserver mailserver
minecraft minecraft
jovian
home-manager home-manager
nur nur
blender-bin blender-bin
@ -80,7 +77,7 @@
axolotl = mkNix [ ./hosts/axolotl ]; # PineBook Pro axolotl = mkNix [ ./hosts/axolotl ]; # PineBook Pro
lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook
redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot Laptop redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot Laptop
extern = mkNix [ ./hosts/extern ]; # Portable Hard-Drive extern = mkNix [ ./hosts/extern ]; # ISO Image
kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010
xenia = mkNix [ ./hosts/xenia ]; # Acer Veriton X2611G xenia = mkNix [ ./hosts/xenia ]; # Acer Veriton X2611G

View file

@ -1,36 +1,8 @@
{ config, pkgs, ... }: { pkgs, ... }:
let {
commonKernelParams = [
# VM/GPU passthrough
"amd_iommu=on"
"iommu=pt"
"nested=1"
# Virtualization nonsense
"transparent_hugepage=never"
# Isolate devices into IOMMU groups
"pcie_acs_override=downstream,multifunction"
"pci=routeirq"
];
in {
boot = { boot = {
# Must be Zen for IOMMU isolation kernelPackages = pkgs.unstable.linuxPackages_latest;
kernelPackages = pkgs.unstable.linuxPackages_zen;
kernel.sysctl."vm.max_map_count" = 2147483642; kernel.sysctl."vm.max_map_count" = 2147483642;
kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
blacklistedKernelModules = [ "pcspkr" ]; blacklistedKernelModules = [ "pcspkr" ];
# Needed for GPU passthrough
initrd.kernelModules = [
"vfio"
"vfio_pci"
"vfio_iommu_type1"
];
};
# Use second GPU on boot
specialisation.gputwo.configuration = {
boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
}; };
} }

View file

@ -1,17 +1,20 @@
{ lib, ... }: { ... }:
{ {
imports = [ imports = [
./boot ./boot
./disko ./disko
./filesystems ./filesystems
./hardware ./hardware
./wireguard ./modules
../../modules/system ../../modules/system
]; ];
services.btrfs.autoScrub.enable = lib.mkForce false; system.wireless.enable = false;
system.video.nvidia.enable = true; system.wireguard.client.enable = true;
networking.wireguard.interfaces.wgc.ips = [ "10.100.0.21/24" ];
boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
networking.hostName = "extern"; networking.hostName = "extern";
} }

View file

@ -6,7 +6,7 @@
disk = { disk = {
"${config.networking.hostName}" = { "${config.networking.hostName}" = {
type = "disk"; type = "disk";
device = "/dev/sdg"; device = "/dev/nvme0n1";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
@ -39,13 +39,6 @@
}; };
}; };
nodev = {
"/" = {
fsType = "tmpfs";
mountOptions = [ "size=4G" ];
};
};
lvm_vg = { lvm_vg = {
"${config.networking.hostName}" = { "${config.networking.hostName}" = {
type = "lvm_vg"; type = "lvm_vg";
@ -56,6 +49,14 @@
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f" ]; extraArgs = [ "-f" ];
subvolumes = { subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/prev" = {
mountpoint = "/prev";
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
};
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" ];
@ -77,7 +78,7 @@
}; };
}; };
swap = { swap = {
size = "8G"; size = "4G";
content = { content = {
type = "swap"; type = "swap";
discardPolicy = "both"; discardPolicy = "both";

View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
{ {
fileSystems = { fileSystems = {
# Remote # Network mounts
"/home/jimbo/JimboNFS" = { "/home/jimbo/JimboNFS" = {
device = "10.100.0.1:/export/JimboNFS"; device = "10.100.0.1:/export/JimboNFS";
fsType = "nfs4"; fsType = "nfs4";

View file

@ -1,9 +1,10 @@
{ config, lib, modulesPath, ... }: # nixos-generate-config --root ./ --no-filesystems
{ config, lib, ... }:
{ {
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "sr_mod" ];
boot.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

1
hosts/extern/id_ed25519.pub vendored Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl

4
hosts/extern/modules/default.nix vendored Normal file
View file

@ -0,0 +1,4 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
}

View file

@ -1,23 +0,0 @@
{ lib, config, ... }:
{
networking = {
firewall = {
allowedUDPPorts = [ 51820 ];
trustedInterfaces = [ "wgc" ];
};
wireguard.interfaces.wgc = {
ips = [ "10.100.0.20/24" ];
listenPort = 51820;
privateKey = config.secrets.wgClientPriv;
peers = [
{ # Cyberspark Server
publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
allowedIPs = [ "10.100.0.0/24" ];
endpoint = "sv.${config.domains.jim1}:51820";
persistentKeepalive = 25;
}
];
};
};
}

View file

@ -1,4 +1,4 @@
{ jovian, ... }: { ... }:
{ {
imports = [ imports = [
./boot ./boot
@ -7,13 +7,10 @@
./hardware ./hardware
./wireguard ./wireguard
../../modules/system ../../modules/system
jovian.nixosModules.default
]; ];
system.lanzaboote.enable = true; system.lanzaboote.enable = true;
system.libvirtd.enable = true; system.libvirtd.enable = true;
jovian.steamos.useSteamOSConfig = true;
networking.hostName = "jupiter"; networking.hostName = "jupiter";
} }

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
commonKernelParams = [ commonKernelParams = [
# VM/GPU passthrough # VM/GPU passthrough
@ -21,6 +21,9 @@ in {
kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
blacklistedKernelModules = [ "pcspkr" ]; blacklistedKernelModules = [ "pcspkr" ];
# Enable cross-compilation
binfmt.emulatedSystems = [ "aarch64-linux" ];
# Needed for GPU passthrough # Needed for GPU passthrough
initrd.kernelModules = [ initrd.kernelModules = [
"vfio" "vfio"
@ -33,4 +36,14 @@ in {
specialisation.gputwo.configuration = { specialisation.gputwo.configuration = {
boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
}; };
# Use Nouveau
specialisation.nouveau.configuration.config = {
environment.sessionVariables = {
NIXOS_OZONE_WL = lib.mkForce "0";
WLR_RENDERER = lib.mkForce "vulkan";
};
system.video.nvidia.enable = lib.mkForce false;
system.video.nouveau.enable = lib.mkForce true;
};
} }

View file

@ -0,0 +1,6 @@
{ ... }:
{
home-manager.users.jimbo = {
};
}

View file

@ -2,11 +2,12 @@
{ {
imports = [ imports = [
./files ./files
./options
./programs ./programs
./services ./services
./settings ./settings
./wms ./wms
./users ./user
../extras ../extras
# Imports # Imports

View file

@ -0,0 +1,8 @@
{ lib, ... }:
with lib; {
options.home.desktop.enable = mkOption {
type = types.bool;
default = true;
description = "Enable desktop apps and services, but home-manager";
};
}

View file

@ -7,7 +7,9 @@
./mako ./mako
./mangohud ./mangohud
./mpv ./mpv
./pcmanfm-qt ./pcmanfm
./rofi ./rofi
./swappy
./thunderbird
]; ];
} }

View file

@ -112,6 +112,24 @@ in {
}; };
}; };
}; };
commonBookmarks = [
{
name = "Jimbo";
url = "https://jimbosfiles.com";
}
{
name = "Corn";
url = "https://freecorn1854.win";
}
{
name = "Luna";
url = "https://www.lunamoonlight.xyz";
}
{
name = "Kernel";
url = "https://www.kernel.org";
}
];
commonSettings = { commonSettings = {
"general.autoScroll" = true; "general.autoScroll" = true;
@ -123,18 +141,28 @@ in {
"browser.uidensity" = 1; "browser.uidensity" = 1;
"browser.compactmode.show" = true; "browser.compactmode.show" = true;
"browser.toolbars.bookmarks.visibility" = "never"; "browser.toolbars.bookmarks.visibility" = "newtab";
"browser.contentblocking.category" = "strict"; "browser.contentblocking.category" = "strict";
"browser.helperApps.deleteTempFileOnExit" = true; "browser.helperApps.deleteTempFileOnExit" = true;
"browser.search.separatePrivateDefault" = false; "browser.search.separatePrivateDefault" = false;
"browser.download.useDownloadDir" = true; "browser.download.useDownloadDir" = true;
"browser.aboutConfig.showWarning" = false;
"browser.startup.page" = 3; "browser.startup.page" = 3;
"browser.newtabpage.enabled" = false; "browser.newtabpage.enabled" = false;
"browser.tabs.inTitlebar" = 0; "browser.tabs.inTitlebar" = 0;
"browser.theme.content-theme" = 0;
"browser.theme.toolbar-theme" = 0;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.block_uncommon" = false;
"browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"extensions.pocket.enabled" = false; "extensions.pocket.enabled" = false;
"extensions.autoDisableScopes" = 0; "extensions.autoDisableScopes" = 0;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.formautofill.addresses.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"toolkit.tabbox.switchByScrolling" = true; "toolkit.tabbox.switchByScrolling" = true;
@ -168,6 +196,7 @@ in {
"clipboard.autocopy" = false; "clipboard.autocopy" = false;
"middlemouse.paste" = false; "middlemouse.paste" = false;
"datareporting.healthreport.uploadEnabled" = false;
"svg.context-properties.content.enabled" = true; "svg.context-properties.content.enabled" = true;
"device.sensors.motion.enabled" = false; "device.sensors.motion.enabled" = false;
"gnomeTheme.hideSingleTab" = true; "gnomeTheme.hideSingleTab" = true;
@ -179,8 +208,10 @@ in {
profiles = { profiles = {
Main = { Main = {
id = 0; id = 0;
isDefault = true;
extensions = commonExtensions; extensions = commonExtensions;
search = commonSearch; search = commonSearch;
bookmarks = commonBookmarks;
settings = commonSettings; settings = commonSettings;
userChrome = '' userChrome = ''
${themeJim} ${themeJim}
@ -192,6 +223,7 @@ in {
id = 1; id = 1;
extensions = commonExtensions; extensions = commonExtensions;
search = commonSearch; search = commonSearch;
bookmarks = commonBookmarks;
settings = commonSettings; settings = commonSettings;
userChrome = '' userChrome = ''
${themeAlt} ${themeAlt}
@ -203,8 +235,8 @@ in {
id = 2; id = 2;
extensions = commonExtensions; extensions = commonExtensions;
search = commonSearch; search = commonSearch;
bookmarks = commonBookmarks;
settings = commonSettings; settings = commonSettings;
containersForce = true;
}; };
}; };
}; };

View file

@ -0,0 +1,69 @@
{ ... }:
{
programs.thunderbird = {
enable = true;
profiles = {
Main = {
isDefault = true;
userContent = ''
*{scrollbar-width:none !important}
'';
settings = {
"general.autoScroll" = true;
"signon.rememberSignons" = false;
"signon.autofillForms" = false;
"security.password_lifetime" = 0;
"security.password.useMasterPassword" = false;
"security.mixed_content.block_active_content" = true;
"security.mixed_content.block_display_content" = true;
"extensions.enabled" = false;
"extensions.autoDisableScopes" = 0;
"extensions.allow-non-mpc-extensions" = false;
"extensions.installDistroAddons" = false;
"extensions.getAddons.cache.enabled" = false;
"extensions.blocklist.enabled" = true;
"extensions.webextensions.userSelection" = false;
"extensions.checkCompatibility" = false;
"extensions.allowRemoteAddons" = false;
"extensions.ui.enabled" = false;
"extensions.ui.useSystemTheme" = true;
"extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org";
"privacy.clearOnShutdown.cookies" = true;
"privacy.clearOnShutdown.cache" = true;
"privacy.clearOnShutdown.formdata" = true;
"privacy.clearOnShutdown.passwords" = true;
"privacy.clearOnShutdown.siteSettings" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.firstparty.isolate" = true;
"privacy.donottrackheader.enabled" = true;
"privacy.resistFingerprinting" = true;
"browser.history.enabled" = false;
"browser.sessionstore.privacy_level" = 2;
"browser.tabs.warnOnClose" = false;
"browser.shell.checkDefaultBrowser" = false;
"browser.urlbar.suggest.openpage" = false;
"browser.urlbar.suggest.bookmark" = false;
"browser.urlbar.suggest.history" = false;
"browser.urlbar.suggest.searches" = false;
"browser.urlbar.suggest.topsites" = false;
"browser.download.promptForDownload" = true;
"network.cookie.cookieBehavior" = 1;
"network.dns.dnsOverHttps.enabled" = true;
"network.http.speculative-parallel-limit" = 0;
"network.http.pipelining" = false;
"network.predictor.enabled" = false;
"network.cookie.lifetimePolicy" = 2;
"dom.storage.enabled" = false;
"dom.indexedDB.enabled" = false;
};
};
};
};
}

View file

@ -0,0 +1,28 @@
{
"policies": {
"OfferToSaveLogins": false,
"PasswordManagerEnabled": false,
"DisablePasswordReveal": true,
"DisableMasterPasswordCreation": true,
"Extensions": {
"install": false
},
"ExtensionSettings": {},
"BlockAboutAddons": true,
"BlockAboutConfig": true,
"BlockAboutProfiles": true,
"BlockAboutSupport": true,
"DisableTelemetry": true,
"DisableSafeMode": true,
"DisableSecurityBypass": true,
"DisableBuiltinPDFViewer": true,
"DisableAppUpdate": true,
"DNSOverHTTPS": true,
"CaptivePortal": false,
"PromptForDownloadLocation": true,
"NetworkPrediction": false,
"SearchEngines": {
"PreventInstalls": true
}
}
}

View file

@ -7,7 +7,6 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
ffmpeg ffmpeg
alsa-utils
puddletag puddletag
pulsemixer pulsemixer
]; ];

View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
vesktop vesktop

View file

@ -2,7 +2,7 @@
{ {
imports = [ imports = [
./launchers ./launchers
./games
./emulators ./emulators
./xash3d
]; ];
} }

View file

@ -6,6 +6,6 @@
ryujinx ryujinx
duckstation duckstation
pcsx2 pcsx2
#unstable.lime3ds lime3ds
]; ];
} }

View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
openarena
xash3d
];
}

View file

@ -1,4 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [ xash3d ];
}

View file

@ -1,11 +1,9 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
imv libreoffice
libreoffice-fresh
ffmpegthumbnailer ffmpegthumbnailer
thunderbird imv
protonvpn-cli_2
bc bc
]; ];
} }

View file

@ -5,6 +5,5 @@
p7zip p7zip
vimv vimv
dua dua
protonvpn-cli_2
]; ];
} }

View file

@ -4,7 +4,6 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
krita krita
inkscape
audacity audacity
blender_4_3 blender_4_3
]; ];

View file

@ -2,6 +2,6 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
moonlight-qt moonlight-qt
#rustdesk-flutter rustdesk-flutter
]; ];
} }

View file

@ -3,7 +3,6 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
remmina remmina
freerdp freerdp
zoom-us gpauth
openconnect
]; ];
} }

View file

@ -1,4 +0,0 @@
{ ... }:
{
programs.carapace.enable = true;
}

View file

@ -1,7 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./carapace
./fastfetch ./fastfetch
./git ./git
./ncmpcpp ./ncmpcpp

View file

@ -1,6 +1,7 @@
{ ... }: { ... }:
{ {
imports = [ ./small ]; imports = [ ./small ];
programs.fastfetch.enable = true; programs.fastfetch.enable = true;
home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc; home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc;
} }

View file

@ -1,10 +1,10 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [ ./lazygit ];
programs.git = { programs.git = {
enable = true; enable = true;
userName = "Jimbo"; userName = "Jimbo";
userEmail = "jimbo@${config.domains.jim2}"; userEmail = "jimbo@${config.domains.jim2}";
}; };
programs.lazygit.enable = true;
} }

View file

@ -1,4 +0,0 @@
{ ... }:
{
programs.lazygit.enable = true;
}

View file

@ -1,5 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home.packages = with pkgs; [ mpc-cli ];
programs.ncmpcpp = { programs.ncmpcpp = {
enable = true; enable = true;
settings = { settings = {
@ -15,6 +17,4 @@
}; };
services.mpd-discord-rpc.enable = true; services.mpd-discord-rpc.enable = true;
home.packages = with pkgs; [ mpc-cli ];
} }

View file

@ -1,6 +0,0 @@
{ ... }:
{
imports = [
./jimbo
];
}

View file

@ -1,5 +1,11 @@
{ ... }: { lib, ... }:
{ {
options.home.sway.enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable SwayWM";
};
imports = [ imports = [
./sway ./sway
./swaylock ./swaylock

View file

@ -6,13 +6,11 @@
./hotkeys ./hotkeys
./programs ./programs
./rules ./rules
./swayshot
./swaysleep
./theme ./theme
]; ];
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = config.home.sway.enable;
package = null; package = null;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
checkConfig = false; checkConfig = false;

View file

@ -1,5 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [
./swayshot
./swaysleep
];
home.packages = with pkgs; [ home.packages = with pkgs; [
clipman clipman
swaybg swaybg

View file

@ -1,7 +1,5 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
imports = [ ./swappy ];
home.packages = with pkgs; [ home.packages = with pkgs; [
(pkgs.writeScriptBin "swayshot" '' (pkgs.writeScriptBin "swayshot" ''
# Swappy # Swappy
@ -14,40 +12,28 @@
| XCURSOR_SIZE=40 slurp -w ${config.look.border.string} -c ${config.look.colors.prime} -B 00000066 -b 00000099) | XCURSOR_SIZE=40 slurp -w ${config.look.border.string} -c ${config.look.colors.prime} -B 00000066 -b 00000099)
temp_file=$(mktemp -u).png temp_file=$(mktemp -u).png
grim -g "$selected_area" "$temp_file" grim -g "$selected_area" "$temp_file"
# Kill the imv window
kill $imv_pid kill $imv_pid
# Copy the screenshot to the clipboard # Copy the screenshot to the clipboard and clear the temp
swappy -f - < "$temp_file" swappy -f - < "$temp_file"
# Clean up the temporary file
rm "$temp_file" rm "$temp_file"
} }
# Screen # Screen
handle_screen() { handle_screen() {
# Take a screenshot and save it to the temporary file
temp_file=$(mktemp -u).png temp_file=$(mktemp -u).png
grim -o $(swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .name') "$temp_file" grim -o $(swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .name') "$temp_file"
# Check if the screenshot was successfully taken # Check if the screenshot was successfully taken
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
# Copy the screenshot to the clipboard
wl-copy < "$temp_file" wl-copy < "$temp_file"
# Show a notification with the screenshot
notify-send -i "$temp_file" "Current screen copied." notify-send -i "$temp_file" "Current screen copied."
# Remove the temporary file
rm "$temp_file" rm "$temp_file"
else else
# If the screenshot capture failed, show an error notification
notify-send "Error: Unable to capture screenshot." notify-send "Error: Unable to capture screenshot."
fi fi
} }
# Check for command-line arguments
if [ "$1" == "--swappy" ]; then if [ "$1" == "--swappy" ]; then
handle_swappy handle_swappy
elif [ "$1" == "--screen" ]; then elif [ "$1" == "--screen" ]; then

View file

@ -8,7 +8,7 @@ let
text = "#FFFFFFFF"; text = "#FFFFFFFF";
in { in {
programs.swaylock = { programs.swaylock = {
enable = true; enable = config.home.desktop.enable;
package = pkgs.swaylock-effects; package = pkgs.swaylock-effects;
settings = { settings = {
clock = true; clock = true;

View file

@ -241,7 +241,7 @@
format-icons = ["" "" "" "" ""]; format-icons = ["" "" "" "" ""];
}; };
in { in {
enable = true; enable = config.home.desktop.enable;
settings = { settings = {
display1 = { display1 = {
name = "bar1"; name = "bar1";

View file

@ -1,4 +0,0 @@
{ ... }:
{
services.btrfs.autoScrub.enable = true;
}

View file

@ -1,12 +1,12 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [
./btrfs
./fstrim
];
boot.supportedFilesystems = { boot.supportedFilesystems = {
ntfs = true; ntfs = true;
zfs = lib.mkForce false; zfs = lib.mkForce false;
}; };
services = {
btrfs.autoScrub.enable = true;
fstrim.enable = true;
};
} }

View file

@ -1,4 +0,0 @@
{ ... }:
{
services.fstrim.enable = true;
}

View file

@ -1,4 +1,5 @@
{ ... }: { ... }:
{ {
system.etc.overlay.mutable = false; system.etc.overlay.mutable = false;
boot.tmp.cleanOnBoot = true;
} }

View file

@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./pdp
./oculus ./oculus
./pdp
]; ];
} }

View file

@ -1,11 +1,9 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
{ {
options.system.video.nouveau = { options.system.video.nouveau.enable = lib.mkOption {
enable = lib.mkOption { type = lib.types.bool;
type = lib.types.bool; default = false;
default = false; description = "Enable the open-source Nouveau driver";
description = "Enable the open-source Nouveau driver";
};
}; };
config = lib.mkIf config.system.video.nouveau.enable { config = lib.mkIf config.system.video.nouveau.enable {

View file

@ -1,11 +1,9 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
{ {
options.system.video.nvidia = { options.system.video.nvidia.enable = lib.mkOption {
enable = lib.mkOption { type = lib.types.bool;
type = lib.types.bool; default = false;
default = false; description = "Enable the proprietary Nvidia stack";
description = "Enable the proprietary Nvidia stack";
};
}; };
config = lib.mkIf config.system.video.nvidia.enable { config = lib.mkIf config.system.video.nvidia.enable {

View file

@ -1,17 +1,15 @@
{ lib, ... }: { lib, ... }:
with lib; { with lib; {
options = { options.system = {
system = { desktop.enable = mkOption {
desktop.enable = mkOption { type = types.bool;
type = types.bool; default = true;
default = true; description = "Enable desktop apps and services";
description = "Enable desktop apps and services"; };
}; server.enable = mkOption {
server.enable = mkOption { type = types.bool;
type = types.bool; default = false;
default = false; description = "Enable server services";
description = "Enable server services";
};
}; };
}; };
} }

View file

@ -1,7 +0,0 @@
{ config, ... }:
{
programs.appimage = {
enable = config.system.desktop.enable;
binfmt = config.system.desktop.enable;
};
}

View file

@ -1,7 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./appimage
./backlights ./backlights
./dconf ./dconf
./gaming ./gaming

View file

@ -9,6 +9,7 @@
PrintLastLog = "no"; PrintLastLog = "no";
PasswordAuthentication = false; PasswordAuthentication = false;
UsePAM = false; UsePAM = false;
X11Forwarding = false;
}; };
}; };