From 137a9ab6d9a1eb9142a7f50583c832bfbd1880e4 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Fri, 29 Nov 2024 01:49:18 -0500 Subject: [PATCH] Mostly security changes, add nouveau as a boot option, simplify settings and prepare for home-manager options --- flake.lock | 104 ++++-------------- flake.nix | 5 +- hosts/extern/boot/default.nix | 34 +----- hosts/extern/default.nix | 11 +- hosts/extern/disko/default.nix | 19 ++-- hosts/extern/filesystems/default.nix | 2 +- hosts/extern/hardware/default.nix | 9 +- hosts/extern/id_ed25519.pub | 1 + hosts/extern/modules/default.nix | 4 + hosts/extern/wireguard/default.nix | 23 ---- hosts/jupiter/default.nix | 5 +- hosts/tower/boot/default.nix | 15 ++- hosts/tower/users/jimbo/default.nix | 6 + modules/home/default.nix | 3 +- modules/home/options/default.nix | 8 ++ modules/home/programs/gui/default.nix | 4 +- .../home/programs/gui/librewolf/default.nix | 36 +++++- .../gui/{pcmanfm-qt => pcmanfm}/default.nix | 0 .../gui}/swappy/default.nix | 0 .../home/programs/gui/thunderbird/default.nix | 69 ++++++++++++ .../programs/gui/thunderbird/policies.json | 28 +++++ .../home/programs/misc/avtools/default.nix | 1 - modules/home/programs/misc/chat/default.nix | 2 +- modules/home/programs/misc/gaming/default.nix | 2 +- .../misc/gaming/emulators/default.nix | 2 +- .../programs/misc/gaming/games/default.nix | 7 ++ .../programs/misc/gaming/xash3d/default.nix | 4 - .../home/programs/misc/general/default.nix | 6 +- .../home/programs/misc/headless/default.nix | 1 - .../home/programs/misc/production/default.nix | 1 - .../programs/misc/remote-desktop/default.nix | 2 +- modules/home/programs/misc/school/default.nix | 3 +- .../programs/terminal/carapace/default.nix | 4 - modules/home/programs/terminal/default.nix | 1 - .../programs/terminal/fastfetch/default.nix | 1 + .../home/programs/terminal/git/default.nix | 4 +- .../programs/terminal/git/lazygit/default.nix | 4 - .../programs/terminal/ncmpcpp/default.nix | 4 +- .../home/{users/jimbo => user}/default.nix | 0 modules/home/users/default.nix | 6 - modules/home/wms/default.nix | 8 +- modules/home/wms/sway/default.nix | 4 +- modules/home/wms/sway/programs/default.nix | 5 + .../sway/{ => programs}/swayshot/default.nix | 16 +-- .../sway/{ => programs}/swaysleep/default.nix | 0 modules/home/wms/swaylock/default.nix | 2 +- modules/home/wms/waybar/default.nix | 2 +- .../disks/filesystems/btrfs/default.nix | 4 - .../devices/disks/filesystems/default.nix | 10 +- .../disks/filesystems/fstrim/default.nix | 4 - .../devices/disks/immutable/default.nix | 1 + modules/system/devices/udev/default.nix | 2 +- .../system/devices/video/nouveau/default.nix | 10 +- .../system/devices/video/nvidia/default.nix | 10 +- modules/system/options/default.nix | 22 ++-- modules/system/programs/appimage/default.nix | 7 -- modules/system/programs/default.nix | 1 - .../system/services/general/ssh/default.nix | 1 + 58 files changed, 281 insertions(+), 269 deletions(-) create mode 100644 hosts/extern/id_ed25519.pub create mode 100644 hosts/extern/modules/default.nix delete mode 100644 hosts/extern/wireguard/default.nix create mode 100644 hosts/tower/users/jimbo/default.nix create mode 100644 modules/home/options/default.nix rename modules/home/programs/gui/{pcmanfm-qt => pcmanfm}/default.nix (100%) rename modules/home/{wms/sway/swayshot => programs/gui}/swappy/default.nix (100%) create mode 100644 modules/home/programs/gui/thunderbird/default.nix create mode 100644 modules/home/programs/gui/thunderbird/policies.json create mode 100644 modules/home/programs/misc/gaming/games/default.nix delete mode 100644 modules/home/programs/misc/gaming/xash3d/default.nix delete mode 100644 modules/home/programs/terminal/carapace/default.nix delete mode 100644 modules/home/programs/terminal/git/lazygit/default.nix rename modules/home/{users/jimbo => user}/default.nix (100%) delete mode 100644 modules/home/users/default.nix rename modules/home/wms/sway/{ => programs}/swayshot/default.nix (75%) rename modules/home/wms/sway/{ => programs}/swaysleep/default.nix (100%) delete mode 100644 modules/system/devices/disks/filesystems/btrfs/default.nix delete mode 100644 modules/system/devices/disks/filesystems/fstrim/default.nix delete mode 100644 modules/system/programs/appimage/default.nix diff --git a/flake.lock b/flake.lock index f7e358b..5bace6a 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1732221404, - "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", + "lastModified": 1732742778, + "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=", "owner": "nix-community", "repo": "disko", - "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", + "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8", "type": "github" }, "original": { @@ -208,11 +208,11 @@ ] }, "locked": { - "lastModified": 1731880681, - "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { @@ -237,25 +237,6 @@ "type": "github" } }, - "jovian": { - "inputs": { - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1732032028, - "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=", - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "rev": "65dc04371cf914c9af4f073638821e4787303005", - "type": "github" - }, - "original": { - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane", @@ -287,7 +268,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, @@ -310,14 +291,14 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1732153840, - "narHash": "sha256-lt8Gdx6TNheby/9lRNE1GMP3vkdpLaXmyHQk+ZvYNAY=", + "lastModified": 1732688645, + "narHash": "sha256-SQBVnfTAhVmNs5mKjoe942GykhAh9RQbcqScK9XlsWM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "8325d463c1c424f2e6edeef2010c0d902a37b3d3", + "rev": "6adec7f87f6c1d455f89f57bd697740bd6dc88fa", "type": "github" }, "original": { @@ -326,28 +307,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "jovian", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729697500, - "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", - "owner": "zhaofengli", - "repo": "nix-github-actions", - "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "matrix-name", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1722221733, @@ -394,22 +353,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1729665710, - "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1717602782, "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", @@ -424,7 +367,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1715266358, "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", @@ -440,13 +383,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1732350895, + "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3", "type": "github" }, "original": { @@ -457,11 +400,11 @@ }, "nur": { "locked": { - "lastModified": 1732220928, - "narHash": "sha256-OOFqnjTax0132/mBsRpVD1QTMlZUCbVexKgKUVUxJNg=", + "lastModified": 1732745437, + "narHash": "sha256-o0xF2tQ4dibaVWk7T9yLIDJZ68VpRwSY0T7q892m4MM=", "owner": "nix-community", "repo": "NUR", - "rev": "8439fca0da7f67b331edcca08eb2a47249be72f4", + "rev": "fbe88c0dba3181daf3ef9760e548329fcc320f9d", "type": "github" }, "original": { @@ -503,11 +446,10 @@ "disko": "disko", "home-manager": "home-manager", "impermanence": "impermanence", - "jovian": "jovian", "lanzaboote": "lanzaboote", "mailserver": "mailserver", "minecraft": "minecraft", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nur": "nur", "unstable": "unstable" } @@ -584,11 +526,11 @@ }, "unstable": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index dabd782..a38f065 100644 --- a/flake.nix +++ b/flake.nix @@ -17,7 +17,6 @@ impermanence.url = "github:nix-community/impermanence"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; minecraft.url = "github:Infinidoge/nix-minecraft"; - jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; # Home inputs home-manager = { @@ -37,7 +36,6 @@ impermanence, mailserver, minecraft, - jovian, home-manager, nur, blender-bin, @@ -54,7 +52,6 @@ impermanence mailserver minecraft - jovian home-manager nur blender-bin @@ -80,7 +77,7 @@ axolotl = mkNix [ ./hosts/axolotl ]; # PineBook Pro lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot Laptop - extern = mkNix [ ./hosts/extern ]; # Portable Hard-Drive + extern = mkNix [ ./hosts/extern ]; # ISO Image kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 xenia = mkNix [ ./hosts/xenia ]; # Acer Veriton X2611G diff --git a/hosts/extern/boot/default.nix b/hosts/extern/boot/default.nix index 972bff6..a035652 100644 --- a/hosts/extern/boot/default.nix +++ b/hosts/extern/boot/default.nix @@ -1,36 +1,8 @@ -{ config, pkgs, ... }: -let - commonKernelParams = [ - # VM/GPU passthrough - "amd_iommu=on" - "iommu=pt" - "nested=1" - - # Virtualization nonsense - "transparent_hugepage=never" - - # Isolate devices into IOMMU groups - "pcie_acs_override=downstream,multifunction" - "pci=routeirq" - ]; -in { +{ pkgs, ... }: +{ boot = { - # Must be Zen for IOMMU isolation - kernelPackages = pkgs.unstable.linuxPackages_zen; + kernelPackages = pkgs.unstable.linuxPackages_latest; kernel.sysctl."vm.max_map_count" = 2147483642; - kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; blacklistedKernelModules = [ "pcspkr" ]; - - # Needed for GPU passthrough - initrd.kernelModules = [ - "vfio" - "vfio_pci" - "vfio_iommu_type1" - ]; - }; - - # Use second GPU on boot - specialisation.gputwo.configuration = { - boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; }; } diff --git a/hosts/extern/default.nix b/hosts/extern/default.nix index c1ddb3a..3e489b6 100644 --- a/hosts/extern/default.nix +++ b/hosts/extern/default.nix @@ -1,17 +1,20 @@ -{ lib, ... }: +{ ... }: { imports = [ ./boot ./disko ./filesystems ./hardware - ./wireguard + ./modules ../../modules/system ]; - services.btrfs.autoScrub.enable = lib.mkForce false; + system.wireless.enable = false; - system.video.nvidia.enable = true; + system.wireguard.client.enable = true; + networking.wireguard.interfaces.wgc.ips = [ "10.100.0.21/24" ]; + + boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; networking.hostName = "extern"; } diff --git a/hosts/extern/disko/default.nix b/hosts/extern/disko/default.nix index e8471a3..d5ccc1b 100644 --- a/hosts/extern/disko/default.nix +++ b/hosts/extern/disko/default.nix @@ -6,7 +6,7 @@ disk = { "${config.networking.hostName}" = { type = "disk"; - device = "/dev/sdg"; + device = "/dev/nvme0n1"; content = { type = "gpt"; partitions = { @@ -39,13 +39,6 @@ }; }; - nodev = { - "/" = { - fsType = "tmpfs"; - mountOptions = [ "size=4G" ]; - }; - }; - lvm_vg = { "${config.networking.hostName}" = { type = "lvm_vg"; @@ -56,6 +49,14 @@ type = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/prev" = { + mountpoint = "/prev"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; "/nix" = { mountpoint = "/nix"; mountOptions = [ "compress=zstd" "noatime" "ssd" ]; @@ -77,7 +78,7 @@ }; }; swap = { - size = "8G"; + size = "4G"; content = { type = "swap"; discardPolicy = "both"; diff --git a/hosts/extern/filesystems/default.nix b/hosts/extern/filesystems/default.nix index 60aeaf3..3596409 100644 --- a/hosts/extern/filesystems/default.nix +++ b/hosts/extern/filesystems/default.nix @@ -1,7 +1,7 @@ { config, ... }: { fileSystems = { - # Remote + # Network mounts "/home/jimbo/JimboNFS" = { device = "10.100.0.1:/export/JimboNFS"; fsType = "nfs4"; diff --git a/hosts/extern/hardware/default.nix b/hosts/extern/hardware/default.nix index 807c3d4..6f4ec49 100644 --- a/hosts/extern/hardware/default.nix +++ b/hosts/extern/hardware/default.nix @@ -1,9 +1,10 @@ -{ config, lib, modulesPath, ... }: +# nixos-generate-config --root ./ --no-filesystems +{ config, lib, ... }: { - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "dm-snapshot" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "sr_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/extern/id_ed25519.pub b/hosts/extern/id_ed25519.pub new file mode 100644 index 0000000..e36a85d --- /dev/null +++ b/hosts/extern/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl diff --git a/hosts/extern/modules/default.nix b/hosts/extern/modules/default.nix new file mode 100644 index 0000000..a16dc39 --- /dev/null +++ b/hosts/extern/modules/default.nix @@ -0,0 +1,4 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; +} diff --git a/hosts/extern/wireguard/default.nix b/hosts/extern/wireguard/default.nix deleted file mode 100644 index 4c90766..0000000 --- a/hosts/extern/wireguard/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, config, ... }: -{ - networking = { - firewall = { - allowedUDPPorts = [ 51820 ]; - trustedInterfaces = [ "wgc" ]; - }; - - wireguard.interfaces.wgc = { - ips = [ "10.100.0.20/24" ]; - listenPort = 51820; - privateKey = config.secrets.wgClientPriv; - peers = [ - { # Cyberspark Server - publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "sv.${config.domains.jim1}:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index a158e15..5be5666 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -1,4 +1,4 @@ -{ jovian, ... }: +{ ... }: { imports = [ ./boot @@ -7,13 +7,10 @@ ./hardware ./wireguard ../../modules/system - jovian.nixosModules.default ]; system.lanzaboote.enable = true; system.libvirtd.enable = true; - jovian.steamos.useSteamOSConfig = true; - networking.hostName = "jupiter"; } diff --git a/hosts/tower/boot/default.nix b/hosts/tower/boot/default.nix index 972bff6..9bb39a2 100644 --- a/hosts/tower/boot/default.nix +++ b/hosts/tower/boot/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let commonKernelParams = [ # VM/GPU passthrough @@ -21,6 +21,9 @@ in { kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ]; blacklistedKernelModules = [ "pcspkr" ]; + # Enable cross-compilation + binfmt.emulatedSystems = [ "aarch64-linux" ]; + # Needed for GPU passthrough initrd.kernelModules = [ "vfio" @@ -33,4 +36,14 @@ in { specialisation.gputwo.configuration = { boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ]; }; + + # Use Nouveau + specialisation.nouveau.configuration.config = { + environment.sessionVariables = { + NIXOS_OZONE_WL = lib.mkForce "0"; + WLR_RENDERER = lib.mkForce "vulkan"; + }; + system.video.nvidia.enable = lib.mkForce false; + system.video.nouveau.enable = lib.mkForce true; + }; } diff --git a/hosts/tower/users/jimbo/default.nix b/hosts/tower/users/jimbo/default.nix new file mode 100644 index 0000000..254c09a --- /dev/null +++ b/hosts/tower/users/jimbo/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + home-manager.users.jimbo = { + + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index d060006..26fd29b 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -2,11 +2,12 @@ { imports = [ ./files + ./options ./programs ./services ./settings ./wms - ./users + ./user ../extras # Imports diff --git a/modules/home/options/default.nix b/modules/home/options/default.nix new file mode 100644 index 0000000..b4997d3 --- /dev/null +++ b/modules/home/options/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +with lib; { + options.home.desktop.enable = mkOption { + type = types.bool; + default = true; + description = "Enable desktop apps and services, but home-manager"; + }; +} diff --git a/modules/home/programs/gui/default.nix b/modules/home/programs/gui/default.nix index fefac51..35536f5 100644 --- a/modules/home/programs/gui/default.nix +++ b/modules/home/programs/gui/default.nix @@ -7,7 +7,9 @@ ./mako ./mangohud ./mpv - ./pcmanfm-qt + ./pcmanfm ./rofi + ./swappy + ./thunderbird ]; } diff --git a/modules/home/programs/gui/librewolf/default.nix b/modules/home/programs/gui/librewolf/default.nix index d9a7f58..3458642 100644 --- a/modules/home/programs/gui/librewolf/default.nix +++ b/modules/home/programs/gui/librewolf/default.nix @@ -112,6 +112,24 @@ in { }; }; }; + commonBookmarks = [ + { + name = "Jimbo"; + url = "https://jimbosfiles.com"; + } + { + name = "Corn"; + url = "https://freecorn1854.win"; + } + { + name = "Luna"; + url = "https://www.lunamoonlight.xyz"; + } + { + name = "Kernel"; + url = "https://www.kernel.org"; + } + ]; commonSettings = { "general.autoScroll" = true; @@ -123,18 +141,28 @@ in { "browser.uidensity" = 1; "browser.compactmode.show" = true; - "browser.toolbars.bookmarks.visibility" = "never"; + "browser.toolbars.bookmarks.visibility" = "newtab"; "browser.contentblocking.category" = "strict"; "browser.helperApps.deleteTempFileOnExit" = true; "browser.search.separatePrivateDefault" = false; "browser.download.useDownloadDir" = true; + "browser.aboutConfig.showWarning" = false; "browser.startup.page" = 3; "browser.newtabpage.enabled" = false; "browser.tabs.inTitlebar" = 0; + "browser.theme.content-theme" = 0; + "browser.theme.toolbar-theme" = 0; + "browser.safebrowsing.downloads.enabled" = false; + "browser.safebrowsing.downloads.remote.enabled" = false; + "browser.safebrowsing.downloads.remote.block_uncommon" = false; + "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; "extensions.pocket.enabled" = false; "extensions.autoDisableScopes" = 0; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; + "extensions.formautofill.addresses.enabled" = false; "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "toolkit.tabbox.switchByScrolling" = true; @@ -168,6 +196,7 @@ in { "clipboard.autocopy" = false; "middlemouse.paste" = false; + "datareporting.healthreport.uploadEnabled" = false; "svg.context-properties.content.enabled" = true; "device.sensors.motion.enabled" = false; "gnomeTheme.hideSingleTab" = true; @@ -179,8 +208,10 @@ in { profiles = { Main = { id = 0; + isDefault = true; extensions = commonExtensions; search = commonSearch; + bookmarks = commonBookmarks; settings = commonSettings; userChrome = '' ${themeJim} @@ -192,6 +223,7 @@ in { id = 1; extensions = commonExtensions; search = commonSearch; + bookmarks = commonBookmarks; settings = commonSettings; userChrome = '' ${themeAlt} @@ -203,8 +235,8 @@ in { id = 2; extensions = commonExtensions; search = commonSearch; + bookmarks = commonBookmarks; settings = commonSettings; - containersForce = true; }; }; }; diff --git a/modules/home/programs/gui/pcmanfm-qt/default.nix b/modules/home/programs/gui/pcmanfm/default.nix similarity index 100% rename from modules/home/programs/gui/pcmanfm-qt/default.nix rename to modules/home/programs/gui/pcmanfm/default.nix diff --git a/modules/home/wms/sway/swayshot/swappy/default.nix b/modules/home/programs/gui/swappy/default.nix similarity index 100% rename from modules/home/wms/sway/swayshot/swappy/default.nix rename to modules/home/programs/gui/swappy/default.nix diff --git a/modules/home/programs/gui/thunderbird/default.nix b/modules/home/programs/gui/thunderbird/default.nix new file mode 100644 index 0000000..e227b2b --- /dev/null +++ b/modules/home/programs/gui/thunderbird/default.nix @@ -0,0 +1,69 @@ +{ ... }: +{ + programs.thunderbird = { + enable = true; + profiles = { + Main = { + isDefault = true; + userContent = '' + *{scrollbar-width:none !important} + ''; + settings = { + "general.autoScroll" = true; + + "signon.rememberSignons" = false; + "signon.autofillForms" = false; + + "security.password_lifetime" = 0; + "security.password.useMasterPassword" = false; + "security.mixed_content.block_active_content" = true; + "security.mixed_content.block_display_content" = true; + + "extensions.enabled" = false; + "extensions.autoDisableScopes" = 0; + "extensions.allow-non-mpc-extensions" = false; + "extensions.installDistroAddons" = false; + "extensions.getAddons.cache.enabled" = false; + "extensions.blocklist.enabled" = true; + "extensions.webextensions.userSelection" = false; + "extensions.checkCompatibility" = false; + "extensions.allowRemoteAddons" = false; + "extensions.ui.enabled" = false; + "extensions.ui.useSystemTheme" = true; + "extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org"; + + "privacy.clearOnShutdown.cookies" = true; + "privacy.clearOnShutdown.cache" = true; + "privacy.clearOnShutdown.formdata" = true; + "privacy.clearOnShutdown.passwords" = true; + "privacy.clearOnShutdown.siteSettings" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.firstparty.isolate" = true; + "privacy.donottrackheader.enabled" = true; + "privacy.resistFingerprinting" = true; + + "browser.history.enabled" = false; + "browser.sessionstore.privacy_level" = 2; + "browser.tabs.warnOnClose" = false; + "browser.shell.checkDefaultBrowser" = false; + "browser.urlbar.suggest.openpage" = false; + "browser.urlbar.suggest.bookmark" = false; + "browser.urlbar.suggest.history" = false; + "browser.urlbar.suggest.searches" = false; + "browser.urlbar.suggest.topsites" = false; + "browser.download.promptForDownload" = true; + + "network.cookie.cookieBehavior" = 1; + "network.dns.dnsOverHttps.enabled" = true; + "network.http.speculative-parallel-limit" = 0; + "network.http.pipelining" = false; + "network.predictor.enabled" = false; + "network.cookie.lifetimePolicy" = 2; + + "dom.storage.enabled" = false; + "dom.indexedDB.enabled" = false; + }; + }; + }; + }; +} diff --git a/modules/home/programs/gui/thunderbird/policies.json b/modules/home/programs/gui/thunderbird/policies.json new file mode 100644 index 0000000..464ee3d --- /dev/null +++ b/modules/home/programs/gui/thunderbird/policies.json @@ -0,0 +1,28 @@ +{ + "policies": { + "OfferToSaveLogins": false, + "PasswordManagerEnabled": false, + "DisablePasswordReveal": true, + "DisableMasterPasswordCreation": true, + "Extensions": { + "install": false + }, + "ExtensionSettings": {}, + "BlockAboutAddons": true, + "BlockAboutConfig": true, + "BlockAboutProfiles": true, + "BlockAboutSupport": true, + "DisableTelemetry": true, + "DisableSafeMode": true, + "DisableSecurityBypass": true, + "DisableBuiltinPDFViewer": true, + "DisableAppUpdate": true, + "DNSOverHTTPS": true, + "CaptivePortal": false, + "PromptForDownloadLocation": true, + "NetworkPrediction": false, + "SearchEngines": { + "PreventInstalls": true + } + } +} diff --git a/modules/home/programs/misc/avtools/default.nix b/modules/home/programs/misc/avtools/default.nix index c7a0f07..6e09c51 100644 --- a/modules/home/programs/misc/avtools/default.nix +++ b/modules/home/programs/misc/avtools/default.nix @@ -7,7 +7,6 @@ home.packages = with pkgs; [ ffmpeg - alsa-utils puddletag pulsemixer ]; diff --git a/modules/home/programs/misc/chat/default.nix b/modules/home/programs/misc/chat/default.nix index bc0722e..ef82d03 100644 --- a/modules/home/programs/misc/chat/default.nix +++ b/modules/home/programs/misc/chat/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { home.packages = with pkgs; [ vesktop diff --git a/modules/home/programs/misc/gaming/default.nix b/modules/home/programs/misc/gaming/default.nix index 9e9eaae..0508cd9 100644 --- a/modules/home/programs/misc/gaming/default.nix +++ b/modules/home/programs/misc/gaming/default.nix @@ -2,7 +2,7 @@ { imports = [ ./launchers + ./games ./emulators - ./xash3d ]; } diff --git a/modules/home/programs/misc/gaming/emulators/default.nix b/modules/home/programs/misc/gaming/emulators/default.nix index 0187369..758f6ef 100644 --- a/modules/home/programs/misc/gaming/emulators/default.nix +++ b/modules/home/programs/misc/gaming/emulators/default.nix @@ -6,6 +6,6 @@ ryujinx duckstation pcsx2 - #unstable.lime3ds + lime3ds ]; } diff --git a/modules/home/programs/misc/gaming/games/default.nix b/modules/home/programs/misc/gaming/games/default.nix new file mode 100644 index 0000000..2d0715b --- /dev/null +++ b/modules/home/programs/misc/gaming/games/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + openarena + xash3d + ]; +} diff --git a/modules/home/programs/misc/gaming/xash3d/default.nix b/modules/home/programs/misc/gaming/xash3d/default.nix deleted file mode 100644 index b951409..0000000 --- a/modules/home/programs/misc/gaming/xash3d/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = with pkgs; [ xash3d ]; -} diff --git a/modules/home/programs/misc/general/default.nix b/modules/home/programs/misc/general/default.nix index d350a5c..826d3de 100644 --- a/modules/home/programs/misc/general/default.nix +++ b/modules/home/programs/misc/general/default.nix @@ -1,11 +1,9 @@ { pkgs, ... }: { home.packages = with pkgs; [ - imv - libreoffice-fresh + libreoffice ffmpegthumbnailer - thunderbird - protonvpn-cli_2 + imv bc ]; } diff --git a/modules/home/programs/misc/headless/default.nix b/modules/home/programs/misc/headless/default.nix index add2892..250734c 100644 --- a/modules/home/programs/misc/headless/default.nix +++ b/modules/home/programs/misc/headless/default.nix @@ -5,6 +5,5 @@ p7zip vimv dua - protonvpn-cli_2 ]; } diff --git a/modules/home/programs/misc/production/default.nix b/modules/home/programs/misc/production/default.nix index 5d0c16e..cebd518 100644 --- a/modules/home/programs/misc/production/default.nix +++ b/modules/home/programs/misc/production/default.nix @@ -4,7 +4,6 @@ home.packages = with pkgs; [ krita - inkscape audacity blender_4_3 ]; diff --git a/modules/home/programs/misc/remote-desktop/default.nix b/modules/home/programs/misc/remote-desktop/default.nix index 9cfe054..10a01f2 100644 --- a/modules/home/programs/misc/remote-desktop/default.nix +++ b/modules/home/programs/misc/remote-desktop/default.nix @@ -2,6 +2,6 @@ { home.packages = with pkgs; [ moonlight-qt - #rustdesk-flutter + rustdesk-flutter ]; } diff --git a/modules/home/programs/misc/school/default.nix b/modules/home/programs/misc/school/default.nix index e7143af..ed9859a 100644 --- a/modules/home/programs/misc/school/default.nix +++ b/modules/home/programs/misc/school/default.nix @@ -3,7 +3,6 @@ home.packages = with pkgs; [ remmina freerdp - zoom-us - openconnect + gpauth ]; } diff --git a/modules/home/programs/terminal/carapace/default.nix b/modules/home/programs/terminal/carapace/default.nix deleted file mode 100644 index 625d54b..0000000 --- a/modules/home/programs/terminal/carapace/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - programs.carapace.enable = true; -} diff --git a/modules/home/programs/terminal/default.nix b/modules/home/programs/terminal/default.nix index 6cc9c7c..680d658 100644 --- a/modules/home/programs/terminal/default.nix +++ b/modules/home/programs/terminal/default.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./carapace ./fastfetch ./git ./ncmpcpp diff --git a/modules/home/programs/terminal/fastfetch/default.nix b/modules/home/programs/terminal/fastfetch/default.nix index b40c4ea..dd7417e 100644 --- a/modules/home/programs/terminal/fastfetch/default.nix +++ b/modules/home/programs/terminal/fastfetch/default.nix @@ -1,6 +1,7 @@ { ... }: { imports = [ ./small ]; + programs.fastfetch.enable = true; home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc; } diff --git a/modules/home/programs/terminal/git/default.nix b/modules/home/programs/terminal/git/default.nix index 7d4656a..baf4099 100644 --- a/modules/home/programs/terminal/git/default.nix +++ b/modules/home/programs/terminal/git/default.nix @@ -1,10 +1,10 @@ { pkgs, config, ... }: { - imports = [ ./lazygit ]; - programs.git = { enable = true; userName = "Jimbo"; userEmail = "jimbo@${config.domains.jim2}"; }; + + programs.lazygit.enable = true; } diff --git a/modules/home/programs/terminal/git/lazygit/default.nix b/modules/home/programs/terminal/git/lazygit/default.nix deleted file mode 100644 index e7aa98b..0000000 --- a/modules/home/programs/terminal/git/lazygit/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - programs.lazygit.enable = true; -} diff --git a/modules/home/programs/terminal/ncmpcpp/default.nix b/modules/home/programs/terminal/ncmpcpp/default.nix index 2b12d46..cf133a9 100644 --- a/modules/home/programs/terminal/ncmpcpp/default.nix +++ b/modules/home/programs/terminal/ncmpcpp/default.nix @@ -1,5 +1,7 @@ { pkgs, ... }: { + home.packages = with pkgs; [ mpc-cli ]; + programs.ncmpcpp = { enable = true; settings = { @@ -15,6 +17,4 @@ }; services.mpd-discord-rpc.enable = true; - - home.packages = with pkgs; [ mpc-cli ]; } diff --git a/modules/home/users/jimbo/default.nix b/modules/home/user/default.nix similarity index 100% rename from modules/home/users/jimbo/default.nix rename to modules/home/user/default.nix diff --git a/modules/home/users/default.nix b/modules/home/users/default.nix deleted file mode 100644 index 4f6dbf4..0000000 --- a/modules/home/users/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - imports = [ - ./jimbo - ]; -} diff --git a/modules/home/wms/default.nix b/modules/home/wms/default.nix index e662554..d26b806 100644 --- a/modules/home/wms/default.nix +++ b/modules/home/wms/default.nix @@ -1,5 +1,11 @@ -{ ... }: +{ lib, ... }: { + options.home.sway.enable = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Enable SwayWM"; + }; + imports = [ ./sway ./swaylock diff --git a/modules/home/wms/sway/default.nix b/modules/home/wms/sway/default.nix index 70dbeff..369f386 100644 --- a/modules/home/wms/sway/default.nix +++ b/modules/home/wms/sway/default.nix @@ -6,13 +6,11 @@ ./hotkeys ./programs ./rules - ./swayshot - ./swaysleep ./theme ]; wayland.windowManager.sway = { - enable = true; + enable = config.home.sway.enable; package = null; wrapperFeatures.gtk = true; checkConfig = false; diff --git a/modules/home/wms/sway/programs/default.nix b/modules/home/wms/sway/programs/default.nix index 92a7d7d..7c4cc5a 100644 --- a/modules/home/wms/sway/programs/default.nix +++ b/modules/home/wms/sway/programs/default.nix @@ -1,5 +1,10 @@ { pkgs, ... }: { + imports = [ + ./swayshot + ./swaysleep + ]; + home.packages = with pkgs; [ clipman swaybg diff --git a/modules/home/wms/sway/swayshot/default.nix b/modules/home/wms/sway/programs/swayshot/default.nix similarity index 75% rename from modules/home/wms/sway/swayshot/default.nix rename to modules/home/wms/sway/programs/swayshot/default.nix index 25e498a..1eadab2 100644 --- a/modules/home/wms/sway/swayshot/default.nix +++ b/modules/home/wms/sway/programs/swayshot/default.nix @@ -1,7 +1,5 @@ { pkgs, config, ... }: { - imports = [ ./swappy ]; - home.packages = with pkgs; [ (pkgs.writeScriptBin "swayshot" '' # Swappy @@ -14,40 +12,28 @@ | XCURSOR_SIZE=40 slurp -w ${config.look.border.string} -c ${config.look.colors.prime} -B 00000066 -b 00000099) temp_file=$(mktemp -u).png grim -g "$selected_area" "$temp_file" - - # Kill the imv window kill $imv_pid - # Copy the screenshot to the clipboard + # Copy the screenshot to the clipboard and clear the temp swappy -f - < "$temp_file" - - # Clean up the temporary file rm "$temp_file" } # Screen handle_screen() { - # Take a screenshot and save it to the temporary file temp_file=$(mktemp -u).png grim -o $(swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .name') "$temp_file" # Check if the screenshot was successfully taken if [ $? -eq 0 ]; then - # Copy the screenshot to the clipboard wl-copy < "$temp_file" - - # Show a notification with the screenshot notify-send -i "$temp_file" "Current screen copied." - - # Remove the temporary file rm "$temp_file" else - # If the screenshot capture failed, show an error notification notify-send "Error: Unable to capture screenshot." fi } - # Check for command-line arguments if [ "$1" == "--swappy" ]; then handle_swappy elif [ "$1" == "--screen" ]; then diff --git a/modules/home/wms/sway/swaysleep/default.nix b/modules/home/wms/sway/programs/swaysleep/default.nix similarity index 100% rename from modules/home/wms/sway/swaysleep/default.nix rename to modules/home/wms/sway/programs/swaysleep/default.nix diff --git a/modules/home/wms/swaylock/default.nix b/modules/home/wms/swaylock/default.nix index 8fcb407..59e1083 100644 --- a/modules/home/wms/swaylock/default.nix +++ b/modules/home/wms/swaylock/default.nix @@ -8,7 +8,7 @@ let text = "#FFFFFFFF"; in { programs.swaylock = { - enable = true; + enable = config.home.desktop.enable; package = pkgs.swaylock-effects; settings = { clock = true; diff --git a/modules/home/wms/waybar/default.nix b/modules/home/wms/waybar/default.nix index d4af17a..0c0cacd 100644 --- a/modules/home/wms/waybar/default.nix +++ b/modules/home/wms/waybar/default.nix @@ -241,7 +241,7 @@ format-icons = ["" "" "" "" ""]; }; in { - enable = true; + enable = config.home.desktop.enable; settings = { display1 = { name = "bar1"; diff --git a/modules/system/devices/disks/filesystems/btrfs/default.nix b/modules/system/devices/disks/filesystems/btrfs/default.nix deleted file mode 100644 index 1b87165..0000000 --- a/modules/system/devices/disks/filesystems/btrfs/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - services.btrfs.autoScrub.enable = true; -} diff --git a/modules/system/devices/disks/filesystems/default.nix b/modules/system/devices/disks/filesystems/default.nix index cebdfd4..8d3e53c 100644 --- a/modules/system/devices/disks/filesystems/default.nix +++ b/modules/system/devices/disks/filesystems/default.nix @@ -1,12 +1,12 @@ { lib, ... }: { - imports = [ - ./btrfs - ./fstrim - ]; - boot.supportedFilesystems = { ntfs = true; zfs = lib.mkForce false; }; + + services = { + btrfs.autoScrub.enable = true; + fstrim.enable = true; + }; } diff --git a/modules/system/devices/disks/filesystems/fstrim/default.nix b/modules/system/devices/disks/filesystems/fstrim/default.nix deleted file mode 100644 index c7d1151..0000000 --- a/modules/system/devices/disks/filesystems/fstrim/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - services.fstrim.enable = true; -} diff --git a/modules/system/devices/disks/immutable/default.nix b/modules/system/devices/disks/immutable/default.nix index fa74dde..9b07e92 100644 --- a/modules/system/devices/disks/immutable/default.nix +++ b/modules/system/devices/disks/immutable/default.nix @@ -1,4 +1,5 @@ { ... }: { system.etc.overlay.mutable = false; + boot.tmp.cleanOnBoot = true; } diff --git a/modules/system/devices/udev/default.nix b/modules/system/devices/udev/default.nix index 3c5941a..8e43e33 100644 --- a/modules/system/devices/udev/default.nix +++ b/modules/system/devices/udev/default.nix @@ -1,7 +1,7 @@ { ... }: { imports = [ - ./pdp ./oculus + ./pdp ]; } diff --git a/modules/system/devices/video/nouveau/default.nix b/modules/system/devices/video/nouveau/default.nix index 9f258e4..506da52 100644 --- a/modules/system/devices/video/nouveau/default.nix +++ b/modules/system/devices/video/nouveau/default.nix @@ -1,11 +1,9 @@ { lib, pkgs, config, ... }: { - options.system.video.nouveau = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable the open-source Nouveau driver"; - }; + options.system.video.nouveau.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable the open-source Nouveau driver"; }; config = lib.mkIf config.system.video.nouveau.enable { diff --git a/modules/system/devices/video/nvidia/default.nix b/modules/system/devices/video/nvidia/default.nix index f49b389..1204021 100644 --- a/modules/system/devices/video/nvidia/default.nix +++ b/modules/system/devices/video/nvidia/default.nix @@ -1,11 +1,9 @@ { lib, pkgs, config, ... }: { - options.system.video.nvidia = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable the proprietary Nvidia stack"; - }; + options.system.video.nvidia.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable the proprietary Nvidia stack"; }; config = lib.mkIf config.system.video.nvidia.enable { diff --git a/modules/system/options/default.nix b/modules/system/options/default.nix index 46eee8a..9ad84b1 100644 --- a/modules/system/options/default.nix +++ b/modules/system/options/default.nix @@ -1,17 +1,15 @@ { lib, ... }: with lib; { - options = { - system = { - desktop.enable = mkOption { - type = types.bool; - default = true; - description = "Enable desktop apps and services"; - }; - server.enable = mkOption { - type = types.bool; - default = false; - description = "Enable server services"; - }; + options.system = { + desktop.enable = mkOption { + type = types.bool; + default = true; + description = "Enable desktop apps and services"; + }; + server.enable = mkOption { + type = types.bool; + default = false; + description = "Enable server services"; }; }; } diff --git a/modules/system/programs/appimage/default.nix b/modules/system/programs/appimage/default.nix deleted file mode 100644 index 332b986..0000000 --- a/modules/system/programs/appimage/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, ... }: -{ - programs.appimage = { - enable = config.system.desktop.enable; - binfmt = config.system.desktop.enable; - }; -} diff --git a/modules/system/programs/default.nix b/modules/system/programs/default.nix index 47e8fb2..a25d312 100644 --- a/modules/system/programs/default.nix +++ b/modules/system/programs/default.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./appimage ./backlights ./dconf ./gaming diff --git a/modules/system/services/general/ssh/default.nix b/modules/system/services/general/ssh/default.nix index bc3b44b..ec13d9c 100644 --- a/modules/system/services/general/ssh/default.nix +++ b/modules/system/services/general/ssh/default.nix @@ -9,6 +9,7 @@ PrintLastLog = "no"; PasswordAuthentication = false; UsePAM = false; + X11Forwarding = false; }; };