From 7c5ff0253e1113dd5bbba842114d7456b6fa66c2 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Mon, 9 Dec 2024 23:07:20 -0500 Subject: [PATCH] Move and rename some stuff whatever --- hosts/tower/filesystems/default.nix | 2 +- modules/home/files/default.nix | 16 +++------- modules/home/options/default.nix | 1 - .../home/programs/gui/librewolf/default.nix | 2 +- modules/home/programs/gui/pcmanfm/default.nix | 4 +-- modules/home/programs/terminal/default.nix | 1 + .../programs/terminal}/nh/default.nix | 1 - .../home/programs/terminal/zsh/default.nix | 10 +++--- .../system/accounts/groups/admin/default.nix | 6 ---- modules/system/accounts/groups/default.nix | 5 +-- modules/system/accounts/users/default.nix | 5 +-- .../system/accounts/users/jimbo/default.nix | 2 +- modules/system/devices/bluetooth/default.nix | 1 + .../devices/boot/lanzaboote/default.nix | 1 - .../networking/wireguard/client/default.nix | 1 - .../networking/wireguard/server/default.nix | 1 - .../devices/networking/wireless/default.nix | 1 - .../system/devices/video/nouveau/default.nix | 1 - .../system/devices/video/nvidia/default.nix | 1 - modules/system/options/default.nix | 2 -- modules/system/programs/default.nix | 2 -- modules/system/programs/git/gpg/default.nix | 6 +--- .../programs/security/privilege/default.nix | 31 ------------------- .../programs/security/privilege/default.nix~ | 31 ------------------- .../general/displaymanager/uwsm/default.nix | 0 .../system/services/general/keyd/default.nix | 2 +- .../system/services/general/tlp/default.nix | 2 +- .../services/general/userborn/default.nix | 3 +- modules/system/settings/default.nix | 3 +- modules/system/settings/font/default.nix | 4 +++ modules/system/settings/fonts/default.nix | 7 ----- modules/system/settings/nix/default.nix | 1 + modules/system/settings/nix/gc/default.nix | 8 +++++ .../security/apparmor/default.nix | 0 .../security/default.nix | 0 .../security/polkit/default.nix | 0 .../settings/security/privilege/default.nix | 16 ++++++++++ .../security/rtprio/default.nix | 0 38 files changed, 53 insertions(+), 127 deletions(-) rename modules/{system/programs => home/programs/terminal}/nh/default.nix (76%) delete mode 100644 modules/system/accounts/groups/admin/default.nix delete mode 100644 modules/system/programs/security/privilege/default.nix delete mode 100644 modules/system/programs/security/privilege/default.nix~ delete mode 100755 modules/system/services/general/displaymanager/uwsm/default.nix create mode 100644 modules/system/settings/font/default.nix delete mode 100644 modules/system/settings/fonts/default.nix create mode 100644 modules/system/settings/nix/gc/default.nix rename modules/system/{programs => settings}/security/apparmor/default.nix (100%) rename modules/system/{programs => settings}/security/default.nix (100%) rename modules/system/{programs => settings}/security/polkit/default.nix (100%) create mode 100644 modules/system/settings/security/privilege/default.nix rename modules/system/{programs => settings}/security/rtprio/default.nix (100%) diff --git a/hosts/tower/filesystems/default.nix b/hosts/tower/filesystems/default.nix index 9a6a7a0..bfe5580 100644 --- a/hosts/tower/filesystems/default.nix +++ b/hosts/tower/filesystems/default.nix @@ -37,7 +37,7 @@ "/home/jimbo/JimboNFS" = { device = "${config.ips.server}:/export/JimboNFS"; fsType = "nfs4"; - options = [ "x-systemd.automount" "noauto" ]; + options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; }; } diff --git a/modules/home/files/default.nix b/modules/home/files/default.nix index 8b9e5df..f1dc17b 100644 --- a/modules/home/files/default.nix +++ b/modules/home/files/default.nix @@ -1,16 +1,8 @@ { pkgs, ... }: { home.file = { - ".face" = { - source = ./assets/pfp.png; - }; - ".assets/wallpapers" = { - source = ./assets/wallpapers; - }; - ".assets/lockscreen" = { - source = ./assets/lockscreen; - }; - ".alsoftrc" = { - text = ''drivers=pulse''; - }; + ".face".source = ./assets/pfp.png; + ".assets/wallpapers".source = ./assets/wallpapers; + ".assets/lockscreen".source = ./assets/lockscreen; + ".alsoftrc".text = ''drivers=pulse''; }; } diff --git a/modules/home/options/default.nix b/modules/home/options/default.nix index b4997d3..bc877b4 100644 --- a/modules/home/options/default.nix +++ b/modules/home/options/default.nix @@ -3,6 +3,5 @@ with lib; { options.home.desktop.enable = mkOption { type = types.bool; default = true; - description = "Enable desktop apps and services, but home-manager"; }; } diff --git a/modules/home/programs/gui/librewolf/default.nix b/modules/home/programs/gui/librewolf/default.nix index c234895..30396f3 100644 --- a/modules/home/programs/gui/librewolf/default.nix +++ b/modules/home/programs/gui/librewolf/default.nix @@ -207,7 +207,7 @@ in { "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com"; "network.trr.mode" = 3; - "network.trr.uri" = "https://doh.libredns.gr/noads"; + "network.trr.uri" = "https://wikimedia-dns.org/dns-query"; "network.cookie.cookieBehavior" = 1; "network.cookie.sameSite.noneRequiresSecure" = true; "network.http.referer.XOriginPolicy" = 2; diff --git a/modules/home/programs/gui/pcmanfm/default.nix b/modules/home/programs/gui/pcmanfm/default.nix index b95997a..842e6ac 100644 --- a/modules/home/programs/gui/pcmanfm/default.nix +++ b/modules/home/programs/gui/pcmanfm/default.nix @@ -38,9 +38,9 @@ ".config/libfm/libfm.conf".text = '' [config] single_click=0 - use_trash=0 + use_trash=1 confirm_del=1 - confirm_trash=0 + confirm_trash=1 advanced_mode=1 si_unit=0 force_startup_notify=1 diff --git a/modules/home/programs/terminal/default.nix b/modules/home/programs/terminal/default.nix index 12d76ac..4478c8e 100644 --- a/modules/home/programs/terminal/default.nix +++ b/modules/home/programs/terminal/default.nix @@ -6,6 +6,7 @@ ./git ./ncmpcpp ./neovim + ./nh ./ranger ./tmux ./zsh diff --git a/modules/system/programs/nh/default.nix b/modules/home/programs/terminal/nh/default.nix similarity index 76% rename from modules/system/programs/nh/default.nix rename to modules/home/programs/terminal/nh/default.nix index 00e6438..c1fe0a0 100644 --- a/modules/system/programs/nh/default.nix +++ b/modules/home/programs/terminal/nh/default.nix @@ -2,7 +2,6 @@ { programs.nh = { enable = true; - clean.enable = true; flake = "/etc/nixos"; }; } diff --git a/modules/home/programs/terminal/zsh/default.nix b/modules/home/programs/terminal/zsh/default.nix index 5f25883..17c18ea 100644 --- a/modules/home/programs/terminal/zsh/default.nix +++ b/modules/home/programs/terminal/zsh/default.nix @@ -11,14 +11,14 @@ }; shellAliases = { # NixOS - flakedate = "sudo nix flake update --flake /etc/nixos"; - nhs = "sudo nh os switch -R /etc/nixos"; + flakedate = "doas nix flake update --flake /etc/nixos"; + nhs = "doas nh os switch -R /etc/nixos"; nhu = "flakedate && nhs"; ns = "nix-shell -p"; - nixclean = "sudo nix-store --gc; nix-collect-garbage -d"; - nixpurge = "sudo nix-collect-garbage --delete-old"; - nixoptimize = "sudo nix store optimise"; + nixclean = "doas nix-store --gc; nix-collect-garbage -d"; + nixpurge = "doas nix-collect-garbage --delete-old"; + nixoptimize = "doas nix store optimise"; nixscrub = "nixclean; nixpurge; nixoptimize"; # Shortcuts diff --git a/modules/system/accounts/groups/admin/default.nix b/modules/system/accounts/groups/admin/default.nix deleted file mode 100644 index 0a5f02c..0000000 --- a/modules/system/accounts/groups/admin/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - users.groups.admin = { - gid = 515; - }; -} diff --git a/modules/system/accounts/groups/default.nix b/modules/system/accounts/groups/default.nix index c7c4339..293cc0d 100644 --- a/modules/system/accounts/groups/default.nix +++ b/modules/system/accounts/groups/default.nix @@ -1,7 +1,4 @@ { ... }: { - imports = [ - ./admin - ./nfsShare - ]; + imports = [ ./nfsShare ]; } diff --git a/modules/system/accounts/users/default.nix b/modules/system/accounts/users/default.nix index 0233fe8..3794404 100644 --- a/modules/system/accounts/users/default.nix +++ b/modules/system/accounts/users/default.nix @@ -8,8 +8,5 @@ home-manager.nixosModules.home-manager ]; - users = { - mutableUsers = false; - allowNoPasswordLogin = true; - }; + users.mutableUsers = false; } diff --git a/modules/system/accounts/users/jimbo/default.nix b/modules/system/accounts/users/jimbo/default.nix index 6d17cca..50c5527 100644 --- a/modules/system/accounts/users/jimbo/default.nix +++ b/modules/system/accounts/users/jimbo/default.nix @@ -19,7 +19,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" ]; extraGroups = [ - "admin" + "wheel" "audio" "video" "input" diff --git a/modules/system/devices/bluetooth/default.nix b/modules/system/devices/bluetooth/default.nix index 7d8550e..b3448e5 100644 --- a/modules/system/devices/bluetooth/default.nix +++ b/modules/system/devices/bluetooth/default.nix @@ -10,6 +10,7 @@ }; systemd.tmpfiles.rules = [ "f /var/lib/systemd/linger/jimbo" ]; + environment.persistence."/persist".directories = [ "/var/lib/bluetooth" ]; }; } diff --git a/modules/system/devices/boot/lanzaboote/default.nix b/modules/system/devices/boot/lanzaboote/default.nix index 491e78a..bc7b636 100644 --- a/modules/system/devices/boot/lanzaboote/default.nix +++ b/modules/system/devices/boot/lanzaboote/default.nix @@ -6,7 +6,6 @@ enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable Lanzaboote and force disable Systemd-boot"; }; }; diff --git a/modules/system/devices/networking/wireguard/client/default.nix b/modules/system/devices/networking/wireguard/client/default.nix index b0951d5..c9e13ba 100644 --- a/modules/system/devices/networking/wireguard/client/default.nix +++ b/modules/system/devices/networking/wireguard/client/default.nix @@ -3,7 +3,6 @@ options.system.wireguard.client.enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable the wireguard client"; }; config = lib.mkIf config.system.wireguard.client.enable { diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix index 0ca984d..72fc382 100644 --- a/modules/system/devices/networking/wireguard/server/default.nix +++ b/modules/system/devices/networking/wireguard/server/default.nix @@ -3,7 +3,6 @@ options.system.wireguard.server.enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable the wireguard server"; }; config = lib.mkIf config.system.wireguard.server.enable { diff --git a/modules/system/devices/networking/wireless/default.nix b/modules/system/devices/networking/wireless/default.nix index 0004da8..73f9d76 100644 --- a/modules/system/devices/networking/wireless/default.nix +++ b/modules/system/devices/networking/wireless/default.nix @@ -3,7 +3,6 @@ options.system.wireless.enable = lib.mkOption { type = lib.types.bool; default = true; - description = "Enable Wifi with iwd"; }; config = lib.mkIf config.system.wireless.enable { diff --git a/modules/system/devices/video/nouveau/default.nix b/modules/system/devices/video/nouveau/default.nix index 506da52..d093152 100644 --- a/modules/system/devices/video/nouveau/default.nix +++ b/modules/system/devices/video/nouveau/default.nix @@ -3,7 +3,6 @@ options.system.video.nouveau.enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable the open-source Nouveau driver"; }; config = lib.mkIf config.system.video.nouveau.enable { diff --git a/modules/system/devices/video/nvidia/default.nix b/modules/system/devices/video/nvidia/default.nix index 1204021..06b42e1 100644 --- a/modules/system/devices/video/nvidia/default.nix +++ b/modules/system/devices/video/nvidia/default.nix @@ -3,7 +3,6 @@ options.system.video.nvidia.enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable the proprietary Nvidia stack"; }; config = lib.mkIf config.system.video.nvidia.enable { diff --git a/modules/system/options/default.nix b/modules/system/options/default.nix index 9ad84b1..08b7e98 100644 --- a/modules/system/options/default.nix +++ b/modules/system/options/default.nix @@ -4,12 +4,10 @@ with lib; { desktop.enable = mkOption { type = types.bool; default = true; - description = "Enable desktop apps and services"; }; server.enable = mkOption { type = types.bool; default = false; - description = "Enable server services"; }; }; } diff --git a/modules/system/programs/default.nix b/modules/system/programs/default.nix index dc6f83b..60f0cd5 100644 --- a/modules/system/programs/default.nix +++ b/modules/system/programs/default.nix @@ -7,8 +7,6 @@ ./gaming ./git ./home-manager - ./nh - ./security ./shells ]; } diff --git a/modules/system/programs/git/gpg/default.nix b/modules/system/programs/git/gpg/default.nix index 9001ff2..36327ea 100644 --- a/modules/system/programs/git/gpg/default.nix +++ b/modules/system/programs/git/gpg/default.nix @@ -1,9 +1,5 @@ { pkgs, ... }: { - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - + programs.gnupg.agent.enable = true; environment.systemPackages = with pkgs; [ git-crypt ]; } diff --git a/modules/system/programs/security/privilege/default.nix b/modules/system/programs/security/privilege/default.nix deleted file mode 100644 index 8afc222..0000000 --- a/modules/system/programs/security/privilege/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ ... }: -{ - security.sudo-rs = { - enable = true; - extraRules = [ - { # Admin gets certain commands - groups = [ "admin" ]; - commands = [ - "/run/current-system/sw/bin/nix" - "/run/current-system/sw/bin/nh" - "/run/current-system/sw/bin/nixos-rebuild" - "/run/current-system/sw/bin/nixos-enter" - "/run/current-system/sw/bin/nix-collect-garbage" - "/run/current-system/sw/bin/nix-store" - - "/run/current-system/sw/bin/systemctl" - "/run/current-system/sw/bin/pkill" - - "/run/current-system/sw/bin/dd" - "/run/current-system/sw/bin/eject" - "/run/current-system/sw/bin/vgchange" - - "/run/current-system/sw/bin/cp" - "/run/current-system/sw/bin/ls" - "/run/current-system/sw/bin/cat" - "/run/current-system/sw/bin/mount" - ]; - } - ]; - }; -} diff --git a/modules/system/programs/security/privilege/default.nix~ b/modules/system/programs/security/privilege/default.nix~ deleted file mode 100644 index 8afc222..0000000 --- a/modules/system/programs/security/privilege/default.nix~ +++ /dev/null @@ -1,31 +0,0 @@ -{ ... }: -{ - security.sudo-rs = { - enable = true; - extraRules = [ - { # Admin gets certain commands - groups = [ "admin" ]; - commands = [ - "/run/current-system/sw/bin/nix" - "/run/current-system/sw/bin/nh" - "/run/current-system/sw/bin/nixos-rebuild" - "/run/current-system/sw/bin/nixos-enter" - "/run/current-system/sw/bin/nix-collect-garbage" - "/run/current-system/sw/bin/nix-store" - - "/run/current-system/sw/bin/systemctl" - "/run/current-system/sw/bin/pkill" - - "/run/current-system/sw/bin/dd" - "/run/current-system/sw/bin/eject" - "/run/current-system/sw/bin/vgchange" - - "/run/current-system/sw/bin/cp" - "/run/current-system/sw/bin/ls" - "/run/current-system/sw/bin/cat" - "/run/current-system/sw/bin/mount" - ]; - } - ]; - }; -} diff --git a/modules/system/services/general/displaymanager/uwsm/default.nix b/modules/system/services/general/displaymanager/uwsm/default.nix deleted file mode 100755 index e69de29..0000000 diff --git a/modules/system/services/general/keyd/default.nix b/modules/system/services/general/keyd/default.nix index d501469..f3c707f 100644 --- a/modules/system/services/general/keyd/default.nix +++ b/modules/system/services/general/keyd/default.nix @@ -33,7 +33,7 @@ "9" = "f9"; "0" = "f10"; "-" = "f11"; - #"=" = "f12"; + # ?? "=" = "f12"; }; }; }; diff --git a/modules/system/services/general/tlp/default.nix b/modules/system/services/general/tlp/default.nix index 097e7bc..b0cec06 100644 --- a/modules/system/services/general/tlp/default.nix +++ b/modules/system/services/general/tlp/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { services.tlp.enable = true; } diff --git a/modules/system/services/general/userborn/default.nix b/modules/system/services/general/userborn/default.nix index 425bfbf..f7261ee 100644 --- a/modules/system/services/general/userborn/default.nix +++ b/modules/system/services/general/userborn/default.nix @@ -1,5 +1,4 @@ { ... }: { - # Enable this when 24.11 drops - #services.userborn.enable = true; + services.userborn.enable = true; } diff --git a/modules/system/settings/default.nix b/modules/system/settings/default.nix index f7b4345..0ffcca3 100644 --- a/modules/system/settings/default.nix +++ b/modules/system/settings/default.nix @@ -2,9 +2,10 @@ { imports = [ ./documentation - ./fonts + ./font ./minimal ./nix + ./security ./timezone ]; } diff --git a/modules/system/settings/font/default.nix b/modules/system/settings/font/default.nix new file mode 100644 index 0000000..f579e85 --- /dev/null +++ b/modules/system/settings/font/default.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: +{ + console.font = "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz"; +} diff --git a/modules/system/settings/fonts/default.nix b/modules/system/settings/fonts/default.nix deleted file mode 100644 index 1761171..0000000 --- a/modules/system/settings/fonts/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - console = { - font = "${pkgs.terminus_font}/share/consolefonts/ter-u22n.psf.gz"; - packages = with pkgs; [ terminus_font ]; - }; -} diff --git a/modules/system/settings/nix/default.nix b/modules/system/settings/nix/default.nix index 6d8b1d4..c7db301 100644 --- a/modules/system/settings/nix/default.nix +++ b/modules/system/settings/nix/default.nix @@ -2,6 +2,7 @@ { imports = [ ./autoupgrade + ./gc ]; nix.settings = { diff --git a/modules/system/settings/nix/gc/default.nix b/modules/system/settings/nix/gc/default.nix new file mode 100644 index 0000000..dd5e751 --- /dev/null +++ b/modules/system/settings/nix/gc/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 1w"; + }; +} diff --git a/modules/system/programs/security/apparmor/default.nix b/modules/system/settings/security/apparmor/default.nix similarity index 100% rename from modules/system/programs/security/apparmor/default.nix rename to modules/system/settings/security/apparmor/default.nix diff --git a/modules/system/programs/security/default.nix b/modules/system/settings/security/default.nix similarity index 100% rename from modules/system/programs/security/default.nix rename to modules/system/settings/security/default.nix diff --git a/modules/system/programs/security/polkit/default.nix b/modules/system/settings/security/polkit/default.nix similarity index 100% rename from modules/system/programs/security/polkit/default.nix rename to modules/system/settings/security/polkit/default.nix diff --git a/modules/system/settings/security/privilege/default.nix b/modules/system/settings/security/privilege/default.nix new file mode 100644 index 0000000..b40d8ea --- /dev/null +++ b/modules/system/settings/security/privilege/default.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + security = { + sudo.enable = false; + doas = { + enable = true; + extraRules = [ + { # Give wheel root access + groups = [ "wheel" ]; + keepEnv = true; + persist = true; + } + ]; + }; + }; +} diff --git a/modules/system/programs/security/rtprio/default.nix b/modules/system/settings/security/rtprio/default.nix similarity index 100% rename from modules/system/programs/security/rtprio/default.nix rename to modules/system/settings/security/rtprio/default.nix