commit 62cca09244bb752ac2808701e67f6d610587f167
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 16 May 2025 09:26:21 +0200
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 16 May 2025 09:26:21 +0200
initial commit
100 files changed, 4719 insertions(+), 0 deletions(-)
A
|
180
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
59
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
312
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
113
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
72
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
220
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
144
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
436
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
85
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
46
++++++++++++++++++++++++++++++++++++++++++++++
A
|
90
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
46
++++++++++++++++++++++++++++++++++++++++++++++
A
|
90
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
77
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/flake.lock b/flake.lock @@ -0,0 +1,447 @@ +{ + "nodes": { + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "ctucxWebsite": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747383063, + "narHash": "sha256-q6yGtNTu8WPsmGVk9Nft4hFqnmCv2NZkD0TI/tMRVow=", + "ref": "refs/heads/main", + "rev": "e1cf16a0ee90ee406d96eb2c784ecce96738d2a0", + "revCount": 15, + "type": "git", + "url": "https://git.katja.wtf/website" + }, + "original": { + "type": "git", + "url": "https://git.katja.wtf/website" + } + }, + "deploy-rs": { + "inputs": { + "flake-compat": [ + "flakeCompat" + ], + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ + "flakeUtils" + ] + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "firefoxGnomeTheme": { + "flake": false, + "locked": { + "lastModified": 1743774811, + "narHash": "sha256-oiHLDHXq7ymsMVYSg92dD1OLnKLQoU/Gf2F1GoONLCE=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "df53a7a31872faf5ca53dd0730038a62ec63ca9e", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "ref": "v137", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "flakeCompat": { + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flakeParts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flakeUtils": { + "inputs": { + "systems": [ + "nixSystemsDefault" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakeyProfile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "haumea": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747207987, + "narHash": "sha256-cKGfYcBhYShBioa1yjE5OPQtwKpCjEAOhtowhUzsrgk=", + "ref": "refs/heads/main", + "rev": "d8d558fc6dadc561381e06b0411b5a57a08927df", + "revCount": 94, + "type": "git", + "url": "https://git.katja.wtf/haumea" + }, + "original": { + "type": "git", + "url": "https://git.katja.wtf/haumea" + } + }, + "homeManager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747331121, + "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": [ + "flakeCompat" + ], + "flake-parts": [ + "flakeParts" + ], + "flake-utils": [ + "flakeUtils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.1", + "repo": "lanzaboote", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1747347117, + "narHash": "sha256-wsPOuwczt+kJ4vuf3mm6uMv4wnfWP/RNV5Cp/P5nqQw=", + "rev": "3f355b8fd1ffbe670d756bcf976a38cbe80bb77b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/3f355b8fd1ffbe670d756bcf976a38cbe80bb77b.tar.gz?rev=3f355b8fd1ffbe670d756bcf976a38cbe80bb77b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lixModule": { + "inputs": { + "flake-utils": [ + "flakeUtils" + ], + "flakey-profile": [ + "flakeyProfile" + ], + "lix": [ + "lix" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746839253, + "narHash": "sha256-pRwi8Wn8Yofj459gq+3oIRy8F3SXeEJ6mzfIAUgM9nA=", + "rev": "58baedd53f9da81fd728a4f3b08c378e5ba9ae58", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/58baedd53f9da81fd728a4f3b08c378e5ba9ae58.tar.gz?rev=58baedd53f9da81fd728a4f3b08c378e5ba9ae58" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + } + }, + "nixStd": { + "locked": { + "lastModified": 1710870712, + "narHash": "sha256-e+7MJF2gsgTBuOWv4mCimSP0D9+naeFSw9a7N3yEmv4=", + "owner": "chessai", + "repo": "nix-std", + "rev": "31bbc925750cc9d8f828fe55cee1a2bd985e0c00", + "type": "github" + }, + "original": { + "owner": "chessai", + "repo": "nix-std", + "type": "github" + } + }, + "nixSystemsDefault": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1747209494, + "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5d736263df906c5da72ab0f372427814de2f52f8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgsUnstable": { + "locked": { + "lastModified": 1747312588, + "narHash": "sha256-MmJvj6mlWzeRwKGLcwmZpKaOPZ5nJb/6al5CXqJsgjo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b1bebd0fe266bbd1820019612ead889e96a8fa2d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "ctucxWebsite": "ctucxWebsite", + "deploy-rs": "deploy-rs", + "firefoxGnomeTheme": "firefoxGnomeTheme", + "flakeCompat": "flakeCompat", + "flakeParts": "flakeParts", + "flakeUtils": "flakeUtils", + "flakeyProfile": "flakeyProfile", + "haumea": "haumea", + "homeManager": "homeManager", + "lanzaboote": "lanzaboote", + "lix": "lix", + "lixModule": "lixModule", + "nixStd": "nixStd", + "nixSystemsDefault": "nixSystemsDefault", + "nixpkgs": "nixpkgs", + "nixpkgsUnstable": "nixpkgsUnstable" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +}
diff --git a/flake.nix b/flake.nix @@ -0,0 +1,154 @@ +{ + + description = "A flake for building our infra"; + + outputs = + inputs: + let + nixpkgsLib = inputs.nixpkgs.lib; + unstableNixpkgsLib = inputs.nixpkgs-unstable.lib; + + forAllSystems = + function: + (nixpkgsLib.genAttrs [ + "x86_64-linux" + "aarch64-linux" + ] (system: function inputs.nixpkgs.legacyPackages."${system}")); + + transformer = + name: value: + ( + if name == [ ] then value else (if (builtins.hasAttr "default" value) then value.default else value) + ); + + pathLoader = inputs.haumea.lib.loaders.path; + importLoader = inputs.haumea.lib.loaders.verbatim; + pkgsLoader = pkgs: (path: path: pkgs.callPackage path { }); + + loadDir = loader: src: inputs.haumea.lib.load { inherit src loader transformer; }; + + in + { + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks inputs.self.deploy) ( + nixpkgsLib.filterAttrs (key: value: nixpkgsLib.hasSuffix "linux" key) inputs.deploy-rs.lib + ); + + formatter = forAllSystems (pkgs: pkgs.nixfmt-rfc-style); + + packages = forAllSystems (pkgs: (loadDir (pkgsLoader pkgs) ./packages)); + + nixosModules.default = ./nixosModules.nix; + + homeManagerModules = loadDir pathLoader ./homeManagerModules; + + lib = loadDir (path: path: import path inputs) ./lib; + + overlays = { + nixpkgsUnstable = final: prev: { unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; }; + packages = final: prev: loadDir (path: path: final.callPackage path { }) ./packages; + }; + + hosts = loadDir importLoader ./hosts; + + nixosConfigurations = builtins.mapAttrs ( + hostName: hostConfig: + (if !hostConfig.nixpkgsStable then unstableNixpkgsLib.nixosSystem else nixpkgsLib.nixosSystem) { + system = hostConfig.system; + + specialArgs = { + inherit inputs; + dnsNix = inputs.dnsNix.lib; + nixStd = inputs.nixStd.lib; + hostConfig = hostConfig // { + inherit hostName; + }; + }; + + modules = [ + { + nixpkgs.overlays = [ + inputs.self.overlays.packages + inputs.self.overlays.nixpkgsUnstable + inputs.ctucxWebsite.overlays.default + ]; + } + + inputs.lixModule.nixosModules.default + inputs.homeManager.nixosModules.default + inputs.lanzaboote.nixosModules.lanzaboote + + inputs.self.nixosModules.default + hostConfig.configuration + ]; + } + ) inputs.self.hosts; + + deploy = { + activationTimeout = 600; + confirmTimeout = 240; + nodes = builtins.mapAttrs (nodeName: node: { + hostname = node.config.networking.fqdn; + sshUser = "root"; + sshOpts = [ + "-p" + "${builtins.toString (nixpkgsLib.head node.config.services.openssh.ports)}" + ]; + profiles.system = { + user = "root"; + path = inputs.deploy-rs.lib.${node.config.nixpkgs.system}.activate.nixos node; + }; + }) inputs.self.nixosConfigurations; + }; + }; + + inputs = { + # these are just dependencies of other inputs + flakeCompat.url = "github:edolstra/flake-compat"; + flakeyProfile.url = "github:lf-/flakey-profile"; + flakeUtils.url = "github:numtide/flake-utils"; + flakeParts.url = "github:hercules-ci/flake-parts"; + nixSystemsDefault.url = "github:nix-systems/default"; + flakeUtils.inputs.systems.follows = "nixSystemsDefault"; + flakeParts.inputs.nixpkgs-lib.follows = "nixpkgs"; + + # nixpkgs + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + nixStd.url = "github:chessai/nix-std"; + + haumea.url = "git+https://git.katja.wtf/haumea"; + haumea.inputs.nixpkgs.follows = "nixpkgs"; + + homeManager.url = "github:nix-community/home-manager/release-24.11"; + homeManager.inputs.nixpkgs.follows = "nixpkgs"; + + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote.inputs.flake-parts.follows = "flakeParts"; + lanzaboote.inputs.flake-utils.follows = "flakeUtils"; + lanzaboote.inputs.flake-compat.follows = "flakeCompat"; + + lix.url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; + lix.flake = false; + + lixModule.url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + lixModule.inputs.lix.follows = "lix"; + lixModule.inputs.flake-utils.follows = "flakeUtils"; + lixModule.inputs.flakey-profile.follows = "flakeyProfile"; + lixModule.inputs.nixpkgs.follows = "nixpkgs"; + + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + deploy-rs.inputs.utils.follows = "flakeUtils"; + deploy-rs.inputs.flake-compat.follows = "flakeCompat"; + + ctucxWebsite.url = "git+https://git.katja.wtf/website"; + ctucxWebsite.inputs.nixpkgs.follows = "nixpkgs"; + + firefoxGnomeTheme.flake = false; + firefoxGnomeTheme.url = "github:rafaelmardojai/firefox-gnome-theme/v137"; + }; + +}
diff --git a/homeManagerModules/katja/common.nix b/homeManagerModules/katja/common.nix @@ -0,0 +1,39 @@ +{ homeManagerModules, ... }: + +{ + + home = { + username = "katja"; + homeDirectory = "/home/katja"; + + language = { + "base" = "en_US.UTF-8"; + "time" = "de_DE.utf8"; + "address" = "de_DE.utf8"; + "monetary" = "de_DE.utf8"; + "paper" = "de_DE.utf8"; + }; + + stateVersion = "24.11"; + }; + + imports = [ + homeManagerModules.katja.programs.fish + homeManagerModules.katja.programs.starship + homeManagerModules.katja.programs.mcfly + homeManagerModules.katja.programs.zoxide + homeManagerModules.katja.programs.eza + homeManagerModules.katja.programs.bat + + homeManagerModules.katja.programs.micro + homeManagerModules.katja.programs.helix + homeManagerModules.katja.programs.tmux + homeManagerModules.katja.programs.htop + + homeManagerModules.katja.programs.deploymentUtilities + homeManagerModules.katja.programs.shellUtilities + + homeManagerModules.katja.programs.nix-cleanup + ]; + +}
diff --git a/homeManagerModules/katja/configure/gnome.nix b/homeManagerModules/katja/configure/gnome.nix @@ -0,0 +1,180 @@ +{ + inputs, + lib, + pkgs, + ... +}: + +let + nixStd = inputs.nixStd.lib; + +in +{ + + manual.html.enable = true; + + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gnome"; + }; + + home.packages = + with pkgs; + [ + gnome-calendar + gnome-text-editor + gnome-podcasts + gnome-obfuscate + gnome-power-manager + loupe + errands + cozy + + refine + xdg-utils + qgnomeplatform + wl-clipboard-x11 + # look and feel from libadwaita ported to GTK-3 + adw-gtk3 + ] + ++ (with pkgs.gnomeExtensions; [ + battery-time-percentage-compact + caffeine + ]); + + gtk = { + enable = true; + + iconTheme.package = pkgs.adwaita-colors-icon-theme; + iconTheme.name = "Adwaita-green"; + + gtk3.extraConfig = { + gtk-application-prefer-dark-theme = 1; + gtk-theme-name = "adw-gtk3-dark"; + }; + }; + + # Use `dconf watch /` to track stateful changes you are doing and store them here. + dconf.settings = + with inputs.homeManager.lib.hm.gvariant; + let + numWorkspaces = 7; + workspaces = ( + numWorkspaces + |> nixStd.list.unfold ( + n: if n == 0 then nixStd.optional.nothing else nixStd.optional.just (nixStd.tuple.tuple2 n (n - 1)) + ) + |> lib.lists.reverseList + ); + in + { + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = false; + # Enable fractional scaling + experimental-features = [ "scale-monitor-framebuffer" ]; + }; + + "org/gnome/desktop/wm/preferences" = { + button-layout = "close:appmenu"; + auto-raise = false; + focus-mode = "sloppy"; + num-workspaces = lib.lists.last workspaces; + workspace-names = [ + "Main" + "Mail" + "Term" + ]; + }; + + "org/gnome/desktop/wm/keybindings" = + builtins.listToAttrs ( + builtins.concatMap (v: [ + { + name = "switch-to-workspace-${toString v}"; + value = [ "<Super>${toString v}" ]; + } + { + name = "move-to-workspace-${toString v}"; + value = [ "<Super><Shift>${toString v}" ]; + } + ]) workspaces + ) + // { + switch-input-source = [ "<Control><Super>space" ]; + switch-input-source-backward = [ "<Shift><Control><Super>space" ]; + }; + + "org/gnome/shell/keybindings" = builtins.listToAttrs ( + map (v: { + name = "switch-to-application-${toString v}"; + value = [ ]; + }) workspaces + ); + "org/gnome/shell" = { + disable-extension-version-validation = true; + disable-user-extensions = false; + enabled-extensions = with pkgs.gnomeExtensions; [ + battery-time-percentage-compact.extensionUuid + caffeine.extensionUuid + ]; + favorite-apps = [ + "org.gnome.Nautilus.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.gnome.Fractal.desktop" + "dev.geopjr.Tuba.desktop" + "org.gnome.Calendar.desktop" + "io.github.mrvladus.List.desktop" + "org.gnome.Podcasts.desktop" + "com.mitchellh.ghostty.desktop" + "org.gnome.Settings.desktop" + ]; + }; + + "org/gnome/settings-daemon/plugins/media-keys"."custom-keybindings" = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + name = "Start Terminal"; + command = "ghostty"; + binding = "<Super>Return"; + }; + + "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; + "org/gnome/settings-daemon/plugins/power".sleep-inactive-ac-type = "nothing"; + + "org/gnome/desktop/a11y".always-show-universal-access-status = false; + "org/gnome/desktop/privacy".remember-recent-files = false; + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + accent-color = "green"; + enable-hot-corners = false; + show-battery-percentage = true; + }; + + "org/gnome/desktop/input-sources".sources = [ + (mkTuple [ + "xkb" + "us+mac" + ]) + (mkTuple [ + "xkb" + "de" + ]) + (mkTuple [ + "xkb" + "ru+mac" + ]) + ]; + "org/gnome/desktop/background" = { + picture-uri = "file://${pkgs.nixos-artwork.wallpapers.simple-blue.gnomeFilePath}"; + picture-uri-dark = "file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}"; + }; + "org/gnome/desktop/screensaver" = { + picture-uri = "file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}"; + primary-color = "#3465a4"; + secondary-color = "#000000"; + }; + }; + +}
diff --git a/homeManagerModules/katja/configure/xdg.nix b/homeManagerModules/katja/configure/xdg.nix @@ -0,0 +1,22 @@ +{ ... }: + +{ + + xdg = { + enable = true; + mime.enable = true; + + userDirs = { + enable = true; + desktop = "\$HOME/Desktop"; + documents = "\$HOME/Documents"; + download = "\$HOME/Downloads"; + videos = "\$HOME/Videos"; + music = "\$HOME/Music"; + pictures = "\$HOME/Pictures"; + publicShare = "\$HOME/Public"; + templates = "\$HOME/Templates"; + }; + }; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/bluetoothBatteryMeter.nix b/homeManagerModules/katja/gnomeExtensions/bluetoothBatteryMeter.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + + dconf.settings = { + "org/gnome/shell".enabled-extensions = with pkgs.gnomeExtensions; [ + bluetooth-battery-meter.extensionUuid + airpod-battery-monitor.extensionUuid + ]; + "org/gnome/shell/extensions/Bluetooth-Battery-Meter" = { + enable-battery-level-text = true; + level-indicator-color = 0; + level-indicator-type = 1; + }; + }; + + home.packages = with pkgs.gnomeExtensions; [ + bluetooth-battery-meter + airpod-battery-monitor + ]; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/dash-to-dock.nix b/homeManagerModules/katja/gnomeExtensions/dash-to-dock.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gnomeExtensions.dash-to-dock ]; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + multi-monitor = true; + apply-custom-theme = true; + custom-theme-shrink = true; + show-show-apps-button = false; + show-mounts = false; + hot-keys = false; + }; + }; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/emoji-copy.nix b/homeManagerModules/katja/gnomeExtensions/emoji-copy.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gnomeExtensions.emoji-copy ]; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + pkgs.gnomeExtensions.emoji-copy.extensionUuid + ]; + }; + + "org/gnome/shell/extensions/emoji-copy".always-show = false; + }; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/just-perfection.nix b/homeManagerModules/katja/gnomeExtensions/just-perfection.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gnomeExtensions.just-perfection ]; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + pkgs.gnomeExtensions.just-perfection.extensionUuid + ]; + }; + + "org/gnome/shell/extensions/just-perfection" = { + clock-menu-position = 0; + notification-banner-position = 1; + quick-settings-dark-mode = false; + window-demands-attention-focus = true; + }; + }; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/pip-on-top.nix b/homeManagerModules/katja/gnomeExtensions/pip-on-top.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gnomeExtensions.pip-on-top ]; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + pkgs.gnomeExtensions.pip-on-top.extensionUuid + ]; + }; + + "org/gnome/shell/extensions/pip-on-top".stick = true; + }; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/search-light.nix b/homeManagerModules/katja/gnomeExtensions/search-light.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gnomeExtensions.search-light ]; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + pkgs.gnomeExtensions.search-light.extensionUuid + ]; + }; + + "org/gnome/shell/extensions/search-light".shortcut-search = [ "<Super>space" ]; + }; + +}
diff --git a/homeManagerModules/katja/gnomeExtensions/space-bar.nix b/homeManagerModules/katja/gnomeExtensions/space-bar.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gnomeExtensions.space-bar ]; + + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + pkgs.gnomeExtensions.space-bar.extensionUuid + ]; + }; + + "org/gnome/shell/extensions/space-bar/behavior" = { + show-empty-workspaces = false; + always-show-numbers = true; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/alacritty.nix b/homeManagerModules/katja/programs/alacritty.nix @@ -0,0 +1,59 @@ +{ pkgs, ... }: + +{ + + home.sessionVariables = { + TERMINAL = "alacritty"; + }; + + programs = { + alacritty = { + enable = true; + settings = { + window.opacity = 0.9; + + font = { + size = 12.0; + normal.family = "DejaVu Sans Mono"; + }; + + colors = { + primary = { + background = "0x000000"; + foreground = "0xeaeaea"; + }; + + normal = { + black = "0x6c6c6c"; + red = "0xe9897c"; + green = "0xb6e77d"; + yellow = "0xecebbe"; + blue = "0xa9cdeb"; + magenta = "0xea96eb"; + cyan = "0xc9caec"; + white = "0xf2f2f2"; + }; + + bright = { + black = "0x747474"; + red = "0xf99286"; + green = "0xc3f786"; + yellow = "0xfcfbcc"; + blue = "0xb6defb"; + magenta = "0xfba1fb"; + cyan = "0xd7d9fc"; + white = "0xe2e2e2"; + }; + }; + }; + }; + }; + + wayland.windowManager.sway = { + config.terminal = "${pkgs.alacritty}/bin/alacritty"; + extraConfig = '' + exec swaymsg 'workspace 3: Term; exec ${pkgs.alacritty}/bin/alacritty; exec ${pkgs.alacritty}/bin/alacritty; workspace 1: Web;' + ''; + }; + +}
diff --git a/homeManagerModules/katja/programs/ansible.nix b/homeManagerModules/katja/programs/ansible.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +let + ansible = pkgs.python3Packages.toPythonApplication ( + pkgs.python3Packages.ansible-core.overridePythonAttrs (old: rec { + propagatedBuildInputs = old.propagatedBuildInputs ++ [ + pkgs.python3Packages.jmespath + ]; + }) + ); + +in +{ + + home.packages = [ + ansible + pkgs.ansible-lint + ]; + +}
diff --git a/homeManagerModules/katja/programs/apostrophe.nix b/homeManagerModules/katja/programs/apostrophe.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.apostrophe ]; + +}
diff --git a/homeManagerModules/katja/programs/bat.nix b/homeManagerModules/katja/programs/bat.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + + programs.bat = { + enable = true; + config.theme = "ansi"; + }; + + home.shellAliases = { + cat = "bat -pp"; + less = "bat"; + }; + +}
diff --git a/homeManagerModules/katja/programs/bitwarden-cli.nix b/homeManagerModules/katja/programs/bitwarden-cli.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.bitwarden-cli ]; + + programs = { + zsh.initExtra = '' + bw-unlock () { + if [[ -z $BW_SESSION ]] ; then + export BW_SESSION="$(bw unlock --raw)" + fi + } + ''; + fish.functions.bw-unlock = '' + if set -g BW_SESSION + set -gx BW_SESSION "$(bw unlock --raw)" + end + ''; + }; + +}
diff --git a/homeManagerModules/katja/programs/celluloid.nix b/homeManagerModules/katja/programs/celluloid.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.celluloid ]; + +}
diff --git a/homeManagerModules/katja/programs/deploymentUtilities.nix b/homeManagerModules/katja/programs/deploymentUtilities.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + + home.packages = with pkgs; [ + age + + deploy-rs + ]; + +}
diff --git a/homeManagerModules/katja/programs/eza.nix b/homeManagerModules/katja/programs/eza.nix @@ -0,0 +1,24 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + programs.eza = { + enable = true; + git = true; + icons = "auto"; + }; + + home.shellAliases = { + ls = "eza"; + ll = "eza -l"; + la = "eza -a"; + lla = "eza -la"; + tree = "eza --tree -a"; + }; + +}
diff --git a/homeManagerModules/katja/programs/firefox.nix b/homeManagerModules/katja/programs/firefox.nix @@ -0,0 +1,312 @@ +{ + inputs, + pkgs, + lib, + ... +}: + +{ + + home.sessionVariables = { + BROWSER = "firefox"; + }; + + home.file."firefox-gnome-theme" = { + source = inputs.firefoxGnomeTheme; + target = ".mozilla/firefox/katja/chrome/firefox-gnome-theme"; + }; + + programs.firefox = { + enable = true; + package = pkgs.firefox; + nativeMessagingHosts = [ pkgs.ff2mpv-rust ]; + + profiles.katja = { + id = 0; + isDefault = true; + + settings = { + # required for firefox-gnome-theme + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.tabs.drawInTitlebar" = true; + "browser.theme.dark-private-windows" = false; + "browser.uidensity" = 0; + "svg.context-properties.content.enabled" = true; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; + + userChrome = '' + @import "firefox-gnome-theme/userChrome.css"; + ''; + + userContent = '' + @import "firefox-gnome-theme/userContent.css"; + ''; + + search.force = true; # Required to prevent search engine symlink being overwritten. See https://github.com/nix-community/home-manager/issues/3698 + search.engines = { + "Noogle" = { + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@noogle" ]; + urls = [ { template = "https://noogle.dev/q?term={searchTerms}"; } ]; + }; + + "NixOS Options" = { + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@nixos" ]; + urls = [ { template = "https://search.nixos.org/options?query={searchTerms}"; } ]; + }; + + "Nix Packages" = { + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@nixpkgs" ]; + urls = [ { template = "https://search.nixos.org/packages?query={searchTerms}"; } ]; + }; + }; + }; + + policies = { + DisableSetDesktopBackground = true; + + # disable tracking bullshit + DisableTelemetry = true; + DisablePocket = true; + DisableFirefoxStudies = true; + DisableFeedbackCommands = true; + + # disable password manager + PasswordManagerEnabled = false; + OfferToSaveLogins = false; + PrimaryPassword = false; + AutofillCreditCardEnabled = false; + + # disable bookmark-toolbar + NoDefaultBookmarks = true; + DisplayBookmarksToolbar = "never"; + DisplayMenuBar = "default-off"; + + Homepage.StartPage = "previous-session"; + Homepage.Locked = true; + + # disable DoH + DNSOverHTTPS.Enabled = false; + DNSOverHTTPS.Locked = true; + + # enable tracking protection + EnableTrackingProtection.Cryptomining = true; + EnableTrackingProtection.Fingerprinting = true; + EnableTrackingProtection.Value = true; + EnableTrackingProtection.Locked = true; + + UserMessaging.ExtensionRecommendations = false; + UserMessaging.FeatureRecommendations = false; + UserMessaging.UrlbarInterventions = false; + UserMessaging.SkipOnboarding = true; + UserMessaging.MoreFromMozilla = false; + UserMessaging.FirefoxLabs = false; + UserMessaging.Locked = true; + + Handlers.schemes = + let + handler = { + action = "useHelperApp"; + ask = true; + handlers = [ + { + name = "VDV PKPass DB Navigator Hook"; + path = pkgs.writeShellScript "db-hook" '' + #!/usr/bin/env bash + + if [[ "$1" == "dbnav:"* ]]; then + url=$(echo -n $1 | base64) + xdg-open "https://vdv-pkpass.magicalcodewit.ch/account/db_login/callback?url=$url" + elif [[ "$1" == "bahnbonus:"* ]]; then + url=$(echo -n $1 | base64) + xdg-open "https://vdv-pkpass.magicalcodewit.ch/account/bahnbonus_login/callback?url=$url" + else + xdg-open "$1" + fi + ''; + } + ]; + }; + in + { + dbnav = handler; + bahnbonus = handler; + }; + + Preferences = + { + "browser.uiCustomization.state".Status = "default"; + "browser.uiCustomization.state".Value = builtins.toJSON { + currentVersion = 21; + newElementCount = 7; + seen = [ ]; + dirtyAreaCache = [ ]; + placements = { + widget-overflow-fixed-list = [ ]; + toolbar-menubar = [ "menubar-items" ]; + vertical-tabs = [ ]; + PersonalToolbar = [ ]; + unified-extensions-area = [ ]; + nav-bar = [ + "back-button" + "forward-button" + "vertical-spacer" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "unified-extensions-button" + ]; + TabsToolbar = [ + "tabbrowser-tabs" + "new-tab-button" + ]; + }; + }; + } + // ( + { + # disable some password-manager/autofill features + "signon.generation.enabled" = false; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.management.page.breach-alerts.enabled" = false; + + # ask websites to not share or sell data + "privacy.globalprivacycontrol.enabled" = true; + + # disable warning on `abou:config` + "browser.aboutConfig.showWarning" = false; + + # disable telemetry stuff + "browser.ping-centre.telemetry" = false; + "browser.topsites.contile.enabled" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # disable trending search suggestions + "browser.urlbar.suggest.trending" = false; + + # disable 'fancy' newtab page bullshit with tons of tracking and ads + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.newtabpage.enabled" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.newtabpage.activity-stream.showSearch" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.feeds.system.topsites" = false; + "browser.newtabpage.activity-stream.feeds.section.highlights" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + } + |> lib.mapAttrs ( + name: value: { + Status = "locked"; + Value = value; + } + ) + ); + + ExtensionSettings = ( + [ + [ + "navbar" + "{446900e4-71c2-419f-a6a7-df9c091e268b}" + ] # Bitwarden Password Manager + [ + "navbar" + "uBlock0@raymondhill.net" + ] # uBlock Origin + [ + "menupanel" + "@ublacklist" + ] # uBlacklist + [ + "menupanel" + "@contain-facebook" + ] # Facebook Container + [ + "menupanel" + "@contain-google" + ] # Google Container + [ + "menupanel" + "containerise@kinte.sh" + ] # Containerise + [ + "menupanel" + "{12cf650b-1822-40aa-bff0-996df6948878}" + ] # cookies.txt + [ + "menupanel" + "@testpilot-containers" + ] # Firefox Multi-Account Containers + [ + "menupanel" + "{252ee273-8c8d-4609-b54d-62ae345be0a1}" + ] # IndicateTLS + [ + "menupanel" + "ipvfoo@pmarks.net" + ] # IPvFoo + [ + "menupanel" + "{e9090647-32ff-48e4-9c3c-1361e8fd270e}" + ] # Modern for Wikipedia + [ + "menupanel" + "sponsorBlocker@ajay.app" + ] # SponsorBlock for YouTube - Skip Sponsorships + [ + "menupanel" + "de-DE@dictionaries.addons.mozilla.org" + ] # German Dictionary + ] + |> lib.map (config: { + name = (lib.elemAt config 1); + value = { + installation_mode = "normal_installed"; + default_area = (lib.elemAt config 0); + install_url = "https://addons.mozilla.org/firefox/downloads/latest/${lib.elemAt config 1}/latest.xpi"; + }; + }) + |> lib.listToAttrs + ); + }; + }; + + wayland.windowManager.sway.config.startup = [ + { command = "firefox"; } + ]; + + xdg = { + enable = true; + mime.enable = true; + + #force hm to override existing mimeapps.list file + configFile."mimeapps.list".force = true; + + mimeApps = { + enable = true; + defaultApplications = { + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + + "image/svg+xml" = "firefox.desktop"; + + "text/html" = "firefox.desktop"; + "text/xml" = "firefox.desktop"; + }; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/fish.nix b/homeManagerModules/katja/programs/fish.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, ... }: + +{ + + programs.fish = { + enable = true; + generateCompletions = true; + }; + +}
diff --git a/homeManagerModules/katja/programs/fractal.nix b/homeManagerModules/katja/programs/fractal.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.fractal ]; + +}
diff --git a/homeManagerModules/katja/programs/ghostty.nix b/homeManagerModules/katja/programs/ghostty.nix @@ -0,0 +1,18 @@ +{ ... }: + +{ + + programs.ghostty = { + enable = true; + enableFishIntegration = true; + enableZshIntegration = true; + enableBashIntegration = true; + installBatSyntax = true; + + settings = { + background-opacity = 0.8; + background-blur = true; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/git.nix b/homeManagerModules/katja/programs/git.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.gitui ]; + home.shellAliases = { + reinitgit = "rm -rf .git && git init && git add -A && git commit -m 'init'"; + }; + + programs.lazygit.enable = true; + programs.git = { + enable = true; + + package = pkgs.gitFull; + + userName = "Katja (ctucx)"; + userEmail = "git@ctu.cx"; + + difftastic.enable = true; + + ignores = [ + ".DS_Store" + "*.swp" + ]; + + aliases = { + log-gpg = "log --show-signature"; + pfusch = "push"; + }; + + extraConfig = { + features.manyFiles = true; + pull.rebase = false; + # "url \"git@git.ctu.cx:\"".insteadOf = "https://git.ctu.cx/"; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/gpg.nix b/homeManagerModules/katja/programs/gpg.nix @@ -0,0 +1,113 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + xdg = { + desktopEntries = { + gscriptor = { + name = "gscriptor"; + settings = { + NoDisplay = "true"; + }; + }; + }; + }; + + home = { + packages = [ pkgs.pcsctools ]; + + sessionVariables = { + GNUPGHOME = lib.mkForce "$HOME/.gnupg"; + }; + + shellAliases = { + gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye"; + }; + }; + + wayland.windowManager.sway.extraConfig = '' + exec_always 'gpgconf --kill gpg-agent' + ''; + + programs = { + zsh.initExtra = '' + export GPG_TTY=$(tty) + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) + gpgconf --launch gpg-agent + ''; + fish.interactiveShellInit = '' + gpgconf --launch gpg-agent + set -gx SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) + ''; + + gpg = { + enable = true; + mutableTrust = true; + mutableKeys = true; + + publicKeys = [ + # my own key + { + trust = 5; + source = "${pkgs.ctucx-website}/gpg_pubkey.asc"; + } + + #izzie@haaien.xyz + { + trust = 4; + source = ( + pkgs.fetchurl { + url = "https://openpgpkey.haaien.xyz/.well-known/openpgpkey/haaien.xyz/hu/jp96shm14rsikewmfdxqyznfr8dpihzu"; + sha256 = "sha256-4RVc0DVVG7nFZG7PvMchuUCUqiVaNtvy67YzIQyGFXs="; + } + ); + } + + # governikus german eid verificaion pubkey + { + trust = 3; + source = ( + pkgs.fetchurl { + url = "https://www.governikus.de/wp-content/uploads/2023/06/governikusPubKey.asc"; + sha256 = "sha256-eU7g+c2CAYGLxHCRb0qsnL3CvKgK3lWcKcgrS1WFwz0="; + } + ); + } + + ]; + + settings.keyserver = "hkps://keyserver.ubuntu.com:443"; + + scdaemonSettings.disable-ccid = true; + }; + + git.signing = { + key = "4F1D8CCB"; + signByDefault = true; + }; + }; + + services = { + gpg-agent = { + enable = true; + enableSshSupport = true; + enableExtraSocket = true; + + pinentryPackage = pkgs.pinentry-gnome3; + + defaultCacheTtl = 600; + defaultCacheTtlSsh = 600; + + sshKeys = [ + "8C11B9BF8B535049F6C87A9CF0C595421E6B8798" + "29FA1059F28D2ED1C6398F7CFA918605F53786C0" + ]; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/helix.nix b/homeManagerModules/katja/programs/helix.nix @@ -0,0 +1,39 @@ +{ lib, pkgs, ... }: + +{ + + home = { + sessionVariables.EDITOR = lib.mkForce "hx"; + shellAliases.nano = lib.mkForce "hx"; + }; + + programs.helix = { + enable = true; + settings = { + editor.cursor-shape.insert = "bar"; + editor.bufferline = "always"; + keys.insert."C-t" = "indent"; + keys.insert."C-d" = "unindent"; + theme = "base16_default"; + }; + languages = { + language-server.scls.command = lib.getExe pkgs.unstable.simple-completion-language-server; + language = [ + { + name = "stub"; + scope = "text.stub"; + file-types = [ ]; + shebangs = [ ]; + roots = [ ]; + auto-format = false; + language-servers = [ "scls" ]; + } + ]; + }; + extraPackages = with pkgs; [ + nil + markdown-oxide + ]; + }; + +}
diff --git a/homeManagerModules/katja/programs/htop.nix b/homeManagerModules/katja/programs/htop.nix @@ -0,0 +1,27 @@ +{ pkgs, lib, ... }: + +{ + + programs.htop = { + enable = true; + + package = pkgs.htop.override { + sensorsSupport = true; + }; + + settings = { + hide_userland_threads = 1; + tree_view = 1; + show_program_path = 0; + show_cpu_frequency = 1; + }; + }; + + xdg = lib.mkIf pkgs.stdenv.isLinux { + desktopEntries.htop = { + name = "Htop"; + settings.NoDisplay = "true"; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/imv.nix b/homeManagerModules/katja/programs/imv.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.imv ]; + + xdg.desktopEntries = { + imv-folder = { + name = "imv (Folder)"; + settings.NoDisplay = "true"; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/javascript.nix b/homeManagerModules/katja/programs/javascript.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + + home.packages = with pkgs; [ + nodejs + pnpm + ]; + + programs.helix.extraPackages = [ + pkgs.typescript-language-server + ]; + +}
diff --git a/homeManagerModules/katja/programs/libreoffice.nix b/homeManagerModules/katja/programs/libreoffice.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.libreoffice-fresh ]; + + xdg.desktopEntries = { + impress.name = "LibreOffice Impress"; + impress.settings.NoDisplay = "true"; + + math.name = "LibreOffice Math"; + math.settings.NoDisplay = "true"; + + base.name = "LibreOffice Base"; + base.settings.NoDisplay = "true"; + + draw.name = "LibreOffice Draw"; + draw.settings.NoDisplay = "true"; + }; + +}
diff --git a/homeManagerModules/katja/programs/mcfly.nix b/homeManagerModules/katja/programs/mcfly.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: + +{ + + programs.mcfly = { + enable = true; + enableFishIntegration = true; + enableZshIntegration = true; + fuzzySearchFactor = 2; + }; + +}
diff --git a/homeManagerModules/katja/programs/micro.nix b/homeManagerModules/katja/programs/micro.nix @@ -0,0 +1,38 @@ +{ pkgs, lib, ... }: + +{ + + home = { + sessionVariables.EDITOR = "micro"; + shellAliases.nano = "micro"; + }; + + programs.micro = { + enable = true; + settings = { + "*.nix".tabstospaces = true; + "*.nix".tabmovement = true; + "*.nix".tabsize = 2; + + "*.nim".tabstospaces = true; + "*.nim".tabmovement = true; + "*.nim".tabsize = 2; + + scrollbar = true; + eofnewline = false; + wordwrap = true; + softwrap = true; + + ignorecase = true; + savehistory = false; + }; + }; + + xdg = lib.mkIf pkgs.stdenv.isLinux { + desktopEntries.micro = { + name = "micro"; + settings.NoDisplay = "true"; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/mpv.nix b/homeManagerModules/katja/programs/mpv.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + programs = { + mpv.enable = true; + mpv.scripts = [ pkgs.mpvScripts.mpris ]; + }; + + xdg.desktopEntries = { + umpv.name = "umpv Media Player"; + umpv.settings.NoDisplay = "true"; + }; + +}
diff --git a/homeManagerModules/katja/programs/nautilus.nix b/homeManagerModules/katja/programs/nautilus.nix @@ -0,0 +1,45 @@ +{ + inputs, + pkgs, + systemConfig, + ... +}: + +{ + + home.packages = with pkgs; [ + nautilus + sushi # quick-preview for nautilus + ]; + + home.sessionVariables = { + NAUTILUS_4_EXTENSION_DIR = "${systemConfig.system.path}/lib/nautilus/extensions-4"; + }; + + xdg.mimeApps.enable = true; + xdg.mimeApps.defaultApplications = { + "inode/directory" = [ "org.gnome.Nautilus.desktop" ]; + }; + + gtk.gtk4.extraCss = '' + /* remove 'starred' in nautilus side-panel */ + .nautilus-window .navigation-sidebar > .sidebar-row:nth-child(2) { + min-height:0; + font-size: 0; + -gtk-icon-size: 0; + margin-top: -2px; + } + ''; + + dconf.settings = with inputs.homeManager.lib.hm.gvariant; { + "org/gnome/nautilus/list-view" = { + use-tree-view = true; + default-zoom-level = "small"; + }; + "org/gnome/nautilus/preferences" = { + date-time-format = "detailed"; + default-folder-viewer = "list-view"; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/nim.nix b/homeManagerModules/katja/programs/nim.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +{ + + home.packages = with pkgs; [ + nim + nimble + ]; + + programs.helix.extraPackages = [ + pkgs.nimlangserver + ]; + +}
diff --git a/homeManagerModules/katja/programs/nix-cleanup.nix b/homeManagerModules/katja/programs/nix-cleanup.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + + home.packages = [ + (pkgs.writeShellScriptBin "nix-cleanup" '' + set -eu + + # Delete everything from this profile that isn't currently needed + nix-env --delete-generations old + + # Delete generations older than a week + nix-collect-garbage + nix-collect-garbage --delete-older-than 7d + + # Optimize + nix-store --gc --print-dead + nix-store --optimise + '') + ]; + +}
diff --git a/homeManagerModules/katja/programs/ocrmypdf.nix b/homeManagerModules/katja/programs/ocrmypdf.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.ocrmypdf ]; + +}
diff --git a/homeManagerModules/katja/programs/paper-plane.nix b/homeManagerModules/katja/programs/paper-plane.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.paper-plane ]; + +}
diff --git a/homeManagerModules/katja/programs/papers.nix b/homeManagerModules/katja/programs/papers.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.papers ]; + +}
diff --git a/homeManagerModules/katja/programs/password-store.nix b/homeManagerModules/katja/programs/password-store.nix @@ -0,0 +1,28 @@ +{ pkgs, lib, ... }: + +{ + + home = { + packages = [ pkgs.pwgen ]; + sessionVariables = { + PASSWORD_STORE_DIR = lib.mkForce "\$HOME/.local/share/password-store"; + }; + }; + + programs = { + password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: [ + exts.pass-otp + exts.pass-update + exts.pass-genphrase + ]); + }; + + browserpass = { + enable = true; + browsers = [ "firefox" ]; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/pdfarranger.nix b/homeManagerModules/katja/programs/pdfarranger.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.pdfarranger ]; + +}
diff --git a/homeManagerModules/katja/programs/phockup.nix b/homeManagerModules/katja/programs/phockup.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.phockup ]; + +}
diff --git a/homeManagerModules/katja/programs/shellUtilities.nix b/homeManagerModules/katja/programs/shellUtilities.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: + +{ + + programs.jq.enable = true; + + home.shellAliases = { + ".." = "cd .."; + "..." = "cd ../.."; + + rm = "trash-put"; + + diff = "diff --color"; + ip = "ip --color=auto"; + + killall = "pkill"; + + grep = "rg"; + find = "fd"; + + backgrounditems = ''bgiparser -f "$HOME/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm" -c''; + + zzz = (if pkgs.stdenv.isLinux then "sleep 1 && systemctl suspend" else "pmset sleepnow"); + }; + + home.packages = + with pkgs; + [ + coreutils + trash-cli + + pwgen + + (pkgs.writeShellScriptBin "use" '' + declare -a all + for p in "$@"; do + all+=("''${NIXPKGS_PATH}#$p") + done + eval nix shell ''${all[@]} + '') + + wget + curl + rsync + + ripgrep + fd + + fx + file + bc + + unzip + + smartmontools + + gptfdisk + e2fsprogs + dosfstools + ] + ++ lib.optionals pkgs.stdenv.isLinux [ + (pkgs.writeShellScriptBin "open" '' + ${pkgs.coreutils}/bin/nohup ${pkgs.xdg-utils}/bin/xdg-open "$@" > /dev/null 2>&1 + '') + + usbutils + pciutils + + lm_sensors + ]; + +}
diff --git a/homeManagerModules/katja/programs/ssh.nix b/homeManagerModules/katja/programs/ssh.nix @@ -0,0 +1,20 @@ +{ ... }: + +{ + + programs.ssh = { + enable = true; + compression = true; + + controlMaster = "auto"; + controlPersist = "2m"; + + matchBlocks = { + "ctucx-git" = { + user = "git"; + hostname = "git.katja.wtf"; + }; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/starship.nix b/homeManagerModules/katja/programs/starship.nix @@ -0,0 +1,18 @@ +{ ... }: + +{ + + programs.starship = { + enable = true; + enableFishIntegration = true; + enableZshIntegration = true; + + settings = { + add_newline = false; + status = { + disabled = false; + }; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/texlive.nix b/homeManagerModules/katja/programs/texlive.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.texlive.combined.scheme-full ]; + +}
diff --git a/homeManagerModules/katja/programs/thunderbird.nix b/homeManagerModules/katja/programs/thunderbird.nix @@ -0,0 +1,46 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + home.packages = [ pkgs.thunderbird ]; + + systemd.user.services.thunderbird = lib.mkIf config.wayland.windowManager.sway.enable { + Unit.After = [ "graphical-session-pre.target" ]; + Unit.PartOf = [ "graphical-session.target" ]; + + Service = { + Environment = "PATH=/run/wrappers/bin:/home/katja/.nix-profile/bin:/etc/profiles/per-user/katja/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"; + ExecStart = "${pkgs.thunderbird}/bin/thunderbird"; + Restart = "always"; + RestartSec = 5; + }; + + Install.WantedBy = [ "graphical-session.target" ]; + }; + + wayland.windowManager.sway.config.startup = [ + { + always = true; + command = "systemctl --user restart thunderbird"; + } + ]; + + xdg = { + enable = true; + mime.enable = true; + + #force hm to override existing mimeapps.list file + configFile."mimeapps.list".force = true; + + mimeApps.enable = true; + mimeApps.defaultApplications = { + "x-scheme-handler/mailto" = "thunderbird.desktop"; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/tmux.nix b/homeManagerModules/katja/programs/tmux.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: + +{ + + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + extraConfig = '' + set -g mouse on + ''; + }; + +}
diff --git a/homeManagerModules/katja/programs/tuba.nix b/homeManagerModules/katja/programs/tuba.nix @@ -0,0 +1,17 @@ +{ lib, pkgs, ... }: + +{ + + home.packages = [ pkgs.tuba ]; + + dconf.settings = { + "dev/geopjr/Tuba" = { + work-in-background = true; + dim-trivial-notifications = true; + group-push-notifications = true; + reply-to-old-post-reminder = false; + show-spoilers = true; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/typst.nix b/homeManagerModules/katja/programs/typst.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, ... }: + +{ + + home.packages = with pkgs; [ + typst + typst-live + ]; + + programs.helix.languages = { + language-server.tinymist = { + command = lib.getExe pkgs.unstable.tinymist; + config = { + preview.background.enabled = true; + preview.background.args = [ "--data-plane-host=127.0.0.1:8123" ]; + fontPaths = [ "./fonts" ]; + exportPdf = "onSave"; + }; + }; + }; + +}
diff --git a/homeManagerModules/katja/programs/yt-dlp.nix b/homeManagerModules/katja/programs/yt-dlp.nix @@ -0,0 +1,19 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + home.shellAliases.yt-dlp-audio = "yt-dlp --format bestaudio -x --audio-format opus --add-metadata --embed-thumbnail"; + + home.packages = with pkgs; [ + yt-dlp + (pkgs.writeShellScriptBin "youtube-dl" '' + exec ${pkgs.yt-dlp}/bin/yt-dlp --compat-options youtube-dl "$@" + '') + ]; + +}
diff --git a/homeManagerModules/katja/programs/zathura.nix b/homeManagerModules/katja/programs/zathura.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.zathura ]; + +}
diff --git a/homeManagerModules/katja/programs/zoxide.nix b/homeManagerModules/katja/programs/zoxide.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + + programs.zoxide = { + enable = true; + enableFishIntegration = true; + enableZshIntegration = true; + }; + + home.shellAliases = { + "cd" = "z"; + "cdi" = "zi"; + }; + +}
diff --git a/homeManagerModules/katja/programs/zsh.nix b/homeManagerModules/katja/programs/zsh.nix @@ -0,0 +1,45 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + home.packages = [ + pkgs.zsh + (lib.lowPrio pkgs.zsh-completions) + ]; + + programs.zsh = { + enable = true; + enableCompletion = true; + enableVteIntegration = true; + + dotDir = ".config/zsh"; + + history = { + path = "${config.xdg.dataHome}/zsh/zsh_history"; + save = 100000000; + size = 1000000000; + expireDuplicatesFirst = true; + ignoreDups = true; + share = true; + }; + + oh-my-zsh = { + enable = true; + plugins = [ + "git" + "gitfast" + "sudo" + "systemd" + ]; + extraConfig = '' + zstyle ':completion:*' menu select + ''; + }; + }; + +}
diff --git a/homeManagerModules/katja/services/easyeffects.nix b/homeManagerModules/katja/services/easyeffects.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + + home.packages = [ pkgs.easyeffects ]; + + systemd.user.services.easyeffects = { + Unit.After = [ "graphical-session-pre.target" ]; + Unit.PartOf = [ "graphical-session.target" ]; + + Service = { + Environment = "PATH=/run/wrappers/bin:/home/katja/.nix-profile/bin:/etc/profiles/per-user/katja/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"; + ExecStart = "${pkgs.easyeffects}/bin/easyeffects --gapplication-service"; + Restart = "always"; + RestartSec = 5; + }; + + Install.WantedBy = [ "graphical-session.target" ]; + }; + + wayland.windowManager.sway.config.startup = [ + { + always = true; + command = "systemctl --user restart easyeffects"; + } + ]; + +}
diff --git a/homeManagerModules/katja/services/mako.nix b/homeManagerModules/katja/services/mako.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: + +{ + + services.mako = { + enable = true; + + defaultTimeout = 20000; + + borderColor = "#002028"; + borderSize = 2; + + backgroundColor = "#002b36AA"; + + textColor = "#fdf6e3"; + font = "Fira Code 11"; + format = "<b>%s</b> <span color=\"#93a1a1\">(%a)</span>\\n%b"; + }; + + systemd.user.services.mako = { + Unit.After = [ "graphical-session-pre.target" ]; + Unit.PartOf = [ "graphical-session.target" ]; + + Service = { + ExecStart = "${pkgs.mako}/bin/mako"; + Restart = "always"; + RestartSec = 5; + }; + + Install.WantedBy = [ "graphical-session.target" ]; + }; + + wayland.windowManager.sway.config.startup = [ + { + always = true; + command = "systemctl --user restart mako"; + } + ]; + +}
diff --git a/homeManagerModules/katja/services/waybar.nix b/homeManagerModules/katja/services/waybar.nix @@ -0,0 +1,220 @@ +{ pkgs, ... }: + +{ + + wayland.windowManager.sway.config.startup = [ + { + always = true; + command = "systemctl --user restart waybar"; + } + ]; + + systemd.user.services.waybar.Service.Environment = "PATH=$PATH:${pkgs.iwd}/bin"; + + programs.waybar = { + enable = true; + systemd.enable = true; + + package = pkgs.waybar.override { + hyprlandSupport = false; + }; + + settings = [ + { + layer = "top"; + position = "top"; + + height = 40; + + modules-left = [ + "sway/workspaces" + "sway/mode" + ]; + modules-center = [ "clock" ]; + modules-right = [ + "tray" + "disk" + "memory" + "cpu" + "idle_inhibitor" + "network#wifi" + "battery" + "pulseaudio" + ]; + + "sway/workspaces" = { + disable-scroll = true; + }; + + "sway/mode" = { + tooltip = false; + format = "<span style=\"italic\">{}</span>"; + }; + + clock = { + interval = 1; + format = "{:%H:%M:%S}"; + format-alt = "{:%Y-%m-%d}"; + tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; + }; + + tray = { + tooltip = false; + # icon-size = 21; + spacing = 10; + }; + + disk = { + format = " {}%"; + tooltip-format = "SSD: {used} / {total} used"; + }; + + memory = { + format = " {}%"; + tooltip-format = "RAM: {used:0.1f}G / {total:0.1f}G used"; + }; + + cpu = { + format = " {usage}%"; + tooltip = false; + }; + + battery = { + bat = "BAT0"; + adapter = "AC"; + interval = 10; + full-at = 99; + states = { + full = 100; + good = 99; + warning = 40; + critical = 15; + }; + + format = "{icon} <span color='white'>{capacity}%</span>"; + format-charging = " <span color='white'>{capacity}%</span>"; + format-plugged = " <span color='white'>{capacity}%</span>"; + format-empty = ""; + format-full = ""; + format-icons = [ + "" + "" + "" + "" + "" + ]; + }; + + "network#wifi" = { + interface = "wlan0*"; + tooltip-format = "{ifname}: {ipaddr}/{cidr}"; + + on-click = "${pkgs.rofi-wayland}/bin/rofi -show wifi -modi 'wifi:${pkgs.rofi-iwd-wifi-menu}/bin/iwdrofimenu'"; + + format-ethernet = ""; + format-wifi = " {essid} ({signalStrength}%)"; + format-linked = ""; + format-disconnected = ""; + }; + + pulseaudio = { + scroll-step = 1; + on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; + + format = "{format_source} {icon} {volume}%"; + format-bluetooth = "{format_source} {icon} {volume}%"; + format-bluetooth-muted = "{format_source} "; + format-muted = "{format_source} "; + format-source = ""; + format-source-muted = ""; + format-icons = { + headphone = ""; + phone = ""; + portable = ""; + car = ""; + default = [ + "" + "" + "" + ]; + }; + }; + + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + } + ]; + + style = '' + @keyframes blink { + to { + background: transparent; + color: #fff; + } + } + + * { + font-family: 'Noto Sans'; + font-size: 15px; + border: none; + border-radius: 0; + min-height: 0; + transition: none; + box-shadow: none; + } + + window#waybar { + /* background: linear-gradient(rgba(0, 0, 0, 0.5), rgba(0, 0, 0, 0)); */ + background: rgba(0, 0, 0, 0.5); + color: white; + border-bottom: 2px solid rgba(59, 135, 86, 0.5); + } + + #workspaces button.focused { + background: rgba(255, 255, 255, 0.1); + border-bottom: 3px solid rgb(74, 169, 108); + } + + #workspaces button:hover { + background: rgba(255, 255, 255, 0.06); + } + + #clock { + font-size: 16px; + font-family: 'Noto Mono', monospace; + } + + #disk, #memory, #cpu, #idle_inhibitor, #battery, #pulseaudio, #network { + padding: 0px 15px; + } + + #battery { + color: #a3be8c; + } + + #battery.charging { + color: #a3be8c; + } + + #battery.critical:not(.charging) { + background: rgba(245, 60, 60, 0.4); + color: #fff; + + border-radius: 15px; + margin: 6px; + + animation-name: blink; + animation-duration: 1s; + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + ''; + }; + +}
diff --git a/homeManagerModules/katja/services/wlsunset.nix b/homeManagerModules/katja/services/wlsunset.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + + services.wlsunset = { + enable = true; + latitude = "8.26"; + longitude = "49.01"; + temperature = { + night = 3000; + day = 4500; + }; + }; + +}
diff --git a/hosts/huntii/default.nix b/hosts/huntii/default.nix @@ -0,0 +1,59 @@ +{ + + system = "x86_64-linux"; + nixpkgsStable = true; + + domain = "infra.katja.wtf"; + + sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMX8q2ux3YdAFGLRfD8/fCEAEalqxsRQwkOSp6gYedFt"; + + hardware = { + cpuVendor = "intel"; + allowHibernation = true; + }; + + configuration = + { ... }: + { + + imports = [ + ./hardware-configuration.nix + ]; + + sapphicCfg = { + hardware = { + video.intel.enable = true; + cpu.updateMicrocode = true; + }; + + presets = { + katja.enable = true; + base.enable = true; + + graphical.enable = true; + graphical.type = "gnomeMinimal"; + }; + + users.katja.enable = true; + }; + + networking.useNetworkd = false; + + hardware.bluetooth.settings = { + General.Experimental = true; + }; + + services = { + printing.enable = true; + gnome.at-spi2-core.enable = false; + + #required for gnome-calendar + gnome.evolution-data-server.enable = true; + gnome.gnome-online-accounts.enable = true; + }; + + system.stateVersion = "24.11"; + home-manager.users.katja.home.stateVersion = "24.11"; + }; + +}
diff --git a/hosts/huntii/hardware-configuration.nix b/hosts/huntii/hardware-configuration.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + + boot.kernelModules = [ "kvm-intel" ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + ]; + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/b3184874-df78-4d02-9412-b060eb37e038"; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/f81ba7a3-4b34-4c58-9588-78f8920b2f00"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9315-B4DE"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + +}
diff --git a/nixosModules.nix b/nixosModules.nix @@ -0,0 +1,71 @@ +{ + inputs, + lib, + utils, + pkgs, + config, + hostConfig, + ... +}: + +let + modules = inputs.haumea.lib.load { + src = ./nixosModules; + transformer = [ + (inputs.haumea.lib.transformers.liftDefault) + ( + _: + lib.mapAttrs ( + name: value: + ( + if value ? option then + ( + (lib.removeAttrs value [ "option" ]) + // { + nixosOptions = lib.mkOption value.option; + } + ) + else if value ? options then + ( + (lib.removeAttrs value [ "options" ]) + // { + nixosOptions = ( + lib.mapAttrsRecursiveCond (element: !(element ? type)) ( + path: value: lib.mkOption value + ) value.options + ); + } + ) + else + (value) + ) + ) + ) + (inputs.haumea.lib.transformers.hoistAttrs "nixosOptions" "options") + ]; + inputs = { + inherit (inputs.self) homeManagerModules; + inherit + inputs + lib + utils + pkgs + config + hostConfig + ; + }; + }; + +in +{ + + options = modules.options; + + config = lib.mkMerge ( + modules + |> lib.filterAttrs (name: value: name != "options") + |> lib.collect (element: element ? config) + |> lib.map (element: element.config) + ); + +}
diff --git a/nixosModules/sapphicCfg/hardware/cpu.nix b/nixosModules/sapphicCfg/hardware/cpu.nix @@ -0,0 +1,26 @@ +{ + povSelf, + hostConfig, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + updateMicrocode = { + type = types.bool; + default = false; + }; + }; + + config = lib.mkIf (cfg.updateMicrocode && (hostConfig.hardware.cpuVendor != null)) { + hardware.cpu.${hostConfig.hardware.cpuVendor}.updateMicrocode = true; + }; + +}
diff --git a/nixosModules/sapphicCfg/hardware/smartcard.nix b/nixosModules/sapphicCfg/hardware/smartcard.nix @@ -0,0 +1,29 @@ +{ + povSelf, + hostConfig, + config, + lib, + pkgs, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + services = { + pcscd.enable = true; + udev.packages = with pkgs; [ libu2f-host ]; + dbus.packages = with pkgs; [ gcr ]; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/hardware/video/enable.nix b/nixosModules/sapphicCfg/hardware/video/enable.nix @@ -0,0 +1,23 @@ +{ + pov, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + hardware.graphics.enable = true; + }; + +}
diff --git a/nixosModules/sapphicCfg/hardware/video/intel.nix b/nixosModules/sapphicCfg/hardware/video/intel.nix @@ -0,0 +1,36 @@ +{ + pov, + config, + lib, + pkgs, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + }; + + config = lib.mkIf (cfg.enable && cfg.intel.enable) { + boot.initrd.kernelModules = [ "i915" ]; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiIntel + vaapiVdpau + libvdpau-va-gl + intel-media-driver + ]; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/hardware/video/nvidia.nix b/nixosModules/sapphicCfg/hardware/video/nvidia.nix @@ -0,0 +1,144 @@ +{ + pov, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + cfgRoot = lib.getAttrFromPath (lib.remove [ "hardware" "video" ] pov) config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + description = '' + Enable NVIDIA hardware support + ''; + }; + open = { + type = types.bool; + default = false; + }; + powerManagement = { + type = types.enum [ + "on" + "off" + "finegrained" + ]; + default = "on"; + description = '' + on/off: Whether to enable experimental power management through systemd. For more information, see the NVIDIA docs, + on Chapter 21. Configuring Power Management Support. + + finegrained: Whether to enable experimental power management of PRIME offload. For more information, see the NVIDIA docs, + on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management. + ''; + }; + integrated = { + enable = { + type = types.bool; + default = false; + description = '' + Enable support for integrated hardware + ''; + }; + integratedBus = { + type = types.str; + default = if config.hardware.cpu.vendor == "intel" then "PCI:0:2:0" else null; + description = '' + Bus ID of the integrated GPU. You can find it using lspci, either under 3D or VGA + ''; + }; + dedicatedBus = { + type = types.str; + default = "PCI:1:0:0"; + description = '' + Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA + ''; + }; + }; + }; + + config = lib.mkIf (cfg.enable && cfg.nvidia.enable) ( + lib.mkMerge [ + { + assertions = [ + { + assertion = !cfg.nvidia.open -> cfgRoot.modules.unfree.enable; + message = '' + The programs.nvidia module uses unfree software if open is set to false. + To use it you need to + - set modules.unfree.enable to true + OR + - set.modules.video.nvidia.open to true + ''; + } + ]; + + boot = { + initrd.availableKernelModules = [ + "nvidia" + "nvidia_modeset" + "nvidia_drm" + "nvidia_uvm" + ]; + kernelParams = [ "nvidia.NVreg_UsePageAttributeTable=1" ]; + }; + + environment.sessionVariables = { + _JAVA_AWT_WM_NONREPARENTING = "1"; + GBM_BACKEND = "nvidia-drm"; + NIXOS_OZONE_WL = "1"; + SDL_VIDEODRIVER = "wayland"; # Can break some native games + WLR_NO_HARDWARE_CURSORS = "1"; + }; + + services.xserver.videoDrivers = [ + "fbdev" + "modesetting" + "nvidia" + ]; + + hardware = { + # NVIDIA + nvidia = { + inherit (cfg.nvidia) open; + + nvidiaSettings = false; + + # Kernel modesetting + modesetting.enable = true; + + package = config.boot.kernelPackages.nvidiaPackages.latest; + + # PowerManagement + powerManagement.enable = cfg.powerManagement == "on" || cfg.powerManagement == "finegrained"; + + powerManagement.finegrained = cfg.nvidia.powerManagement == "finegrained"; + + # Integrated GPU + prime = + if cfg.nvidia.integrated.enable then + { + offload.enable = true; + "${config.hardware.cpu.vendor}BusId" = cfg.nvidia.integrated.integratedBus; + nvidiaBusId = cfg.nvidia.integrated.dedicatedBus; + } + else + { }; + }; + }; + } + + (lib.mkIf (!cfg.nvidia.open) { + sapphicCfg.modules.unfree.list = [ "nvidia-x11" ]; + }) + ] + ); + +}
diff --git a/nixosModules/sapphicCfg/modules/audio.nix b/nixosModules/sapphicCfg/modules/audio.nix @@ -0,0 +1,30 @@ +{ + povSelf, + lib, + config, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + wireplumber.enable = true; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/boot/configurationLimit.nix b/nixosModules/sapphicCfg/modules/boot/configurationLimit.nix @@ -0,0 +1,13 @@ +{ + lib, + ... +}: + +{ + + option = { + type = lib.types.number; + default = 10; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/boot/enable.nix b/nixosModules/sapphicCfg/modules/boot/enable.nix @@ -0,0 +1,30 @@ +{ + pov, + config, + lib, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + option = { + type = types.bool; + default = true; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.enable = true; + assertions = [ + { + assertion = cfg.type != null; + message = "The option modules.boot.type must be set in order to use the module."; + } + ]; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/boot/secureboot.nix b/nixosModules/sapphicCfg/modules/boot/secureboot.nix @@ -0,0 +1,44 @@ +{ + pov, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf (cfg.enable && (cfg.type == "uefi")) ( + lib.mkMerge [ + (lib.mkIf cfg.secureboot { + environment.systemPackages = with pkgs; [ sbctl ]; + boot = { + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/secureboot"; + inherit (cfg) configurationLimit; + }; + loader.systemd-boot.enable = lib.mkForce false; + }; + # modules.filesystem.impermanence.system.extra.dirs = [ "/var/lib/secureboot" ]; + }) + (lib.mkIf (!cfg.secureboot) { + boot.loader.systemd-boot = { + enable = true; + inherit (cfg) configurationLimit; + }; + }) + ] + ); + +}
diff --git a/nixosModules/sapphicCfg/modules/boot/type.nix b/nixosModules/sapphicCfg/modules/boot/type.nix @@ -0,0 +1,45 @@ +{ + pov, + config, + lib, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + option = { + type = types.nullOr ( + lib.types.enum [ + "uefi" + "legacy" + ] + ); + default = null; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf (cfg.type == "legacy") { + boot.loader.grub = { + enable = true; + inherit (cfg) configurationLimit; + }; + }) + (lib.mkIf (cfg.type == "uefi") { + boot.loader = { + grub.enable = false; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }) + ] + ); + +}
diff --git a/nixosModules/sapphicCfg/modules/font.nix b/nixosModules/sapphicCfg/modules/font.nix @@ -0,0 +1,32 @@ +{ + povSelf, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + fonts = { + packages = with pkgs; [ meslo-lgs-nf ]; + fontconfig = { + defaultFonts = { + monospace = [ "MesloLGS NF" ]; + }; + }; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/gnomeMinimal.nix b/nixosModules/sapphicCfg/modules/gnomeMinimal.nix @@ -0,0 +1,436 @@ +{ + povSelf, + config, + lib, + pkgs, + utils, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + + settingsFormat = pkgs.formats.ini { }; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + gdm = { + dconfSettings = { + type = lib.types.attrs; + default = { }; + }; + settings = { + type = settingsFormat.type; + default = { }; + }; + }; + }; + + config = lib.mkIf cfg.enable ( + let + configFile = settingsFormat.generate "custom.conf" cfg.gdm.settings; + + nixos-background-info = pkgs.writeTextFile rec { + name = "nixos-background-info"; + destination = "/share/gnome-background-properties/nixos.xml"; + text = '' + <?xml version="1.0"?> + <!DOCTYPE wallpapers SYSTEM "gnome-wp-list.dtd"> + <wallpapers> + <wallpaper deleted="false"> + <name>Blobs</name> + <filename>${pkgs.nixos-artwork.wallpapers.simple-blue.gnomeFilePath}</filename> + <filename-dark>${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}</filename-dark> + <options>zoom</options> + <shade_type>solid</shade_type> + <pcolor>#3a4ba0</pcolor> + <scolor>#2f302f</scolor> + </wallpaper> + </wallpapers> + ''; + }; + + in + { + + # patched to remove xorg and xwayland completely + nixpkgs.overlays = [ + (final: prev: { + # deactivate some backends + gnome-online-accounts = prev.gnome-online-accounts.overrideAttrs (prevAttrs: { + mesonFlags = prevAttrs.mesonFlags ++ [ + "-Dexchange=false" + "-Dgoogle=false" + "-Dkerberos=false" + "-Downcloud=false" + "-Dwindows_live=false" + "-Dms_graph=false" + ]; + }); + + mutter = prev.mutter.overrideAttrs (prevAttrs: { + mesonFlags = [ + "-Dinstalled_tests=false" + "-Dtests=disabled" + "-Ddocs=true" + "-Dx11=false" + "-Dxwayland=false" + "-Degl_device=true" + "-Dwayland_eglstream=true" + "-Dwayland=true" + "-Dprofiler=true" + "-Dsm=false" + ]; + buildInputs = + (utils.removePackagesByName prevAttrs.buildInputs [ + prev.xorg.libSM + prev.xwayland + prev.gtk4 + prev.xorg.libICE + prev.xorg.libX11 + prev.xorg.libXcomposite + prev.xorg.libXcursor + prev.xorg.libXdamage + prev.xorg.libXext + prev.xorg.libXfixes + prev.xorg.libXi + prev.xorg.libXtst + prev.xorg.libxkbfile + prev.xkeyboard_config + prev.xorg.libxcb + prev.xorg.libXrandr + prev.xorg.libXinerama + prev.xorg.libXau + ]) + ++ [ prev.libGL ]; + nativeBuildInputs = utils.removePackagesByName prevAttrs.nativeBuildInputs [ + prev.xorg.xorgserver + ]; + }); + + gdm = prev.gdm.overrideAttrs (prevAttrs: { + mesonFlags = prev.lib.lists.remove "--Dgdm-xsession=true" ( + prevAttrs.mesonFlags + ++ [ + "-Dgdm-xsession=false" + "-Dx11-support=false" + ] + ); + patches = [ + # GDM fails to find g-s with the following error in the journal. + # gdm-x-session[976]: dbus-run-session: failed to exec 'gnome-session': No such file or directory + # https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/92 + (prev.fetchpatch { + url = "https://gitlab.gnome.org/GNOME/gdm/-/commit/ccecd9c975d04da80db4cd547b67a1a94fa83292.patch"; + hash = "sha256-5hKS9wjjhuSAYwXct5vS0dPbmPRIINJoLC0Zm1naz6Q="; + revert = true; + }) + + ../../../patches/gdm-fix-wayland.patch + + # Change hardcoded paths to nix store paths. + (prev.substituteAll { + src = ../../../patches/gdm-fix-paths.patch; + coreutils = final.coreutils; + plymouth = final.plymouth; + dbus = final.dbus; + }) + ]; + postPatch = '' + # Reverts https://gitlab.gnome.org/GNOME/gdm/-/commit/b0f802e36ff948a415bfd2bccaa268b6990515b7 + # The gdm-auth-config tool is probably not too useful for NixOS, but we still want the dconf profile + # installed (mostly just because .passthru.tests can make use of it). + substituteInPlace meson.build \ + --replace-fail "dconf_prefix = dconf_dep.get_variable(pkgconfig: 'prefix')" "dconf_prefix = gdm_prefix" + ''; + buildInputs = utils.removePackagesByName prevAttrs.buildInputs [ + prev.xorg.libX11 + prev.xorg.libXdmcp + prev.xorg.libxcb + ]; + }); + + gnome-session = prev.gnome-session.overrideAttrs (prevAttrs: { + mesonFlags = [ "-Dx11=false" ]; + buildInputs = utils.removePackagesByName prevAttrs.buildInputs [ + prev.xorg.libICE + prev.xorg.xtrans + ]; + }); + + }) + ]; + + users.groups.gdm.gid = config.ids.gids.gdm; + users.users.gdm = { + name = "gdm"; + uid = config.ids.uids.gdm; + group = "gdm"; + home = "/run/gdm"; + description = "GDM user"; + }; + + security.polkit.enable = true; + networking.networkmanager.enable = lib.mkDefault true; + + hardware = { + graphics.enable = true; + bluetooth.enable = lib.mkDefault true; + }; + + fonts.packages = with pkgs; [ + cantarell-fonts + dejavu_fonts + source-code-pro + source-sans + ]; + + environment = { + etc."gdm/custom.conf".source = configFile; + + systemPackages = with pkgs; [ + (lib.mkIf config.hardware.bluetooth.enable gnome-bluetooth) + (lib.mkIf config.services.colord.enable gnome-color-manager) + gnome-shell + gnome-control-center + ghostty + adwaita-icon-theme + sound-theme-freedesktop + nixos-icons + nixos-background-info + glib # for gsettings program + gnome-menus + gtk3.out # for gtk-launch program + xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ + xdg-user-dirs-gtk + ]; + + # Needed for themes and backgrounds + pathsToLink = [ + "/share" # TODO: https://github.com/NixOS/nixpkgs/issues/47173 + "/share/nautilus-python/extensions" + ]; + }; + + services = { + gnome.gnome-settings-daemon.enable = true; + gnome.glib-networking.enable = true; + udisks2.enable = true; + libinput.enable = true; + accounts-daemon.enable = true; + gnome.at-spi2-core.enable = lib.mkDefault true; + gnome.gnome-keyring.enable = lib.mkDefault true; + pipewire.enable = lib.mkDefault true; + hardware.bolt.enable = lib.mkDefault true; + colord.enable = lib.mkDefault true; + power-profiles-daemon.enable = lib.mkDefault true; + upower.enable = lib.mkDefault config.powerManagement.enable; + system-config-printer.enable = lib.mkDefault config.services.printing.enable; + + gvfs.enable = true; + gvfs.package = + (pkgs.gvfs.overrideAttrs (old: { + mesonFlags = (old.mesonFlags or [ ]) ++ [ + "-Dafp=false" + "-Dafc=false" + "-Dmtp=false" + "-Dgphoto2=false" + ]; + })).override + { + samba = null; + }; + + udev.packages = [ pkgs.mutter ]; + dbus.packages = [ pkgs.gdm ]; + + geoclue2.enable = lib.mkDefault true; + geoclue2.enableDemoAgent = false; # GNOME has its own geoclue agent + geoclue2.appConfig = + lib.genAttrs [ "gnome-datetime-panel" "gnome-color-panel" "org.gnome.Shell" ] + (name: { + isAllowed = true; + isSystem = true; + }); + }; + + programs = { + dconf.enable = true; + dconf.profiles.gdm.databases = [ + { settings = cfg.gdm.dconfSettings; } + "${pkgs.gdm}/share/gdm/greeter-dconf-defaults" + ]; + }; + + xdg = { + mime.enable = true; + icons.enable = true; + + portal.enable = true; + portal.configPackages = lib.mkDefault [ pkgs.gnome-session ]; + portal.extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + }; + + systemd = { + user.services.dbus.wantedBy = [ "default.target" ]; + + tmpfiles.rules = [ "d /run/gdm/.config 0711 gdm gdm" ]; + + packages = with pkgs; [ + gdm + gnome-session + gnome-shell + ]; + + # We dont use the upstream gdm service + # it has to be disabled since the gdm package has it + # https://github.com/NixOS/nixpkgs/issues/108672 + services.gdm.enable = false; + + services.display-manager = { + description = "Display Manager"; + + wants = [ + "systemd-machined.service" + "accounts-daemon.service" + ]; + conflicts = [ + "getty@${pkgs.gdm.initialVT}.service" + "plymouth-quit.service" + ]; + onFailure = [ "plymouth-quit.service" ]; + wantedBy = [ "multi-user.target" ]; + after = [ + "systemd-logind.service" + "systemd-user-sessions.service" + "systemd-machined.service" + "getty@${pkgs.gdm.initialVT}.service" + "acpid.service" + "plymouth-quit.service" + "plymouth-start.service" + ]; + + path = [ pkgs.gnome-session ]; + environment = { + XDG_DATA_DIRS = lib.makeSearchPath "share" ( + with pkgs; + [ + gdm + gnome-session.sessions + gnome-control-center # for accessibility icon + adwaita-icon-theme + hicolor-icon-theme + ] + ); + }; + + serviceConfig = { + KillMode = "mixed"; + IgnoreSIGPIPE = "no"; + BusName = "org.gnome.DisplayManager"; + StandardError = "inherit"; + ExecStart = "${pkgs.gdm}/bin/gdm"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; + KeyringMode = "shared"; + EnvironmentFile = "-/etc/locale.conf"; + Restart = "always"; + RestartSec = "200ms"; + SyslogIdentifier = "display-manager"; + }; + + restartIfChanged = false; + + # Stop restarting if the display manager stops (crashes) 2 times in one minute. + startLimitIntervalSec = 30; + startLimitBurst = 3; + }; + + # Prevent nixos-rebuild switch from bringing down the graphical + # session. (If multi-user.target wants plymouth-quit.service which + # conflicts display-manager.service, then when nixos-rebuild + # switch starts multi-user.target, display-manager.service is + # stopped so plymouth-quit.service can be started.) + services.plymouth-quit = lib.mkIf config.boot.plymouth.enable { + wantedBy = lib.mkForce [ ]; + }; + }; + + # GDM LFS PAM modules, adapted somehow to NixOS + security.pam.services = { + gdm-launch-environment.text = '' + auth required pam_succeed_if.so audit quiet_success user = gdm + auth optional pam_permit.so + + account required pam_succeed_if.so audit quiet_success user = gdm + account sufficient pam_unix.so + + password required pam_deny.so + + session required pam_succeed_if.so audit quiet_success user = gdm + session required pam_env.so conffile=/etc/pam/environment readenv=0 + session optional ${config.systemd.package}/lib/security/pam_systemd.so + session optional pam_keyinit.so force revoke + session optional pam_permit.so + ''; + + gdm-password.text = '' + auth substack login + account include login + password substack login + session include login + ''; + + gdm-autologin.text = '' + auth requisite pam_nologin.so + auth required pam_succeed_if.so uid >= 1000 quiet + ${lib.optionalString config.security.pam.services.login.enableGnomeKeyring '' + auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so + auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so + ''} + auth required pam_permit.so + + account sufficient pam_unix.so + + password requisite pam_unix.so nullok yescrypt + + session optional pam_keyinit.so revoke + session include login + ''; + + # This would block password prompt when included by gdm-password. + # GDM will instead run gdm-fingerprint in parallel. + login.fprintAuth = lib.mkIf config.services.fprintd.enable false; + + gdm-fingerprint.text = lib.mkIf config.services.fprintd.enable '' + auth required pam_shells.so + auth requisite pam_nologin.so + auth requisite pam_faillock.so preauth + auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so + auth required pam_env.so + ${lib.optionalString config.security.pam.services.login.enableGnomeKeyring '' + auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so + auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so + ''} + + account include login + + password required pam_deny.so + + session include login + ''; + }; + + } + ); + +}
diff --git a/nixosModules/sapphicCfg/modules/homeManager.nix b/nixosModules/sapphicCfg/modules/homeManager.nix @@ -0,0 +1,48 @@ +{ + inputs, + povSelf, + pkgs, + lib, + config, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable ( + let + NIXPKGS_PATH = lib.cleanSource pkgs.path; + + in + { + home-manager = { + useGlobalPkgs = true; + extraSpecialArgs = { + inherit (inputs.self) homeManagerModules; + + inputs = inputs; + systemConfig = config; + }; + + sharedModules = [ + { + home.sessionVariables = { + NIXPKGS_PATH = NIXPKGS_PATH; + NIX_PATH = "nixpkgs=${NIXPKGS_PATH}"; + }; + } + ]; + }; + } + ); + +}
diff --git a/nixosModules/sapphicCfg/modules/locale.nix b/nixosModules/sapphicCfg/modules/locale.nix @@ -0,0 +1,42 @@ +{ + povSelf, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + time.timeZone = "Europe/Berlin"; + i18n = { + defaultLocale = "en_GB.UTF-8"; + supportedLocales = [ + "en_GB.UTF-8/UTF-8" + "de_DE.UTF-8/UTF-8" + ]; + + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/nix/disableChannels.nix b/nixosModules/sapphicCfg/modules/nix/disableChannels.nix @@ -0,0 +1,27 @@ +{ + povSelf, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg { + nix = { + channel.enable = lib.mkForce false; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/nix/enable.nix b/nixosModules/sapphicCfg/modules/nix/enable.nix @@ -0,0 +1,44 @@ +{ + povSelf, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg ( + let + NIXPKGS_PATH = lib.cleanSource pkgs.path; + + in + { + nix = { + package = pkgs.lix; + nixPath = lib.mkForce [ "nixpkgs=${NIXPKGS_PATH}" ]; + + settings = { + nix-path = config.nix.nixPath; + trusted-users = [ "@wheel" ]; + experimental-features = [ + "flakes" + "nix-command" + "pipe-operator" + ]; + }; + }; + } + ); + +}
diff --git a/nixosModules/sapphicCfg/modules/plymouth.nix b/nixosModules/sapphicCfg/modules/plymouth.nix @@ -0,0 +1,40 @@ +{ + povSelf, + lib, + config, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + theme = { + type = types.str; + default = "bgrt"; + }; + }; + + config = lib.mkIf cfg.enable { + boot = { + consoleLogLevel = 3; + initrd.verbose = false; + kernelParams = [ + "quiet" + "udev.log_level=3" + ]; + plymouth = { + enable = true; + inherit (cfg) theme; + }; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/security/enable.nix b/nixosModules/sapphicCfg/modules/security/enable.nix @@ -0,0 +1,23 @@ +{ + pov, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + nix.settings.allowed-users = lib.mkDefault [ "@users" ]; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/security/kernel.nix b/nixosModules/sapphicCfg/modules/security/kernel.nix @@ -0,0 +1,85 @@ +{ + pov, + hostConfig, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf (cfg.enable && cfg.kernel) { + environment = { + # memoryAllocator.provider = mkDefault "scudo"; # Breaks stuff + # variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; # Breaks stuff + }; + + boot = { + blacklistedKernelModules = [ + # Obscure network protocols + "ax25" + "netrom" + "rose" + + # Old or rare or insufficiently audited filesystems + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "ntfs" + "omfs" + "qnx4" + "qnx6" + "sysv" + "ufs" + ]; + kernel.sysctl = { + "kernel.yama.ptrace_scope" = lib.mkOverride 500 1; + "kernel.kptr_restrict" = lib.mkOverride 500 2; + "net.core.bpf_jit_enable" = lib.mkDefault false; + "kernel.ftrace_enabled" = lib.mkDefault false; + }; + kernelParams = lib.mkMerge [ + [ + # Slab/slub sanity checks, redzoning, and poisoning + "slub_debug=FZP" + + # Overwrite free'd memory + "page_poison=1" + + # Enable page allocator randomization + "page_alloc.shuffle=1" + ] + # Disable hibernation (allows replacing the running kernel) unless requested + (lib.mkIf (!hostConfig.hardware.allowHibernation) [ "nohibernate" ]) + ]; + }; + + # Disable kernel module loading once the system is fully initialised. + # FIXME: Remove reverse dependencies + security.lockKernelModules = lib.mkDefault (!config.sapphicCfg.presets.graphical.enable); + # Prevent replacing the running kernel image w/o reboot + boot.kernel.sysctl."kernel.kexec_load_disabled" = lib.mkDefault true; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/security/networking.nix b/nixosModules/sapphicCfg/modules/security/networking.nix @@ -0,0 +1,46 @@ +{ + pov, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf (cfg.enable && cfg.networking) { + boot.kernel.sysctl = { + # Enable strict reverse path filtering (that is, do not attempt to route + # packets that "obviously" do not belong to the iface's network; dropped + # packets are logged as martians). + "net.ipv4.conf.all.log_martians" = lib.mkDefault true; + "net.ipv4.conf.all.rp_filter" = lib.mkDefault "1"; + "net.ipv4.conf.default.log_martians" = lib.mkDefault true; + "net.ipv4.conf.default.rp_filter" = lib.mkDefault "1"; + + # Ignore broadcast ICMP (mitigate SMURF) + "net.ipv4.icmp_echo_ignore_broadcasts" = lib.mkDefault true; + + # Ignore incoming ICMP redirects (note: default is needed to ensure that the + # setting is applied to interfaces added after the sysctls are set) + "net.ipv4.conf.all.accept_redirects" = lib.mkDefault false; + "net.ipv4.conf.all.secure_redirects" = lib.mkDefault false; + "net.ipv4.conf.default.accept_redirects" = lib.mkDefault false; + "net.ipv4.conf.default.secure_redirects" = lib.mkDefault false; + "net.ipv6.conf.all.accept_redirects" = lib.mkDefault false; + "net.ipv6.conf.default.accept_redirects" = lib.mkDefault false; + + # Ignore outgoing ICMP redirects (this is ipv4 only) + "net.ipv4.conf.all.send_redirects" = lib.mkDefault false; + "net.ipv4.conf.default.send_redirects" = lib.mkDefault false; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/modules/unfree.nix b/nixosModules/sapphicCfg/modules/unfree.nix @@ -0,0 +1,30 @@ +{ + povSelf, + config, + lib, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + list = { + type = types.listOf lib.types.str; + default = [ ]; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) cfg.list; + }; + +}
diff --git a/nixosModules/sapphicCfg/presets/base.nix b/nixosModules/sapphicCfg/presets/base.nix @@ -0,0 +1,90 @@ +{ + povSelf, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + networking = { + hostId = builtins.substring 0 8 (builtins.hashString "sha256" hostConfig.hostName); + hostName = hostConfig.hostName; + domain = lib.mkDefault hostConfig.domain; + + useNetworkd = lib.mkDefault true; + useDHCP = lib.mkDefault false; + + nftables.enable = lib.mkDefault true; + firewall.enable = lib.mkDefault true; + }; + + hardware.enableRedistributableFirmware = true; + + sapphicCfg = { + modules = { + boot.enable = lib.mkDefault true; + boot.type = lib.mkDefault "uefi"; + + locale.enable = lib.mkDefault true; + unfree.enable = lib.mkDefault true; + nix.enable = lib.mkDefault true; + homeManager.enable = lib.mkDefault true; + + security = { + enable = lib.mkDefault true; + kernel = lib.mkDefault true; + networking = lib.mkDefault true; + }; + }; + + programs = { + shellUtilities.enable = lib.mkDefault true; + systemUtilities.enable = lib.mkDefault true; + networkUtilities.enable = lib.mkDefault true; + + fish.enable = lib.mkDefault true; + git.enable = lib.mkDefault true; + }; + }; + + services = { + fstrim.enable = lib.mkDefault true; + }; + + # thanks piegames (https://git.darmstadt.ccc.de/piegames/home-config/-/blob/master/modules/generic.nix#L84) + system.activationScripts = { + diff = { + supportsDryActivation = true; + text = '' + ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff "$(readlink /run/current-system)" "$systemConfig" + # Ignore "failures" because these tools have weird exit codes + ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ + -- "$(readlink /run/current-system)/activate" "$systemConfig/activate" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true + ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ + -x "os-release" -x "issue" \ + -- "$(readlink /run/current-system)/etc" "$systemConfig/etc" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true + ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ + -x "environment.d" \ + -x "hwdb.d" \ + -- "$(readlink /run/current-system)/systemd" "$systemConfig/systemd" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true + ''; + }; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/presets/graphical/enable.nix b/nixosModules/sapphicCfg/presets/graphical/enable.nix @@ -0,0 +1,29 @@ +{ + povSelf, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg { + sapphicCfg.modules = { + boot.secureboot = lib.mkDefault true; + plymouth.enable = true; + + font.enable = true; + audio.enable = true; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/presets/graphical/type.nix b/nixosModules/sapphicCfg/presets/graphical/type.nix @@ -0,0 +1,20 @@ +{ + povSelf, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + option = { + type = types.enum [ + "gnomeMinimal" + ]; + }; + +}
diff --git a/nixosModules/sapphicCfg/presets/graphical/typeGnomeMinimal.nix b/nixosModules/sapphicCfg/presets/graphical/typeGnomeMinimal.nix @@ -0,0 +1,31 @@ +{ + pov, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + config = lib.mkIf (cfg.enable && (cfg.type == "gnomeMinimal")) { + nixpkgs.overlays = [ + (final: prev: { + # patch gdm to automaticly select the first user + gnome-shell = prev.gnome-shell.overrideAttrs (prevAttrs: { + patches = prevAttrs.patches ++ [ ../../../../patches/gdm-autoselect-user.patch ]; + }); + }) + ]; + + sapphicCfg.modules = { + gnomeMinimal.enable = true; + }; + + networking.networkmanager.enable = true; + }; + +}
diff --git a/nixosModules/sapphicCfg/presets/katja.nix b/nixosModules/sapphicCfg/presets/katja.nix @@ -0,0 +1,30 @@ +{ + povSelf, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + sapphicCfg = { + services.keyd.enable = true; + hardware.smartcard.enable = config.sapphicCfg.presets.graphical.enable; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/programs/fish.nix b/nixosModules/sapphicCfg/programs/fish.nix @@ -0,0 +1,26 @@ +{ + povSelf, + pkgs, + lib, + config, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + programs.fish.enable = true; + users.defaultUserShell = pkgs.fish; + }; + +}
diff --git a/nixosModules/sapphicCfg/programs/git.nix b/nixosModules/sapphicCfg/programs/git.nix @@ -0,0 +1,36 @@ +{ + povSelf, + pkgs, + lib, + config, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + + editor = { + type = types.either types.package types.str; + default = pkgs.nano; + }; + }; + + config = lib.mkIf cfg.enable { + programs.git = { + enable = true; + lfs.enable = true; + config.core.editor = if (lib.isString cfg.editor) then cfg.editor else (lib.getExe cfg.editor); + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/programs/networkUtilities.nix b/nixosModules/sapphicCfg/programs/networkUtilities.nix @@ -0,0 +1,33 @@ +{ + povSelf, + pkgs, + lib, + config, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + dig + nmap + openssh + ]; + + programs = { + mtr.enable = true; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/programs/shellUtilities.nix b/nixosModules/sapphicCfg/programs/shellUtilities.nix @@ -0,0 +1,46 @@ +{ + povSelf, + pkgs, + lib, + config, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + age + eza + file + gnupg + helix + nmap + nvd + openssh + openssl + p7zip + progress + screen + sops + unzip + ]; + + programs = { + # bat.enable = true; + direnv.enable = true; + nano.enable = true; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/programs/systemUtilities.nix b/nixosModules/sapphicCfg/programs/systemUtilities.nix @@ -0,0 +1,34 @@ +{ + povSelf, + pkgs, + lib, + config, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + btop + fastfetch + pciutils + usbutils + ]; + + programs = { + htop.enable = true; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/services/keyd.nix b/nixosModules/sapphicCfg/services/keyd.nix @@ -0,0 +1,50 @@ +{ + povSelf, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + services.keyd = { + enable = true; + keyboards = { + seifenkiste = { + ids = [ "0001:0001:70533846" ]; + settings.main = { + "leftcontrol" = "leftalt"; + "leftalt" = "leftcontrol"; + "rightalt" = "rightcontrol"; + "sysrq" = "rightalt"; + "rightcontrol" = "sysrq"; + }; + }; + lenovoKeyboard = { + ids = [ + "17ef:60e1:8b754650" + "17ef:60ee:5896a757" + ]; + settings.main = { + "leftcontrol" = "leftalt"; + "leftalt" = "leftcontrol"; + "rightalt" = "rightcontrol"; + "sysrq" = "rightalt"; + "rightcontrol" = "sysrq"; + }; + }; + }; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/services/syncthing.nix b/nixosModules/sapphicCfg/services/syncthing.nix @@ -0,0 +1,21 @@ +{ + povSelf, + config, + lib, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { }; + +}
diff --git a/nixosModules/sapphicCfg/users/katja.nix b/nixosModules/sapphicCfg/users/katja.nix @@ -0,0 +1,90 @@ +{ + povSelf, + config, + lib, + pkgs, + homeManagerModules, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg.enable { + users.users.katja = { + uid = 1001; + description = "Katja"; + hashedPassword = "$2b$17$lEBNemC7U5ng8asEgje2/.TfeMjzaaZ7jyCfaYtvfoiW0sSSI9jNy"; + isNormalUser = true; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ + (builtins.readFile "${pkgs.ctucx-website}/ssh_pubkey.asc") + ]; + }; + + home-manager.users.katja.imports = lib.concatLists [ + [ + homeManagerModules.katja.common + ] + (lib.optionals config.sapphicCfg.presets.graphical.enable ( + with homeManagerModules.katja; + [ + configure.xdg + + programs.ghostty + programs.ssh + programs.git + programs.gpg + + programs.yt-dlp + programs.phockup + programs.bitwarden-cli + + programs.nautilus + + programs.firefox + programs.thunderbird + + programs.fractal + programs.tuba + + programs.typst + programs.ocrmypdf + programs.papers + programs.pdfarranger + programs.libreoffice + programs.apostrophe + + programs.celluloid + + programs.javascript + ] + )) + (lib.optionals (config.sapphicCfg.presets.graphical.type == "gnomeMinimal") ( + with homeManagerModules.katja; + [ + configure.gnome + + gnomeExtensions.dash-to-dock + gnomeExtensions.just-perfection + gnomeExtensions.space-bar + gnomeExtensions.search-light + gnomeExtensions.emoji-copy + gnomeExtensions.pip-on-top + gnomeExtensions.bluetoothBatteryMeter + ] + )) + ]; + }; + +}
diff --git a/packages/adwaita-colors-icon-theme.nix b/packages/adwaita-colors-icon-theme.nix @@ -0,0 +1,41 @@ +{ + lib, + stdenvNoCC, + fetchFromGitHub, + gtk3, + xdg-utils, +}: + +stdenvNoCC.mkDerivation rec { + pname = "adwaita-colors-icon-theme"; + version = "2.3"; + + src = fetchFromGitHub { + owner = "dpejoh"; + repo = "Adwaita-colors"; + rev = "v${version}"; + hash = "sha256-q7qvE55vtd8K0T+VQKJ0Qa/qIPToRh3xU1wLjyW68nQ="; + }; + + nativeBuildInputs = [ + gtk3 + xdg-utils + ]; + + installPhase = '' + runHook preInstall + + install -d $out/share/icons + cp -r Adwaita-* $out/share/icons/ + gtk-update-icon-cache -f -t $out/share/icons/Adwaita* && xdg-desktop-menu forceupdate + + runHook postInstall + ''; + + meta = with lib; { + description = "Adwaita Colors customizes Adwaita icons to match your GNOME theme's accent color, providing a cohesive, personalized look."; + homepage = "https://github.com/dpejoh/Adwaita-colors"; + license = with licenses; [ gpl3Only ]; + platforms = platforms.linux; + }; +}
diff --git a/patches/gdm-autoselect-user.patch b/patches/gdm-autoselect-user.patch @@ -0,0 +1,29 @@ +diff --git a/js/gdm/loginDialog.js b/js/gdm/loginDialog.js +index 4f51a6f..d7b84d0 100644 +--- a/js/gdm/loginDialog.js ++++ b/js/gdm/loginDialog.js +@@ -182,6 +182,7 @@ const UserList = GObject.registerClass({ + + this.child = this._box; + this._items = {}; ++ this._numUserAdded = 0; + } + + vfunc_key_focus_in() { +@@ -280,6 +281,7 @@ const UserList = GObject.registerClass({ + this._box.add_child(item); + + this._items[userName] = item; ++ this._numUserAdded += 1; + + item.connect('activate', this._onItemActivated.bind(this)); + +@@ -289,6 +291,8 @@ const UserList = GObject.registerClass({ + this._moveFocusToItems(); + + this.emit('item-added', item); ++ if(this._numUserAdded == 1) ++ this.emit('activate', item); + } + + removeUser(user) {+ \ No newline at end of file
diff --git a/patches/gdm-fix-paths.patch b/patches/gdm-fix-paths.patch @@ -0,0 +1,77 @@ +diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c +index fc5aef6ac..c61e0046b 100644 +--- a/daemon/gdm-manager.c ++++ b/daemon/gdm-manager.c +@@ -151,7 +151,7 @@ plymouth_is_running (void) + GError *error; + + error = NULL; +- res = g_spawn_command_line_sync ("plymouth --ping", ++ res = g_spawn_command_line_sync ("@plymouth@/bin/plymouth --ping", + NULL, NULL, &status, &error); + if (! res) { + g_debug ("Could not ping plymouth: %s", error->message); +@@ -169,7 +169,7 @@ plymouth_prepare_for_transition (void) + GError *error; + + error = NULL; +- res = g_spawn_command_line_sync ("plymouth deactivate", ++ res = g_spawn_command_line_sync ("@plymouth@/bin/plymouth deactivate", + NULL, NULL, NULL, &error); + if (! res) { + g_warning ("Could not deactivate plymouth: %s", error->message); +@@ -184,7 +184,7 @@ plymouth_quit_with_transition (void) + GError *error; + + error = NULL; +- res = g_spawn_command_line_async ("plymouth quit --retain-splash", &error); ++ res = g_spawn_command_line_async ("@plymouth@/bin/plymouth quit --retain-splash", &error); + if (! res) { + g_warning ("Could not quit plymouth: %s", error->message); + g_error_free (error); +@@ -200,7 +200,7 @@ plymouth_quit_without_transition (void) + GError *error; + + error = NULL; +- res = g_spawn_command_line_async ("plymouth quit", &error); ++ res = g_spawn_command_line_async ("@plymouth@/bin/plymouth quit", &error); + if (! res) { + g_warning ("Could not quit plymouth: %s", error->message); + g_error_free (error); +diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c +index a4c4b2dcf..67416b204 100644 +--- a/daemon/gdm-session.c ++++ b/daemon/gdm-session.c +@@ -3193,16 +3193,16 @@ gdm_session_start_session (GdmSession *self, + */ + if (run_launcher) { + if (is_x11) { +- program = g_strdup_printf (LIBEXECDIR "/gdm-x-session %s\"dbus-run-session -- %s\"", ++ program = g_strdup_printf (LIBEXECDIR "/gdm-x-session %s\"@dbus@/bin/dbus-run-session --dbus-daemon=@dbus@/bin/dbus-daemon -- %s\"", + register_session ? "--register-session " : "", + self->selected_program); + } else { +- program = g_strdup_printf (LIBEXECDIR "/gdm-wayland-session %s\"dbus-run-session -- %s\"", ++ program = g_strdup_printf (LIBEXECDIR "/gdm-wayland-session %s\"@dbus@/bin/dbus-run-session --dbus-daemon=@dbus@/bin/dbus-daemon -- %s\"", + register_session ? "--register-session " : "", + self->selected_program); + } + } else { +- program = g_strdup_printf ("dbus-run-session -- %s", ++ program = g_strdup_printf ("@dbus@/bin/dbus-run-session --dbus-daemon=@dbus@/bin/dbus-daemon -- %s", + self->selected_program); + } + } +diff --git a/data/gdm.service.in b/data/gdm.service.in +index 17e8a8de8..afc709778 100644 +--- a/data/gdm.service.in ++++ b/data/gdm.service.in +@@ -26,7 +26,7 @@ Restart=always + IgnoreSIGPIPE=no + BusName=org.gnome.DisplayManager + EnvironmentFile=-${LANG_CONFIG_FILE} +-ExecReload=/bin/kill -SIGHUP $MAINPID ++ExecReload=@coreutils@/bin/kill -SIGHUP $MAINPID + KeyringMode=shared + + [Install]
diff --git a/patches/gdm-fix-wayland.patch b/patches/gdm-fix-wayland.patch @@ -0,0 +1,13 @@ +--- a/daemon/gdm-local-display-factory.c 2024-11-05 19:24:43.441435388 +0100 ++++ b/daemon/gdm-local-display-factory.c 2024-11-05 19:26:39.455865220 +0100 +@@ -289,8 +289,10 @@ + return FALSE; + #endif + ++#ifdef ENABLE_X11_SUPPORT + if (!g_file_test (binary, G_FILE_TEST_IS_EXECUTABLE)) + return FALSE; ++#endif + + return TRUE; + }