diff --git a/flake.lock b/flake.lock index e401d03..8b858ff 100644 --- a/flake.lock +++ b/flake.lock @@ -174,7 +174,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_4" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -253,11 +253,11 @@ ] }, "locked": { - "lastModified": 1762787259, - "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -360,11 +360,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1762755326, - "narHash": "sha256-lXEBpx5Q2LdGZCXKTa1v7NhlaSxOvcvnepRi0r38+jg=", + "lastModified": 1763681820, + "narHash": "sha256-gAdAtZ/VLTrbLEQXeAZRk0OkmFrJucMLP3zdqHai/cc=", "ref": "refs/heads/main", - "rev": "0b1d690676589503f0addece30e936a240733699", - "revCount": 6564, + "rev": "b5a2ef77b7876798d33502f8de006f9c478c12db", + "revCount": 6636, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -446,31 +446,6 @@ "type": "github" } }, - "hyprland-protocols_2": { - "inputs": { - "nixpkgs": [ - "hyprsunset", - "nixpkgs" - ], - "systems": [ - "hyprsunset", - "systems" - ] - }, - "locked": { - "lastModified": 1749046714, - "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", - "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-protocols", - "type": "github" - } - }, "hyprlang": { "inputs": { "hyprutils": [ @@ -487,11 +462,11 @@ ] }, "locked": { - "lastModified": 1758927902, - "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=", + "lastModified": 1763254292, + "narHash": "sha256-JNgz3Fz2KMzkT7aR72wsgu/xNeJB//LSmdilh8Z/Zao=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da", + "rev": "deea98d5b61d066bdc7a68163edd2c4bd28d3a6b", "type": "github" }, "original": { @@ -500,79 +475,6 @@ "type": "github" } }, - "hyprlang_2": { - "inputs": { - "hyprutils": [ - "hyprsunset", - "hyprutils" - ], - "nixpkgs": [ - "hyprsunset", - "nixpkgs" - ], - "systems": [ - "hyprsunset", - "systems" - ] - }, - "locked": { - "lastModified": 1750371198, - "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "cee01452bca58d6cadb3224e21e370de8bc20f0b", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprpicker": { - "inputs": { - "hyprutils": "hyprutils_2", - "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_5", - "systems": "systems_2" - }, - "locked": { - "lastModified": 1762388741, - "narHash": "sha256-4PKO/B0C53Qb60UIXB6QjXTvWX3ap34WdcnMoH6+ng0=", - "owner": "hyprwm", - "repo": "hyprpicker", - "rev": "5ab0e1aaa489ceb807c884a73b4948d395d9e229", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprpicker", - "type": "github" - } - }, - "hyprsunset": { - "inputs": { - "hyprland-protocols": "hyprland-protocols_2", - "hyprlang": "hyprlang_2", - "hyprutils": "hyprutils_3", - "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_6", - "systems": "systems_3" - }, - "locked": { - "lastModified": 1760746576, - "narHash": "sha256-fIW9ul//KDRxfi0FY9mQkwrdHqu1qFselUaHh3XjVVY=", - "owner": "hyprwm", - "repo": "hyprsunset", - "rev": "adac50b0ecf24871223bfa62dc6de6616b321e3c", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprsunset", - "type": "github" - } - }, "hyprtoolkit": { "inputs": { "aquamarine": [ @@ -637,61 +539,11 @@ ] }, "locked": { - "lastModified": 1762387740, - "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=", + "lastModified": 1763323331, + "narHash": "sha256-+Z0OfCo1MS8/aIutSAW5aJR9zTae1wz9kcJYMgpwN6M=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, - "hyprutils_2": { - "inputs": { - "nixpkgs": [ - "hyprpicker", - "nixpkgs" - ], - "systems": [ - "hyprpicker", - "systems" - ] - }, - "locked": { - "lastModified": 1749135356, - "narHash": "sha256-Q8mAKMDsFbCEuq7zoSlcTuxgbIBVhfIYpX0RjE32PS0=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "e36db00dfb3a3d3fdcc4069cb292ff60d2699ccb", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, - "hyprutils_3": { - "inputs": { - "nixpkgs": [ - "hyprsunset", - "nixpkgs" - ], - "systems": [ - "hyprsunset", - "systems" - ] - }, - "locked": { - "lastModified": 1749135356, - "narHash": "sha256-Q8mAKMDsFbCEuq7zoSlcTuxgbIBVhfIYpX0RjE32PS0=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "e36db00dfb3a3d3fdcc4069cb292ff60d2699ccb", + "rev": "0c6411851cc779d551edc89b83966696201611aa", "type": "github" }, "original": { @@ -725,56 +577,6 @@ "type": "github" } }, - "hyprwayland-scanner_2": { - "inputs": { - "nixpkgs": [ - "hyprpicker", - "nixpkgs" - ], - "systems": [ - "hyprpicker", - "systems" - ] - }, - "locked": { - "lastModified": 1749145760, - "narHash": "sha256-IHaGWpGrv7seFWdw/1A+wHtTsPlOGIKMrk1TUIYJEFI=", - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "rev": "817918315ea016cc2d94004bfb3223b5fd9dfcc6", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "type": "github" - } - }, - "hyprwayland-scanner_3": { - "inputs": { - "nixpkgs": [ - "hyprsunset", - "nixpkgs" - ], - "systems": [ - "hyprsunset", - "systems" - ] - }, - "locked": { - "lastModified": 1749145760, - "narHash": "sha256-IHaGWpGrv7seFWdw/1A+wHtTsPlOGIKMrk1TUIYJEFI=", - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "rev": "817918315ea016cc2d94004bfb3223b5fd9dfcc6", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "type": "github" - } - }, "ixx": { "inputs": { "flake-utils": [ @@ -853,43 +655,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1762596750, - "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1762361079, - "narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=", + "lastModified": 1762977756, + "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_12": { - "locked": { - "lastModified": 1762363567, - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", + "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", "type": "github" }, "original": { @@ -949,11 +719,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -964,38 +734,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1762596750, - "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -1011,7 +749,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -1027,10 +765,42 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1763191728, + "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim_2" }, "locked": { @@ -1050,7 +820,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -1070,14 +840,14 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1762856806, - "narHash": "sha256-amezM/CNkaIWbmfzPJi4A4zH1k7t+3552SNpy9Doh34=", + "lastModified": 1763722179, + "narHash": "sha256-7czFIGsaaoO4oqL6srEd3LUyA7MDbuSknpN6GAvwWDc=", "owner": "nix-community", "repo": "NUR", - "rev": "27b24a13d45b022bcf2b0fe29f3c8a11af342f47", + "rev": "bb1508be2d4fbfe82bf010aaa3c0ecff6d27694d", "type": "github" }, "original": { @@ -1110,6 +880,18 @@ "type": "github" } }, + "oisd": { + "flake": false, + "locked": { + "narHash": "sha256-BimlCciIYi63B1KGZzUzlpduFmj0jtjASH+QORYWoww=", + "type": "file", + "url": "https://big.oisd.nl/domainswild" + }, + "original": { + "type": "file", + "url": "https://big.oisd.nl/domainswild" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -1120,11 +902,11 @@ ] }, "locked": { - "lastModified": 1762441963, - "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=", + "lastModified": 1763319842, + "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885", + "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", "type": "github" }, "original": { @@ -1141,12 +923,11 @@ "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", - "hyprpicker": "hyprpicker", - "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_5", "nixvim": "nixvim", "nur": "nur", + "oisd": "oisd", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix" } @@ -1170,14 +951,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1762812535, - "narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=", + "lastModified": 1763607916, + "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d75e4f89e58fdda39e4809f8c52013caa22483b7", + "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", "type": "github" }, "original": { @@ -1188,15 +969,15 @@ }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_12", - "systems": "systems_5" + "nixpkgs": "nixpkgs_10", + "systems": "systems_3" }, "locked": { - "lastModified": 1762718300, - "narHash": "sha256-oOQimZTaV1jCw0OBmmK2g7Rdj3E8YGVpkJYD32BWKRQ=", + "lastModified": 1763267524, + "narHash": "sha256-CywB4iCpGr4CYZAD+WboFwBQ7Wnc7LdfSemFWuH/1Ro=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "c7175bd485ed5052df5075fcdde395b631316e94", + "rev": "cf33e39bd1a21993a28ffee8be433e212ecf346a", "type": "github" }, "original": { @@ -1221,36 +1002,6 @@ } }, "systems_2": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_4": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1265,7 +1016,7 @@ "type": "github" } }, - "systems_5": { + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index d6febf5..fe2fefa 100644 --- a/flake.nix +++ b/flake.nix @@ -8,8 +8,6 @@ hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; hyprland.inputs.nixpkgs.follows = "nixpkgs"; hypr-contrib.url = "github:hyprwm/contrib"; - hyprpicker.url = "github:hyprwm/hyprpicker"; - hyprsunset.url = "github:hyprwm/hyprsunset"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; nixos-hardware.url = "github:nixos/nixos-hardware"; @@ -17,6 +15,8 @@ sops-nix.url = "github:Mic92/sops-nix"; disko.url = "github:nix-community/disko/latest"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; + oisd.url = "https://big.oisd.nl/domainswild"; + oisd.flake = false; funkwhale.url = "github:mmai/funkwhale-flake"; }; @@ -26,6 +26,7 @@ nixpkgs, sops-nix, disko, + oisd, ... }@inputs: let diff --git a/hosts/imilia/default.nix b/hosts/imilia/default.nix index 1478b0e..79d35b6 100644 --- a/hosts/imilia/default.nix +++ b/hosts/imilia/default.nix @@ -58,8 +58,11 @@ cpuFreqGovernor = lib.mkDefault "performance"; }; - services.logind.lidSwitchDocked = "ignore"; - services.logind.lidSwitch = "ignore"; + services.logind.settings.Login = { + HandleLidSwitch = "suspend"; + HandleLidSwitchDocked = "ignore"; + }; + boot = { kernelModules = [ "acpi_call" ]; kernelPackages = pkgs.linuxPackages_latest; diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 0343137..22418e6 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -5,6 +5,9 @@ lib, ... }: +let + mac_ethernet = "13:37:00:00:00:01"; +in { imports = [ ./hardware-configuration.nix @@ -14,6 +17,8 @@ ./../../modules/services/mpd.nix ./../../modules/services/smart-monitoring.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd + ./../../modules/security/dnscrypt.nix + ./../../modules/security/syslogd.nix ]; # install some system-utilities; set hosts to be editable by the user. @@ -40,7 +45,7 @@ hardware.framework = { amd-7040.preventWakeOnAC = true; - # laptop13.audioEnhancement.enable = true; # makes audio almost muted + laptop13.audioEnhancement.enable = true; }; # Disable light sensors and accelerometers as they are not used and consume extra battery @@ -51,13 +56,25 @@ # networkmanager.ethernet.macAddress = "13:37:6a:8a:ed:a4"; }; + environment.etc."NetworkManager/conf.d/20-ethernet-mac-address.conf".text = '' + [connection.20-ethernet-mac-addr] + match-device=type:ethernet + ethernet.cloned-mac-address=${mac_ethernet} + + [.config] + enable=nm-version-min:1.45 + ''; + powerManagement = { enable = true; # powertop.enable = true; cpuFreqGovernor = lib.mkDefault "ondemand"; }; - services.logind.lidSwitchDocked = "ignore"; + services.logind.settings.Login = { + HandleLidSwitch = "suspend"; + HandleLidSwitchDocked = "ignore"; + }; # change battery led to blue on suspend to indicate device is in suspend mode systemd.services."suspend-led-set" = { @@ -81,7 +98,6 @@ systemd.sleep.extraConfig = '' HibernateDelaySec=30m ''; - services.logind.lidSwitch = "suspend"; boot = { kernelParams = [ "mem_sleep_default=deep" diff --git a/modules/core/default.nix b/modules/core/default.nix index 96f0236..31e123e 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -2,8 +2,9 @@ { imports = [ (import ./docker.nix) ] + ++ [ (import ../security/default.nix) ] ++ [ (import ./hardware.nix) ] - # ++ [ (import ./displaylink.nix) ] + ++ [ (import ./displaylink.nix) ] # ++ [(import ./printing.nix)] ++ [ (import ./xserver.nix) ] ++ [ (import ./network.nix) ] diff --git a/modules/core/yubikey.nix b/modules/core/yubikey.nix index 1fdad61..2ab5760 100644 --- a/modules/core/yubikey.nix +++ b/modules/core/yubikey.nix @@ -18,6 +18,7 @@ }; services = { + pcscd.enable = true; login.u2fAuth = false; greetd.u2fAuth = false; sudo.u2fAuth = true; @@ -28,7 +29,6 @@ true else false; - # No longer using Hyprlock, might stay here for if I ever switch to it again. hyprlock.u2fAuth = false; hyprlock.fprintAuth = if (host == "sakura") then diff --git a/modules/home/default.nix b/modules/home/default.nix index 2a82caf..8abd449 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -8,6 +8,7 @@ ++ [ (import ./hyprland) ] ++ [ (import ./hyprlock) ] ++ [ (import ./kitty.nix) ] + ++ [ (import ./kanshi.nix) ] ++ [ (import ./foot.nix) ] ++ [ (import ./nvim.nix) ] ++ [ (import ./zathura.nix) ] diff --git a/modules/home/foot.nix b/modules/home/foot.nix index 7c0f4b8..fd9c77b 100644 --- a/modules/home/foot.nix +++ b/modules/home/foot.nix @@ -108,7 +108,7 @@ # long-press-delay=400 [colors] - alpha=0.5 + alpha=0.75 background=000000 foreground=878ba6 diff --git a/modules/home/git.nix b/modules/home/git.nix index 759f5c6..dc97a85 100644 --- a/modules/home/git.nix +++ b/modules/home/git.nix @@ -1,12 +1,11 @@ -{ pkgs, ... }: +{ pkgs, ... }: { programs.git = { enable = true; - - userName = "Ahwx"; - userEmail = "ahwx@ahwx.org"; - - extraConfig = { + + settings = { + user.name = "Ahwx"; + user.email = "ahwx@ahwx.org"; init.defaultBranch = "master"; credential.helper = "store"; alias.stat = "status"; @@ -14,5 +13,8 @@ }; }; - home.packages = [ pkgs.gh pkgs.git-lfs ]; + home.packages = [ + pkgs.gh + pkgs.git-lfs + ]; } diff --git a/modules/home/hyprland/default.nix b/modules/home/hyprland/default.nix index 5497e22..c83bb21 100644 --- a/modules/home/hyprland/default.nix +++ b/modules/home/hyprland/default.nix @@ -6,6 +6,6 @@ ++ [ (import ./scripts.nix) ] ++ [ (import ./variables.nix) ] ++ [ (import ./../hyprsunset.nix) ] - ++ [ (import ./../hyprlock.nix) ] + ++ [ (import ./../hyprlock/default.nix) ] ++ [ inputs.hyprland.homeManagerModules.default ]; } diff --git a/modules/home/hyprland/hyprland.nix b/modules/home/hyprland/hyprland.nix index 283e464..3903d04 100644 --- a/modules/home/hyprland/hyprland.nix +++ b/modules/home/hyprland/hyprland.nix @@ -2,7 +2,7 @@ { home.packages = with pkgs; [ swww - inputs.hypr-contrib.packages.${pkgs.system}.grimblast + inputs.hypr-contrib.packages.${pkgs.stdenv.hostPlatform.system}.grimblast hyprpicker grim slurp @@ -10,7 +10,6 @@ glib wayland direnv - inputs.hyprsunset.packages.${pkgs.system}.hyprsunset ]; # systemd.user.targets.hyprland-session.Unit.Wants = [ "xdg-desktop-autostart.target" ]; wayland.windowManager.hyprland = { diff --git a/modules/home/kanshi.nix b/modules/home/kanshi.nix new file mode 100644 index 0000000..267c7b9 --- /dev/null +++ b/modules/home/kanshi.nix @@ -0,0 +1,90 @@ +{ host, ... }: +{ + services.kanshi = { + enable = true; + + profiles = { + laptops = { + outputs = + if (host == "sakura") then + [ + { + criteria = "eDP-1"; + scale = 1.0; + status = "enable"; + position = "0,0"; + } + ] + else if (host == "zinnia") then + [ + { + criteria = "eDP-1"; + scale = 1.0; + status = "enable"; + position = "0,0"; + } + ] + else if (host == "imilia") then + [ + { + criteria = "eDP-1"; + scale = 1.0; + status = "enable"; + position = "0,0"; + } + ] + else + [ + { + criteria = "eDP-1"; + scale = 1.0; + status = "enable"; + position = "0,0"; + } + ]; + }; + work = { + outputs = [ + { + criteria = "eDP-1"; + scale = 1.0; + status = "enable"; + position = "0,0"; + } + { + criteria = "HP Inc. HP E27q G5 CNC4190NG9"; + scale = 1.0; + status = "enable"; + position = "4816,0"; + } + { + criteria = "HP Inc. HP E27q G5 CNC4081M2B"; + scale = 1.0; + status = "enable"; + position = "2256,0"; + } + ]; + }; + home = { + outputs = [ + { + criteria = "eDP-1"; + status = "disable"; + } + { + criteria = "CMT GM34-CWQ CMI231700118"; + scale = 1.0; + status = "enable"; + position = "0,0"; + } + # { + # criteria = ""; + # scale = 1.0; + # status = "enable"; + # position = "0,0"; + # } + ]; + }; + }; + }; +} diff --git a/modules/home/packages.nix b/modules/home/packages.nix index d2e573b..84d23cc 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -70,6 +70,7 @@ sshpass net-tools nmap + aerc # Install pip packages # python3 @@ -78,8 +79,8 @@ # pip install --user --break-system-packages # '') - inputs.alejandra.defaultPackage.${system} - inputs.nixvim.packages.${pkgs.system}.default + inputs.alejandra.defaultPackage.${pkgs.stdenv.hostPlatform.system} + inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default mermaid-cli gnuplot diff --git a/modules/home/packages.server.nix b/modules/home/packages.server.nix index a1ee999..4aa8f2e 100644 --- a/modules/home/packages.server.nix +++ b/modules/home/packages.server.nix @@ -27,7 +27,7 @@ wget xxd borgbackup - inputs.alejandra.defaultPackage.${system} - inputs.nixvim.packages.${pkgs.system}.default + inputs.alejandra.defaultPackage.${pkgs.stdenv.hostPlatform.system} + inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default ]; } diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix index 03727c2..b2a2ced 100644 --- a/modules/home/sway/default.nix +++ b/modules/home/sway/default.nix @@ -207,6 +207,31 @@ in wrapperFeatures = { gtk = true; }; + extraConfig = '' + set $font Ubuntu Mono + font pango:$font 7 + set $title_options text_transform='lowercase' + + # window styles + hide_edge_borders none + # title_align left + # default_border normal 4 + # for_window [all] border normal 4, floating enable + + # for_window [class="librewolf"], floating disable + # for_window [class="foot"], floating disable + # for_window [class="Element"], floating disable + # for_window [class="dino"], floating disable + # for_window [class="Signal"], floating disable + # for_window [class="libreoffice-writer"] floating disable + # for_window [class="libreoffice-calc"] floating disable + # for_window [class="libreoffice-draw"] floating disable + # for_window [class="libreoffice-math"] floating disable + # for_window [class="libreoffice-impress"] floating disable + + for_window [window_role="(?i)GtkFileChooserDialog"] resize set 720 640 + for_window [title="LibreWolf — Sharing Indicator"] border none + ''; }; home.file.".hm-graphical-session".text = pkgs.lib.concatStringsSep "\n" [ @@ -214,74 +239,6 @@ in "export NIXOS_OZONE_WL=1" # Electron ]; - services.kanshi = { - enable = true; - - profiles = { - laptops = { - outputs = - if (host == "sakura") then - [ - { - criteria = "eDP-1"; - scale = 1.0; - status = "enable"; - position = "0,0"; - } - ] - else if (host == "zinnia") then - [ - { - criteria = "eDP-1"; - scale = 1.0; - status = "enable"; - position = "0,0"; - } - ] - else if (host == "imilia") then - [ - { - criteria = "eDP-1"; - scale = 1.0; - status = "enable"; - position = "0,0"; - } - ] - else - [ - { - criteria = "eDP-1"; - scale = 1.0; - status = "enable"; - position = "0,0"; - } - ]; - }; - work = { - outputs = [ - { - criteria = "eDP-1"; - scale = 1.0; - status = "enable"; - position = "0,0"; - } - { - criteria = "HP Inc. HP E27q G5 CNC4190NG9"; - scale = 1.0; - status = "enable"; - position = "4816,0"; - } - { - criteria = "HP Inc. HP E27q G5 CNC4081M2B"; - scale = 1.0; - status = "enable"; - position = "2256,0"; - } - ]; - }; - }; - }; - programs.sway-easyfocus = { enable = true; settings = { @@ -327,7 +284,7 @@ in [title] "(?i)Thunar" = { icon = "󰉖", color = "#6291d6" } - "(?i)vim" = { app_id = ["foot", "Alacritty"], icon = "", color = "#8fff6d" } + "(?i)vim" = { app_id = ["foot", "kitty"], icon = "", color = "#8fff6d" } "(cloud|developers)\\.google.com" = { icon = "", color = "#4285f4" } "192\\.168\\.0\\.1|192\\.168\\.86\\.1|ui\\.com" = { icon = "󰖩", color = "#004cb6" } "1password\\.com" = { icon = "󰍁", color = "#0572ec" } @@ -391,17 +348,16 @@ in nnn = { app_id = ["foot", "Alacritty"], icon = "󰉖" } pgcli = { app_id = ["foot", "Alacritty"], icon = "󰆼", color = "#c74451" } ''; + home.file = { + "/home/${username}/.config/libinput-gestures/sway.conf" = { + executable = false; + text = " + Cycle right through sway workspaces + gesture: swipe right 3 swaymsg focus right + + # Cycle left through sway workspaces + gesture: swipe left 3 swaymsg focus left + "; + }; + }; } - -#home.file = { -# "/home/${username}/.config/libinput-gestures/sway.conf" = { -# executable = false; -# text = " -# # Cycle right through sway workspaces -# gesture: swipe right 3 swaymsg focus right - -# # Cycle left through sway workspaces -# gesture: swipe left 3 swaymsg focus left -# "; -# }; -#}; diff --git a/modules/home/swaync/default.nix b/modules/home/swaync/default.nix index 45d3fe4..65b0e27 100644 --- a/modules/home/swaync/default.nix +++ b/modules/home/swaync/default.nix @@ -8,7 +8,7 @@ file."/home/${username}/.config/swaync/config.json".text = '' { "$schema": "/etc/xdg/swaync/configSchema.json", - "positionX": "right", + "positionX": "center", "positionY": "top", "layer": "overlay", "layer-shell": true, @@ -79,7 +79,7 @@ outline: none; transition: 200ms; padding: 1px; - background: transparent; + background: rgb(0, 0, 0, 0.75); } .notification-row { @@ -90,7 +90,7 @@ .notification-row .notification-background .close-button { /* The notification Close Button */ - background: transparent; + background: rgb(0, 0, 0, 0.75); color: @text; text-shadow: none; box-shadow: none; @@ -105,14 +105,14 @@ .notification-row .notification-background .close-button:hover { box-shadow: none; - background: transparent; + background: rgb(0, 0, 0, 0.75); transition: background 0.15s ease-in-out; border: 0px; } .notification-row .notification-background .notification { /* The actual notification */ - background: transparent; + background: rgb(0, 0, 0, 0.75); } .notification-group .notification-group-headers { @@ -141,7 +141,7 @@ .control-center-clear-all { /* Clear All button */ - background: transparent; + background: rgb(0, 0, 0, 0.75); padding: 5px; } @@ -156,7 +156,7 @@ /*** Widgets ***/ /* Title widget */ .widget-title { - background: transparent; + background: rgb(0, 0, 0, 0.75); margin-top: 15px; margin-left: 15px; margin-right: 15px; @@ -164,7 +164,7 @@ /* Do Not Disturb widget */ .widget-dnd { - background: transparent; + background: rgb(0, 0, 0, 0.75); margin-left: 15px; margin-right: 15px; } diff --git a/modules/home/waybar/default.nix b/modules/home/waybar/default.nix index 076a386..2ee9979 100644 --- a/modules/home/waybar/default.nix +++ b/modules/home/waybar/default.nix @@ -295,7 +295,7 @@ }, "battery": { - "bat": "BAT0", + "bat": "BAT1", "interval": 20, "states": { "warning": 20, @@ -383,7 +383,7 @@ window#waybar.top { /* background-color: rgba(115, 116, 116, 0.22); */ - background-color: rgba(0, 0, 0, 0.25); + background-color: rgba(0, 0, 0, 0.75); border-top: none; color: #eeeeee; transition-property: background-color; diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index f5f3c89..244bd07 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -167,6 +167,9 @@ # alias imv="nsxiv" # alias sxiv="nsxiv" # fi + function preexec { + print -Pn "\e]0;$\{(q)1}\e\\" + } ''; zsh-abbr = { @@ -228,11 +231,13 @@ du = "dust"; cp = "cp -i -v"; mv = "mv -i -v"; + cd = "z"; rm = "rm -i -v"; cat = "${lib.getExe pkgs.bat} --plain"; diff = "${lib.getExe pkgs.delta} --color-only"; battery-left = "${lib.getExe pkgs.acpi} | cut -d' ' -f5"; github-actions = "${lib.getExe pkgs.act} -s GITHUB_TOKEN=\"$(${lib.getExe pkgs.github-cli} auth token)\""; + tailscale = "sudo tailscale"; # NixOS ns = "nix-shell --run zsh"; diff --git a/modules/security/default.nix b/modules/security/default.nix new file mode 100644 index 0000000..1495a84 --- /dev/null +++ b/modules/security/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = + [ (import ./dnscrypt.nix) ] + # ++ [ (import ../opensnitch.nix) ] + ++ [ (import ./syslogd.nix) ]; +} diff --git a/modules/security/dnscrypt.nix b/modules/security/dnscrypt.nix new file mode 100644 index 0000000..ca5e4da --- /dev/null +++ b/modules/security/dnscrypt.nix @@ -0,0 +1,56 @@ +{ + config, + lib, + pkgs, + inputs, + host, + ... +}: +let + ipv6 = false; # We don't have IPv6 yet sadly + blocklist_base = builtins.readFile inputs.oisd; + extraBlocklist = ''''; + blocklist_txt = pkgs.writeText "blocklist.txt" '' + ${extraBlocklist} + ${blocklist_base} + ''; +in +{ + services.dnscrypt-proxy = { + enable = true; + # See https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml + settings = { + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + minisign_key = "sha256-LRw8acNa39MUv7XmA0GuheugECcejbN8+GJl2Ra7lpg="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + cache_file = "/var/lib/dnscrypt/public-resolvers.md"; + }; + + # Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity + ipv6_servers = ipv6; + block_ipv6 = !(ipv6); + + require_dnssec = true; + require_nolog = true; + require_nofilter = true; + + # If you want, choose a specific set of servers that come from your sources. + # Here it's from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + # If you don't specify any, dnscrypt-proxy will automatically rank servers + # that match your criteria and choose the best one. + # server_names = [ ... ]; + blocked_names.blocked_names_file = blocklist_txt; + }; + }; + + systemd.services.dnscrypt-proxy.serviceConfig.StateDirectory = "dnscrypt-proxy"; + + networking.networkmanager.dns = "none"; # set system DNS to not get random records from DHCP + programs.captive-browser = { + enable = true; # enable dedicated Chromium instance to deal with captive portals without messing with system DNS settings + interface = if (host == "sakura") then "wlp1s0" else "null"; # TODO: add hostnames for more devices + }; +} diff --git a/modules/security/opensnitch.nix b/modules/security/opensnitch.nix new file mode 100644 index 0000000..b24810a --- /dev/null +++ b/modules/security/opensnitch.nix @@ -0,0 +1,5 @@ +{ + services.opensnitch = { + enable = true; + }; +} diff --git a/modules/security/syslogd.nix b/modules/security/syslogd.nix new file mode 100644 index 0000000..2ee256a --- /dev/null +++ b/modules/security/syslogd.nix @@ -0,0 +1,46 @@ +{ lib, ... }: +{ + services.syslogd = { + enable = true; + enableNetworkInput = lib.mkForce false; + tty = ""; + defaultConfig = '' + local1.* -/var/log/dhcpd + + *.=warning;*.=err -/var/log/warn + *.crit /var/log/warn + + *.*;mail.none;local1.none -/var/log/messages + + auth,authpriv.* /var/log/auth.log + *.*;auth,authpriv.none -/var/log/syslog + cron.* /var/log/cron.log + daemon.* -/var/log/daemon.log + kern.* -/var/log/kern.log + lpr.* -/var/log/lpr.log + mail.* /var/log/mail.log + user.* -/var/log/user.log + uucp.* -/var/log/uucp.log + local6.debug /var/log/imapd.log + + mail.info -/var/log/mail.info + mail.warn -/var/log/mail.warn + mail.err /var/log/mail.err + + *.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug + *.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + daemon,mail.*;\ + news.=crit;news.=err;news.=notice;\ + *.=debug;*.=info;\ + *.=notice;*.=warn /dev/tty8 + + *.emerg * + *.=alert * + ''; + }; +} diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix index d886410..587b82a 100644 --- a/modules/services/tailscale.nix +++ b/modules/services/tailscale.nix @@ -1,3 +1,10 @@ { - services.tailscale.enable = true; + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + # "--accept-dns=false" + "--accept-routes" + ]; + }; }