Grimmauld/grimm-nix-shared
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add firefox suport, split out pass support

Browse source
This commit is contained in:
LordGrimmauld 2024-03-17 10:54:25 +01:00
parent ed422e8265
commit 0631f9ca99
4 changed files with 86 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
default.nix
View file

@ -32,6 +32,12 @@ in {
tooling = {
enable = mkEnableOption "grimm-tooling";
pass = mkOption {
type = types.bool;
default = true;
description = "Enables password-store, gnupg and such secret handling";
};
git_user = mkOption {
type = types.str;
@ -63,6 +69,16 @@ in {
default = false;
description = "enables steam, heroic, prism and gamemoded";
};
firefox = {
enable = mkEnableOption "grimm-firefox";
plugins = mkOption {
type = types.attrsOf types.str;
default = {};
description = "set of plugins to install. Format: uid = url";
};
};
};
imports = [
@ -74,5 +90,7 @@ in {
./modules/sound.nix
./modules/opengl.nix
./modules/gaming.nix
./modules/firefox.nix
./modules/pass.nix
];
}

40
modules/firefox.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs, config, lib, ... }: let
cfg = config.grimmShared;
in {
config = with cfg; lib.mkIf (enable && firefox.enable) {
programs.firefox = {
enable = true;
nativeMessagingHosts.packages = []
++ lib.optionals (cfg.tooling.enable && cfg.tooling.pass) [ pkgs.passff-host ];
languagePacks = [ "de" "en-US" ];
policies = {
ExtensionSettings = lib.mkMerge [
{} # global rules. Potentially add blocking of regularly installed addons here.
(lib.mapAttrs (uid: url: { # explicit plugins by config
install_url = url;
installation_mode = "force_installed";
} ) cfg.firefox.plugins )
(lib.mkIf (cfg.tooling.enable && cfg.tooling.pass) { # password-store support
install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
installation_mode = "force_installed";
})
];
DisableTelemetry = true;
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value= true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
DisablePocket = true;
DisableFirefoxAccounts = true;
DisableAccounts = true;
DisableFirefoxScreenshots = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
};
};
};
}

28
modules/pass.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, config, lib, ... }: let
cfg = config.grimmShared;
in {
config = with cfg; lib.mkIf (enable && tooling.enable && tooling.pass) {
security.polkit.enable = true;
environment.systemPackages = with pkgs; [
mkpasswd
pinentry
gnupg
pass
libsecret
(writeShellScriptBin "passw" "pass $@")
] ++ lib.optionals cfg.graphical [
lxqt.lxqt-policykit
];
services.passSecretService.enable = true;
programs.gnupg.agent = {
settings = {
# default-cache-ttl = 6000;
};
pinentryPackage = lib.mkDefault pkgs.pinentry;
enable = true;
# enableSSHSupport = true;
};
};
}

19
modules/toolchains.nix
View file

@ -2,24 +2,17 @@
cfg = config.grimmShared;
in {
config = with cfg; lib.mkIf (enable && tooling.enable) {
security.polkit.enable = true;
environment.systemPackages = with pkgs; [
(writeShellScriptBin "silent-add" "git add --intent-to-add $@ ; git update-index --assume-unchanged $@")
(writeShellScriptBin "systemd-owner" "systemctl show -pUser,UID $@")
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
mkpasswd
gcc
jdk17
python3
pkg-config
pinentry
pass
libsecret
tea
acpi
(writeShellScriptBin "passw" "pass $@")
fbcat
gomuks
@ -31,7 +24,6 @@ in {
tree
file
util-linux
gnupg
visualvm
ffmpeg-full
lm_sensors
@ -48,7 +40,6 @@ in {
parted
] ++ lib.optionals cfg.graphical [
qdirstat
lxqt.lxqt-policykit
libva-utils
glxinfo
alacritty
@ -108,18 +99,8 @@ in {
};
};
services.passSecretService.enable = true;
services.pcscd.enable = true;
programs.xonsh.enable = true;
programs.ssh.startAgent = true;
programs.thefuck.enable = true;
programs.gnupg.agent = {
settings = {
# default-cache-ttl = 6000;
};
pinentryPackage = lib.mkDefault pkgs.pinentry;
enable = true;
# enableSSHSupport = true;
};
};
}