diff --git a/common/firefox.nix b/common/firefox.nix index 63327e3..26329ae 100644 --- a/common/firefox.nix +++ b/common/firefox.nix @@ -48,8 +48,11 @@ in OverrideFirstRunPage = ""; OverridePostUpdatePage = ""; DontCheckDefaultBrowser = true; - Preferences = lib.mkMerge ([ ] - ++ lib.optionals cfg.sway.enable [{ "browser.tabs.inTitlebar" = 0; }]); + Preferences = lib.mkMerge ([{ + "pdfjs.enableScripting" = false; + }] + ++ lib.optional cfg.sway.enable { "browser.tabs.inTitlebar" = 0; } + ); }; }; }; diff --git a/common/networking.nix b/common/networking.nix index 593c636..ef54f45 100644 --- a/common/networking.nix +++ b/common/networking.nix @@ -6,7 +6,6 @@ in config = with cfg; lib.mkIf (enable && network) { networking.networkmanager.enable = true; networking.useDHCP = lib.mkDefault true; - networking.firewall.enable = true; hardware.bluetooth.enable = true; @@ -15,7 +14,7 @@ in bluetuith ]; - services.blueman.enable = graphical; + services.blueman.enable = lib.mkIf graphical true; systemd.user.services.mpris-proxy = lib.mkIf sound { description = "Mpris proxy"; diff --git a/common/pass.nix b/common/pass.nix deleted file mode 100644 index 14c39d6..0000000 --- a/common/pass.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, config, lib, ... }: -let - cfg = config.grimmShared; -in -{ - config = with cfg; lib.mkIf (enable && tooling.enable && tooling.pass) { - security.polkit.enable = true; - - environment.systemPackages = with pkgs; [ - mkpasswd - pinentry - gnupg - pass - libsecret - (writeShellScriptBin "passw" "pass $@") - ] ++ lib.optional graphical lxqt.lxqt-policykit; - - services.passSecretService.enable = true; - programs.gnupg.agent = { - settings = { - # default-cache-ttl = 6000; - }; - pinentryPackage = lib.mkForce pkgs.pinentry; - enable = true; - }; - }; -} diff --git a/common/security.nix b/common/security.nix new file mode 100644 index 0000000..4b54e6d --- /dev/null +++ b/common/security.nix @@ -0,0 +1,38 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.grimmShared; +in +{ + config = with cfg; lib.mkIf enable { + security.polkit.enable = true; + networking.firewall.enable = lib.mkIf network true; + + security.doas.enable = true; + security.sudo.enable = false; + security.doas.extraRules = [{ + users = lib.attrNames (lib.filterAttrs (n: v: v.isNormalUser) config.users.users); + keepEnv = true; + persist = true; + }]; + + environment.systemPackages = with pkgs; [ + mkpasswd + gnupg + libsecret + vulnix + doas-sudo-shim # muscle memory + ] ++ lib.optionals (tooling.enable && tooling.pass) [ + pass + (writeShellScriptBin "passw" "pass $@") + ] ++ lib.optional graphical lxqt.lxqt-policykit; + + services.passSecretService.enable = lib.mkIf (tooling.enable && tooling.pass) true; + programs.gnupg.agent = { + settings = { + # default-cache-ttl = 6000; + }; + pinentryPackage = with pkgs; lib.mkForce (if graphical then pinentry-qt else pinentry-tty); + enable = true; + }; + }; +} diff --git a/common/sound.nix b/common/sound.nix index f0b69b1..14800a8 100644 --- a/common/sound.nix +++ b/common/sound.nix @@ -20,6 +20,8 @@ in environment.systemPackages = with pkgs; [ pwvucontrol playerctl + openal + flite pulseaudio ]; }; diff --git a/common/toolchains.nix b/common/toolchains.nix index 71ed762..4ca5b90 100644 --- a/common/toolchains.nix +++ b/common/toolchains.nix @@ -41,6 +41,7 @@ in powertop parted glib + glibc ] ++ lib.optionals cfg.graphical [ qdirstat libva-utils diff --git a/flake.lock b/flake.lock index e41cb0c..a393c4a 100644 --- a/flake.lock +++ b/flake.lock @@ -78,11 +78,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1712743609, - "narHash": "sha256-sbp5oZgxQGNegFqUGtsSvFyb2oZ86G/cCjwY137MnlU=", + "lastModified": 1713020398, + "narHash": "sha256-fZ9snNCxKj5sJ/hymCW8aM8Lzlbzo/VYYfl/oNLh/jc=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "ec3a7e608929f4570a5152c1226f54275452b731", + "rev": "f0e16565b38a473664977625680f08e7cc9dec50", "type": "github" }, "original": { @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1712369716, - "narHash": "sha256-9zs+0GTfSyGHdpiA6dPJXnDKAHmfr01OE9FxDE9KvPI=", + "lastModified": 1712765734, + "narHash": "sha256-HakehmZVdhbXHNaTzoSwIHdvy1A3A7XXEIUHV2cC7d8=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "2516d44cb178547194a66fa9c44930ab9bddd910", + "rev": "7d92cad55f58ef55d5c95ecf3753e0fa75ab11e1", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1712521891, - "narHash": "sha256-qJRkB7QZo2mdR/nABeHQKi3xkQxUsSGjVVQXTSHQocI=", + "lastModified": 1712909442, + "narHash": "sha256-D+VrmsPLkEbxNcI7lp9rGFR33RumbQIyhhjJ4PooWBs=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "ec53086c76303dc8880fa7ba06c45abcae8b3398", + "rev": "8886e3da78fcefb11935ea85da3d1572bf444c55", "type": "github" }, "original": { @@ -357,11 +357,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1712602331, - "narHash": "sha256-pM6sB2ltcy7jtog/gv1tbpT1ZDTdmrxfXPE9mbp/zO8=", + "lastModified": 1712983637, + "narHash": "sha256-PSoOKfevRvoVZdMqijl9VcaB5OqgCoAgQ8UpsEAdEDQ=", "owner": "martinvonz", "repo": "jj", - "rev": "13592ce49eaa245a740c7a8cd0ca8ea622c4fe95", + "rev": "82c85ba7542b0a5c938f53d71f9a481fc37eda1d", "type": "github" }, "original": { @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1712600195, - "narHash": "sha256-RvmOMmJjPc6if0kVLPXWyWIddzLG1yUPkL6PDrEvTrM=", + "lastModified": 1712992043, + "narHash": "sha256-xUbqDxGiDab1et16JupBHpliGNpRSUcKfm++7t0UgBo=", "owner": "YaLTeR", "repo": "niri", - "rev": "e448cfb0efee0efbfc769662ee77ad22a347dc02", + "rev": "71be19b234d58f4ec447e921633506beb81a52c0", "type": "github" }, "original": { @@ -430,11 +430,11 @@ ] }, "locked": { - "lastModified": 1712452624, - "narHash": "sha256-R35K+4krhK5B2fcV6W2HFe/uhXmP8YGTb35uZ+nDAxw=", + "lastModified": 1712969975, + "narHash": "sha256-QckL3hBXRRwapLNbPdjy7+5WQNl2n2o7onmQRpyHwYs=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "06314bbf8fedd83c7253442994a2f0c81d47988e", + "rev": "52f21f01ecbcc48d25c94a8a1e5c98cebf519a78", "type": "github" }, "original": { @@ -468,11 +468,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712608508, - "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=", + "lastModified": 1712791164, + "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6", + "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5", "type": "github" }, "original": { diff --git a/load_common.nix b/load_common.nix index 91169f5..235e03b 100644 --- a/load_common.nix +++ b/load_common.nix @@ -236,8 +236,8 @@ in ./common/opengl.nix ./common/gaming.nix ./common/firefox.nix - ./common/pass.nix ./common/sway.nix ./common/cloudsync.nix + ./common/security.nix ]; } diff --git a/modules/xserver.nix b/modules/xserver.nix index 3a09d5e..6b72fb1 100644 --- a/modules/xserver.nix +++ b/modules/xserver.nix @@ -1,27 +1,14 @@ { - # Enable the X11 windowing system. - services.xserver = { - enable = true; - videoDrivers = [ "nouveau" "fbdev" "modesetting" ]; - # videoDrivers = [ "nouveau" ]; - displayManager = { - # lightdm.enable = true; - sddm = { - enable = true; - wayland.enable = true; - }; - defaultSession = "sway"; - }; - desktopManager = { - # xfce.enable = true; + services.displayManager = { + # lightdm.enable = true; + sddm = { + enable = true; + wayland.enable = true; }; + defaultSession = "sway"; }; services.desktopManager = { plasma6.enable = true; - # xfce.enable = true; }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; }