cleanup and integration fixes

This commit is contained in:
Grimmauld 2024-09-21 09:43:57 +02:00
parent 967f556eac
commit c37a6082d3
Signed by: Grimmauld
GPG key ID: C2946668769F91FB
12 changed files with 95 additions and 60 deletions

View file

@ -9,6 +9,7 @@ let
types types
mkOption mkOption
concatStrings concatStrings
getExe'
mkIf mkIf
mkEnableOption mkEnableOption
; ;
@ -36,7 +37,7 @@ in
{ {
config = mkIf (enable && cloudSync.enable) ( config = mkIf (enable && cloudSync.enable) (
let let
cloud_cmd = ''${nextcloud-client}/bin/nextcloudcmd -u ${cloudSync.username} -p "$(cat ${cloudSync.passwordFile})" -h -n --path''; cloud_cmd = ''${getExe' nextcloud-client "nextcloudcmd"} -u ${cloudSync.username} -p "$(${getExe' pkgs.coreutils-full "cat"} ${cloudSync.passwordFile})" -h -n --path'';
sync_server = "https://${cloudSync.server}"; sync_server = "https://${cloudSync.server}";
in in
{ {

View file

@ -37,19 +37,12 @@ in
]; ];
policies = { policies = {
ExtensionSettings = ExtensionSettings =
(mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) # (mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) //
// (mapAttrs (guid: shortId: { (mapAttrs (guid: shortId: {
# explicit plugins by config # explicit plugins by config
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi"; install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}) firefox.plugins) }) config.grimmShared.firefox.plugins);
// (mkIf (tooling.enable && tooling.pass) {
# password-store support
"passff@invicem.pro" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
installation_mode = "force_installed";
};
});
DisableTelemetry = true; DisableTelemetry = true;
DisableFirefoxStudies = true; DisableFirefoxStudies = true;
EnableTrackingProtection = { EnableTrackingProtection = {
@ -70,6 +63,7 @@ in
"media.hardware-video-decoding.enabled" = true; "media.hardware-video-decoding.enabled" = true;
"media.ffmpeg.vaapi.enabled" = true; "media.ffmpeg.vaapi.enabled" = true;
"network.dns.disableIPv6" = true;
"media.rdd-ffmpeg.enabled" = true; "media.rdd-ffmpeg.enabled" = true;
"media.navigator.mediadatadecoder_vpx_enabled" = true; "media.navigator.mediadatadecoder_vpx_enabled" = true;
} // optionalAttrs sway.enable { "browser.tabs.inTitlebar" = 0; }; } // optionalAttrs sway.enable { "browser.tabs.inTitlebar" = 0; };

View file

@ -18,6 +18,7 @@ let
max max
foldl' foldl'
getExe getExe
getExe'
isPath isPath
isDerivation isDerivation
concatLines concatLines
@ -79,13 +80,13 @@ let
) screens; ) screens;
in in
'' ''
for pid in $(${pkgs.procps}/bin/pgrep sway -x) for pid in $(${getExe' pkgs.procps "pgrep"} sway -x)
do do
uid=$(id -u $(${pkgs.procps}/bin/ps -o user= -p $pid)) uid=$(id -u $(${getExe' pkgs.procps "ps"} -o user= -p $pid))
export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock" export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
if [[ -e "$SWAYSOCK" ]] ; then if [[ -e "$SWAYSOCK" ]] ; then
echo "sock is $SWAYSOCK" echo "sock is $SWAYSOCK"
${config.programs.sway.package}/bin/swaymsg '${concatMapStrings (s: s + " ; ") output_def}' ${getExe' config.programs.sway.package "swaymsg"} '${concatMapStrings (s: s + " ; ") output_def}'
fi fi
done done
''; '';
@ -184,13 +185,13 @@ in
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = '' script = ''
for pid in $(${pkgs.procps}/bin/pgrep sway -x) for pid in $(${getExe' pkgs.procps "pgrep"} sway -x)
do do
uid=$(id -u $(${pkgs.procps}/bin/ps -o user= -p $pid)) uid=$(id -u $(${getExe' pkgs.procps "ps"} -o user= -p $pid))
export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock" export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
if [[ -e "$SWAYSOCK" ]] ; then if [[ -e "$SWAYSOCK" ]] ; then
echo "sock is $SWAYSOCK" echo "sock is $SWAYSOCK"
${config.programs.sway.package}/bin/swaymsg reload ${getExe' config.programs.sway.package "swaymsg"} reload
fi fi
done done
@ -199,7 +200,7 @@ in
reloadTriggers = [ config.environment.etc."${conf_path}".source ]; reloadTriggers = [ config.environment.etc."${conf_path}".source ];
}; };
programs.waybar.enable = true; # programs.waybar.enable = true;
programs.dconf.enable = true; programs.dconf.enable = true;
@ -212,7 +213,7 @@ in
}; };
extraPackages = with pkgs; [ extraPackages = with pkgs; [
swaylock # swaylock
swayidle swayidle
wl-clipboard wl-clipboard
wf-recorder wf-recorder

View file

@ -50,7 +50,7 @@ in
echo Trying to attach ddcci to $1 echo Trying to attach ddcci to $1
i=0 i=0
id=$(echo $1 | cut -d "-" -f 2) id=$(echo $1 | cut -d "-" -f 2)
if ${pkgs.ddcutil}/bin/ddcutil getvcp 10 -b $id; then if ${lib.getExe' pkgs.ddcutil "ddcutil"} getvcp 10 -b $id; then
echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device
fi fi
''; '';

View file

@ -11,6 +11,7 @@ let
optional optional
concatLines concatLines
getExe getExe
getExe'
elem elem
mkIf mkIf
; ;
@ -52,8 +53,8 @@ let
) )
); );
auto = writeShellScriptBin "auto-mode" '' auto = writeShellScriptBin "auto-mode" ''
${tlp}/bin/run-on-ac ${getExe performance} ${getExe' tlp "run-on-ac"} ${getExe performance}
${tlp}/bin/run-on-bat ${getExe powersave} ${getExe' tlp "run-on-bat"} ${getExe powersave}
''; '';
in in
{ {

View file

@ -25,7 +25,7 @@ in
"sound.target" "sound.target"
]; ];
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy"; serviceConfig.ExecStart = lib.getExe' pkgs.bluez "mpris-proxy";
}; };
}; };
} }

View file

@ -61,9 +61,9 @@ in
password_cmd = password_cmd =
let let
pass = spotify.spotifyd.pass; pass = spotify.spotifyd.pass;
inherit (lib) isPath isString getExe; inherit (lib) isPath isString getExe getExe';
in in
if (isPath pass || isString pass) then "${pkgs.coreutils-full}/bin/cat ${pass}" else (getExe pass); if (isPath pass || isString pass) then "${getExe' pkgs.coreutils-full "cat"} ${pass}" else (getExe pass);
device_type = "computer"; device_type = "computer";
dbus_type = "system"; dbus_type = "system";
device = "default"; device = "default";

View file

@ -26,11 +26,12 @@ in
id = [ "26681512" ]; id = [ "26681512" ];
# debug = true; # debug = true;
mode = "challenge-response"; mode = "challenge-response";
control = "sufficient"; control = lib.mkDefault "sufficient";
}; };
security.doas.enable = true; # security.doas.enable = true;
security.sudo.enable = false; security.sudo.enable = true;
security.doas.extraRules = [ security.doas.extraRules = [
{ {
users = attrNames (filterAttrs (n: v: v.isNormalUser) config.users.users); users = attrNames (filterAttrs (n: v: v.isNormalUser) config.users.users);
@ -45,18 +46,18 @@ in
gnupg gnupg
libsecret libsecret
vulnix vulnix
doas-sudo-shim # muscle memory
agenix agenix
yubikey-manager yubikey-manager
yubico-pam yubico-pam
yubikey-personalization yubikey-personalization
]) ])
++ optionals (tooling.enable && tooling.pass) [ ++ (optionals (tooling.enable && tooling.pass) [
pkgs.pass pkgs.pass
(pkgs.writeShellScriptBin "passw" "pass $@") (pkgs.writeShellScriptBin "passw" "pass $@")
] ])
++ optional graphical pkgs.lxqt.lxqt-policykit; ++ (optional config.security.doas.enable pkgs.sudo-doas-shim)
++ (optional graphical pkgs.lxqt.lxqt-policykit);
services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true; services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true;
services.openssh.settings.LoginGraceTime = 0; services.openssh.settings.LoginGraceTime = 0;
@ -68,6 +69,8 @@ in
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
}; };
grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) { "passff@invicem.pro" = "passff"; };
}; };
options.grimmShared.tooling.pass = mkEnableOption "Enables password-store, gnupg and such secret handling"; options.grimmShared.tooling.pass = mkEnableOption "Enables password-store, gnupg and such secret handling";

View file

@ -50,10 +50,19 @@ in
environment.sessionVariables = { environment.sessionVariables = {
XDG_CONFIG_HOME = "$HOME/.config"; XDG_CONFIG_HOME = "$HOME/.config";
XDG_DESKTOP_DIR="$HOME/Desktop";
XDG_DOCUMENTS_DIR="$HOME/Documents";
XDG_DOWNLOAD_DIR="$HOME/Downloads";
XDG_MUSIC_DIR="$HOME/Music";
XDG_PICTURES_DIR="$HOME/Pictures";
XDG_PUBLICSHARE_DIR="$HOME/Public";
XDG_TEMPLATES_DIR="$HOME/Templates";
XDG_VIDEOS_DIR="$HOME/Videos";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
xwaylandvideobridge xwaylandvideobridge
xdg-user-dirs
confwhich confwhich
]; ];
}; };

View file

@ -5,10 +5,10 @@
"homepage": null, "homepage": null,
"owner": "ezKEa", "owner": "ezKEa",
"repo": "aagl-gtk-on-nix", "repo": "aagl-gtk-on-nix",
"rev": "49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8", "rev": "bcaea0865985eb3e24ce978e2ca5bb4f680f150b",
"sha256": "1275gl2ly0iaqapxwimsbnky9fzwa0x3miscz372qa74gcc0wjwv", "sha256": "15fgkb32cqkzb9z03akbaz2qv6i3h1zs9rwy94fkp78cr2yxfizb",
"type": "tarball", "type": "tarball",
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8.tar.gz", "url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/bcaea0865985eb3e24ce978e2ca5bb4f680f150b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"agenix": { "agenix": {
@ -29,10 +29,10 @@
"homepage": "", "homepage": "",
"owner": "nix-community", "owner": "nix-community",
"repo": "authentik-nix", "repo": "authentik-nix",
"rev": "f1bd855c23e73e04597695ca37ae54671a7e07b1", "rev": "0fd076529b40e7fc7304a398618cab76ff7e96c3",
"sha256": "1dkp86mr2n0h4hq74wj3b0b9ka8x2xkwv8pcbwk5knhrv26qajwb", "sha256": "1ax3rvw66s246dyrcgpshr7bj78qv73db8s6sd3hzvbmn56kwixr",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nix-community/authentik-nix/archive/f1bd855c23e73e04597695ca37ae54671a7e07b1.tar.gz", "url": "https://github.com/nix-community/authentik-nix/archive/0fd076529b40e7fc7304a398618cab76ff7e96c3.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"chaotic": { "chaotic": {
@ -41,10 +41,10 @@
"homepage": "https://nyx.chaotic.cx", "homepage": "https://nyx.chaotic.cx",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "38451822a144faa53a7ee96d4f0478d94945b67a", "rev": "93e6cdc6335d9c7652e89466b5e05a3cce836906",
"sha256": "08rcfarlda0fxgc02xdfyk8dsp18bmiyf0n39sfd5nq1s5513awy", "sha256": "11d9jyd8yw0xnpimgwsi0vw2i63f5hkw9x0g7pmnk0542k50xms6",
"type": "tarball", "type": "tarball",
"url": "https://github.com/chaotic-cx/nyx/archive/38451822a144faa53a7ee96d4f0478d94945b67a.tar.gz", "url": "https://github.com/chaotic-cx/nyx/archive/93e6cdc6335d9c7652e89466b5e05a3cce836906.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"glibc-eac": { "glibc-eac": {
@ -53,22 +53,22 @@
"homepage": "", "homepage": "",
"owner": "Frogging-Family", "owner": "Frogging-Family",
"repo": "glibc-eac", "repo": "glibc-eac",
"rev": "1dc68d1d0c6105035c659f1eb574191d67ab1b7e", "rev": "de5df722493768cb02e23ce0703429636458befb",
"sha256": "1jsi4g8324kxpx28wh3i65476djryj65v4zs0x9cv8jqamqvnhay", "sha256": "1yx3hal1kwj28ij688inaww169rj74iv3l3bwa74r3y4msdfnl80",
"type": "tarball", "type": "tarball",
"url": "https://github.com/Frogging-Family/glibc-eac/archive/1dc68d1d0c6105035c659f1eb574191d67ab1b7e.tar.gz", "url": "https://github.com/Frogging-Family/glibc-eac/archive/de5df722493768cb02e23ce0703429636458befb.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"lix-module": { "lix-module": {
"branch": "main", "branch": "main",
"repo": "https://git.lix.systems/lix-project/nixos-module.git", "repo": "https://git.lix.systems/lix-project/nixos-module.git",
"rev": "cecf70b77539c1a593f60ec9d0305b5e537ab6a9", "rev": "353b25f0b6da5ede15206d416345a2ec4195b5c8",
"type": "git" "type": "git"
}, },
"lix-pkg": { "lix-pkg": {
"branch": "main", "branch": "main",
"repo": "https://git.lix.systems/lix-project/lix.git", "repo": "https://git.lix.systems/lix-project/lix.git",
"rev": "f2a49032a698bd96b37e8df8f02ec403fd0bed0f", "rev": "80202e3ca314c21547c48f3a23d3f629cd9ddb87",
"type": "git" "type": "git"
}, },
"nixos-mailserver": { "nixos-mailserver": {
@ -95,10 +95,10 @@
"homepage": null, "homepage": null,
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059",
"sha256": "0s6h7r9jin9sd8l85hdjwl3jsvzkddn3blggy78w4f21qa3chymz", "sha256": "1llzyzw7a0jqdn7p3px0sqa35jg24v5pklwxdybwbmbyr2q8cf5j",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/574d1eac1c200690e27b8eb4e24887f8df7ac27c.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/345c263f2f53a3710abe117f28a5cb86d0ba4059.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"ranger_udisk_menu": { "ranger_udisk_menu": {

View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
@ -11,6 +11,32 @@
services.zfs.trim.enable = true; services.zfs.trim.enable = true;
boot.supportedFilesystems.zfs = true; boot.supportedFilesystems.zfs = true;
# security.pam.yubico.control = "required";
services.udev.extraRules = let
inherit (lib) getExe' getExe;
inherit (pkgs) procps writeShellScriptBin;
exitSway = writeShellScriptBin "kill-sway" ''
for pid in $(${getExe' procps "pgrep"} sway -x)
do
uid=$(id -u $(${getExe' procps "ps"} -o user= -p $pid))
export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
if [[ -e "$SWAYSOCK" ]] ; then
echo "sock is $SWAYSOCK"
${getExe' config.programs.sway.package "swaymsg"} exit
fi
done
'';
in ''
ACTION=="remove",\
ENV{SUBSYSTEM}=="usb",\
ENV{PRODUCT}=="1050/407/543",\
RUN+="${lib.getExe exitSway}"
# '';
# RUN+="${lib.getExe' pkgs.systemd "loginctl"} lock-sessions"
# networking.hostId = "2ea79333"; # networking.hostId = "2ea79333";
# boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages; # boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;

View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { pkgs, lib, config, ... }:
{ {
imports = [ ./bar ]; imports = [ ./bar ];
@ -20,7 +20,7 @@
enable = true; enable = true;
config = config =
let let
inherit (lib) getExe; inherit (lib) getExe getExe';
inherit (pkgs) inherit (pkgs)
rmenu rmenu
xdg-terminal-exec xdg-terminal-exec
@ -158,15 +158,15 @@
"$mod+${toString n}" = "workspace number ${toString n}"; "$mod+${toString n}" = "workspace number ${toString n}";
"$mod+Shift+${toString n}" = "move container to workspace number ${toString n}"; "$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
}) (lib.range 0 9))); }) (lib.range 0 9)));
autolaunch = with pkgs; [ autolaunch = [
# fixme: absolute paths (getExe' pkgs.dbus "dbus-update-activation-environment")
"blueman-applet" (getExe' pkgs.xdg-user-dirs "xdg-user-dirs-update")
"lxqt-policykit-agent" ''${getExe' pkgs.coreutils-full "sleep"} 5 && ${getExe' pkgs.blueman "blueman-applet"}''
"otd-daemon" (getExe' pkgs.lxqt.lxqt-policykit "lxqt-policykit-agent")
swaynotificationcenter (getExe' config.hardware.opentabletdriver.package "otd-daemon")
networkmanagerapplet pkgs.swaynotificationcenter
pkgs.networkmanagerapplet
# (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart # (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart
"dbus-update-activation-environment"
]; ];
extraConfig = '' extraConfig = ''
output * bg ${./wallpapers/switzerland.jpg} fill output * bg ${./wallpapers/switzerland.jpg} fill