cleanup and integration fixes

This commit is contained in:
Grimmauld 2024-09-21 09:43:57 +02:00
parent 967f556eac
commit c37a6082d3
Signed by: Grimmauld
GPG key ID: C2946668769F91FB
12 changed files with 95 additions and 60 deletions

View file

@ -9,6 +9,7 @@ let
types
mkOption
concatStrings
getExe'
mkIf
mkEnableOption
;
@ -36,7 +37,7 @@ in
{
config = mkIf (enable && cloudSync.enable) (
let
cloud_cmd = ''${nextcloud-client}/bin/nextcloudcmd -u ${cloudSync.username} -p "$(cat ${cloudSync.passwordFile})" -h -n --path'';
cloud_cmd = ''${getExe' nextcloud-client "nextcloudcmd"} -u ${cloudSync.username} -p "$(${getExe' pkgs.coreutils-full "cat"} ${cloudSync.passwordFile})" -h -n --path'';
sync_server = "https://${cloudSync.server}";
in
{

View file

@ -37,19 +37,12 @@ in
];
policies = {
ExtensionSettings =
(mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; })
// (mapAttrs (guid: shortId: {
# (mkIf firefox.disableUserPlugins { "*".installation_mode = "blocked"; }) //
(mapAttrs (guid: shortId: {
# explicit plugins by config
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
}) firefox.plugins)
// (mkIf (tooling.enable && tooling.pass) {
# password-store support
"passff@invicem.pro" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/passff/latest.xpi";
installation_mode = "force_installed";
};
});
}) config.grimmShared.firefox.plugins);
DisableTelemetry = true;
DisableFirefoxStudies = true;
EnableTrackingProtection = {
@ -70,6 +63,7 @@ in
"media.hardware-video-decoding.enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"network.dns.disableIPv6" = true;
"media.rdd-ffmpeg.enabled" = true;
"media.navigator.mediadatadecoder_vpx_enabled" = true;
} // optionalAttrs sway.enable { "browser.tabs.inTitlebar" = 0; };

View file

@ -18,6 +18,7 @@ let
max
foldl'
getExe
getExe'
isPath
isDerivation
concatLines
@ -79,13 +80,13 @@ let
) screens;
in
''
for pid in $(${pkgs.procps}/bin/pgrep sway -x)
for pid in $(${getExe' pkgs.procps "pgrep"} sway -x)
do
uid=$(id -u $(${pkgs.procps}/bin/ps -o user= -p $pid))
uid=$(id -u $(${getExe' pkgs.procps "ps"} -o user= -p $pid))
export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
if [[ -e "$SWAYSOCK" ]] ; then
echo "sock is $SWAYSOCK"
${config.programs.sway.package}/bin/swaymsg '${concatMapStrings (s: s + " ; ") output_def}'
${getExe' config.programs.sway.package "swaymsg"} '${concatMapStrings (s: s + " ; ") output_def}'
fi
done
'';
@ -184,13 +185,13 @@ in
serviceConfig.Type = "oneshot";
script = ''
for pid in $(${pkgs.procps}/bin/pgrep sway -x)
for pid in $(${getExe' pkgs.procps "pgrep"} sway -x)
do
uid=$(id -u $(${pkgs.procps}/bin/ps -o user= -p $pid))
uid=$(id -u $(${getExe' pkgs.procps "ps"} -o user= -p $pid))
export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
if [[ -e "$SWAYSOCK" ]] ; then
echo "sock is $SWAYSOCK"
${config.programs.sway.package}/bin/swaymsg reload
${getExe' config.programs.sway.package "swaymsg"} reload
fi
done
@ -199,7 +200,7 @@ in
reloadTriggers = [ config.environment.etc."${conf_path}".source ];
};
programs.waybar.enable = true;
# programs.waybar.enable = true;
programs.dconf.enable = true;
@ -212,7 +213,7 @@ in
};
extraPackages = with pkgs; [
swaylock
# swaylock
swayidle
wl-clipboard
wf-recorder

View file

@ -50,7 +50,7 @@ in
echo Trying to attach ddcci to $1
i=0
id=$(echo $1 | cut -d "-" -f 2)
if ${pkgs.ddcutil}/bin/ddcutil getvcp 10 -b $id; then
if ${lib.getExe' pkgs.ddcutil "ddcutil"} getvcp 10 -b $id; then
echo ddcci 0x37 > /sys/bus/i2c/devices/$1/new_device
fi
'';

View file

@ -11,6 +11,7 @@ let
optional
concatLines
getExe
getExe'
elem
mkIf
;
@ -52,8 +53,8 @@ let
)
);
auto = writeShellScriptBin "auto-mode" ''
${tlp}/bin/run-on-ac ${getExe performance}
${tlp}/bin/run-on-bat ${getExe powersave}
${getExe' tlp "run-on-ac"} ${getExe performance}
${getExe' tlp "run-on-bat"} ${getExe powersave}
'';
in
{

View file

@ -25,7 +25,7 @@ in
"sound.target"
];
wantedBy = [ "default.target" ];
serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
serviceConfig.ExecStart = lib.getExe' pkgs.bluez "mpris-proxy";
};
};
}

View file

@ -61,9 +61,9 @@ in
password_cmd =
let
pass = spotify.spotifyd.pass;
inherit (lib) isPath isString getExe;
inherit (lib) isPath isString getExe getExe';
in
if (isPath pass || isString pass) then "${pkgs.coreutils-full}/bin/cat ${pass}" else (getExe pass);
if (isPath pass || isString pass) then "${getExe' pkgs.coreutils-full "cat"} ${pass}" else (getExe pass);
device_type = "computer";
dbus_type = "system";
device = "default";

View file

@ -26,11 +26,12 @@ in
id = [ "26681512" ];
# debug = true;
mode = "challenge-response";
control = "sufficient";
control = lib.mkDefault "sufficient";
};
security.doas.enable = true;
security.sudo.enable = false;
# security.doas.enable = true;
security.sudo.enable = true;
security.doas.extraRules = [
{
users = attrNames (filterAttrs (n: v: v.isNormalUser) config.users.users);
@ -45,18 +46,18 @@ in
gnupg
libsecret
vulnix
doas-sudo-shim # muscle memory
agenix
yubikey-manager
yubico-pam
yubikey-personalization
])
++ optionals (tooling.enable && tooling.pass) [
++ (optionals (tooling.enable && tooling.pass) [
pkgs.pass
(pkgs.writeShellScriptBin "passw" "pass $@")
]
++ optional graphical pkgs.lxqt.lxqt-policykit;
])
++ (optional config.security.doas.enable pkgs.sudo-doas-shim)
++ (optional graphical pkgs.lxqt.lxqt-policykit);
services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true;
services.openssh.settings.LoginGraceTime = 0;
@ -68,6 +69,8 @@ in
enable = true;
enableSSHSupport = true;
};
grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) { "passff@invicem.pro" = "passff"; };
};
options.grimmShared.tooling.pass = mkEnableOption "Enables password-store, gnupg and such secret handling";

View file

@ -50,10 +50,19 @@ in
environment.sessionVariables = {
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DESKTOP_DIR="$HOME/Desktop";
XDG_DOCUMENTS_DIR="$HOME/Documents";
XDG_DOWNLOAD_DIR="$HOME/Downloads";
XDG_MUSIC_DIR="$HOME/Music";
XDG_PICTURES_DIR="$HOME/Pictures";
XDG_PUBLICSHARE_DIR="$HOME/Public";
XDG_TEMPLATES_DIR="$HOME/Templates";
XDG_VIDEOS_DIR="$HOME/Videos";
};
environment.systemPackages = with pkgs; [
xwaylandvideobridge
xdg-user-dirs
confwhich
];
};

View file

@ -5,10 +5,10 @@
"homepage": null,
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8",
"sha256": "1275gl2ly0iaqapxwimsbnky9fzwa0x3miscz372qa74gcc0wjwv",
"rev": "bcaea0865985eb3e24ce978e2ca5bb4f680f150b",
"sha256": "15fgkb32cqkzb9z03akbaz2qv6i3h1zs9rwy94fkp78cr2yxfizb",
"type": "tarball",
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8.tar.gz",
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/bcaea0865985eb3e24ce978e2ca5bb4f680f150b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"agenix": {
@ -29,10 +29,10 @@
"homepage": "",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "f1bd855c23e73e04597695ca37ae54671a7e07b1",
"sha256": "1dkp86mr2n0h4hq74wj3b0b9ka8x2xkwv8pcbwk5knhrv26qajwb",
"rev": "0fd076529b40e7fc7304a398618cab76ff7e96c3",
"sha256": "1ax3rvw66s246dyrcgpshr7bj78qv73db8s6sd3hzvbmn56kwixr",
"type": "tarball",
"url": "https://github.com/nix-community/authentik-nix/archive/f1bd855c23e73e04597695ca37ae54671a7e07b1.tar.gz",
"url": "https://github.com/nix-community/authentik-nix/archive/0fd076529b40e7fc7304a398618cab76ff7e96c3.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"chaotic": {
@ -41,10 +41,10 @@
"homepage": "https://nyx.chaotic.cx",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "38451822a144faa53a7ee96d4f0478d94945b67a",
"sha256": "08rcfarlda0fxgc02xdfyk8dsp18bmiyf0n39sfd5nq1s5513awy",
"rev": "93e6cdc6335d9c7652e89466b5e05a3cce836906",
"sha256": "11d9jyd8yw0xnpimgwsi0vw2i63f5hkw9x0g7pmnk0542k50xms6",
"type": "tarball",
"url": "https://github.com/chaotic-cx/nyx/archive/38451822a144faa53a7ee96d4f0478d94945b67a.tar.gz",
"url": "https://github.com/chaotic-cx/nyx/archive/93e6cdc6335d9c7652e89466b5e05a3cce836906.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"glibc-eac": {
@ -53,22 +53,22 @@
"homepage": "",
"owner": "Frogging-Family",
"repo": "glibc-eac",
"rev": "1dc68d1d0c6105035c659f1eb574191d67ab1b7e",
"sha256": "1jsi4g8324kxpx28wh3i65476djryj65v4zs0x9cv8jqamqvnhay",
"rev": "de5df722493768cb02e23ce0703429636458befb",
"sha256": "1yx3hal1kwj28ij688inaww169rj74iv3l3bwa74r3y4msdfnl80",
"type": "tarball",
"url": "https://github.com/Frogging-Family/glibc-eac/archive/1dc68d1d0c6105035c659f1eb574191d67ab1b7e.tar.gz",
"url": "https://github.com/Frogging-Family/glibc-eac/archive/de5df722493768cb02e23ce0703429636458befb.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"lix-module": {
"branch": "main",
"repo": "https://git.lix.systems/lix-project/nixos-module.git",
"rev": "cecf70b77539c1a593f60ec9d0305b5e537ab6a9",
"rev": "353b25f0b6da5ede15206d416345a2ec4195b5c8",
"type": "git"
},
"lix-pkg": {
"branch": "main",
"repo": "https://git.lix.systems/lix-project/lix.git",
"rev": "f2a49032a698bd96b37e8df8f02ec403fd0bed0f",
"rev": "80202e3ca314c21547c48f3a23d3f629cd9ddb87",
"type": "git"
},
"nixos-mailserver": {
@ -95,10 +95,10 @@
"homepage": null,
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"sha256": "0s6h7r9jin9sd8l85hdjwl3jsvzkddn3blggy78w4f21qa3chymz",
"rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059",
"sha256": "1llzyzw7a0jqdn7p3px0sqa35jg24v5pklwxdybwbmbyr2q8cf5j",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/574d1eac1c200690e27b8eb4e24887f8df7ac27c.tar.gz",
"url": "https://github.com/NixOS/nixpkgs/archive/345c263f2f53a3710abe117f28a5cb86d0ba4059.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"ranger_udisk_menu": {

View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
{
imports = [
# Include the results of the hardware scan.
@ -11,6 +11,32 @@
services.zfs.trim.enable = true;
boot.supportedFilesystems.zfs = true;
# security.pam.yubico.control = "required";
services.udev.extraRules = let
inherit (lib) getExe' getExe;
inherit (pkgs) procps writeShellScriptBin;
exitSway = writeShellScriptBin "kill-sway" ''
for pid in $(${getExe' procps "pgrep"} sway -x)
do
uid=$(id -u $(${getExe' procps "ps"} -o user= -p $pid))
export SWAYSOCK="/run/user/$uid/sway-ipc.$uid.$pid.sock"
if [[ -e "$SWAYSOCK" ]] ; then
echo "sock is $SWAYSOCK"
${getExe' config.programs.sway.package "swaymsg"} exit
fi
done
'';
in ''
ACTION=="remove",\
ENV{SUBSYSTEM}=="usb",\
ENV{PRODUCT}=="1050/407/543",\
RUN+="${lib.getExe exitSway}"
# '';
# RUN+="${lib.getExe' pkgs.systemd "loginctl"} lock-sessions"
# networking.hostId = "2ea79333";
# boot.kernelPackages = lib.mkForce config.boot.zfs.package.latestCompatibleLinuxPackages;

View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ pkgs, lib, config, ... }:
{
imports = [ ./bar ];
@ -20,7 +20,7 @@
enable = true;
config =
let
inherit (lib) getExe;
inherit (lib) getExe getExe';
inherit (pkgs)
rmenu
xdg-terminal-exec
@ -158,15 +158,15 @@
"$mod+${toString n}" = "workspace number ${toString n}";
"$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
}) (lib.range 0 9)));
autolaunch = with pkgs; [
# fixme: absolute paths
"blueman-applet"
"lxqt-policykit-agent"
"otd-daemon"
swaynotificationcenter
networkmanagerapplet
autolaunch = [
(getExe' pkgs.dbus "dbus-update-activation-environment")
(getExe' pkgs.xdg-user-dirs "xdg-user-dirs-update")
''${getExe' pkgs.coreutils-full "sleep"} 5 && ${getExe' pkgs.blueman "blueman-applet"}''
(getExe' pkgs.lxqt.lxqt-policykit "lxqt-policykit-agent")
(getExe' config.hardware.opentabletdriver.package "otd-daemon")
pkgs.swaynotificationcenter
pkgs.networkmanagerapplet
# (pkgs.writeShellScriptBin "rmenu-cache-clear" "rm -r $HOME/.cache/rmenu") # invalidate rmenu cache on sway restart
"dbus-update-activation-environment"
];
extraConfig = ''
output * bg ${./wallpapers/switzerland.jpg} fill