Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

hm updates

Browse source
This commit is contained in:
Grimmauld 2024-12-23 17:45:20 +01:00
parent d1997df806
commit e7c90d6176
Signed by: Grimmauld
SSH key fingerprint: SHA256:Q8IL6Y7sSKqzkyFdV1L0O/EflEh1fFV3tBtwxpapRH4
13 changed files with 134 additions and 197 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common/default.nix
View file

@ -15,7 +15,7 @@ with lib;
./graphics
./gaming.nix
./firefox.nix
./cloudsync.nix
# ./cloudsync.nix
./hardware
./databases
];

3
common/tooling/apparmor/default.nix
View file

@ -38,7 +38,7 @@ in
pass = "enforce";
spotify = "enforce";
"thunderbird.apparmor.d" = "enforce";
xdg-open = "enforce";
# xdg-open = "enforce";
child-open-any = "enforce";
child-open = "enforce";
firefox-glxtest = "enforce";
@ -117,6 +117,7 @@ in
"local/xdg-open" = ''
@{bin}/grep rix,
/** r,
'';
"local/child-open" = ''

2
common/tooling/java.nix
View file

@ -21,7 +21,7 @@ in
pkgs.jdk17
pkgs.visualvm
pkgs.gradle_7
]; # ++ optionals graphical [ pkgs.jetbrains.idea-community ];
]; # ++ optionals graphical [ pkgs.jetbrains.idea-community ];
environment.sessionVariables.JAVA_HOME = pkgs.jdk17.home;

3
common/tooling/opensnitch/default.nix
View file

@ -549,7 +549,8 @@ in
};
};
nextcloud = mkIf (config.grimmShared.cloudSync.enable) {
nextcloud = mkIf (false) {
# config.grimmShared.cloudSync.enable
name = "nextcloud";
enabled = true;
action = "allow";

2
common/tooling/python.nix
View file

@ -31,7 +31,7 @@ in
config = mkIf (enable && tooling.enable && (elem lang_support_id tooling.supportedLangs)) {
environment.systemPackages = [
(pkgs.python3.withPackages pyLibs)
]; # ++ lib.optionals graphical (with pkgs; [ jetbrains.pycharm-community ]);
]; # ++ lib.optionals graphical (with pkgs; [ jetbrains.pycharm-community ]);
programs.xonsh = {
enable = true;

20
common/tooling/security.nix
View file

@ -60,11 +60,12 @@ in
lib.getExe' rage_wrapped "rage";
programs.yubikey-touch-detector.enable = graphical;
services.yubikey-agent.enable = true;
environment.systemPackages =
(with pkgs; [
mkpasswd
gnupg
# gnupg
libsecret
vulnix
(inputs.agenix.packages."${system}".default.override { plugins = age_plugins; })
@ -83,14 +84,15 @@ in
services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true;
services.openssh.settings.LoginGraceTime = 0;
programs.gnupg.agent = {
settings = {
# default-cache-ttl = 6000;
};
pinentryPackage = mkForce (if graphical then pkgs.pinentry-qt else pkgs.pinentry-tty);
enable = true;
enableSSHSupport = true;
};
# programs.gnupg.agent = {
# settings = {
# # default-cache-ttl = 6000;
# };
# pinentryPackage = mkForce (if graphical then pkgs.pinentry-qt else pkgs.pinentry-tty);
# enable = true;
# enableSSHSupport = true;
# };
grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) {
"passff@invicem.pro" = "passff";

8
common/xdg/alacritty.toml
View file

@ -1,8 +0,0 @@
[font]
# Point size
size=16.0
normal = { family="Noto Sans Mono" }
[window]
opacity=0.85

13
common/xdg/default.nix
View file

@ -1,6 +1,17 @@
{
imports = [
./portals.nix
./mime.nix
# ./mime.nix
];
xdg.terminal-exec = {
enable = true;
settings = {
default = [
"Alacritty.desktop"
"kitty.desktop"
];
};
};
}

154
common/xdg/mime.nix
View file

@ -1,154 +0,0 @@
{
pkgs,
config,
lib,
...
}:
let
inherit (config.grimmShared) enable portals graphical;
browsers = [
"firefox-beta.desktop"
"firefox.desktop"
];
text_editors = [
"nvim.desktop"
"geany.desktop"
"imhex.desktop"
];
image_viewers = [
"org.nomacs.ImageLounge.desktop"
"org.kde.krita.desktop"
"draw.desktop"
];
audio_players = [ "vlc.desktop" ];
video_viewers = [ "vlc.desktop" ];
document_viewers = [
"org.pwmt.zathura-pdf-mupdf.desktop"
"com.github.jeromerobert.pdfarranger.desktop"
] ++ browsers;
cad = [
"org.freecadweb.FreeCAD.desktop"
"PrusaSlicer.desktop"
"openscad.desktop"
"blender.desktop"
];
tex_editors = [ ] ++ text_editors;
alacritty_pkg = pkgs.symlinkJoin {
name = "alacritty";
paths = [ pkgs.alacritty ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/alacritty \
--add-flags "--config-file ${./alacritty.toml}"
'';
};
in
{
config = lib.mkIf (enable && portals && graphical) {
environment.systemPackages = with pkgs; [
deskwhich
zathura
gnome-console
alacritty_pkg
imhex
# libreoffice-qt
filezilla
obsidian
nomacs
pdfarranger
geany
krita
weasis
# kicad
prusa-slicer
freecad
openscad
vlc
# blender
thunderbird
xdg-terminal-exec
xdg-utils
];
xdg.terminal-exec = {
enable = true;
settings = {
default = [
"Alacritty.desktop"
"kitty.desktop"
];
};
};
xdg.mime.enable = true;
xdg.mime.addedAssociations = {
"application/java-vm" = [
"idea-community.desktop"
"imhex.desktop"
];
"application/json" = text_editors ++ [ "firefox-beta.desktop" ];
"application/mp4" = video_viewers;
"application/ogg" = audio_players;
"application/octet-stream" = "imhex.desktop";
"application/pdf" = document_viewers;
"application/rss+xml" = text_editors;
"application/x-chess-pgn" = [ ] ++ text_editors; # fixme
"application/x-krita" = "org.kde.krita.desktop";
"application/x-latex" = tex_editors;
"application/x-tex" = tex_editors;
"application/x-texinfo" = tex_editors;
"application/xml" = text_editors;
"image/svg+xml" = image_viewers ++ browsers ++ text_editors;
"image/*" = image_viewers;
"image/vnd.dwg" = cad;
"model/*" = cad;
"gcode" = [
"PrusaGcodeviewer.desktop"
"PrusaSlicer.desktop"
];
"audio/*" = audio_players;
"text/*" = text_editors;
"text/plain" = text_editors;
"text/markdown" = [ "obsidian.desktop" ] ++ text_editors;
"text/csv" = [ "calc.desktop" ] ++ text_editors;
"text/html" = browsers ++ text_editors;
"text/x-python" = [ "pycharm-community.desktop" ] ++ text_editors;
"text/x-c" = [ "clion.desktop" ] ++ text_editors;
"text/x-java-source" = [ "idea-community.desktop" ] ++ text_editors;
"video/*" = video_viewers;
"inode/directory" = [
"ranger.desktop"
"dolphin.desktop"
];
"x-scheme-handler/mailto" = "thunderbird.desktop";
"application/vnd.oasis.opendocument.chart" = "calc.desktop";
"application/vnd.oasis.opendocument.chart-template" = "calc.desktop";
"application/vnd.oasis.opendocument.database" = "base.desktop";
"application/vnd.oasis.opendocument.formula" = "math.desktop";
"application/vnd.oasis.opendocument.formula-template" = "math.desktop";
"application/vnd.oasis.opendocument.graphics" = "draw.desktop";
"application/vnd.oasis.opendocument.graphics-template" = "draw.desktop";
"application/vnd.oasis.opendocument.image" = "draw.desktop";
"application/vnd.oasis.opendocument.image-template" = "draw.desktop";
"application/vnd.oasis.opendocument.presentation" = "impress.desktop";
"application/vnd.oasis.opendocument.presentation-template" = "impress.desktop";
"application/vnd.oasis.opendocument.spreadsheet" = "calc.desktop";
"application/vnd.oasis.opendocument.spreadsheet-template" = "calc.desktop";
"application/vnd.oasis.opendocument.text" = "writer.desktop";
"application/vnd.oasis.opendocument.text-master" = "writer.desktop";
"application/vnd.oasis.opendocument.text-template" = "writer.desktop";
"application/vnd.oasis.opendocument.text-web" = "writer.desktop";
"application/vnd.openxmlformats-officedocument.presentationml.presentation" = "impress.desktop";
"application/vnd.openxmlformats-officedocument.presentationml.slide" = "impress.desktop";
"application/vnd.openxmlformats-officedocument.presentationml.slideshow" = "impress.desktop";
"application/vnd.openxmlformats-officedocument.presentationml.template" = "impress.desktop";
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = "calc.desktop";
"application/vnd.openxmlformats-officedocument.spreadsheetml.template" = "calc.desktop";
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "writer.desktop";
"application/vnd.openxmlformats-officedocument.wordprocessingml.template" = "writer.desktop";
};
};
}

79
hm/grimmauld/default.nix
View file

@ -1,29 +1,79 @@
{
pkgs,
lib,
config ? {},
config ? { },
...
}:
let
getIfHas = path: attrs: if path == [] then
getIfHas =
path: attrs:
if path == [ ] then
attrs
else if builtins.hasAttr (builtins.head path) attrs then
getIfHas (builtins.tail path) (builtins.getAttr (builtins.head path) attrs)
else
null;
configGetIfHasOrFalse = path: lib.defaultTo false (getIfHas (lib.splitString "." path) config);
user = hm_config.home.username;
homedir = hm_config.home.homeDirectory;
graphical = configGetIfHasOrFalse "grimmShared.graphical";
hm_config = {
home = {
username = "grimmauld";
stateVersion = "24.11";
homeDirectory = "/home/${user}";
preferXdgDirectories = true;
packages = with pkgs; [
deskwhich
# imhex
# libreoffice-qt
filezilla
obsidian
nomacs
pdfarranger
krita
# weasis
# kicad
prusa-slicer
freecad
openscad
vlc
# blender
];
file.".ssh/id_ed25519_sk".source = ../../ssh/id_ed25519_sk;
file.".ssh/id_ed25519_sk.pub".source = ../../ssh/id_ed25519_sk.pub;
};
programs.thunderbird = {
enable = graphical;
profiles.default = {
isDefault = true;
};
};
programs.zathura.enable = graphical;
programs.alacritty = {
enable = graphical;
settings = {
font.size = 16;
font.normal = {
family = "Noto Sans Mono";
};
window.opacity = 0.85;
};
};
systemd.user.enable = true;
systemd.user.tmpfiles.rules = lib.optional (lib.defaultTo false (getIfHas ["services" "printing" "cups-pdf" "enable"] config)) "L ${homedir}/PDF - - - - /var/spool/cups-pdf-pdf/users/${user}";
systemd.user.tmpfiles.rules = lib.optional (configGetIfHasOrFalse "services.printing.cups-pdf.enable") "L ${homedir}/PDF - - - - /var/spool/cups-pdf-pdf/users/${user}";
xdg.userDirs = {
enable = true;
@ -40,6 +90,27 @@ let
"org.gradle.java.installations.auto-detect" = false;
};
};
programs.gpg = {
enable = true;
mutableKeys = true;
publicKeys = [
{
source = ./grimmauld.gpg;
trust = 5;
}
];
};
services.gpg-agent = {
enable = true;
enableBashIntegration = true;
pinentryPackage = if graphical then pkgs.pinentry-qt else pkgs.pinentry-tty;
};
xdg.mimeApps.enable = true;
services.ssh-agent.enable = true;
};
in
{

13
hm/grimmauld/grimmauld.gpg Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZeWqmhYJKwYBBAHaRw8BAQdACKQ7AccQjQMiMDY6+nphi8oSUohhxZj7RsIM
njgO4Y+0ImdyaW1tYXVsZCA8Z3JpbW1hdWxkQGdyaW1tYXVsZC5kZT6IkwQTFgoA
OwIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBEG7Bl4dtk7UdboqKcKU
Zmh2n5H7BQJl5auwAAoJEMKUZmh2n5H72YUBAJ3zrSkZcDG2v0ukGNKpnJVNua97
fahtqNyP4v7k9RJsAP46aa/bvBaI5SnW1r77HJhDVCVQiVmd7OwDBpJt2pbsDbg4
BGXlqpoSCisGAQQBl1UBBQEBB0CAWlTea3qf9fYaCFWSRVrwze1KsLgxzwhTpXu1
VPuwYQMBCAeIeAQYFgoAIAIbDBYhBEG7Bl4dtk7UdboqKcKUZmh2n5H7BQJl5awq
AAoJEMKUZmh2n5H7VeIA/25BgwoLifMQBhcGwqC+9LVmi7RMDZn1exOH/6QFFmUf
AQCwC1kQCg1IXozYp666CmUAWy7L/5v14N6v8iOGlQUlAQ==
=JIcg
-----END PGP PUBLIC KEY BLOCK-----

20
specific/grimm-nixos-ssd/configuration.nix
View file

@ -49,20 +49,20 @@
"shinigamieyes@shinigamieyes" = "shinigami-eyes";
};
};
cloudSync = {
enable = true;
username = "Grimmauld";
server = "cloud.grimmauld.de";
passwordFile = config.age.secrets.nextcloud_pass.path;
};
# cloudSync = {
# enable = true;
# username = "Grimmauld";
# server = "cloud.grimmauld.de";
# passwordFile = config.age.secrets.nextcloud_pass.path;
# };
spotify.enable = true;
};
age.secrets.nextcloud_pass = {
file = ./../../secrets/nextcloud_pass.age;
mode = "777";
};
# age.secrets.nextcloud_pass = {
# file = ./../../secrets/nextcloud_pass.age;
# mode = "777";
# };
networking.hostName = "grimm-nixos-ssd";

12
users.nix
View file

@ -28,12 +28,12 @@
"i2c"
]; # only add to groups that actually exist on this system
syncPaths = [
{ remote = "3d"; }
{ remote = "Pictures"; }
{ remote = "Documents"; }
{ remote = "Videos"; }
];
# syncPaths = [
# { remote = "3d"; }
# { remote = "Pictures"; }
# { remote = "Documents"; }
# { remote = "Videos"; }
# ];
packages = lib.optionals config.grimmShared.graphical (
with pkgs;