diff --git a/common/default.nix b/common/default.nix index 4f4c620..e868bc1 100644 --- a/common/default.nix +++ b/common/default.nix @@ -15,7 +15,7 @@ with lib; ./graphics ./gaming.nix ./firefox.nix - ./cloudsync.nix + # ./cloudsync.nix ./hardware ./databases ]; diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix index 433a985..0d6f46b 100644 --- a/common/tooling/apparmor/default.nix +++ b/common/tooling/apparmor/default.nix @@ -38,7 +38,7 @@ in pass = "enforce"; spotify = "enforce"; "thunderbird.apparmor.d" = "enforce"; - xdg-open = "enforce"; + # xdg-open = "enforce"; child-open-any = "enforce"; child-open = "enforce"; firefox-glxtest = "enforce"; @@ -117,6 +117,7 @@ in "local/xdg-open" = '' @{bin}/grep rix, + /** r, ''; "local/child-open" = '' diff --git a/common/tooling/java.nix b/common/tooling/java.nix index 429ca7b..473de3e 100644 --- a/common/tooling/java.nix +++ b/common/tooling/java.nix @@ -21,7 +21,7 @@ in pkgs.jdk17 pkgs.visualvm pkgs.gradle_7 - ]; # ++ optionals graphical [ pkgs.jetbrains.idea-community ]; + ]; # ++ optionals graphical [ pkgs.jetbrains.idea-community ]; environment.sessionVariables.JAVA_HOME = pkgs.jdk17.home; diff --git a/common/tooling/opensnitch/default.nix b/common/tooling/opensnitch/default.nix index ba6381b..4d46477 100644 --- a/common/tooling/opensnitch/default.nix +++ b/common/tooling/opensnitch/default.nix @@ -549,7 +549,8 @@ in }; }; - nextcloud = mkIf (config.grimmShared.cloudSync.enable) { + nextcloud = mkIf (false) { + # config.grimmShared.cloudSync.enable name = "nextcloud"; enabled = true; action = "allow"; diff --git a/common/tooling/python.nix b/common/tooling/python.nix index 2c0b43f..6dbe274 100644 --- a/common/tooling/python.nix +++ b/common/tooling/python.nix @@ -31,7 +31,7 @@ in config = mkIf (enable && tooling.enable && (elem lang_support_id tooling.supportedLangs)) { environment.systemPackages = [ (pkgs.python3.withPackages pyLibs) - ]; # ++ lib.optionals graphical (with pkgs; [ jetbrains.pycharm-community ]); + ]; # ++ lib.optionals graphical (with pkgs; [ jetbrains.pycharm-community ]); programs.xonsh = { enable = true; diff --git a/common/tooling/security.nix b/common/tooling/security.nix index 596c533..cf738b3 100644 --- a/common/tooling/security.nix +++ b/common/tooling/security.nix @@ -60,11 +60,12 @@ in lib.getExe' rage_wrapped "rage"; programs.yubikey-touch-detector.enable = graphical; + services.yubikey-agent.enable = true; environment.systemPackages = (with pkgs; [ mkpasswd - gnupg + # gnupg libsecret vulnix (inputs.agenix.packages."${system}".default.override { plugins = age_plugins; }) @@ -83,14 +84,15 @@ in services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true; services.openssh.settings.LoginGraceTime = 0; - programs.gnupg.agent = { - settings = { - # default-cache-ttl = 6000; - }; - pinentryPackage = mkForce (if graphical then pkgs.pinentry-qt else pkgs.pinentry-tty); - enable = true; - enableSSHSupport = true; - }; + + # programs.gnupg.agent = { + # settings = { + # # default-cache-ttl = 6000; + # }; + # pinentryPackage = mkForce (if graphical then pkgs.pinentry-qt else pkgs.pinentry-tty); + # enable = true; + # enableSSHSupport = true; + # }; grimmShared.firefox.plugins = mkIf (tooling.enable && tooling.pass) { "passff@invicem.pro" = "passff"; diff --git a/common/xdg/alacritty.toml b/common/xdg/alacritty.toml deleted file mode 100644 index 7a6a20a..0000000 --- a/common/xdg/alacritty.toml +++ /dev/null @@ -1,8 +0,0 @@ -[font] - # Point size - size=16.0 - normal = { family="Noto Sans Mono" } - -[window] - opacity=0.85 - diff --git a/common/xdg/default.nix b/common/xdg/default.nix index 23d1b5d..c02c6f9 100644 --- a/common/xdg/default.nix +++ b/common/xdg/default.nix @@ -1,6 +1,17 @@ { imports = [ ./portals.nix - ./mime.nix + # ./mime.nix ]; + + xdg.terminal-exec = { + enable = true; + settings = { + default = [ + "Alacritty.desktop" + "kitty.desktop" + ]; + }; + }; + } diff --git a/common/xdg/mime.nix b/common/xdg/mime.nix deleted file mode 100644 index d8d7c6d..0000000 --- a/common/xdg/mime.nix +++ /dev/null @@ -1,154 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - inherit (config.grimmShared) enable portals graphical; - browsers = [ - "firefox-beta.desktop" - "firefox.desktop" - ]; - text_editors = [ - "nvim.desktop" - "geany.desktop" - "imhex.desktop" - ]; - image_viewers = [ - "org.nomacs.ImageLounge.desktop" - "org.kde.krita.desktop" - "draw.desktop" - ]; - audio_players = [ "vlc.desktop" ]; - video_viewers = [ "vlc.desktop" ]; - document_viewers = [ - "org.pwmt.zathura-pdf-mupdf.desktop" - "com.github.jeromerobert.pdfarranger.desktop" - ] ++ browsers; - cad = [ - "org.freecadweb.FreeCAD.desktop" - "PrusaSlicer.desktop" - "openscad.desktop" - "blender.desktop" - ]; - tex_editors = [ ] ++ text_editors; - - alacritty_pkg = pkgs.symlinkJoin { - name = "alacritty"; - paths = [ pkgs.alacritty ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - wrapProgram $out/bin/alacritty \ - --add-flags "--config-file ${./alacritty.toml}" - ''; - }; -in -{ - config = lib.mkIf (enable && portals && graphical) { - environment.systemPackages = with pkgs; [ - deskwhich - - zathura - gnome-console - alacritty_pkg - imhex - # libreoffice-qt - filezilla - obsidian - nomacs - pdfarranger - geany - krita - weasis - # kicad - prusa-slicer - freecad - openscad - vlc - # blender - thunderbird - xdg-terminal-exec - xdg-utils - ]; - - xdg.terminal-exec = { - enable = true; - settings = { - default = [ - "Alacritty.desktop" - "kitty.desktop" - ]; - }; - }; - - xdg.mime.enable = true; - xdg.mime.addedAssociations = { - "application/java-vm" = [ - "idea-community.desktop" - "imhex.desktop" - ]; - "application/json" = text_editors ++ [ "firefox-beta.desktop" ]; - "application/mp4" = video_viewers; - "application/ogg" = audio_players; - "application/octet-stream" = "imhex.desktop"; - "application/pdf" = document_viewers; - "application/rss+xml" = text_editors; - "application/x-chess-pgn" = [ ] ++ text_editors; # fixme - "application/x-krita" = "org.kde.krita.desktop"; - "application/x-latex" = tex_editors; - "application/x-tex" = tex_editors; - "application/x-texinfo" = tex_editors; - "application/xml" = text_editors; - "image/svg+xml" = image_viewers ++ browsers ++ text_editors; - "image/*" = image_viewers; - "image/vnd.dwg" = cad; - "model/*" = cad; - "gcode" = [ - "PrusaGcodeviewer.desktop" - "PrusaSlicer.desktop" - ]; - "audio/*" = audio_players; - "text/*" = text_editors; - "text/plain" = text_editors; - "text/markdown" = [ "obsidian.desktop" ] ++ text_editors; - "text/csv" = [ "calc.desktop" ] ++ text_editors; - "text/html" = browsers ++ text_editors; - "text/x-python" = [ "pycharm-community.desktop" ] ++ text_editors; - "text/x-c" = [ "clion.desktop" ] ++ text_editors; - "text/x-java-source" = [ "idea-community.desktop" ] ++ text_editors; - "video/*" = video_viewers; - "inode/directory" = [ - "ranger.desktop" - "dolphin.desktop" - ]; - "x-scheme-handler/mailto" = "thunderbird.desktop"; - - "application/vnd.oasis.opendocument.chart" = "calc.desktop"; - "application/vnd.oasis.opendocument.chart-template" = "calc.desktop"; - "application/vnd.oasis.opendocument.database" = "base.desktop"; - "application/vnd.oasis.opendocument.formula" = "math.desktop"; - "application/vnd.oasis.opendocument.formula-template" = "math.desktop"; - "application/vnd.oasis.opendocument.graphics" = "draw.desktop"; - "application/vnd.oasis.opendocument.graphics-template" = "draw.desktop"; - "application/vnd.oasis.opendocument.image" = "draw.desktop"; - "application/vnd.oasis.opendocument.image-template" = "draw.desktop"; - "application/vnd.oasis.opendocument.presentation" = "impress.desktop"; - "application/vnd.oasis.opendocument.presentation-template" = "impress.desktop"; - "application/vnd.oasis.opendocument.spreadsheet" = "calc.desktop"; - "application/vnd.oasis.opendocument.spreadsheet-template" = "calc.desktop"; - "application/vnd.oasis.opendocument.text" = "writer.desktop"; - "application/vnd.oasis.opendocument.text-master" = "writer.desktop"; - "application/vnd.oasis.opendocument.text-template" = "writer.desktop"; - "application/vnd.oasis.opendocument.text-web" = "writer.desktop"; - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = "impress.desktop"; - "application/vnd.openxmlformats-officedocument.presentationml.slide" = "impress.desktop"; - "application/vnd.openxmlformats-officedocument.presentationml.slideshow" = "impress.desktop"; - "application/vnd.openxmlformats-officedocument.presentationml.template" = "impress.desktop"; - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = "calc.desktop"; - "application/vnd.openxmlformats-officedocument.spreadsheetml.template" = "calc.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "writer.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.template" = "writer.desktop"; - }; - }; -} diff --git a/hm/grimmauld/default.nix b/hm/grimmauld/default.nix index bad2ed4..c376617 100644 --- a/hm/grimmauld/default.nix +++ b/hm/grimmauld/default.nix @@ -1,29 +1,79 @@ { pkgs, lib, - config ? {}, + config ? { }, ... }: let - getIfHas = path: attrs: if path == [] then + getIfHas = + path: attrs: + if path == [ ] then attrs else if builtins.hasAttr (builtins.head path) attrs then getIfHas (builtins.tail path) (builtins.getAttr (builtins.head path) attrs) else null; - + + configGetIfHasOrFalse = path: lib.defaultTo false (getIfHas (lib.splitString "." path) config); + user = hm_config.home.username; homedir = hm_config.home.homeDirectory; + graphical = configGetIfHasOrFalse "grimmShared.graphical"; hm_config = { home = { username = "grimmauld"; stateVersion = "24.11"; homeDirectory = "/home/${user}"; + preferXdgDirectories = true; + + packages = with pkgs; [ + deskwhich + + # imhex + # libreoffice-qt + filezilla + obsidian + nomacs + pdfarranger + krita + # weasis + + # kicad + prusa-slicer + freecad + openscad + + vlc + # blender + ]; + + file.".ssh/id_ed25519_sk".source = ../../ssh/id_ed25519_sk; + file.".ssh/id_ed25519_sk.pub".source = ../../ssh/id_ed25519_sk.pub; + }; + + programs.thunderbird = { + enable = graphical; + profiles.default = { + isDefault = true; + }; + }; + + programs.zathura.enable = graphical; + + programs.alacritty = { + enable = graphical; + settings = { + font.size = 16; + font.normal = { + family = "Noto Sans Mono"; + }; + window.opacity = 0.85; + }; }; systemd.user.enable = true; - systemd.user.tmpfiles.rules = lib.optional (lib.defaultTo false (getIfHas ["services" "printing" "cups-pdf" "enable"] config)) "L ${homedir}/PDF - - - - /var/spool/cups-pdf-pdf/users/${user}"; + systemd.user.tmpfiles.rules = lib.optional (configGetIfHasOrFalse "services.printing.cups-pdf.enable") "L ${homedir}/PDF - - - - /var/spool/cups-pdf-pdf/users/${user}"; xdg.userDirs = { enable = true; @@ -40,6 +90,27 @@ let "org.gradle.java.installations.auto-detect" = false; }; }; + + programs.gpg = { + enable = true; + mutableKeys = true; + publicKeys = [ + { + source = ./grimmauld.gpg; + trust = 5; + } + ]; + }; + + services.gpg-agent = { + enable = true; + enableBashIntegration = true; + pinentryPackage = if graphical then pkgs.pinentry-qt else pkgs.pinentry-tty; + }; + + xdg.mimeApps.enable = true; + services.ssh-agent.enable = true; + }; in { diff --git a/hm/grimmauld/grimmauld.gpg b/hm/grimmauld/grimmauld.gpg new file mode 100644 index 0000000..6608f8c --- /dev/null +++ b/hm/grimmauld/grimmauld.gpg @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZeWqmhYJKwYBBAHaRw8BAQdACKQ7AccQjQMiMDY6+nphi8oSUohhxZj7RsIM +njgO4Y+0ImdyaW1tYXVsZCA8Z3JpbW1hdWxkQGdyaW1tYXVsZC5kZT6IkwQTFgoA +OwIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBEG7Bl4dtk7UdboqKcKU +Zmh2n5H7BQJl5auwAAoJEMKUZmh2n5H72YUBAJ3zrSkZcDG2v0ukGNKpnJVNua97 +fahtqNyP4v7k9RJsAP46aa/bvBaI5SnW1r77HJhDVCVQiVmd7OwDBpJt2pbsDbg4 +BGXlqpoSCisGAQQBl1UBBQEBB0CAWlTea3qf9fYaCFWSRVrwze1KsLgxzwhTpXu1 +VPuwYQMBCAeIeAQYFgoAIAIbDBYhBEG7Bl4dtk7UdboqKcKUZmh2n5H7BQJl5awq +AAoJEMKUZmh2n5H7VeIA/25BgwoLifMQBhcGwqC+9LVmi7RMDZn1exOH/6QFFmUf +AQCwC1kQCg1IXozYp666CmUAWy7L/5v14N6v8iOGlQUlAQ== +=JIcg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/specific/grimm-nixos-ssd/configuration.nix b/specific/grimm-nixos-ssd/configuration.nix index bb39fbe..2f35f5b 100644 --- a/specific/grimm-nixos-ssd/configuration.nix +++ b/specific/grimm-nixos-ssd/configuration.nix @@ -49,20 +49,20 @@ "shinigamieyes@shinigamieyes" = "shinigami-eyes"; }; }; - cloudSync = { - enable = true; - username = "Grimmauld"; - server = "cloud.grimmauld.de"; - passwordFile = config.age.secrets.nextcloud_pass.path; - }; + # cloudSync = { + # enable = true; + # username = "Grimmauld"; + # server = "cloud.grimmauld.de"; + # passwordFile = config.age.secrets.nextcloud_pass.path; + # }; spotify.enable = true; }; - age.secrets.nextcloud_pass = { - file = ./../../secrets/nextcloud_pass.age; - mode = "777"; - }; + # age.secrets.nextcloud_pass = { + # file = ./../../secrets/nextcloud_pass.age; + # mode = "777"; + # }; networking.hostName = "grimm-nixos-ssd"; diff --git a/users.nix b/users.nix index 010cf19..e8fd3ab 100644 --- a/users.nix +++ b/users.nix @@ -28,12 +28,12 @@ "i2c" ]; # only add to groups that actually exist on this system - syncPaths = [ - { remote = "3d"; } - { remote = "Pictures"; } - { remote = "Documents"; } - { remote = "Videos"; } - ]; + # syncPaths = [ + # { remote = "3d"; } + # { remote = "Pictures"; } + # { remote = "Documents"; } + # { remote = "Videos"; } + # ]; packages = lib.optionals config.grimmShared.graphical ( with pkgs;