feat: add gpg agent settings; add kitty

hosts/nom/default.nix

@@ -11,6 +11,8 @@
 
     ../../modules/core
     ../../modules/dev
+    ../../modules/graphical
+
     ../../modules/hardware/intel.nix
     ../../modules/efi.nix
     ../../modules/laptop.nix

modules/graphical/default.nix

@@ -1,11 +1,6 @@
 {pkgs, ...}: {
   imports = [
     ./fonts.nix
+    ./wayland.nix
   ];
-
-  xdg.portal = {
-    enable = true;
-    wlr.enable = true;
-    extraPortals = with pkgs; [xdg-desktop-portal-gtk];
-  };
 }

modules/graphical/wayland.nix

@@ -0,0 +1,10 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [wayland];
+  services.dbus.enable = true;
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    # gtk portal needed to make gtk apps happy
+    extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+  };
+}

modules/laptop.nix

@@ -1,5 +1,6 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [powertop];
+  services.physlock.enable = true;
   services.logind = {
     lidSwitch = "ignore";
     lidSwitchDocked = "ignore";

modules/sound-pipewire.nix

@@ -3,12 +3,11 @@
   pkgs,
   ...
 }: {
+  sound.enable = true;
   environment.systemPackages = with pkgs; [pulseaudio pulsemixer];
 
   hardware.pulseaudio.enable = lib.mkForce false;
-
   security.rtkit.enable = true;
-
   services.pipewire = {
     enable = true;
     alsa.enable = true;
@@ -34,6 +33,4 @@
       client-rt."stream.properties"."resample.quality" = 15;
     };
   };
-
-  sound.enable = true;
 }

nix/checks.nix

@@ -9,10 +9,9 @@ with self.pkgs.${system}; {
     {
       src = lib.cleanSource ../.;
       hooks = {
-        actionlint.enable = true;
-        luacheck.enable = true;
         alejandra.enable = true;
         statix.enable = true;
+        luacheck.enable = true;
         stylua.enable = true;
       };
     };

nix/dev-shell.nix

@@ -2,26 +2,20 @@
 with self.pkgs.${system};
   mkShell {
     name = "nix-config";
-
-    nativeBuildInputs = [
+    packages = [
       # Nix
       cachix
       colmena
-      nix-build-uncached
       alejandra
-      ragenix
-      rnix-lsp
       statix
-      update-nix-fetching
+      update-nix-fetchgit
 
       # Lua
       stylua
       (luajit.withPackages (p: with p; [luacheck]))
-      sumneko-lua-language-server
 
       # Misc
       shellcheck
-      jq
       pre-commit
       rage
     ];

users/common/fish.nix

@@ -15,11 +15,15 @@ with lib; {
       (mkBefore ''
         set -g ATUIN_NOBIND true
         set -g fish_greeting
-        set -g fish_autosuggestion_enabled 0
+        #set -g fish_autosuggestion_enabled 0
         set -g FZF_COMPLETE 2
       '')
       (mkAfter ''
         bind \cr _atuin_search
+        atuin gen-completions --shell fish | source
+
+        bind \e\[A history-prefix-search-backward
+        bind \e\[B history-prefix-search-forward
       '')
     ];
     plugins = [

users/common/graphical/default.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  imports = [
+    ./kitty.nix
+  ];
+}

users/common/graphical/kitty.nix

@@ -0,0 +1,80 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  programs.kitty = {
+    enable = true;
+    package = pkgs.kitty.overrideAttrs (finalAttrs: prevAttrs: {
+      doCheck = false;
+    });
+    font = {
+      package = pkgs.nerdfonts;
+      name = "FiraCode Nerd Font";
+      size = 10;
+    };
+    settings = {
+      # Use xterm-256color because copying terminfo-kitty is painful.
+      term = "xterm-256color";
+
+      # Do not wait for inherited child processes.
+      close_on_child_death = "yes";
+
+      # Disable ligatures.
+      disable_ligatures = "always";
+
+      # Modified onehalfdark color scheme
+      foreground = "#c9d3e5";
+      background = "#090a0c";
+      cursor = "#cccccc";
+
+      color0 = " #090a0c";
+      color8 = " #393e48";
+      color1 = " #b2555d";
+      color9 = " #e06c75";
+      color2 = " #81a566";
+      color10 = "#98c379";
+      color3 = " #ccab6e";
+      color11 = "#e6c17c";
+      color4 = " #5395cc";
+      color12 = "#61afef";
+      color5 = " #9378de";
+      color13 = "#c678dd";
+      color6 = " #56b6c2";
+      color14 = "#56b6c2";
+      color7 = " #979eab";
+      color15 = "#abb2bf";
+
+      selection_foreground = "#282c34";
+      selection_background = "#979eab";
+
+      # Disable cursor blinking
+      cursor_blink_interval = "0";
+
+      # Big fat scrollback buffer
+      scrollback_lines = "100000";
+      # Set scrollback buffer for pager in MB
+      scrollback_pager_history_size = "256";
+
+      # Don't copy on select
+      copy_on_select = "no";
+
+      # Set program to open urls with
+      open_url_with = "xdg-open";
+
+      # Fuck the bell
+      enable_audio_bell = "no";
+    };
+    keybindings = {
+      # Keyboard mappings
+      "shift+page_up" = "scroll_page_up";
+      "shift+page_down" = "scroll_page_down";
+      "ctrl+shift+." = "change_font_size all -2.0";
+      "ctrl+shift+," = "change_font_size all +2.0";
+    };
+    extraConfig = ''
+      # Use nvim as scrollback pager
+      scrollback_pager nvim -u NONE -c "set nonumber nolist showtabline=0 foldcolumn=0 laststatus=0" -c "autocmd TermOpen * normal G" -c "silent write! /tmp/kitty_scrollback_buffer | te head -c-1 /tmp/kitty_scrollback_buffer; rm /tmp/kitty_scrollback_buffer; cat"
+    '';
+  };
+}

users/common/starship.nix

@@ -80,7 +80,10 @@
           "[($ahead_behind )](green)"
         ];
       };
-      nix_shell.heuristic = true; # Also detect nix shell
+      nix_shell = {
+        format = ''[$symbol$state( \($name\))]($style)'';
+        heuristic = true; # Also detect nix shell
+      };
       status = {
         disabled = false;
         pipestatus = true;

users/myuser/default.nix

@@ -8,6 +8,7 @@ with lib; {
   users.groups.myuser.gid = config.users.users.myuser.uid;
   users.users.myuser = {
     uid = 1000;
+    hashedPassword = "$6$YogAnKRz8qW2Gz.I$chgMKKrpPAfV0WuGN6ChOgUJistpCzFsHOT6mhHyj07mwI1kSfDJvnMB13frMvkpv2aGpXHVH.yxk5fYHeeET/";
     createHome = true;
     group = "myuser";
     extraGroups =
@@ -22,13 +23,7 @@ with lib; {
       #impermanence.home-manager.impermanence
       ../common
       ./dev.nix
-      #]
-      #++ optionals config.programs.sway.enable [
-      #  ./graphical
-      #  ./graphical/sway
-      #] ++ optionals config.services.xserver.windowManager.i3.enable [
-      #  ./graphical
-      #  ./graphical/i3
+      ./gpg.nix
     ];
 
     home = {

users/myuser/dev.nix

@@ -7,11 +7,7 @@
         set auto-load safe-path /
       '';
     };
-    packages = with pkgs; [
-      git-lfs
-      nix-update
-      nixpkgs-review
-    ];
+    packages = with pkgs; [git-lfs];
   };
 
   programs = {

users/myuser/gpg.nix

@@ -0,0 +1,78 @@
+{lib, ...}: {
+  programs.gpg = {
+    enable = true;
+    scdaemonSettings.disable-ccid = true;
+    settings = {
+      # https://github.com/drduh/config/blob/master/gpg.conf
+      # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html
+      # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html
+      # Use AES256, 192, or 128 as cipher
+      personal-cipher-preferences = "AES256 AES192 AES";
+      # Use SHA512, 384, or 256 as digest
+      personal-digest-preferences = "SHA512 SHA384 SHA256";
+      # Use ZLIB, BZIP2, ZIP, or no compression
+      personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
+      # Default preferences for new keys
+      default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
+      # SHA512 as digest to sign keys
+      cert-digest-algo = "SHA512";
+      # SHA512 as digest for symmetric ops
+      s2k-digest-algo = "SHA512";
+      # AES256 as cipher for symmetric ops
+      s2k-cipher-algo = "AES256";
+      # UTF-8 support for compatibility
+      charset = "utf-8";
+      # Show Unix timestamps
+      fixed-list-mode = true;
+      # No comments in signature
+      no-comments = true;
+      # No version in signature
+      no-emit-version = true;
+      # Disable banner
+      no-greeting = true;
+      # Long hexidecimal key format
+      keyid-format = "0xlong";
+      # Display UID validity
+      list-options = "show-uid-validity";
+      verify-options = "show-uid-validity";
+      # Display all keys and their fingerprints
+      with-fingerprint = true;
+      # Display key origins and updates
+      #with-key-origin
+      # Cross-certify subkeys are present and valid
+      require-cross-certification = true;
+      # Disable caching of passphrase for symmetrical ops
+      no-symkey-cache = true;
+      # Enable smartcard
+      use-agent = true;
+      # Disable recipient key ID in messages
+      throw-keyids = true;
+      # Default/trusted key ID to use (helpful with throw-keyids)
+      #default-key 0xFF3E7D88647EBCDB
+      #trusted-key 0xFF3E7D88647EBCDB
+      # Group recipient keys (preferred ID last)
+      #group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB
+      # Keyserver URL
+      #keyserver hkps://keys.openpgp.org
+      #keyserver hkps://keyserver.ubuntu.com:443
+      #keyserver hkps://hkps.pool.sks-keyservers.net
+      #keyserver hkps://pgp.ocf.berkeley.edu
+      # Proxy to use for keyservers
+      #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
+      # Verbose output
+      #verbose
+      # Show expired subkeys
+      #list-options show-unusable-subkeys
+    };
+    # TODO publicKeys = [
+    # TODO   {
+    # TODO     source = ./yubikey.gpg;
+    # TODO     trust = 5;
+    # TODO   }
+    # TODO ];
+  };
+  services.gpg-agent = {
+    enable = true;
+    enableSshSupport = true;
+  };
+}

users/root/default.nix

@@ -6,7 +6,7 @@
 }:
 with lib; {
   users.users.root = {
-    initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1";
+    hashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1";
     openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"];
     shell = pkgs.fish;
   };