diff --git a/flake.lock b/flake.lock index 9c52bdc..6c5d2f7 100644 --- a/flake.lock +++ b/flake.lock @@ -1556,16 +1556,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742002193, - "narHash": "sha256-zf9xEtVjvkR0h1+PfrJF2usNCiyzmWVw2AK0eMTJwmA=", + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a17b3fe5a72d0eb137b95f74a84cff6a7eee0af5", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index a597106..8011a80 100644 --- a/flake.nix +++ b/flake.nix @@ -82,7 +82,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixvim = { url = "github:nix-community/nixvim"; diff --git a/fz/modules/provision.exs b/fz/modules/provision.exs index 14909ec..d8e60d3 100644 --- a/fz/modules/provision.exs +++ b/fz/modules/provision.exs @@ -628,7 +628,7 @@ defmodule Provision do if only_updated_attrs == %{} do {:ok, existing} else - resource = case existing |> Resources.update_or_replace_resource(resource_attrs, temp_admin_subject) do + resource = case existing |> Resources.update_resource(resource_attrs, temp_admin_subject) do {:replaced, _old, new} -> UuidMapping.update_entities(slug, "resources", %{external_id => new.id}) new @@ -668,7 +668,7 @@ defmodule Provision do if only_updated_attrs == %{} do {:ok, existing} else - policy = case existing |> Policies.update_or_replace_policy(policy_attrs, temp_admin_subject) do + policy = case existing |> Policies.update_policy(policy_attrs, temp_admin_subject) do {:replaced, _old, new} -> UuidMapping.update_entities(slug, "policies", %{external_id => new.id}) new diff --git a/fz/modules/server.nix b/fz/modules/server.nix index 5d5210a..45cbd04 100644 --- a/fz/modules/server.nix +++ b/fz/modules/server.nix @@ -535,6 +535,13 @@ in example = "My Organization"; }; + id = mkOption { + type = types.nullOr types.str; + description = "The uuid to assign to this account. A random uuid will be assigned when this is null."; + default = null; + example = "cbb88fd0-13e1-4ae4-9b6e-214a5a4666e8"; + }; + features = let mkFeatureOption = @@ -632,7 +639,7 @@ in clientSecretFile = "/run/secrets/oidc-client-secret"; response_type = "code"; scope = "openid email name"; - discorvery_document_uri = "https://auth.example.com/.well-known/openid-configuration"; + discovery_document_uri = "https://auth.example.com/.well-known/openid-configuration"; }; }; }; @@ -1014,6 +1021,9 @@ in FEATURE_TRAFFIC_FILTERS_ENABLED = mkDefault true; FEATURE_SIGN_UP_ENABLED = mkDefault (!cfg.provision.enable); + + WEB_EXTERNAL_URL = mkDefault cfg.web.externalUrl; + API_EXTERNAL_URL = mkDefault cfg.api.externalUrl; }; domain.settings = { @@ -1032,8 +1042,6 @@ in PHOENIX_HTTP_WEB_PORT = mkDefault cfg.web.port; PHOENIX_HTTP_API_PORT = mkDefault cfg.api.port; PHOENIX_SECURE_COOKIES = mkDefault true; # enforce HTTPS on cookies - WEB_EXTERNAL_URL = mkDefault cfg.web.externalUrl; - API_EXTERNAL_URL = mkDefault cfg.api.externalUrl; }; api.settings = { @@ -1046,8 +1054,6 @@ in PHOENIX_HTTP_WEB_PORT = mkDefault cfg.web.port; PHOENIX_HTTP_API_PORT = mkDefault cfg.api.port; PHOENIX_SECURE_COOKIES = mkDefault true; # enforce HTTPS on cookies - WEB_EXTERNAL_URL = mkDefault cfg.web.externalUrl; - API_EXTERNAL_URL = mkDefault cfg.api.externalUrl; }; }; } diff --git a/hosts/sentinel/default.nix b/hosts/sentinel/default.nix index 647e16d..774f011 100644 --- a/hosts/sentinel/default.nix +++ b/hosts/sentinel/default.nix @@ -13,6 +13,7 @@ ./blog.nix ./fs.nix ./net.nix + ./firezone.nix ./oauth2.nix ./plausible.nix ./postgresql.nix diff --git a/hosts/sentinel/firezone.nix b/hosts/sentinel/firezone.nix index ed4aebf..3ffe7cf 100644 --- a/hosts/sentinel/firezone.nix +++ b/hosts/sentinel/firezone.nix @@ -2,6 +2,7 @@ config, globals, lib, + nodes, ... }: let @@ -25,10 +26,11 @@ let }; in { - age.secrets.firezone-smtp-password = { - generator.script = "alnum"; - mode = "440"; - group = "firezone"; + age.secrets.firezone-smtp-password.generator.script = "alnum"; + + # Mirror the original oauth2 secret + age.secrets.firezone-oauth2-client-secret = { + inherit (nodes.ward-kanidm.config.age.secrets.kanidm-oauth2-firezone) rekeyFile; }; environment.persistence."/persist".directories = [ @@ -53,7 +55,7 @@ in inherit (config.repo.secrets.local.firezone.mail) from host username; port = 465; implicitTls = true; - passwordFile = config.age.secrets.firezone-smtp-password.file; + passwordFile = config.age.secrets.firezone-smtp-password.path; }; provision = { @@ -68,6 +70,22 @@ in email = "admin@${globals.domains.me}"; }; + auth.oidc = + let + client_id = "firezone"; + in + { + name = "Kanidm"; + adapter = "openid_connect"; + adapter_config = { + scope = "openid email profile"; + response_type = "code"; + inherit client_id; + discovery_document_uri = "https://${globals.services.kanidm.domain}/oauth2/openid/${client_id}/.well-known/openid-configuration"; + clientSecretFile = config.age.secrets.firezone-oauth2-client-secret.path; + }; + }; + # FIXME: dont hardcode, filter global service domains by internal state # FIXME: new entry here? make new adguardhome entry too. resources = @@ -110,10 +128,11 @@ in { } // allow "everyone" "home.vlan-services.v4" // allow "everyone" "home.vlan-services.v6" - // lib.genAttrs homeDomains (domain: allow "everyone" domain); + // lib.mergeAttrsList (map (domain: allow "everyone" domain) homeDomains); }; }; + domain.settings.ERLANG_DISTRIBUTION_PORT = 9003; api.externalUrl = "https://${firezoneDomain}/api/"; web.externalUrl = "https://${firezoneDomain}/"; }; diff --git a/hosts/sire/guests/grafana.nix b/hosts/sire/guests/grafana.nix index 0548e43..437b19e 100644 --- a/hosts/sire/guests/grafana.nix +++ b/hosts/sire/guests/grafana.nix @@ -72,20 +72,6 @@ in tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-machines-${config.node.name}".path; }; - - age.secrets."grafana-influxdb-token-home-${config.node.name}" = { - inherit (config.age.secrets.grafana-influxdb-token-home) rekeyFile; - mode = "440"; - group = "influxdb2"; - }; - - services.influxdb2.provision.organizations.home.auths."grafana home:home_assistant (${config.node.name})" = - { - readBuckets = [ "home_assistant" ]; - writeBuckets = [ "home_assistant" ]; - tokenFile = - nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-home-${config.node.name}".path; - }; }; globals.services.grafana.domain = grafanaDomain; diff --git a/hosts/ward/guests/kanidm.nix b/hosts/ward/guests/kanidm.nix index 8b2606c..010bfa2 100644 --- a/hosts/ward/guests/kanidm.nix +++ b/hosts/ward/guests/kanidm.nix @@ -38,6 +38,7 @@ in age.secrets.kanidm-oauth2-forgejo = mkRandomSecret; age.secrets.kanidm-oauth2-grafana = mkRandomSecret; age.secrets.kanidm-oauth2-immich = mkRandomSecret; + age.secrets.kanidm-oauth2-firezone = mkRandomSecret; age.secrets.kanidm-oauth2-paperless = mkRandomSecret; age.secrets.kanidm-oauth2-web-sentinel = mkRandomSecret; @@ -138,11 +139,14 @@ in # Firezone groups."firezone.access" = { }; systems.oauth2.firezone = { - public = true; displayName = "Firezone VPN"; - # FIXME: change - originUrl = "https://dummy.example.org/"; - originLanding = "https://dummy.example.org/"; + # NOTE: state: both uuids are runtime values + originUrl = [ + "https://${globals.services.firezone.domain}/50e16678-6e95-49e2-b59e-d70d0e658843/sign_in/providers/fc8afaa3-ce60-4073-9cae-81dec9453a2d/handle_callback" + "https://${globals.services.firezone.domain}/50e16678-6e95-49e2-b59e-d70d0e658843/settings/identity_providers/openid_connect/fc8afaa3-ce60-4073-9cae-81dec9453a2d/handle_callback" + ]; + originLanding = "https://${globals.services.firezone.domain}/"; + basicSecretFile = config.age.secrets.kanidm-oauth2-firezone.path; preferShortUsername = true; scopeMaps."firezone.access" = [ "openid" diff --git a/nix/devshell.nix b/nix/devshell.nix index 51e1548..9f5ca78 100644 --- a/nix/devshell.nix +++ b/nix/devshell.nix @@ -86,8 +86,5 @@ } ]; }; - - # `nix fmt` - formatter = pkgs.alejandra; }; } diff --git a/pkgs/mdns-repeater.nix b/pkgs/mdns-repeater.nix index 07ed6c0..77d7bde 100644 --- a/pkgs/mdns-repeater.nix +++ b/pkgs/mdns-repeater.nix @@ -14,7 +14,7 @@ rustPlatform.buildRustPackage { hash = "sha256-cIrHSzdzFqfArE2bqWPm+CULuQU/KajkRN+i0b+seD0="; }; - cargoHash = "sha256-00Vh2AVECtqvkmLZmyDCR43tUqKdN4j1B8GnnRiWAmU="; + cargoHash = "sha256-ZKY1UVxeMSQaPZecBCIleZSFMRAPP6Vv0uRcnSNUOY0="; meta = { description = "mDNS packet relayer"; diff --git a/secrets/generated/sentinel/coturn-password-netbird.age b/secrets/generated/sentinel/coturn-password-netbird.age deleted file mode 100644 index 14e0070..0000000 --- a/secrets/generated/sentinel/coturn-password-netbird.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> X25519 BX1TzWJvYYuXIc5jazmoefCDOrWYCc6vtQHqiidFK0k -KguZPOuk4LKDPogJ40mXA8okdLgG9PAx5fqYW2gkqwQ --> piv-p256 xqSe8Q A58MztEJBOwOK0pPa7WngTGynn0I+VUFrCtibSKSwOep -sVyAneNoMlRnIPR502xrnFeQyI36GpzxqTRhjOpfU7w --> YS-grease -WMxsZrN//DXWbO+03CQwRqPKXdeV844codU ---- BrgOOiY9Crg771rp77VQ0i3tM770D6CjGknWYRgoIfk -zXN,1 ?v(oծ -|vF9ޙ޻m"dя?9? -Jn7Q-gQ^\fQ \ No newline at end of file diff --git a/secrets/generated/sentinel/firezone-smtp-password.age b/secrets/generated/sentinel/firezone-smtp-password.age new file mode 100644 index 0000000..3f52f4b --- /dev/null +++ b/secrets/generated/sentinel/firezone-smtp-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 Gzk3bRqlbpbgW3fXyRO1TeRwrsnIl8tlrJvlZNosumY +pK+U7VMR4u3S8BeJqItbCmYbztqq/jDsWhTbCCXH6WU +-> piv-p256 xqSe8Q A+/ooJ9I0y4YmaHT0ThGMLCZnCEh+3fNq8mHgJMeyZp8 +DN7R3acmGPo+M0ViZHmxpF0vRVJpAvLo4dxu38b0bpI +-> lBX/-grease x; r=v G +pjzOklWngnYUYJZdkksmUQ +--- icbgmGJLDB2QlRlUM00HuGuNuTjPmcp6/DcBpdtHh9A +h='{{gx&5,+ .pңbwuӹMtcPJpq]za[;pI׊,,ȵ\ \ No newline at end of file diff --git a/secrets/generated/ward-kanidm/kanidm-oauth2-firezone.age b/secrets/generated/ward-kanidm/kanidm-oauth2-firezone.age new file mode 100644 index 0000000..feaeb34 Binary files /dev/null and b/secrets/generated/ward-kanidm/kanidm-oauth2-firezone.age differ diff --git a/secrets/rekeyed/sentinel/51d1a589617efed367ff3596808b226f-firezone-oauth2-client-secret.age b/secrets/rekeyed/sentinel/51d1a589617efed367ff3596808b226f-firezone-oauth2-client-secret.age new file mode 100644 index 0000000..4e4562d --- /dev/null +++ b/secrets/rekeyed/sentinel/51d1a589617efed367ff3596808b226f-firezone-oauth2-client-secret.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA xiEFHrvJlkB1tJInqb9W6lOKKzyyG4r42VXa7om9Ih4 +m+LHiyPnQfusoUEEAsAAE/aDwcnAKWD1rLleSOj+zDE +-> qDll-grease n99 Ig'hQs +Uf/lkeybYXbRSWHHuqIOuATHGGLXFavLbEDVCGYbb4g3eKtVJmLEJzhtYX9YoAom +MzhJBmVRzw+xV8OMNrCisF0 +--- Nz+RAu2fYAAQ5XiIm9BJBKzw0KtBs9I/gq2PXhJO68A +\ N E3qHs3 .:K 0#f:[q?N.A]FN%bk2e6∿ \ No newline at end of file diff --git a/secrets/rekeyed/sentinel/aed1ea3be56668ed906deced14a943e8-firezone-smtp-password.age b/secrets/rekeyed/sentinel/aed1ea3be56668ed906deced14a943e8-firezone-smtp-password.age new file mode 100644 index 0000000..95c2ef8 --- /dev/null +++ b/secrets/rekeyed/sentinel/aed1ea3be56668ed906deced14a943e8-firezone-smtp-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 yV7lcA WYRq7v3xWWyzeK++/g47yipqWVZUGgLq/+yYl67IHDE +y1WkR/96uJRBxhf8zzgVu6axra+NEz2K/SRRWB62mvg +-> #eX-grease 7 +JhcpKxu5n888mqp4AcU/w5QQg60FCmrtYoR3rSUAuVwujZQqjnBg2kGeTcx92C9k +gHTSDKG35486OGdj +--- RfXbamiLRsqT5RllmqjC9y4YwBsOEM0mWmMHeSKr8zo +8,%L6SP"QRE k͌ߒJ&bze*~+0ec 0M͠i>4ek dx \ No newline at end of file diff --git a/secrets/rekeyed/sire-influxdb/b83247c406e7672605e94a6d354ecb29-grafana-influxdb-token-home-sire-grafana.age b/secrets/rekeyed/sire-influxdb/b83247c406e7672605e94a6d354ecb29-grafana-influxdb-token-home-sire-grafana.age deleted file mode 100644 index 6e50193..0000000 --- a/secrets/rekeyed/sire-influxdb/b83247c406e7672605e94a6d354ecb29-grafana-influxdb-token-home-sire-grafana.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 1tdZKQ AsgXjTnMlWoukmKdk3jBqZKildhbuhemjeXVEP6hxU4 -27r8siEl0mvMKMUxXapJqYgHkc/3pO3pGQwzKFV9lV8 --> IzSa}-grease )hD+%g6Z -jdkBplRj8opuM6K2D4j2g4CeyQ ---- 9/pgTJnwXS0d4avPkE4joBUEiCxGOzzAM2+O4kAayxg -: QqAx}hW!kFKoC ssh-ed25519 QciEZQ idJr/VJAtIAUnnvoDAkMlo286BA6TYRqc8kLSHeE2Co +Zv7M8UrRrw1JyJqFgOBJPa5NY+uxXjzlJuGllhw801Q +-> ?:-grease 2?G::0R} gLEw_"6 <${T&lQ$ +LRL9I+tbqUXwvpoQo4E/5wsqpsSVDBWDm4/9Om9L9ICN6CgAABI22aqT3QZQ +--- i9oMGRPqtoSvq+G9L3O/Kg0IHKYYGp6xX3bp0ps9tDk +ҧMf.MsC +u5:;+5ݓ{EĚ$ -% Zt[eؕÉYFC;C_ \ No newline at end of file diff --git a/users/myuser/dev/gdb.nix b/users/myuser/dev/gdb.nix index d7dbc01..9b2c09d 100644 --- a/users/myuser/dev/gdb.nix +++ b/users/myuser/dev/gdb.nix @@ -1,29 +1,4 @@ -{ pkgs, ... }: -let - # pwndbg wraps a gdb binary for us, but we want debuginfod in there too. - # Also make it the default gdb. - pwndbgWithDebuginfod = - (pkgs.pwndbg.override { - gdb = pkgs.gdb.override { - enableDebuginfod = true; - }; - }).overrideAttrs - ( - _finalAttrs: previousAttrs: { - installPhase = - previousAttrs.installPhase - + '' - ln -s $out/bin/pwndbg $out/bin/gdb - ''; - } - ); -in { - home.packages = [ - pwndbgWithDebuginfod - pkgs.hotspot - ]; - home.file.gdbinit = { target = ".gdbinit"; text = '' diff --git a/users/myuser/graphical/i3.nix b/users/myuser/graphical/i3.nix index b7d1dff..9f227e2 100644 --- a/users/myuser/graphical/i3.nix +++ b/users/myuser/graphical/i3.nix @@ -21,7 +21,7 @@ let version = "1.0.0"; src = ./i3-per-workspace-layout; - cargoHash = "sha256-9/k5IaMmLtbRP9hzcvi0+v6NJSihR+bcXzQB9oisfkk="; + cargoHash = "sha256-TSVN2BAfP3w1UdlEacPPWdWG6TmUdEHPtSgDZ7XqtE8="; meta = with lib; { description = "A helper utility to allow assigning a layout to each workspace in i3"; @@ -41,7 +41,7 @@ let rev = "8c2a80fd111dcb9ce7e956b867c0d0180b13b649"; hash = "sha256-Rv4dTycB19c2JyQ0y5WpDpX15D2RhjKq2lPOyuK2Ki8="; }; - cargoHash = "sha256-mwPLroz7oE7NNdc/H/sH9mnXj3KyT75U55UE7tMyZMw="; + cargoHash = "sha256-jSve8wMRP4p2eDVkLR1i4jjQ5pa2jKVheOeElY2HirM="; meta = with lib; { description = "Better focus navigation for sway and i3"; @@ -68,10 +68,14 @@ in keybindings = { - "XF86AudioRaiseVolume" = "exec --no-startup-id ${getExe pkgs.scripts.volume} set-volume @DEFAULT_AUDIO_SINK@ 5%+"; - "XF86AudioLowerVolume" = "exec --no-startup-id ${getExe pkgs.scripts.volume} set-volume @DEFAULT_AUDIO_SINK@ 5%-"; - "XF86AudioMute" = "exec --no-startup-id ${getExe pkgs.scripts.volume} set-mute @DEFAULT_AUDIO_SINK@ toggle"; - "XF86AudioMicMute" = "exec --no-startup-id ${getExe pkgs.scripts.volume} set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; + "XF86AudioRaiseVolume" = + "exec --no-startup-id ${getExe pkgs.scripts.volume} set-volume @DEFAULT_AUDIO_SINK@ 5%+"; + "XF86AudioLowerVolume" = + "exec --no-startup-id ${getExe pkgs.scripts.volume} set-volume @DEFAULT_AUDIO_SINK@ 5%-"; + "XF86AudioMute" = + "exec --no-startup-id ${getExe pkgs.scripts.volume} set-mute @DEFAULT_AUDIO_SINK@ toggle"; + "XF86AudioMicMute" = + "exec --no-startup-id ${getExe pkgs.scripts.volume} set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; "XF86AudioPlay" = "exec --no-startup-id ${getExe pkgs.playerctl} play-pause"; "XF86AudioNext" = "exec --no-startup-id ${getExe pkgs.playerctl} next"; "XF86AudioPrev" = "exec --no-startup-id ${getExe pkgs.playerctl} previous"; @@ -92,7 +96,8 @@ in "F11" = "exec --no-startup-id ${getExe pkgs.scripts.screenshot-area-scan-qr}"; # Exlicitly without --no-startup-id to show the spinner "F12" = "exec ${getExe pkgs.scripts.screenshot-screen}"; - "Print" = "exec --no-startup-id env QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_SCREEN_SCALE_FACTORS='' ${getExe pkgs.flameshot} gui"; + "Print" = + "exec --no-startup-id env QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_SCREEN_SCALE_FACTORS='' ${getExe pkgs.flameshot} gui"; "Shift+r" = "reload"; "q" = "kill"; @@ -118,7 +123,8 @@ in "Return" = "fullscreen toggle"; "a" = "focus parent"; - "Shift+Ctrl+q" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "Shift+Ctrl+q" = + "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; "r" = "mode resize"; "1" = "workspace number 1"; @@ -262,8 +268,10 @@ in }; }; fingerprint = { - ${monitorMain} = "00ffffffffffff001e6d9a5b078e0a000b1f0104b53c2278f919c1ae5044af260e5054210800d1c061404540314001010101010101014dd000a0f0703e803020350058542100001a000000fd0c3090505086010a202020202020000000fc003237474e3935300a2020202020000000ff003131314e5447594c423731390a02e602032d7123090707830100004410040301e2006ae305c000e60605017360216d1a0000020b309000047321602900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f47012790300030128d8060284ff0e9f002f801f006f08910002000400404f0104ff0e9f002f801f006f086200020004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d90"; - ${monitorLeft} = "00ffffffffffff001e6d095b39790700081a0104b53c22789f3035a7554ea3260f50542108007140818081c0a9c0d1c08100010101014dd000a0f0703e803020650c58542100001a286800a0f0703e800890650c58542100001a000000fd00283d878738010a202020202020000000fc004c4720556c7472612048440a2001850203117144900403012309070783010000023a801871382d40582c450058542100001e565e00a0a0a029503020350058542100001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c8"; + ${monitorMain} = + "00ffffffffffff001e6d9a5b078e0a000b1f0104b53c2278f919c1ae5044af260e5054210800d1c061404540314001010101010101014dd000a0f0703e803020350058542100001a000000fd0c3090505086010a202020202020000000fc003237474e3935300a2020202020000000ff003131314e5447594c423731390a02e602032d7123090707830100004410040301e2006ae305c000e60605017360216d1a0000020b309000047321602900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f47012790300030128d8060284ff0e9f002f801f006f08910002000400404f0104ff0e9f002f801f006f086200020004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d90"; + ${monitorLeft} = + "00ffffffffffff001e6d095b39790700081a0104b53c22789f3035a7554ea3260f50542108007140818081c0a9c0d1c08100010101014dd000a0f0703e803020650c58542100001a286800a0f0703e800890650c58542100001a000000fd00283d878738010a202020202020000000fc004c4720556c7472612048440a2001850203117144900403012309070783010000023a801871382d40582c450058542100001e565e00a0a0a029503020350058542100001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c8"; }; }; }; diff --git a/users/myuser/graphical/theme.nix b/users/myuser/graphical/theme.nix index 0e58007..b47b46c 100644 --- a/users/myuser/graphical/theme.nix +++ b/users/myuser/graphical/theme.nix @@ -58,7 +58,7 @@ cursor = { package = pkgs.bibata-cursors; name = "Bibata-Modern-Ice"; - # size = 24; + size = 20; }; }; }