diff --git a/hosts/nom/default.nix b/hosts/nom/default.nix index 28013fb..dace26a 100644 --- a/hosts/nom/default.nix +++ b/hosts/nom/default.nix @@ -11,6 +11,8 @@ ../../modules/core ../../modules/dev + ../../modules/graphical + ../../modules/hardware/intel.nix ../../modules/efi.nix ../../modules/laptop.nix diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index e48e307..d1903b8 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -1,11 +1,6 @@ {pkgs, ...}: { imports = [ ./fonts.nix + ./wayland.nix ]; - - xdg.portal = { - enable = true; - wlr.enable = true; - extraPortals = with pkgs; [xdg-desktop-portal-gtk]; - }; } diff --git a/modules/graphical/wayland.nix b/modules/graphical/wayland.nix new file mode 100644 index 0000000..0082a39 --- /dev/null +++ b/modules/graphical/wayland.nix @@ -0,0 +1,10 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [wayland]; + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + # gtk portal needed to make gtk apps happy + extraPortals = with pkgs; [xdg-desktop-portal-gtk]; + }; +} diff --git a/modules/laptop.nix b/modules/laptop.nix index 99f2947..a9fbc6f 100644 --- a/modules/laptop.nix +++ b/modules/laptop.nix @@ -1,5 +1,6 @@ {pkgs, ...}: { environment.systemPackages = with pkgs; [powertop]; + services.physlock.enable = true; services.logind = { lidSwitch = "ignore"; lidSwitchDocked = "ignore"; diff --git a/modules/sound-pipewire.nix b/modules/sound-pipewire.nix index 88e90e5..6ca0c1e 100644 --- a/modules/sound-pipewire.nix +++ b/modules/sound-pipewire.nix @@ -3,12 +3,11 @@ pkgs, ... }: { + sound.enable = true; environment.systemPackages = with pkgs; [pulseaudio pulsemixer]; hardware.pulseaudio.enable = lib.mkForce false; - security.rtkit.enable = true; - services.pipewire = { enable = true; alsa.enable = true; @@ -34,6 +33,4 @@ client-rt."stream.properties"."resample.quality" = 15; }; }; - - sound.enable = true; } diff --git a/nix/checks.nix b/nix/checks.nix index 788eb33..8f512dc 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -9,10 +9,9 @@ with self.pkgs.${system}; { { src = lib.cleanSource ../.; hooks = { - actionlint.enable = true; - luacheck.enable = true; alejandra.enable = true; statix.enable = true; + luacheck.enable = true; stylua.enable = true; }; }; diff --git a/nix/dev-shell.nix b/nix/dev-shell.nix index 27e643c..79a4bd1 100644 --- a/nix/dev-shell.nix +++ b/nix/dev-shell.nix @@ -2,26 +2,20 @@ with self.pkgs.${system}; mkShell { name = "nix-config"; - - nativeBuildInputs = [ + packages = [ # Nix cachix colmena - nix-build-uncached alejandra - ragenix - rnix-lsp statix - update-nix-fetching + update-nix-fetchgit # Lua stylua (luajit.withPackages (p: with p; [luacheck])) - sumneko-lua-language-server # Misc shellcheck - jq pre-commit rage ]; diff --git a/users/common/fish.nix b/users/common/fish.nix index de55eae..6bcfcdc 100644 --- a/users/common/fish.nix +++ b/users/common/fish.nix @@ -15,11 +15,15 @@ with lib; { (mkBefore '' set -g ATUIN_NOBIND true set -g fish_greeting - set -g fish_autosuggestion_enabled 0 + #set -g fish_autosuggestion_enabled 0 set -g FZF_COMPLETE 2 '') (mkAfter '' bind \cr _atuin_search + atuin gen-completions --shell fish | source + + bind \e\[A history-prefix-search-backward + bind \e\[B history-prefix-search-forward '') ]; plugins = [ diff --git a/users/common/graphical/default.nix b/users/common/graphical/default.nix new file mode 100644 index 0000000..471e2f4 --- /dev/null +++ b/users/common/graphical/default.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + imports = [ + ./kitty.nix + ]; +} diff --git a/users/common/graphical/kitty.nix b/users/common/graphical/kitty.nix new file mode 100644 index 0000000..af81b5e --- /dev/null +++ b/users/common/graphical/kitty.nix @@ -0,0 +1,80 @@ +{ + config, + pkgs, + ... +}: { + programs.kitty = { + enable = true; + package = pkgs.kitty.overrideAttrs (finalAttrs: prevAttrs: { + doCheck = false; + }); + font = { + package = pkgs.nerdfonts; + name = "FiraCode Nerd Font"; + size = 10; + }; + settings = { + # Use xterm-256color because copying terminfo-kitty is painful. + term = "xterm-256color"; + + # Do not wait for inherited child processes. + close_on_child_death = "yes"; + + # Disable ligatures. + disable_ligatures = "always"; + + # Modified onehalfdark color scheme + foreground = "#c9d3e5"; + background = "#090a0c"; + cursor = "#cccccc"; + + color0 = " #090a0c"; + color8 = " #393e48"; + color1 = " #b2555d"; + color9 = " #e06c75"; + color2 = " #81a566"; + color10 = "#98c379"; + color3 = " #ccab6e"; + color11 = "#e6c17c"; + color4 = " #5395cc"; + color12 = "#61afef"; + color5 = " #9378de"; + color13 = "#c678dd"; + color6 = " #56b6c2"; + color14 = "#56b6c2"; + color7 = " #979eab"; + color15 = "#abb2bf"; + + selection_foreground = "#282c34"; + selection_background = "#979eab"; + + # Disable cursor blinking + cursor_blink_interval = "0"; + + # Big fat scrollback buffer + scrollback_lines = "100000"; + # Set scrollback buffer for pager in MB + scrollback_pager_history_size = "256"; + + # Don't copy on select + copy_on_select = "no"; + + # Set program to open urls with + open_url_with = "xdg-open"; + + # Fuck the bell + enable_audio_bell = "no"; + }; + keybindings = { + # Keyboard mappings + "shift+page_up" = "scroll_page_up"; + "shift+page_down" = "scroll_page_down"; + "ctrl+shift+." = "change_font_size all -2.0"; + "ctrl+shift+," = "change_font_size all +2.0"; + }; + extraConfig = '' + # Use nvim as scrollback pager + scrollback_pager nvim -u NONE -c "set nonumber nolist showtabline=0 foldcolumn=0 laststatus=0" -c "autocmd TermOpen * normal G" -c "silent write! /tmp/kitty_scrollback_buffer | te head -c-1 /tmp/kitty_scrollback_buffer; rm /tmp/kitty_scrollback_buffer; cat" + ''; + }; +} diff --git a/users/common/starship.nix b/users/common/starship.nix index 664907f..c309856 100644 --- a/users/common/starship.nix +++ b/users/common/starship.nix @@ -80,7 +80,10 @@ "[($ahead_behind )](green)" ]; }; - nix_shell.heuristic = true; # Also detect nix shell + nix_shell = { + format = ''[$symbol$state( \($name\))]($style)''; + heuristic = true; # Also detect nix shell + }; status = { disabled = false; pipestatus = true; diff --git a/users/myuser/default.nix b/users/myuser/default.nix index 4d084fc..29dcfad 100644 --- a/users/myuser/default.nix +++ b/users/myuser/default.nix @@ -8,6 +8,7 @@ with lib; { users.groups.myuser.gid = config.users.users.myuser.uid; users.users.myuser = { uid = 1000; + hashedPassword = "$6$YogAnKRz8qW2Gz.I$chgMKKrpPAfV0WuGN6ChOgUJistpCzFsHOT6mhHyj07mwI1kSfDJvnMB13frMvkpv2aGpXHVH.yxk5fYHeeET/"; createHome = true; group = "myuser"; extraGroups = @@ -22,13 +23,7 @@ with lib; { #impermanence.home-manager.impermanence ../common ./dev.nix - #] - #++ optionals config.programs.sway.enable [ - # ./graphical - # ./graphical/sway - #] ++ optionals config.services.xserver.windowManager.i3.enable [ - # ./graphical - # ./graphical/i3 + ./gpg.nix ]; home = { diff --git a/users/myuser/dev.nix b/users/myuser/dev.nix index 2d501fd..e149b97 100644 --- a/users/myuser/dev.nix +++ b/users/myuser/dev.nix @@ -7,11 +7,7 @@ set auto-load safe-path / ''; }; - packages = with pkgs; [ - git-lfs - nix-update - nixpkgs-review - ]; + packages = with pkgs; [git-lfs]; }; programs = { diff --git a/users/myuser/gpg.nix b/users/myuser/gpg.nix new file mode 100644 index 0000000..b0e2b18 --- /dev/null +++ b/users/myuser/gpg.nix @@ -0,0 +1,78 @@ +{lib, ...}: { + programs.gpg = { + enable = true; + scdaemonSettings.disable-ccid = true; + settings = { + # https://github.com/drduh/config/blob/master/gpg.conf + # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html + # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html + # Use AES256, 192, or 128 as cipher + personal-cipher-preferences = "AES256 AES192 AES"; + # Use SHA512, 384, or 256 as digest + personal-digest-preferences = "SHA512 SHA384 SHA256"; + # Use ZLIB, BZIP2, ZIP, or no compression + personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed"; + # Default preferences for new keys + default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; + # SHA512 as digest to sign keys + cert-digest-algo = "SHA512"; + # SHA512 as digest for symmetric ops + s2k-digest-algo = "SHA512"; + # AES256 as cipher for symmetric ops + s2k-cipher-algo = "AES256"; + # UTF-8 support for compatibility + charset = "utf-8"; + # Show Unix timestamps + fixed-list-mode = true; + # No comments in signature + no-comments = true; + # No version in signature + no-emit-version = true; + # Disable banner + no-greeting = true; + # Long hexidecimal key format + keyid-format = "0xlong"; + # Display UID validity + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + # Display all keys and their fingerprints + with-fingerprint = true; + # Display key origins and updates + #with-key-origin + # Cross-certify subkeys are present and valid + require-cross-certification = true; + # Disable caching of passphrase for symmetrical ops + no-symkey-cache = true; + # Enable smartcard + use-agent = true; + # Disable recipient key ID in messages + throw-keyids = true; + # Default/trusted key ID to use (helpful with throw-keyids) + #default-key 0xFF3E7D88647EBCDB + #trusted-key 0xFF3E7D88647EBCDB + # Group recipient keys (preferred ID last) + #group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB + # Keyserver URL + #keyserver hkps://keys.openpgp.org + #keyserver hkps://keyserver.ubuntu.com:443 + #keyserver hkps://hkps.pool.sks-keyservers.net + #keyserver hkps://pgp.ocf.berkeley.edu + # Proxy to use for keyservers + #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 + # Verbose output + #verbose + # Show expired subkeys + #list-options show-unusable-subkeys + }; + # TODO publicKeys = [ + # TODO { + # TODO source = ./yubikey.gpg; + # TODO trust = 5; + # TODO } + # TODO ]; + }; + services.gpg-agent = { + enable = true; + enableSshSupport = true; + }; +} diff --git a/users/myuser/yubikey.pub.age b/users/myuser/yubikey.pub.age new file mode 100644 index 0000000..e9305db Binary files /dev/null and b/users/myuser/yubikey.pub.age differ diff --git a/users/root/default.nix b/users/root/default.nix index 50fd91e..056ea13 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -6,7 +6,7 @@ }: with lib; { users.users.root = { - initialHashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1"; + hashedPassword = "$6$EBo/CaxB.dQoq2W8$lo2b5vKgJlLPdGGhEqa08q3Irf1Zd1PcFBCwJOrG8lqjwbABkn1DEhrMh1P3ezwnww2HusUBuZGDSMa4nvSQg1"; openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm"]; shell = pkgs.fish; };