diff options
| author | Leonardo Santiago <[email protected]> | 2025-05-05 23:34:15 -0300 |
|---|---|---|
| committer | Leonardo Santiago <[email protected]> | 2025-05-05 23:34:15 -0300 |
| commit | 0ec583d64fb7640611f5e2d440c75a1b8b86f8f5 (patch) | |
| tree | b8b644b9ca3b7261f698fe1fc6efc9c92775c1f0 | |
| parent | 1bd7f83ce366a3d4addf7487af8c8b019320720f (diff) | |
chore(home-manager): improve home-manager structuring
| -rw-r--r-- | flake.lock | 63 | ||||
| -rw-r--r-- | flake.nix | 10 | ||||
| -rw-r--r-- | modules/default-user.nix | 139 | ||||
| -rw-r--r-- | modules/desktop-environment.nix | 3 | ||||
| -rw-r--r-- | modules/gnome/default.nix | 3 | ||||
| -rw-r--r-- | modules/gnome/gnome-config.nix | 5 | ||||
| -rw-r--r-- | modules/home/default.nix | 57 | ||||
| -rw-r--r-- | modules/home/mu.nix | 66 | ||||
| -rw-r--r-- | modules/home/zen.nix | 29 | ||||
| -rw-r--r-- | modules/secrets.nix | 52 |
10 files changed, 234 insertions, 193 deletions
@@ -241,32 +241,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1736883540, - "narHash": "sha256-dgPgoPUSg8cGAMqbhQRkww665sZtgzpWXxWjlyqhv94=", + "lastModified": 1746413188, + "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=", "owner": "nix-community", "repo": "home-manager", - "rev": "0dfec9deb275854a56c97c356c40ef72e3a2e632", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "zen-browser", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743604125, - "narHash": "sha256-ZD61DNbsBt1mQbinAaaEqKaJk2RFo9R/j+eYWeGMx7A=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "180fd43eea296e62ae68e079fcf56aba268b9a1a", + "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a", "type": "github" }, "original": { @@ -456,11 +435,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1746232882, + "narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008", "type": "github" }, "original": { @@ -518,22 +497,6 @@ "type": "github" } }, - "nixpkgs_6": { - "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_latest": { "locked": { "lastModified": 1737072480, @@ -741,15 +704,19 @@ }, "zen-browser": { "inputs": { - "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_6" + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1745809801, - "narHash": "sha256-TPQZmVUZxq4rIXqZcAuXeHu1etCo0AXF+3Dkar44aCk=", + "lastModified": 1746483546, + "narHash": "sha256-tzNX8HrqLWoLPGxGLGHAW8ja8BU/qDSee1nlc802Imw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "7902bf43aefe27fc18448702ebe6705bb27ad36c", + "rev": "f78a228d63dc6d0b82015a8d12a672e59a1522d6", "type": "github" }, "original": { @@ -13,7 +13,11 @@ url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; - zen-browser.url = "github:0xc000022070/zen-browser-flake"; + zen-browser = { + url = "github:0xc000022070/zen-browser-flake"; + inputs.home-manager.follows = "home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; mixrank.url = "git+ssh://[email protected]/mixrank/mixrank"; deploy-rs.url = "github:serokell/deploy-rs"; }; @@ -24,13 +28,13 @@ overlays = [ inputs.emacs-overlay.overlays.default ]; system = "x86_64-linux"; }; - modules = map (p: ./modules/${p}) (attrNames (readDir ./modules)); + mods = map (p: ./modules/${p}) (attrNames (readDir ./modules)); make-config-named = host: nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ ./hosts/${host}.nix inputs.home-manager.nixosModules.default - ] ++ modules; + ] ++ mods; }; get-basename = n: head (split "\\." n); hosts-names = map get-basename (attrNames (readDir ./hosts)); diff --git a/modules/default-user.nix b/modules/default-user.nix index 973178c..57e3acb 100644 --- a/modules/default-user.nix +++ b/modules/default-user.nix @@ -1,21 +1,15 @@ -{ config, lib, inputs, pkgs, ...}: with lib; let +{ config, lib, pkgs, ...}: with lib; let cfg = config.santi-modules; in { - imports = [ - inputs.agenix.nixosModules.default - inputs.home-manager.nixosModules.home-manager - ]; options.santi-modules = { default-user.enable = mkOption { type = types.bool; default = true; description = "Enables default user configuration and ssh access"; }; - mu.enable = mkEnableOption "Enables mu, mbsync and msmtp"; }; config = mkIf config.santi-modules.default-user.enable { environment.systemPackages = with pkgs; [ - rage deploy-rs jujutsu ] ++ (if cfg.mu.enable then [ pkgs.parallel ] else []); @@ -25,33 +19,7 @@ in { description = "leonardo"; extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.bashInteractive; - hashedPasswordFile = config.age.secrets.user-pass.path; - openssh.authorizedKeys.keys = [ (builtins.readFile ../secrets/user-ssh-key.pub)] ++ builtins.attrValues (import ../secrets/host-pub-keys.nix); }; - age.secrets = let - with-perms = name: { - file = ../secrets/${name}.age; - owner = "leonardo"; - group = "users"; - }; - in { - user-pass = with-perms "user-pass"; - user-ssh-key = { - file = ../secrets/user-ssh-key.age; - path = "/home/leonardo/.ssh/id_ed25519"; - owner = "leonardo"; - group = "users"; - }; - } // (optionalAttrs cfg.mu.enable (let - mails = ["work-mail" "personal-mail" "university-mail"]; - mail-cfg = map (n: {name = n; value = with-perms n;}) mails; - in - listToAttrs mail-cfg)) - // (optionalAttrs cfg.services.ddns.enable { - cloudflare = with-perms "cloudflare"; - }) // (optionalAttrs cfg.emacs.enable { - authinfo = with-perms "authinfo"; - }); programs.ssh.startAgent = true; services.openssh = { enable = true; @@ -60,110 +28,5 @@ in { PasswordAuthentication = false; }; }; - home-manager = { - backupFileExtension = "backup"; - useGlobalPkgs = true; - useUserPackages = true; - users.leonardo = { - imports = [ (import ./gnome/gnome-config.nix config.santi-modules) ]; - home = { - stateVersion = "23.05"; - homeDirectory = "/home/leonardo"; - file.".ssh/id_ed25519.pub".source = ../secrets/user-ssh-key.pub; - # file.".mozilla/firefox/leonardo/chrome/firefox-gnome-theme" = mkIf cfg.firefox.enable { source = inputs.firefox-gnome-theme; }; - packages = lib.optionals cfg.desktop-environment.enable (with pkgs; [ - legcord - slack - whatsapp-for-linux - telegram-desktop - inputs.zen-browser.packages.${system}.default - ]); - }; - programs = { - bash = { - enable = true; - enableCompletion = true; - initExtra = '' - shopt -s -q autocd - shopt -s no_empty_cmd_completion - ''; - }; - fzf = { - enable = true; - enableBashIntegration = true; - }; - git = { - enable = true; - lfs.enable = true; - diff-so-fancy.enable = true; - extraConfig = { - user = { - name = "Leonardo Santiago"; - email = "[email protected]"; - signingkey = "~/.ssh/id_ed25519"; - }; - color.ui = true; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - }; - mu.enable = cfg.mu.enable; - msmtp.enable = cfg.mu.enable; - mbsync.enable = cfg.mu.enable; - }; - services.mbsync = mkIf cfg.mu.enable { - enable = true; - frequency = "*:0/5"; - }; - accounts.email.accounts = mkIf cfg.mu.enable { - personal = { - address = "[email protected]"; - userName = "[email protected]"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - primary = true; - realName = "Leonardo Ribeiro Santiago"; - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - }; - msmtp.enable = true; - mu.enable = true; - passwordCommand = "cat ${config.age.secrets.personal-mail.path}"; - }; - university = { - address = "[email protected]"; - userName = "[email protected]"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - realName = "Leonardo Ribeiro Santiago"; - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - }; - msmtp.enable = true; - mu.enable = true; - passwordCommand = "cat ${config.age.secrets.university-mail.path}"; - }; - work = { - address = "[email protected]"; - userName = "[email protected]"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - realName = "Leonardo Ribeiro Santiago"; - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - }; - msmtp.enable = true; - mu.enable = true; - passwordCommand = "cat ${config.age.secrets.work-mail.path}"; - }; - }; - }; - }; }; } diff --git a/modules/desktop-environment.nix b/modules/desktop-environment.nix index 19734d7..1313ea2 100644 --- a/modules/desktop-environment.nix +++ b/modules/desktop-environment.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with lib; { +{ config, lib, ... }: with lib; { options.santi-modules.desktop-environment.enable = mkEnableOption "Enable default desktop-environment"; config = mkIf config.santi-modules.desktop-environment.enable { santi-modules = { @@ -9,6 +9,7 @@ mu.enable = true; default-user.enable = true; basic.enable = true; + zen-browser.enable = true; }; services.printing.enable = false; # disabled until CUPS CVE is fixed diff --git a/modules/gnome/default.nix b/modules/gnome/default.nix index 90b99b1..8cf11c5 100644 --- a/modules/gnome/default.nix +++ b/modules/gnome/default.nix @@ -1,4 +1,7 @@ { config, lib, pkgs, ...}: with lib; { + imports = [ + ./gnome-config.nix + ]; options.santi-modules.gnome.enable = mkEnableOption "Enable gnome"; config = mkIf config.santi-modules.gnome.enable { programs.dconf.enable = true; diff --git a/modules/gnome/gnome-config.nix b/modules/gnome/gnome-config.nix index 5e087ef..ff401c4 100644 --- a/modules/gnome/gnome-config.nix +++ b/modules/gnome/gnome-config.nix @@ -1,6 +1,5 @@ -santi-modules: -{ lib, ... }: lib.optionalAttrs santi-modules.gnome.enable { - dconf.settings = { +{ config, lib, ... }: lib.mkIf config.santi-modules.gnome.enable { + home-manager.users.leonardo.dconf.settings = { "org/gnome/desktop/background" = { picture-uri = "${../../wallpaper.png}"; picture-uri-dark = "${../../wallpaper.png}"; diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..cfa68c2 --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,57 @@ +{ config, lib, inputs, pkgs, ...}: with lib; let + cfg = config.santi-modules; +in { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./mu.nix + ./zen.nix + ]; + config = mkIf cfg.default-user.enable { + home-manager = { + backupFileExtension = "backup"; + useGlobalPkgs = true; + useUserPackages = true; + users.leonardo = { + home = { + stateVersion = "23.05"; + homeDirectory = "/home/leonardo"; + packages = lib.optionals cfg.desktop-environment.enable (with pkgs; [ + legcord + slack + whatsapp-for-linux + telegram-desktop + ]); + }; + programs = { + bash = { + enable = true; + enableCompletion = true; + initExtra = '' + shopt -s -q autocd + shopt -s no_empty_cmd_completion + ''; + }; + fzf = { + enable = true; + enableBashIntegration = true; + }; + git = { + enable = true; + lfs.enable = true; + diff-so-fancy.enable = true; + extraConfig = { + user = { + name = "Leonardo Santiago"; + email = "[email protected]"; + signingkey = "~/.ssh/id_ed25519"; + }; + color.ui = true; + gpg.format = "ssh"; + commit.gpgsign = true; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/home/mu.nix b/modules/home/mu.nix new file mode 100644 index 0000000..1a22963 --- /dev/null +++ b/modules/home/mu.nix @@ -0,0 +1,66 @@ +{ config, lib, ...}: with lib; let + cfg = config.santi-modules; +in { + options.santi-modules.mu.enable = mkEnableOption "Enables mu, mbsync and msmtp"; + config = mkIf cfg.mu.enable { + home-manager.users.leonardo = { + programs = { + mu.enable = true; + msmtp.enable = true; + mbsync.enable = true; + }; + services.mbsync = { + enable = true; + frequency = "*:0/5"; + }; + accounts.email.accounts = { + personal = { + address = "[email protected]"; + userName = "[email protected]"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + primary = true; + realName = "Leonardo Ribeiro Santiago"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + passwordCommand = "cat ${config.age.secrets.personal-mail.path}"; + }; + university = { + address = "[email protected]"; + userName = "[email protected]"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + realName = "Leonardo Ribeiro Santiago"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + passwordCommand = "cat ${config.age.secrets.university-mail.path}"; + }; + work = { + address = "[email protected]"; + userName = "[email protected]"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + realName = "Leonardo Ribeiro Santiago"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + passwordCommand = "cat ${config.age.secrets.work-mail.path}"; + }; + }; + }; + }; +} diff --git a/modules/home/zen.nix b/modules/home/zen.nix new file mode 100644 index 0000000..f7535dc --- /dev/null +++ b/modules/home/zen.nix @@ -0,0 +1,29 @@ +{ config, lib, inputs, ...}: with lib; let + cfg = config.santi-modules; +in { + options.santi-modules.zen-browser = mkEnableOption "Enable zen browser from flake"; + config = mkIf cfg.default-user.enable { + home-manager = { + users.leonardo = { + imports = [ + inputs.zen-browser.homeModules.default + ]; + programs.zen-browser = { + enable = true; + policies = { + AutofillAddressEnabled = true; + AutofillCreditCardEnabled = false; + DisableAppUpdate = true; + DisableFeedbackCommands = true; + DisableFirefoxStudies = true; + DisablePocket = true; # save webs for later reading + DisableTelemetry = true; + DontCheckDefaultBrowser = true; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + }; + }; + }; + }; + }; +} diff --git a/modules/secrets.nix b/modules/secrets.nix new file mode 100644 index 0000000..3cfddb2 --- /dev/null +++ b/modules/secrets.nix @@ -0,0 +1,52 @@ +{ config, lib, inputs, pkgs, ...}: with lib; let + cfg = config.santi-modules; + inherit (builtins) readFile attrValues; +in { + imports = [ + inputs.agenix.nixosModules.default + inputs.home-manager.nixosModules.home-manager + ]; + options.santi-modules = { + secrets.enable = mkOption { + type = types.bool; + default = true; + description = "Enables secrets management through agenix"; + }; + }; + config = mkIf config.santi-modules.secrets.enable { + environment.systemPackages = with pkgs; [ + rage + ]; + home-manager.users.leonardo.home.file.".ssh/id_ed25519.pub".source = ../secrets/user-ssh-key.pub; + users.users.leonardo = { + hashedPasswordFile = config.age.secrets.user-pass.path; + openssh.authorizedKeys.keys = [ + (readFile ../secrets/user-ssh-key.pub) + ] ++ attrValues (import ../secrets/host-pub-keys.nix); + }; + age.secrets = let + with-perms = name: { + file = ../secrets/${name}.age; + owner = "leonardo"; + group = "users"; + }; + in { + user-pass = with-perms "user-pass"; + user-ssh-key = { + file = ../secrets/user-ssh-key.age; + path = "/home/leonardo/.ssh/id_ed25519"; + owner = "leonardo"; + group = "users"; + }; + } // (optionalAttrs cfg.mu.enable (let + mails = ["work-mail" "personal-mail" "university-mail"]; + mail-cfg = map (n: {name = n; value = with-perms n;}) mails; + in + listToAttrs mail-cfg)) + // (optionalAttrs cfg.services.ddns.enable { + cloudflare = with-perms "cloudflare"; + }) // (optionalAttrs cfg.emacs.enable { + authinfo = with-perms "authinfo"; + }); + }; +} |