summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/default-user.nix139
-rw-r--r--modules/desktop-environment.nix3
-rw-r--r--modules/gnome/default.nix3
-rw-r--r--modules/gnome/gnome-config.nix5
-rw-r--r--modules/home/default.nix57
-rw-r--r--modules/home/mu.nix66
-rw-r--r--modules/home/zen.nix29
-rw-r--r--modules/secrets.nix52
8 files changed, 212 insertions, 142 deletions
diff --git a/modules/default-user.nix b/modules/default-user.nix
index 973178c..57e3acb 100644
--- a/modules/default-user.nix
+++ b/modules/default-user.nix
@@ -1,21 +1,15 @@
-{ config, lib, inputs, pkgs, ...}: with lib; let
+{ config, lib, pkgs, ...}: with lib; let
cfg = config.santi-modules;
in {
- imports = [
- inputs.agenix.nixosModules.default
- inputs.home-manager.nixosModules.home-manager
- ];
options.santi-modules = {
default-user.enable = mkOption {
type = types.bool;
default = true;
description = "Enables default user configuration and ssh access";
};
- mu.enable = mkEnableOption "Enables mu, mbsync and msmtp";
};
config = mkIf config.santi-modules.default-user.enable {
environment.systemPackages = with pkgs; [
- rage
deploy-rs
jujutsu
] ++ (if cfg.mu.enable then [ pkgs.parallel ] else []);
@@ -25,33 +19,7 @@ in {
description = "leonardo";
extraGroups = [ "networkmanager" "wheel" ];
shell = pkgs.bashInteractive;
- hashedPasswordFile = config.age.secrets.user-pass.path;
- openssh.authorizedKeys.keys = [ (builtins.readFile ../secrets/user-ssh-key.pub)] ++ builtins.attrValues (import ../secrets/host-pub-keys.nix);
};
- age.secrets = let
- with-perms = name: {
- file = ../secrets/${name}.age;
- owner = "leonardo";
- group = "users";
- };
- in {
- user-pass = with-perms "user-pass";
- user-ssh-key = {
- file = ../secrets/user-ssh-key.age;
- path = "/home/leonardo/.ssh/id_ed25519";
- owner = "leonardo";
- group = "users";
- };
- } // (optionalAttrs cfg.mu.enable (let
- mails = ["work-mail" "personal-mail" "university-mail"];
- mail-cfg = map (n: {name = n; value = with-perms n;}) mails;
- in
- listToAttrs mail-cfg))
- // (optionalAttrs cfg.services.ddns.enable {
- cloudflare = with-perms "cloudflare";
- }) // (optionalAttrs cfg.emacs.enable {
- authinfo = with-perms "authinfo";
- });
programs.ssh.startAgent = true;
services.openssh = {
enable = true;
@@ -60,110 +28,5 @@ in {
PasswordAuthentication = false;
};
};
- home-manager = {
- backupFileExtension = "backup";
- useGlobalPkgs = true;
- useUserPackages = true;
- users.leonardo = {
- imports = [ (import ./gnome/gnome-config.nix config.santi-modules) ];
- home = {
- stateVersion = "23.05";
- homeDirectory = "/home/leonardo";
- file.".ssh/id_ed25519.pub".source = ../secrets/user-ssh-key.pub;
- # file.".mozilla/firefox/leonardo/chrome/firefox-gnome-theme" = mkIf cfg.firefox.enable { source = inputs.firefox-gnome-theme; };
- packages = lib.optionals cfg.desktop-environment.enable (with pkgs; [
- legcord
- slack
- whatsapp-for-linux
- telegram-desktop
- inputs.zen-browser.packages.${system}.default
- ]);
- };
- programs = {
- bash = {
- enable = true;
- enableCompletion = true;
- initExtra = ''
- shopt -s -q autocd
- shopt -s no_empty_cmd_completion
- '';
- };
- fzf = {
- enable = true;
- enableBashIntegration = true;
- };
- git = {
- enable = true;
- lfs.enable = true;
- diff-so-fancy.enable = true;
- extraConfig = {
- user = {
- name = "Leonardo Santiago";
- email = "[email protected]";
- signingkey = "~/.ssh/id_ed25519";
- };
- color.ui = true;
- gpg.format = "ssh";
- commit.gpgsign = true;
- };
- };
- mu.enable = cfg.mu.enable;
- msmtp.enable = cfg.mu.enable;
- mbsync.enable = cfg.mu.enable;
- };
- services.mbsync = mkIf cfg.mu.enable {
- enable = true;
- frequency = "*:0/5";
- };
- accounts.email.accounts = mkIf cfg.mu.enable {
- personal = {
- address = "[email protected]";
- userName = "[email protected]";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- primary = true;
- realName = "Leonardo Ribeiro Santiago";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- };
- msmtp.enable = true;
- mu.enable = true;
- passwordCommand = "cat ${config.age.secrets.personal-mail.path}";
- };
- university = {
- address = "[email protected]";
- userName = "[email protected]";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- realName = "Leonardo Ribeiro Santiago";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- };
- msmtp.enable = true;
- mu.enable = true;
- passwordCommand = "cat ${config.age.secrets.university-mail.path}";
- };
- work = {
- address = "[email protected]";
- userName = "[email protected]";
- imap.host = "imap.gmail.com";
- smtp.host = "smtp.gmail.com";
- realName = "Leonardo Ribeiro Santiago";
- mbsync = {
- enable = true;
- create = "both";
- expunge = "both";
- };
- msmtp.enable = true;
- mu.enable = true;
- passwordCommand = "cat ${config.age.secrets.work-mail.path}";
- };
- };
- };
- };
};
}
diff --git a/modules/desktop-environment.nix b/modules/desktop-environment.nix
index 19734d7..1313ea2 100644
--- a/modules/desktop-environment.nix
+++ b/modules/desktop-environment.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with lib; {
+{ config, lib, ... }: with lib; {
options.santi-modules.desktop-environment.enable = mkEnableOption "Enable default desktop-environment";
config = mkIf config.santi-modules.desktop-environment.enable {
santi-modules = {
@@ -9,6 +9,7 @@
mu.enable = true;
default-user.enable = true;
basic.enable = true;
+ zen-browser.enable = true;
};
services.printing.enable = false; # disabled until CUPS CVE is fixed
diff --git a/modules/gnome/default.nix b/modules/gnome/default.nix
index 90b99b1..8cf11c5 100644
--- a/modules/gnome/default.nix
+++ b/modules/gnome/default.nix
@@ -1,4 +1,7 @@
{ config, lib, pkgs, ...}: with lib; {
+ imports = [
+ ./gnome-config.nix
+ ];
options.santi-modules.gnome.enable = mkEnableOption "Enable gnome";
config = mkIf config.santi-modules.gnome.enable {
programs.dconf.enable = true;
diff --git a/modules/gnome/gnome-config.nix b/modules/gnome/gnome-config.nix
index 5e087ef..ff401c4 100644
--- a/modules/gnome/gnome-config.nix
+++ b/modules/gnome/gnome-config.nix
@@ -1,6 +1,5 @@
-santi-modules:
-{ lib, ... }: lib.optionalAttrs santi-modules.gnome.enable {
- dconf.settings = {
+{ config, lib, ... }: lib.mkIf config.santi-modules.gnome.enable {
+ home-manager.users.leonardo.dconf.settings = {
"org/gnome/desktop/background" = {
picture-uri = "${../../wallpaper.png}";
picture-uri-dark = "${../../wallpaper.png}";
diff --git a/modules/home/default.nix b/modules/home/default.nix
new file mode 100644
index 0000000..cfa68c2
--- /dev/null
+++ b/modules/home/default.nix
@@ -0,0 +1,57 @@
+{ config, lib, inputs, pkgs, ...}: with lib; let
+ cfg = config.santi-modules;
+in {
+ imports = [
+ inputs.home-manager.nixosModules.home-manager
+ ./mu.nix
+ ./zen.nix
+ ];
+ config = mkIf cfg.default-user.enable {
+ home-manager = {
+ backupFileExtension = "backup";
+ useGlobalPkgs = true;
+ useUserPackages = true;
+ users.leonardo = {
+ home = {
+ stateVersion = "23.05";
+ homeDirectory = "/home/leonardo";
+ packages = lib.optionals cfg.desktop-environment.enable (with pkgs; [
+ legcord
+ slack
+ whatsapp-for-linux
+ telegram-desktop
+ ]);
+ };
+ programs = {
+ bash = {
+ enable = true;
+ enableCompletion = true;
+ initExtra = ''
+ shopt -s -q autocd
+ shopt -s no_empty_cmd_completion
+ '';
+ };
+ fzf = {
+ enable = true;
+ enableBashIntegration = true;
+ };
+ git = {
+ enable = true;
+ lfs.enable = true;
+ diff-so-fancy.enable = true;
+ extraConfig = {
+ user = {
+ name = "Leonardo Santiago";
+ email = "[email protected]";
+ signingkey = "~/.ssh/id_ed25519";
+ };
+ color.ui = true;
+ gpg.format = "ssh";
+ commit.gpgsign = true;
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/modules/home/mu.nix b/modules/home/mu.nix
new file mode 100644
index 0000000..1a22963
--- /dev/null
+++ b/modules/home/mu.nix
@@ -0,0 +1,66 @@
+{ config, lib, ...}: with lib; let
+ cfg = config.santi-modules;
+in {
+ options.santi-modules.mu.enable = mkEnableOption "Enables mu, mbsync and msmtp";
+ config = mkIf cfg.mu.enable {
+ home-manager.users.leonardo = {
+ programs = {
+ mu.enable = true;
+ msmtp.enable = true;
+ mbsync.enable = true;
+ };
+ services.mbsync = {
+ enable = true;
+ frequency = "*:0/5";
+ };
+ accounts.email.accounts = {
+ personal = {
+ address = "[email protected]";
+ userName = "[email protected]";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ primary = true;
+ realName = "Leonardo Ribeiro Santiago";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ };
+ msmtp.enable = true;
+ mu.enable = true;
+ passwordCommand = "cat ${config.age.secrets.personal-mail.path}";
+ };
+ university = {
+ address = "[email protected]";
+ userName = "[email protected]";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ realName = "Leonardo Ribeiro Santiago";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ };
+ msmtp.enable = true;
+ mu.enable = true;
+ passwordCommand = "cat ${config.age.secrets.university-mail.path}";
+ };
+ work = {
+ address = "[email protected]";
+ userName = "[email protected]";
+ imap.host = "imap.gmail.com";
+ smtp.host = "smtp.gmail.com";
+ realName = "Leonardo Ribeiro Santiago";
+ mbsync = {
+ enable = true;
+ create = "both";
+ expunge = "both";
+ };
+ msmtp.enable = true;
+ mu.enable = true;
+ passwordCommand = "cat ${config.age.secrets.work-mail.path}";
+ };
+ };
+ };
+ };
+}
diff --git a/modules/home/zen.nix b/modules/home/zen.nix
new file mode 100644
index 0000000..f7535dc
--- /dev/null
+++ b/modules/home/zen.nix
@@ -0,0 +1,29 @@
+{ config, lib, inputs, ...}: with lib; let
+ cfg = config.santi-modules;
+in {
+ options.santi-modules.zen-browser = mkEnableOption "Enable zen browser from flake";
+ config = mkIf cfg.default-user.enable {
+ home-manager = {
+ users.leonardo = {
+ imports = [
+ inputs.zen-browser.homeModules.default
+ ];
+ programs.zen-browser = {
+ enable = true;
+ policies = {
+ AutofillAddressEnabled = true;
+ AutofillCreditCardEnabled = false;
+ DisableAppUpdate = true;
+ DisableFeedbackCommands = true;
+ DisableFirefoxStudies = true;
+ DisablePocket = true; # save webs for later reading
+ DisableTelemetry = true;
+ DontCheckDefaultBrowser = true;
+ NoDefaultBookmarks = true;
+ OfferToSaveLogins = false;
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/modules/secrets.nix b/modules/secrets.nix
new file mode 100644
index 0000000..3cfddb2
--- /dev/null
+++ b/modules/secrets.nix
@@ -0,0 +1,52 @@
+{ config, lib, inputs, pkgs, ...}: with lib; let
+ cfg = config.santi-modules;
+ inherit (builtins) readFile attrValues;
+in {
+ imports = [
+ inputs.agenix.nixosModules.default
+ inputs.home-manager.nixosModules.home-manager
+ ];
+ options.santi-modules = {
+ secrets.enable = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Enables secrets management through agenix";
+ };
+ };
+ config = mkIf config.santi-modules.secrets.enable {
+ environment.systemPackages = with pkgs; [
+ rage
+ ];
+ home-manager.users.leonardo.home.file.".ssh/id_ed25519.pub".source = ../secrets/user-ssh-key.pub;
+ users.users.leonardo = {
+ hashedPasswordFile = config.age.secrets.user-pass.path;
+ openssh.authorizedKeys.keys = [
+ (readFile ../secrets/user-ssh-key.pub)
+ ] ++ attrValues (import ../secrets/host-pub-keys.nix);
+ };
+ age.secrets = let
+ with-perms = name: {
+ file = ../secrets/${name}.age;
+ owner = "leonardo";
+ group = "users";
+ };
+ in {
+ user-pass = with-perms "user-pass";
+ user-ssh-key = {
+ file = ../secrets/user-ssh-key.age;
+ path = "/home/leonardo/.ssh/id_ed25519";
+ owner = "leonardo";
+ group = "users";
+ };
+ } // (optionalAttrs cfg.mu.enable (let
+ mails = ["work-mail" "personal-mail" "university-mail"];
+ mail-cfg = map (n: {name = n; value = with-perms n;}) mails;
+ in
+ listToAttrs mail-cfg))
+ // (optionalAttrs cfg.services.ddns.enable {
+ cloudflare = with-perms "cloudflare";
+ }) // (optionalAttrs cfg.emacs.enable {
+ authinfo = with-perms "authinfo";
+ });
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 20:06:36 +0000