From 2af6761a8cacab8f421f1ce4043cc5f998f30192 Mon Sep 17 00:00:00 2001 From: Leonardo Santiago Date: Mon, 3 Jun 2024 10:41:45 -0300 Subject: more stuff --- flake.lock | 16 ++++++++++ flake.nix | 3 +- hosts/larissa/configuration.nix | 14 +------- hosts/larissa/hardware-configuration.nix | 12 +++++-- modules/emacs/README.org | 55 ++++++++++++++++---------------- modules/emacs/emacs.nix | 1 + modules/gnome-config.nix | 1 + modules/gnome.nix | 13 ++++++++ secrets/hosts-pub-keys.nix | 5 +++ secrets/secrets.nix | 6 ++-- users/leonardo.nix | 14 ++++++-- 11 files changed, 89 insertions(+), 51 deletions(-) create mode 100644 secrets/hosts-pub-keys.nix diff --git a/flake.lock b/flake.lock index 7c6a376..543c022 100644 --- a/flake.lock +++ b/flake.lock @@ -176,6 +176,21 @@ "url": "ssh://git@gitlab.com/mixrank/mixrank" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1716987116, + "narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "8251761f93d6f5b91cee45ac09edb6e382641009", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1716509168, @@ -265,6 +280,7 @@ "from-elisp": "from-elisp", "home-manager": "home-manager", "mixrank": "mixrank", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2" } }, diff --git a/flake.nix b/flake.nix index 171d5b6..59fe2ba 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; home-manager.url = "github:nix-community/home-manager"; agenix = { url = "github:ryantm/agenix"; @@ -42,7 +43,7 @@ hosts = attrNames (readDir ./hosts); defaultNixosSystem = host: nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit inputs; }; + specialArgs = { inherit inputs hosts; }; modules = [ ./hosts/${host}/configuration.nix ./users/leonardo.nix diff --git a/hosts/larissa/configuration.nix b/hosts/larissa/configuration.nix index 499d6ea..2a30415 100644 --- a/hosts/larissa/configuration.nix +++ b/hosts/larissa/configuration.nix @@ -10,19 +10,7 @@ ./hardware-configuration.nix ]; - # this system has a fingerprint reader. - services.fprintd.enable = true; - - services.fwupd = { - enable = true; - package = (import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; - sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; - }) { - inherit (pkgs) system; - }).fwupd; - - }; + services.fwupd.enable = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/larissa/hardware-configuration.nix b/hosts/larissa/hardware-configuration.nix index 177fcb5..4a17244 100644 --- a/hosts/larissa/hardware-configuration.nix +++ b/hosts/larissa/hardware-configuration.nix @@ -1,15 +1,23 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, inputs, pkgs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") + inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; + boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelModules = [ "kvm-amd" ]; boot.kernelParams = lib.optionals (lib.versionOlder config.boot.kernelPackages.kernel.version "6.8") ["rtc_cmos.use_acpi_alarm=1"] ; boot.extraModulePackages = [ ]; diff --git a/modules/emacs/README.org b/modules/emacs/README.org index ff818f4..9ca23c1 100644 --- a/modules/emacs/README.org +++ b/modules/emacs/README.org @@ -49,6 +49,30 @@ You can also use it as a ~nixosModule~, in order to add additional packages like #+end_src * Utility +** Age encryption +Configuration to automagically open age files, and to encrypt them correctly to all my machines. +#+begin_src emacs-lisp :tangle yes +(use-package age + :ensure t + :demand t + :custom + (age-program "rage") + (age-default-identity "~/.ssh/leonardo") + (age-default-recipient + '("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWxS8tdN3j7Vm337RmJTzYTMbkAZN5g610ZesH4vhd8" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFQN59YDFwwQt/1rb1dHZnxsNV2geWUvHyTKqjdSA52" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC")) + :config + (age-file-enable)) +#+end_src +** Flyspell +#+begin_src emacs-lisp :tangle yes +(use-package flyspell + :hook (org-mode . flyspell-mode) + :custom + (ispell-program-name "aspell")) +#+end_src ** All the Icons Works through nixosModules. #+begin_src emacs-lisp :tangle yes @@ -257,6 +281,8 @@ Try to use the package. :hook (org-mode . org-indent-mode) :bind ("C-c a" . org-agenda) :config + (add-to-list 'org-src-lang-modes '("rust" . rust-ts)) + (add-to-list 'org-src-lang-modes '("python" . python-ts)) (custom-set-faces '(org-headline-done ((((class color) (min-colors 16) (background dark)) @@ -274,36 +300,9 @@ Try to use the package. (org-indirect-buffer-display 'other-window) (org-confirm-babel-evaluate nil) (org-edit-src-content-indentation 0) - (org-auto-align-tags nil) + (org-auto-align-tags t) (org-fontify-done-headline t)) #+end_src -*** Org Modern -#+begin_src emacs-lisp :tangle yes -(defun bg (color) - `(:background ,color :inherit (org-todo org-modern-label) :foreground "gray25")) - -(use-package org-modern - :after org - :hook (org-mode . org-modern-mode) - :hook (org-agenda-finalize . org-modern-agenda) - :custom - (org-modern-todo-faces - `(("IDEA" . ,(bg "yellow")) - ("TODO" . org-modern-todo) - ("STUCK" . ,(bg "brown")) - ("DOING" . ,(bg "green")) - ("DONE" . org-modern-done) - ; work tasks - ("ASSIGNED" . org-modern-todo) - ("WORKING" . ,(bg "green yellow")) - ("ON REVIEW" . ,(bg "sandy brown")) - ("MERGED" . org-modern-done) - ("CANCELLED" . ,(bg "OrangeRed1")) - ; one time tasks - ("EVENT" . ,(bg "deep sky blue")) - ("DONE" . org-modern-done))) - (org-modern-priority t)) -#+end_src *** Org Agenda #+begin_src emacs-lisp :tangle yes (setq diff --git a/modules/emacs/emacs.nix b/modules/emacs/emacs.nix index a43e38b..a4e1722 100644 --- a/modules/emacs/emacs.nix +++ b/modules/emacs/emacs.nix @@ -44,6 +44,7 @@ in nixpkgs.overlays = [ inputs.emacs-overlay.overlays.default ]; environment.systemPackages = [ emacs + (pkgs.aspellWithDicts (dicts: with dicts; [ pt_BR en en-computers ])) ] ++ outside-emacs; fonts.packages = with pkgs; [ emacs-all-the-icons-fonts diff --git a/modules/gnome-config.nix b/modules/gnome-config.nix index 4d3af54..38a812d 100644 --- a/modules/gnome-config.nix +++ b/modules/gnome-config.nix @@ -38,6 +38,7 @@ "Vitals@CoreCoding.com" "user-theme@gnome-shell-extensions.gcampax.github.com" "x11gestures@joseexposito.github.io" + "gsconnect@andyholmes.github.io" ]; disabled-extensions= [ "windowsNavigator@gnome-shell-extensions.gcampax.github.com" diff --git a/modules/gnome.nix b/modules/gnome.nix index 2142450..386cb94 100644 --- a/modules/gnome.nix +++ b/modules/gnome.nix @@ -26,8 +26,21 @@ user-themes graphite-gtk-theme x11-gestures + gsconnect ]); + + # gsconnect specific + programs.firefox.nativeMessagingHosts.gsconnect.enable = true; + networking.firewall.allowedTCPPortRanges = [ + # KDE Connect + { from = 1714; to = 1764; } + ]; + networking.firewall.allowedUDPPortRanges = [ + # KDE Connect + { from = 1714; to = 1764; } + ]; + environment.gnome.excludePackages = (with pkgs; [ gnome-photos gnome-tour diff --git a/secrets/hosts-pub-keys.nix b/secrets/hosts-pub-keys.nix new file mode 100644 index 0000000..5d4521e --- /dev/null +++ b/secrets/hosts-pub-keys.nix @@ -0,0 +1,5 @@ +{ + larissa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC"; + kunagisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm"; + hanekawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub"; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index dac4663..706d1db 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,11 +1,9 @@ let kunagisa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWxS8tdN3j7Vm337RmJTzYTMbkAZN5g610ZesH4vhd8"; - kunagisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm"; hanekawa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOafACtb4IgSczDrollTm/t/xIYcVdLlUxDz72TxsZJZ"; - hanekawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub"; larissa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFQN59YDFwwQt/1rb1dHZnxsNV2geWUvHyTKqjdSA52"; - larissa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC"; - keys = [ kunagisa-user hanekawa-user kunagisa hanekawa larissa larissa-user]; + hosts-keys = builtins.attrValues (import ./hosts-pub-keys.nix); + keys = [ kunagisa-user hanekawa-user larissa-user] ++ hosts-keys; in { "personal-mail.age".publicKeys = keys; diff --git a/users/leonardo.nix b/users/leonardo.nix index 02f2dff..4795223 100644 --- a/users/leonardo.nix +++ b/users/leonardo.nix @@ -18,8 +18,9 @@ }; }; - environment.systemPackages = [ - pkgs.prismlauncher + environment.systemPackages = with pkgs;[ + prismlauncher + rage ]; nixpkgs = { @@ -92,7 +93,13 @@ "context.properties"."module.x11.bell" = false; }; }; - services.openssh.enable = true; + services.openssh = { + enable = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; + }; users.mutableUsers = false; users.users.leonardo = { isNormalUser = true; @@ -100,6 +107,7 @@ extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.bashInteractive; hashedPasswordFile = config.age.secrets.user-pass.path; + openssh.authorizedKeys.keys = builtins.attrValues (import ../secrets/hosts-pub-keys.nix); }; age.secrets = { -- cgit v1.2.3