From 62100c9265a4de389d1ea8060cbddddacde161a7 Mon Sep 17 00:00:00 2001 From: Leonardo Santiago Date: Thu, 12 Sep 2024 21:44:46 -0300 Subject: split users/leonardo.nix into modules with options in order to be able to deploy just a few of those to iori.nix --- exwm.nix | 25 --- flake.lock | 46 +++-- flake.nix | 34 ++-- hosts/hanekawa/configuration.nix | 108 ------------ hosts/hanekawa/hardware-configuration.nix | 77 --------- hosts/iori.nix | 37 ++++ hosts/iori/configuration.nix | 17 -- hosts/kunagisa.nix | 52 ++++++ hosts/kunagisa/configuration.nix | 63 ------- hosts/kunagisa/hardware-configuration.nix | 44 ----- hosts/larissa.nix | 69 ++++++++ hosts/larissa/configuration.nix | 106 ------------ hosts/larissa/hardware-configuration.nix | 51 ------ modules/basic.nix | 63 +++++++ modules/ddns.nix | 16 ++ modules/default-user.nix | 212 +++++++++++++++++++++++ modules/desktop-environment.nix | 25 +++ modules/emacs/README.org | 4 +- modules/emacs/default.nix | 57 +++++++ modules/emacs/emacs.nix | 59 ------- modules/fonts.nix | 24 +++ modules/games.nix | 27 +++ modules/gnome-config.nix | 57 ------- modules/gnome.nix | 75 -------- modules/gnome/default.nix | 47 +++++ modules/gnome/gnome-config.nix | 57 +++++++ secrets/authinfo.age | Bin 888 -> 998 bytes secrets/cloudflare.age | 17 ++ secrets/host-pub-keys.nix | 1 + secrets/personal-mail.age | 22 +-- secrets/secrets.nix | 1 + secrets/university-mail.age | Bin 561 -> 671 bytes secrets/user-pass.age | 23 +-- secrets/user-ssh-key.age | Bin 953 -> 1063 bytes secrets/work-mail.age | 23 +-- users/leonardo.nix | 273 ------------------------------ 36 files changed, 775 insertions(+), 1037 deletions(-) delete mode 100644 exwm.nix delete mode 100644 hosts/hanekawa/configuration.nix delete mode 100644 hosts/hanekawa/hardware-configuration.nix create mode 100644 hosts/iori.nix delete mode 100644 hosts/iori/configuration.nix create mode 100644 hosts/kunagisa.nix delete mode 100644 hosts/kunagisa/configuration.nix delete mode 100644 hosts/kunagisa/hardware-configuration.nix create mode 100644 hosts/larissa.nix delete mode 100644 hosts/larissa/configuration.nix delete mode 100644 hosts/larissa/hardware-configuration.nix create mode 100644 modules/basic.nix create mode 100644 modules/ddns.nix create mode 100644 modules/default-user.nix create mode 100644 modules/desktop-environment.nix create mode 100644 modules/emacs/default.nix delete mode 100644 modules/emacs/emacs.nix create mode 100644 modules/fonts.nix create mode 100644 modules/games.nix delete mode 100644 modules/gnome-config.nix delete mode 100644 modules/gnome.nix create mode 100644 modules/gnome/default.nix create mode 100644 modules/gnome/gnome-config.nix create mode 100644 secrets/cloudflare.age delete mode 100644 users/leonardo.nix diff --git a/exwm.nix b/exwm.nix deleted file mode 100644 index df8e306..0000000 --- a/exwm.nix +++ /dev/null @@ -1,25 +0,0 @@ -{pkgs, inputs, system, ...}: -{ - services.xserver = { - enable = true; - updateDbusEnvironment = true; - windowManager.session = pkgs.lib.singleton { - name = "exwm"; - start = '' - dbus-launch ${inputs.emacs.packages.x86_64-linux.default}/bin/emacs -mm - ''; - }; - desktopManager = { - default = "none"; - }; - displayManager = { - lightdm = { - enable = true; - }; - autoLogin = { - enable = true; - user = "leonardo"; - }; - }; - }; -} diff --git a/flake.lock b/flake.lock index 53db3e0..a6138d5 100644 --- a/flake.lock +++ b/flake.lock @@ -56,11 +56,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1724260428, - "narHash": "sha256-JRkb9hBBhLV70DRR/D5FnJBypb1Zs5oUThMh3Rkpbu8=", + "lastModified": 1725267572, + "narHash": "sha256-s5+GUIs8OewO1McYn3bhMz31Q+Xl0WRxUTKp+lPZLno=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9d8307d88a60bc4d6223a391b2fb41cc37e6714c", + "rev": "2f7c7275d542f59760bd307e5805572cee65ae37", "type": "github" }, "original": { @@ -124,11 +124,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1723986931, - "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -143,27 +143,23 @@ "nixpkgs_old": "nixpkgs_old" }, "locked": { - "lastModified": 1722895966, - "narHash": "sha256-BB8eFyaOT72FB5jya/2VQJzVZzlz3WaJgI0PECDEvhA=", - "ref": "2024-05-06-hosts-in-nix", - "rev": "fab3b0da4ef3bbfe9aae47ca13e11ad1660f2e7d", - "revCount": 64201, - "type": "git", - "url": "ssh://git@gitlab.com/mixrank/mixrank" + "lastModified": 1725915493, + "narHash": "sha256-uT7vO4LyEn2D0PCkQARkJd1T/tR+EfYnFusGK2UxrL4=", + "path": "/home/leonardo/mx/mixrank", + "type": "path" }, "original": { - "ref": "2024-05-06-hosts-in-nix", - "type": "git", - "url": "ssh://git@gitlab.com/mixrank/mixrank" + "path": "/home/leonardo/mx/mixrank", + "type": "path" } }, "nixos-hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -190,11 +186,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1724098845, - "narHash": "sha256-D5HwjQw/02fuXbR4LCTo64koglP2j99hkDR79/3yLOE=", + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f1bad50880bae73ff2d82fafc22010b4fc097a9c", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "type": "github" }, "original": { @@ -206,11 +202,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1723991338, - "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d983d24..ade795a 100644 --- a/flake.nix +++ b/flake.nix @@ -33,35 +33,23 @@ url = "github:rafaelmardojai/firefox-gnome-theme"; flake = false; }; - mixrank.url = "git+ssh://git@gitlab.com/mixrank/mixrank?ref=2024-05-06-hosts-in-nix"; + mixrank.url = "path:///home/leonardo/mx/mixrank"; }; outputs = { self, nixpkgs, home-manager, agenix, mixrank, ... } @ inputs : let - inherit (builtins) listToAttrs readDir attrNames; - system = "x86_64-linux"; - hosts = attrNames (readDir ./hosts); - defaultNixosSystem = host: nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit inputs hosts; }; + inherit (builtins) readDir attrNames listToAttrs split head; + modules = map (p: import ./modules/${p}) (attrNames (readDir ./modules)); + make-config-named = host: nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; modules = [ - ./hosts/${host}/configuration.nix - ./users/leonardo.nix - home-manager.nixosModules.home-manager - agenix.nixosModules.default - mixrank.nixosModules.dev-machine - ]; + ./hosts/${host}.nix + ] ++ modules; }; + get-basename = n: head (split "\\." n); + hosts-names = map get-basename (attrNames (readDir ./hosts)); + nixos-configs = map (h: { name= h; value = make-config-named h;}) hosts-names; in { - nixosConfigurations = - (listToAttrs (map (host: {name = host; value = defaultNixosSystem host; }) hosts)) - // { iori = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/iori/configuration.nix - ]; - }; - }; + nixosConfigurations = listToAttrs nixos-configs; }; } diff --git a/hosts/hanekawa/configuration.nix b/hosts/hanekawa/configuration.nix deleted file mode 100644 index e646c98..0000000 --- a/hosts/hanekawa/configuration.nix +++ /dev/null @@ -1,108 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, inputs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "hanekawa"; # Define your hostname. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Sao_Paulo"; - - # Select internationalisation properties. - i18n.defaultLocale = "pt_BR.UTF-8"; - - # Enable the X11 windowing system. - services.touchegg.enable = true; - services.xserver = { - enable = true; - xkb.layout = "br"; - xkb.variant = ""; - libinput = { - enable = true; - touchpad = { - tapping = true; - scrollMethod = "twofinger"; - clickMethod = "clickfinger"; - tappingButtonMap = "lrm"; - }; - }; - videoDrivers = [ "nvidia" ]; - }; - - # Configure console keymap - console.keyMap = "br-abnt2"; - - # Enable CUPS to print documents. - services.printing.enable = true; - - services.thermald.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - - security.rtkit.enable = true; - services.fstrim.enable = lib.mkDefault true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.leonardo = { - isNormalUser = true; - description = "leonardo"; - extraGroups = [ "networkmanager" "wheel" ]; - }; - - fonts = { - fontconfig.enable = true; - packages = [(pkgs.nerdfonts.override { fonts = [ "Iosevka" "FiraCode" ]; })]; - }; - - # Allow unfree packages - services.openssh.enable = true; - programs.ssh = { - forwardX11 = true; - startAgent = true; - }; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} diff --git a/hosts/hanekawa/hardware-configuration.nix b/hosts/hanekawa/hardware-configuration.nix deleted file mode 100644 index 2b11bd6..0000000 --- a/hosts/hanekawa/hardware-configuration.nix +++ /dev/null @@ -1,77 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - - ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - - boot.kernelModules = [ - "kvm-intel" - "i915" - ]; - boot.kernelParams = [ - "acpi_osi=Linux-Dell-Video" - ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/36536f52-8ca1-4a1e-b418-4016e529ea97"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/6021-0AF8"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/51402149-30c4-475c-af19-c5d600b1ee8e"; } - ]; - - - - hardware = { - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; - pulseaudio.enable = false; - nvidia = { - modesetting.enable = true; - powerManagement = { enable = false; finegrained = false; }; - open = false; - nvidiaSettings = true; - prime = { - offload = { - enable = true; - enableOffloadCmd = true; - }; - sync.enable = false; - reverseSync.enable = false; - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:1:0:0"; - }; - }; - opengl.extraPackages = [ pkgs.vaapiVdpau ]; - - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/iori.nix b/hosts/iori.nix new file mode 100644 index 0000000..896f836 --- /dev/null +++ b/hosts/iori.nix @@ -0,0 +1,37 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ lib, inputs, modulesPath, ... }: + +{ + imports = [ # Include the results of the hardware scan. + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + santi-modules = { + default-user.enable = true; + basic.enable = true; + font-config.enable = false; + services.ddns.enable = true; + }; + + boot = { + loader.grub.enable = false; + loader.generic-extlinux-compatible.enable = true; + initrd.availableKernelModules = [ "xhci_pci" ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + networking = { + hostName = "iori"; # Define your hostname. + useDHCP = lib.mkDefault true; + }; + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/hosts/iori/configuration.nix b/hosts/iori/configuration.nix deleted file mode 100644 index db84c09..0000000 --- a/hosts/iori/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, inputs, ... }: -{ - imports = - [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; - # hardware = { - # raspberry-pi."4".apply-overlays-dtmerge.enable = true; - # }; - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: - super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - - networking.hostName = "iori"; - system.stateVersion = "23.11"; -} diff --git a/hosts/kunagisa.nix b/hosts/kunagisa.nix new file mode 100644 index 0000000..60d7d65 --- /dev/null +++ b/hosts/kunagisa.nix @@ -0,0 +1,52 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, modulesPath, inputs, ... }: { + imports = [ + inputs.mixrank.nixosModules.dev-machine + (modulesPath + "/installer/scan/not-detected.nix") + ]; + santi-modules.desktop-environment.enable = true; + # Bootloader. + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; + kernelModules = [ "amdgpu" ]; + }; + binfmt.emulatedSystems = [ "aarch64-linux" ]; + kernelModules = [ "kvm-amd" ]; + kernelPackages = pkgs.linuxPackages_latest; + extraModulePackages = [ ]; + }; + + networking = { + hostName = "kunagisa"; # Define your hostname. + networkmanager.enable = true; + firewall.enable = false; + useDHCP = lib.mkDefault true; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/96c114a2-ffd7-476d-80fa-51e670c27e4b"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/AA22-4A81"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/1a204e5c-05cb-4e7f-b859-927fb024fb12"; } + ]; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + system.stateVersion = "23.05"; +} diff --git a/hosts/kunagisa/configuration.nix b/hosts/kunagisa/configuration.nix deleted file mode 100644 index 9965d92..0000000 --- a/hosts/kunagisa/configuration.nix +++ /dev/null @@ -1,63 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, inputs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - networking.hostName = "kunagisa"; # Define your hostname. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - networking.networkmanager.enable = true; - - time.timeZone = "America/Sao_Paulo"; - - i18n.defaultLocale = "pt_BR.UTF-8"; - - services.xserver = { - enable = true; - xkb = { - variant = ""; - layout = "br"; - }; - }; - - console.keyMap = "br-abnt2"; - - services.printing.enable = true; - - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - networking.firewall = { - enable = false; - # allowedTCPPorts = [ 12345 ]; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/hosts/kunagisa/hardware-configuration.nix b/hosts/kunagisa/hardware-configuration.nix deleted file mode 100644 index f98cb38..0000000 --- a/hosts/kunagisa/hardware-configuration.nix +++ /dev/null @@ -1,44 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; - boot.initrd.kernelModules = [ "amdgpu" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - # boot.kernelParams = [ - # "video=HDMI-1:1920x1080@60" - # "video=DP-2:2560x1080@75" - # ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/96c114a2-ffd7-476d-80fa-51e670c27e4b"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/AA22-4A81"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/1a204e5c-05cb-4e7f-b859-927fb024fb12"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/larissa.nix b/hosts/larissa.nix new file mode 100644 index 0000000..80f496b --- /dev/null +++ b/hosts/larissa.nix @@ -0,0 +1,69 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, inputs, modulesPath, ... }: { + imports = [ + inputs.mixrank.nixosModules.dev-machine + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + santi-modules = { + desktop-environment.enable = true; + services.ddns.enable = true; + }; + # Bootloader. + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd = { + luks.devices."luks-fc474bfb-2d0a-4a8a-99db-a55e15d8a836".device = "/dev/disk/by-uuid/fc474bfb-2d0a-4a8a-99db-a55e15d8a836"; + availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + }; + kernelPackages = pkgs.linuxPackages_latest; + kernelModules = [ "kvm-amd" ]; + kernelParams = lib.optionals (lib.versionOlder config.boot.kernelPackages.kernel.version "6.8") ["rtc_cmos.use_acpi_alarm=1"] ; + }; + + networking = { + hostName = "larissa"; + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + }; + # Custom services for laptop + services = { + power-profiles-daemon.enable = lib.mkDefault true; + touchegg.enable = true; + fwupd.enable = true; + libinput = { + enable = true; + touchpad = { + tapping = true; + scrollMethod = "twofinger"; + clickMethod = "clickfinger"; + tappingButtonMap = "lrm"; + }; + }; + }; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/bd4da861-db3f-4efd-82e1-ca925f8ef873"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/D40E-FE35"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + system.stateVersion = "23.11"; +} diff --git a/hosts/larissa/configuration.nix b/hosts/larissa/configuration.nix deleted file mode 100644 index 9057de4..0000000 --- a/hosts/larissa/configuration.nix +++ /dev/null @@ -1,106 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - services.fwupd.enable = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "larissa"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Sao_Paulo"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "pt_BR.UTF-8"; - LC_IDENTIFICATION = "pt_BR.UTF-8"; - LC_MEASUREMENT = "pt_BR.UTF-8"; - LC_MONETARY = "pt_BR.UTF-8"; - LC_NAME = "pt_BR.UTF-8"; - LC_NUMERIC = "pt_BR.UTF-8"; - LC_PAPER = "pt_BR.UTF-8"; - LC_TELEPHONE = "pt_BR.UTF-8"; - LC_TIME = "pt_BR.UTF-8"; - }; - - services.touchegg.enable = true; - # Configure keymap in X11 - services.xserver = { - enable = true; - xkb = { - variant = "abnt2"; - layout = "br"; - }; - }; - services.libinput = { - enable = true; - touchpad = { - tapping = true; - scrollMethod = "twofinger"; - clickMethod = "clickfinger"; - tappingButtonMap = "lrm"; - }; - }; - - console.keyMap = "br-abnt2"; - # Enable CUPS to print documents. - services.printing.enable = true; - - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - -} diff --git a/hosts/larissa/hardware-configuration.nix b/hosts/larissa/hardware-configuration.nix deleted file mode 100644 index 4a17244..0000000 --- a/hosts/larissa/hardware-configuration.nix +++ /dev/null @@ -1,51 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, inputs, pkgs, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - inputs.nixos-hardware.nixosModules.framework-13-7040-amd - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelModules = [ "kvm-amd" ]; - boot.kernelParams = lib.optionals (lib.versionOlder config.boot.kernelPackages.kernel.version "6.8") ["rtc_cmos.use_acpi_alarm=1"] ; - boot.extraModulePackages = [ ]; - - services.power-profiles-daemon.enable = lib.mkDefault true; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/bd4da861-db3f-4efd-82e1-ca925f8ef873"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."luks-fc474bfb-2d0a-4a8a-99db-a55e15d8a836".device = "/dev/disk/by-uuid/fc474bfb-2d0a-4a8a-99db-a55e15d8a836"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D40E-FE35"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/basic.nix b/modules/basic.nix new file mode 100644 index 0000000..e2c68c1 --- /dev/null +++ b/modules/basic.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ...}: with lib; { + options.santi-modules.basic.enable = mkOption { + type = types.bool; + default = true; + description = "Enables basic configuration on nix, nixpkgs and bash prompt."; + }; + config = mkIf config.santi-modules.basic.enable { + nix = { + package = pkgs.lib.mkForce pkgs.nixVersions.nix_2_23; + settings = { + trusted-users = [ "root" "leonardo" ]; + auto-optimise-store = true; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + + nixpkgs = { + config.allowUnfree = true; + config.allowUnfreePredicate = _: true; + }; + + programs.bash = { + vteIntegration = true; + enableLsColors = true; + completion.enable = true; + promptInit = + '' + PS1="\[\033[1;95m\][\h]\[\033[0m\] \[\033[0;32m\]\w\[\033[0m\] :: " + [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/bash" + ''; + }; + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + time.timeZone = "America/Sao_Paulo"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "pt_BR.UTF-8"; + LC_IDENTIFICATION = "pt_BR.UTF-8"; + LC_MEASUREMENT = "pt_BR.UTF-8"; + LC_MONETARY = "pt_BR.UTF-8"; + LC_NAME = "pt_BR.UTF-8"; + LC_NUMERIC = "pt_BR.UTF-8"; + LC_PAPER = "pt_BR.UTF-8"; + LC_TELEPHONE = "pt_BR.UTF-8"; + LC_TIME = "pt_BR.UTF-8"; + }; + + services.xserver = { + enable = true; + xkb = { + variant = "abnt2"; + layout = "br"; + }; + }; + console.keyMap = "br-abnt2"; + }; +} diff --git a/modules/ddns.nix b/modules/ddns.nix new file mode 100644 index 0000000..53dcb0f --- /dev/null +++ b/modules/ddns.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ...}: with lib; { + options.santi-modules.services.ddns.enable = mkEnableOption "Enable ddns service"; + config = mkIf config.santi-modules.services.ddns.enable { + services.inadyn = { + enable = true; + user = "leonardo"; + group = "users"; + settings.provider."cloudflare.com" = { + hostname="santi.net.br"; + username="santi.net.br"; + proxied = false; + include = config.age.secrets.cloudflare.path; + }; + }; + }; +} diff --git a/modules/default-user.nix b/modules/default-user.nix new file mode 100644 index 0000000..189c354 --- /dev/null +++ b/modules/default-user.nix @@ -0,0 +1,212 @@ +{ config, lib, inputs, pkgs, ...}: with lib; let + cfg = config.santi-modules; +in { + imports = [ + inputs.agenix.nixosModules.default + inputs.home-manager.nixosModules.home-manager + ]; + options.santi-modules = { + default-user.enable = mkOption { + type = types.bool; + default = true; + description = "Enables default user configuration and ssh access"; + }; + mu.enable = mkEnableOption "Enables mu, mbsync and msmtp"; + firefox.enable = mkEnableOption "Enables firefox"; + }; + config = mkIf config.santi-modules.default-user.enable { + environment.systemPackages = [ + pkgs.rage + ] ++ (if cfg.mu.enable then [ pkgs.parallel ] else []); + users.mutableUsers = false; + users.users.leonardo = { + isNormalUser = true; + description = "leonardo"; + extraGroups = [ "networkmanager" "wheel" ]; + shell = pkgs.bashInteractive; + hashedPasswordFile = config.age.secrets.user-pass.path; + openssh.authorizedKeys.keys = [ (builtins.readFile ../secrets/user-ssh-key.pub)] ++ builtins.attrValues (import ../secrets/host-pub-keys.nix); + }; + age.secrets = let + with-perms = name: { + file = ../secrets/${name}.age; + owner = "leonardo"; + group = "users"; + }; + in { + user-pass = with-perms "user-pass"; + user-ssh-key = (with-perms "user-ssh-key") // { + path = "/home/leonardo/.ssh/id_ed25519"; + }; + } // (optionalAttrs cfg.mu.enable (let + mails = ["work-mail" "personal-mail" "university-mail"]; + mail-cfg = map (n: {name = n; value = with-perms n;}) mails; + in + listToAttrs mail-cfg)) + // (optionalAttrs cfg.services.ddns.enable ({ + cloudflare = with-perms "cloudflare"; + })); + programs.ssh.startAgent = true; + services.openssh = { + enable = true; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; + }; + home-manager = { + backupFileExtension = "backup"; + useGlobalPkgs = true; + useUserPackages = true; + users.leonardo = { + imports = [ (import ./gnome/gnome-config.nix config.santi-modules) ]; + home = { + stateVersion = "23.05"; + file.".ssh/id_ed25519.pub".source = ../secrets/user-ssh-key.pub; + file.".mozilla/firefox/leonardo/chrome/firefox-gnome-theme" = mkIf cfg.firefox.enable { source = inputs.firefox-gnome-theme; }; + packages = lib.optionals cfg.desktop-environment.enable (with pkgs; [ + discord + slack + whatsapp-for-linux + telegram-desktop + ]); + }; + programs = { + bash = { + enable = true; + enableCompletion = true; + initExtra = '' + shopt -s -q autocd + shopt -s no_empty_cmd_completion + ''; + }; + fzf = { + enable = true; + enableBashIntegration = true; + }; + git = { + enable = true; + lfs.enable = true; + diff-so-fancy.enable = true; + extraConfig = { + user = { + name = "Leonardo Santiago"; + email = "leonardo.ribeiro.santiago@gmail.com"; + signingkey = "~/.ssh/id_ed25519"; + }; + color.ui = true; + gpg.format = "ssh"; + commit.gpgsign = true; + }; + }; + mu.enable = cfg.mu.enable; + msmtp.enable = cfg.mu.enable; + mbsync.enable = cfg.mu.enable; + firefox = { + enable = cfg.firefox.enable; + package = pkgs.firefox.override { # nixpkgs' firefox/wrapper.nix + nativeMessagingHosts = optional cfg.gnome.enable [ + pkgs.gnome-browser-connector + ]; + }; + profiles.leonardo = { + userChrome = '' + @import "firefox-gnome-theme/userChrome.css"; + ''; + userContent = '' + @import "firefox-gnome-theme/userContent.css"; + ''; + settings = { + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.cs + "browser.uidensity" = 0; # Set UI density to normal + "svg.context-properties.content.enabled" = true; # Enable SVG context-propertes + # firefox-gnome-theme + "gnomeTheme.activeTabContrast" = true; + "gnomeTheme.hideWebrtcIndicator" = true; + "gnomeTheme.bookmarksToolbarUnderTabs" = true; + "gnomeTheme.hideSingleTab" = true; + }; + }; + policies = { + DisableTelemetry = true; + DisableFirefoxStudies = true; + EnableTrackingProtection = { + Value= true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + }; + DisablePocket = true; + DisableFirefoxAccounts = true; + DisableAccounts = true; + DisableFirefoxScreenshots = true; + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + DontCheckDefaultBrowser = true; + ExtensionSettings = { + "*".installation_mode = "blocked"; # blocks all addons except the ones specified below + # uBlock Origin: + "uBlock0@raymondhill.net" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + }; + }; + }; + services.mbsync = mkIf cfg.mu.enable { + enable = true; + frequency = "*:0/5"; + }; + accounts.email.accounts = mkIf cfg.mu.enable { + personal = { + address = "leonardo.ribeiro.santiago@gmail.com"; + userName = "leonardo.ribeiro.santiago@gmail.com"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + primary = true; + realName = "Leonardo Ribeiro Santiago"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + passwordCommand = "cat ${config.age.secrets.personal-mail.path}"; + }; + university = { + address = "leonardors@dcc.ufrj.br"; + userName = "leonardors@dcc.ufrj.br"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + realName = "Leonardo Ribeiro Santiago"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + passwordCommand = "cat ${config.age.secrets.university-mail.path}"; + }; + work = { + address = "leonardo@mixrank.com"; + userName = "leonardo@mixrank.com"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + realName = "Leonardo Ribeiro Santiago"; + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + }; + msmtp.enable = true; + mu.enable = true; + passwordCommand = "cat ${config.age.secrets.work-mail.path}"; + }; + }; + }; + }; + }; +} diff --git a/modules/desktop-environment.nix b/modules/desktop-environment.nix new file mode 100644 index 0000000..c9408d9 --- /dev/null +++ b/modules/desktop-environment.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: with lib; { + options.santi-modules.desktop-environment.enable = mkEnableOption "Enable default desktop-environment"; + config = mkIf config.santi-modules.desktop-environment.enable { + santi-modules = { + font-config.enable = true; + emacs.enable = true; + gnome.enable = true; + games.enable = true; + mu.enable = true; + default-user.enable = true; + firefox.enable = true; + basic.enable = true; + }; + + services.printing.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + }; +} diff --git a/modules/emacs/README.org b/modules/emacs/README.org index 0b8ff54..81c0775 100644 --- a/modules/emacs/README.org +++ b/modules/emacs/README.org @@ -388,12 +388,12 @@ Actual mu4e definition (use-package mu4e :bind ("C-c m" . mu4e) :custom - (mu4e-notification-support t) (read-mail-command 'mu4e) (mu4e-index-cleanup nil) (mu4e-index-lazy-check t) (mu4e-use-fancy-chars (display-graphic-p)) (mu4e-confirm-quit nil) + (mu4e-eldoc-support t) (mu4e-change-filenames-when-moving t) (mu4e-update-interval (* 5 60)) (mu4e-get-mail-command "parallel mbsync ::: personal work university") @@ -417,7 +417,7 @@ Actual mu4e definition (cond ((personal-p msg) "/personal/[Gmail]/Todos\ os\ e-mails") ((university-p msg) "/university/[Gmail]/Todos\ os\ e-mails") - ((work-p msg) "/work/[Gmail]/'All mail'")))) + ((work-p msg) "/work/[Gmail]/All\ mail")))) (mu4e-trash-folder (lambda (msg) (cond ((personal-p msg) "/personal/[Gmail]/Lixeira") diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix new file mode 100644 index 0000000..ceba97e --- /dev/null +++ b/modules/emacs/default.nix @@ -0,0 +1,57 @@ +{ pkgs, inputs, lib, config, ...}: +let + outside-emacs = with pkgs; [ + (python3.withPackages (p: (with p; [ + python-lsp-server + python-lsp-ruff + ]))) + nil + ripgrep + emacs-lsp-booster + ]; + org-tangle-elisp-blocks = (pkgs.callPackage ./org.nix {inherit pkgs; inherit (inputs) from-elisp;}).org-tangle ({ language, flags } : + let is-elisp = (language == "emacs-lisp") || (language == "elisp"); + is-tangle = if flags ? ":tangle" then + flags.":tangle" == "yes" || flags.":tangle" == "y" else false; + in is-elisp && is-tangle + ); + config-el = pkgs.writeText "config.el" (org-tangle-elisp-blocks (builtins.readFile ./README.org)); + emacs = pkgs.emacsWithPackagesFromUsePackage { + package = pkgs.emacs.override { + withGTK3 = true; + withNativeCompilation = true; + withAlsaLib = true; + withSystemd = true; + withToolkitScrollBars = true; + }; + override = epkgs: epkgs // { + eglot-booster = pkgs.callPackage ./eglot-booster.nix { + inherit (pkgs) fetchFromGitHub; + inherit (epkgs) trivialBuild; + }; + }; + config = config-el; + alwaysEnsure = true; + defaultInitFile = true; + extraEmacsPackages = epkgs: with epkgs; [ + (treesit-grammars.with-grammars (g: with g; [ + tree-sitter-rust + tree-sitter-python + ])) + ] ++ outside-emacs; + }; +in with lib; { + options.santi-modules.emacs.enable = mkEnableOption "Enable emacs configuration"; + config = mkIf config.santi-modules.emacs.enable { + nixpkgs.overlays = [ inputs.emacs-overlay.overlays.default ]; + environment.systemPackages = [ + emacs + (pkgs.aspellWithDicts (dicts: with dicts; [ pt_BR en en-computers ])) + ] ++ outside-emacs; + fonts.packages = with pkgs; [ + emacs-all-the-icons-fonts + (nerdfonts.override { fonts = ["Iosevka"]; }) + ]; + }; +} + diff --git a/modules/emacs/emacs.nix b/modules/emacs/emacs.nix deleted file mode 100644 index bc73977..0000000 --- a/modules/emacs/emacs.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ pkgs, inputs, ...}: -let - outside-emacs = with pkgs; [ - (python3.withPackages (p: (with p; [ - python-lsp-server - python-lsp-ruff - pylsp-mypy - ]))) - nil - parallel - ripgrep - emacs-lsp-booster - ]; - org-tangle-elisp-blocks = (pkgs.callPackage ./org.nix {inherit pkgs; inherit (inputs) from-elisp;}).org-tangle ({ language, flags } : - let is-elisp = (language == "emacs-lisp") || (language == "elisp"); - is-tangle = if flags ? ":tangle" then - flags.":tangle" == "yes" || flags.":tangle" == "y" else false; - in is-elisp && is-tangle - ); - config-el = pkgs.writeText "config.el" (org-tangle-elisp-blocks (builtins.readFile ./README.org)); - emacs = pkgs.emacsWithPackagesFromUsePackage { - package = pkgs.emacs.override { - withGTK3 = true; - withNativeCompilation = true; - withAlsaLib = true; - withSystemd = true; - withToolkitScrollBars = true; - }; - override = epkgs: epkgs // { - eglot-booster = pkgs.callPackage ./eglot-booster.nix { - inherit (pkgs) fetchFromGitHub; - inherit (epkgs) trivialBuild; - }; - }; - config = config-el; - alwaysEnsure = true; - defaultInitFile = true; - extraEmacsPackages = epkgs: with epkgs; [ - (treesit-grammars.with-grammars (g: with g; [ - tree-sitter-rust - tree-sitter-python - ])) - ] ++ outside-emacs; - }; -in -{ - config = { - nixpkgs.overlays = [ inputs.emacs-overlay.overlays.default ]; - environment.systemPackages = [ - emacs - (pkgs.aspellWithDicts (dicts: with dicts; [ pt_BR en en-computers ])) - ] ++ outside-emacs; - fonts.packages = with pkgs; [ - emacs-all-the-icons-fonts - (nerdfonts.override { fonts = ["Iosevka"]; }) - ]; - }; -} - diff --git a/modules/fonts.nix b/modules/fonts.nix new file mode 100644 index 0000000..286f670 --- /dev/null +++ b/modules/fonts.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ...} : with lib; { + options.santi-modules.font-config.enable = mkOption { + type = types.bool; + default = true; + description = "Installs default fonts."; + }; + config = mkIf config.santi-modules.font-config.enable { + fonts = { + fontconfig = { + enable = true; + defaultFonts = { + monospace = [ "Iosevka" "IPAGothic" ]; + serif = [ "DejaVu Serif" "IPAPMincho" ]; + }; + }; + packages = with pkgs; [ + (nerdfonts.override { fonts = [ "Iosevka" "FiraCode" ]; }) + ipafont + kochi-substitute + dejavu_fonts + ]; + }; + }; +} diff --git a/modules/games.nix b/modules/games.nix new file mode 100644 index 0000000..d47254d --- /dev/null +++ b/modules/games.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: let + cfg = config.santi-modules; +in with lib; { + options.santi-modules = { + games.enable = mkEnableOption "Enable all games"; + steam.enable = mkOption { + description = "Enable steam installation"; + default = cfg.games.enable; + type = types.bool; + }; + minecraft.enable = mkOption { + description = "Enable minecraft launcher"; + default = cfg.games.enable; + type = types.bool; + }; + }; + config = { + programs.steam = mkIf cfg.steam.enable { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + environment.systemPackages = mkIf cfg.minecraft.enable [ + pkgs.prismlauncher + ]; + }; +} diff --git a/modules/gnome-config.nix b/modules/gnome-config.nix deleted file mode 100644 index 38a812d..0000000 --- a/modules/gnome-config.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ ... }: -{ - dconf.settings = { - "org/gnome/desktop/background" = { - picture-uri = "${../wallpaper.png}"; - picture-uri-dark = "${../wallpaper.png}"; - picture-options = "zoom"; - }; - "org/gnome/desktop/interface" = { - color-scheme="prefer-dark"; - enable-hot-corners=false; - font-antialiasing="grayscale"; - font-hinting="slight"; - gtk-theme="Graphite-Dark"; - icon-theme="Tela-brown-light"; - show-battery-percentage=true; - }; - "org/gnome/desktop/peripherals/touchpad" = { - edge-scrolling-enabled=false; - natural-scroll=true; - tap-to-click=true; - two-finger-scrolling-enabled=true; - }; - "org/gnome/mutter" = { - dynamic-workspaces= true; - edge-tiling= true; - workspaces-only-on-primary= true; - }; - "org/gnome/settings-daemon/plugins/power" = { - power-button-action="hibernate"; - sleep-inactive-ac-type="nothing"; - }; - # ========= GNOME SHELL ============ - "org/gnome/shell" = { - enabled-extensions = [ - "appindicatorsupport@rgcjonas.gmail.com" - "light-style@gnome-shell-extensions.gcampax.github.com" - "Vitals@CoreCoding.com" - "user-theme@gnome-shell-extensions.gcampax.github.com" - "x11gestures@joseexposito.github.io" - "gsconnect@andyholmes.github.io" - ]; - disabled-extensions= [ - "windowsNavigator@gnome-shell-extensions.gcampax.github.com" - "apps-menu@gnome-shell-extensions.gcampax.github.com" - ]; - }; - "org/gnome/shell/extensions/user-theme".name = "Graphite-Dark"; - "org/honem/shell/extensions/vitals" = { - hide-zeros = true; - position-in-panel = "0"; - show-battery = false; - show-temperature = true; - }; - "org/gnome/shell/app-switcher".current-workspace-only = true; - }; -} diff --git a/modules/gnome.nix b/modules/gnome.nix deleted file mode 100644 index a80001f..0000000 --- a/modules/gnome.nix +++ /dev/null @@ -1,75 +0,0 @@ -{inputs, pkgs, ...}: -{ - config = { - # enable buffering for better perfomance - programs.dconf.enable = true; - # nixpkgs.overlays = [ - # (final: prev: { - # gnome = prev.gnome.overrideScope' (gnomeFinal: gnomePrev: { - # mutter = gnomePrev.mutter.overrideAttrs ( old: { - # src = pkgs.fetchgit { - # url = "https://gitlab.gnome.org/vanvugt/mutter.git"; - # # GNOME 45: triple-buffering-v4-45 - # rev = "0b896518b2028d9c4d6ea44806d093fd33793689"; - # sha256 = "sha256-mzNy5GPlB2qkI2KEAErJQzO//uo8yO0kPQUwvGDwR4w="; - # }; - # } ); - # }); - # }) - # ]; - environment.systemPackages = with pkgs; [ - gnome-tweaks - tela-icon-theme - ] ++ (with gnomeExtensions; [ - appindicator - vitals - user-themes - graphite-gtk-theme - x11-gestures - gsconnect - ]); - - - # gsconnect specific - programs.firefox.nativeMessagingHosts.gsconnect.enable = true; - networking.firewall.allowedTCPPortRanges = [ - # KDE Connect - { from = 1714; to = 1764; } - ]; - networking.firewall.allowedUDPPortRanges = [ - # KDE Connect - { from = 1714; to = 1764; } - ]; - - environment.gnome.excludePackages = (with pkgs; [ - gnome-photos - gnome-tour - gedit - cheese - gnome-terminal - epiphany # web browser - geary # email reader - evince # document viewer - totem # video player - ]) ++ (with pkgs.gnome; [ - gnome-music - gnome-characters - tali # poker game - iagno # go game - hitori # sudoku game - atomix # puzzle game - ]); - services.xserver = { - displayManager.gdm = { - enable = true; - wayland = false; - }; - desktopManager.gnome.enable = true; - }; - services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; - services.gnome = { - gnome-browser-connector.enable = true; - gnome-keyring.enable = true; - }; - }; -} diff --git a/modules/gnome/default.nix b/modules/gnome/default.nix new file mode 100644 index 0000000..f0e7939 --- /dev/null +++ b/modules/gnome/default.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ...}: with lib; { + options.santi-modules.gnome.enable = mkEnableOption "Enable gnome"; + config = mkIf config.santi-modules.gnome.enable { + programs.dconf.enable = true; + environment.systemPackages = with pkgs; [ + gnome-tweaks + tela-icon-theme + ] ++ (with gnomeExtensions; [ + appindicator + vitals + user-themes + graphite-gtk-theme + x11-gestures + gsconnect + ]); + + environment.gnome.excludePackages = with pkgs; [ + gnome-photos + gnome-tour + gedit + cheese + gnome-terminal + epiphany # web browser + geary # email reader + evince # document viewer + totem # video player + gnome-music + gnome-characters + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]; + services.xserver = { + displayManager.gdm = { + enable = true; + wayland = false; + }; + desktopManager.gnome.enable = true; + }; + services.udev.packages = [ pkgs.gnome-settings-daemon ]; + services.gnome = { + gnome-browser-connector.enable = true; + gnome-keyring.enable = true; + }; + }; +} diff --git a/modules/gnome/gnome-config.nix b/modules/gnome/gnome-config.nix new file mode 100644 index 0000000..099a692 --- /dev/null +++ b/modules/gnome/gnome-config.nix @@ -0,0 +1,57 @@ +santi-modules: +{ lib, ... }: lib.optionalAttrs santi-modules.gnome.enable { + dconf.settings = { + "org/gnome/desktop/background" = { + picture-uri = "${../../wallpaper.png}"; + picture-uri-dark = "${../../wallpaper.png}"; + picture-options = "zoom"; + }; + "org/gnome/desktop/interface" = { + color-scheme="prefer-dark"; + enable-hot-corners=false; + font-antialiasing="grayscale"; + font-hinting="slight"; + gtk-theme="Graphite-Dark"; + icon-theme="Tela-brown-light"; + show-battery-percentage=true; + }; + "org/gnome/desktop/peripherals/touchpad" = { + edge-scrolling-enabled=false; + natural-scroll=true; + tap-to-click=true; + two-finger-scrolling-enabled=true; + }; + "org/gnome/mutter" = { + dynamic-workspaces= true; + edge-tiling= true; + workspaces-only-on-primary= true; + }; + "org/gnome/settings-daemon/plugins/power" = { + power-button-action="hibernate"; + sleep-inactive-ac-type="nothing"; + }; + # ========= GNOME SHELL ============ + "org/gnome/shell" = { + enabled-extensions = [ + "appindicatorsupport@rgcjonas.gmail.com" + "light-style@gnome-shell-extensions.gcampax.github.com" + "Vitals@CoreCoding.com" + "user-theme@gnome-shell-extensions.gcampax.github.com" + "x11gestures@joseexposito.github.io" + "gsconnect@andyholmes.github.io" + ]; + disabled-extensions= [ + "windowsNavigator@gnome-shell-extensions.gcampax.github.com" + "apps-menu@gnome-shell-extensions.gcampax.github.com" + ]; + }; + "org/gnome/shell/extensions/user-theme".name = "Graphite-Dark"; + "org/honem/shell/extensions/vitals" = { + hide-zeros = true; + position-in-panel = "0"; + show-battery = false; + show-temperature = true; + }; + "org/gnome/shell/app-switcher".current-workspace-only = true; + }; +} diff --git a/secrets/authinfo.age b/secrets/authinfo.age index 223c1b4..1460551 100644 Binary files a/secrets/authinfo.age and b/secrets/authinfo.age differ diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age new file mode 100644 index 0000000..1ffafa6 --- /dev/null +++ b/secrets/cloudflare.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDZiYmg0ZyBseGds +WnpmL2pORWRqYjBKc1A4cFhHWG9TWDVUS0UyVk00dnRtb3pMUTI4Ckp0dGdUNmxs +TEhsdzhySms2SkpEaENpbUFxL0dTaURkMkJGQ3hrNlBBV3MKLT4gc3NoLWVkMjU1 +MTkgSE1OV253IC9lRkFpZFdISUd0Sm1GMkJPanpKODBwOU40eXovRmpVb0lLNzRE +QWxVeHcKcC9Od01vY0JDckpVK0gza2hBdjY4TE50SkZYSHhYSm5TMkZPMkd3bDQ1 +OAotPiBzc2gtZWQyNTUxOSBBY2VnWUEgcW5JS1F5Q3p1TG1neDNxVHh0YlBWU2ds +Z2lVOUs3WTlUOTd6djk3dDMwcwplR1FYdVpucFZsU2Z1WURVUkhqUEs4dURXbnlp +MWp3UGxST3ZCcFNCMW1rCi0+IHNzaC1lZDI1NTE5IFZzREtydyBtNXFnakhQL2Zy +TlRqZ0tReVNvMVF3cjN1RDF6SG1VK1dSWjdvdXhoTlhvCmt6cUpSYkJEOFYrZjhm +VFg1cUs4WTR3SWpNWmFNQUN3UUY3L292WE5CZ0EKLT4gb0s0JU86YS1ncmVhc2UK +amt6aUl4VjdRaHFzNDRLWExiS0h3dmdiL1FZRUJRSERKUVB6OHpLbXFkc1FCOXcr +MHVrd1lqYVlraXRiN2ltVApaVnJiZG5IeFo3ZEc0aGNzNFlib21GbmRHbU0KLS0t +IENyVDdZM0hEdTc5YkNEZWxhdVI1YnFJd3ZJUDNJU2JWVEdNcjFVa3ltbUEK8KJV +kOUb25Nckbty31K6PULyfU6O/tPxRqPKLou6L16hCD28FfJQ05JSIeKL35vJzHhj +zGl+BVLUMxpoR1KH3PEPNXFuVfjFaQnGyxhUHBClbORXUcw= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/host-pub-keys.nix b/secrets/host-pub-keys.nix index 5d4521e..2c5446f 100644 --- a/secrets/host-pub-keys.nix +++ b/secrets/host-pub-keys.nix @@ -2,4 +2,5 @@ larissa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC"; kunagisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm"; hanekawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub"; + iori = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFp0hrtRbJ6KTf7gH+TDEaTlyzAE9IiEoknEFcrXKdos"; } diff --git a/secrets/personal-mail.age b/secrets/personal-mail.age index 33fb9e4..dfe63be 100644 --- a/secrets/personal-mail.age +++ b/secrets/personal-mail.age @@ -1,11 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 6bbh4g Co1q1Z2PlGmuBR/rRK+Vsqzh+9wFKBZtvJQWsa8YBhg -9H9UosRZwuhuAruVC/F0xC048BLU6lZSv2R5k1OIo3Q --> ssh-ed25519 VsDKrw VfIAnkhQL0JGAKMet+DNPAi2VIdTxUov8qQasws7lBE -bedej/OxKTQSVcHX8s/qudPRMylVEkKk5NpiGLKjI8s --> ssh-ed25519 AcegYA 5w3nAxWTf7JauebRnBVTpmQhT1rWDcIJqxviN/s0qCA -TFze7JmR2b7RrlXTxX++AFGg3xtg+zJbtkecDJWMXv8 --> ssh-ed25519 HMNWnw 576lXVz0d6rePcdUO74AlY/1WeZgxdISIK6dDMBuO0k -X2RsmdFD1SS6/5dx6U5GFz5jY0rGd1gsCyG2rKGsb7o ---- YADctsGaoJy18o6LP2ocSMs9NG2QCv2UhkCHd249x0U -7?LlP#"49{$ \ No newline at end of file +-> ssh-ed25519 6bbh4g s8GZCqmVMXba8spKaee82ejblHCiwsaTjcA7BvuMkFU +56+jfZexU8kVF6vWGAhB+QMIj0XGlaqSAXaMmSkdP9s +-> ssh-ed25519 VsDKrw 3ISxM0gMyKmKv5IyBqwFBxeActacKXvsac3VSry7LTM +2Slf8frYlBTAOBtImXohhqgIzOyXnzlIZ6Qyzm70hWk +-> ssh-ed25519 6rQlWQ TaVwF7vF2Sx4S66/8iVVWoXhe5yb2hXfz2NyUKNQaQg +4CuXqHzJbOElIdtOyjUHo+1EVGQ+9w6X/V3ot2ZF8SU +-> ssh-ed25519 AcegYA ucnWOc1As3Kvxip8+7ijJLlAK5Zr3FV6fs2Yh9KBHww +8rfuA+kGpssLVbKZpNDqc7PFqAYXYel2CTLJtEPz63o +-> ssh-ed25519 HMNWnw sTEofSsU4BnHqr7lzdaXrxGAFolqOcutfHwPHnO143M +Owpm6/83ltdpUea6ioTfStKxCvR45xT1oUHviIyhY8E +--- sxfpfsa2pN+oyyJ1PLaP0/nZplTzJOPNP//GRLnDj4s +E)k)4ME@|)=-::IN֗^T-~D \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 57cce87..838dd3c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,4 +10,5 @@ in "university-mail.age".publicKeys = keys; "authinfo.age".publicKeys = keys; "user-pass.age".publicKeys = keys; + "cloudflare.age".publicKeys = keys; } diff --git a/secrets/university-mail.age b/secrets/university-mail.age index 7265206..c08a6e6 100644 Binary files a/secrets/university-mail.age and b/secrets/university-mail.age differ diff --git a/secrets/user-pass.age b/secrets/user-pass.age index fbff2b1..598c27f 100644 --- a/secrets/user-pass.age +++ b/secrets/user-pass.age @@ -1,12 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 6bbh4g RLzMUdJo4fNl5Pt3Bfrc1h6f/g7ZnbXCVZYzKtCdc0E -msXwOrGwApKJ1wPB2IwtJb/8KmWQWTWmXHkmwCJgywY --> ssh-ed25519 VsDKrw F3FoKxZx5zQfRkDOUwwpMYgLxT409t92cD8lZDQkDAc -cN0ckxaLdoKEj47LhlVMYCXrZJPn5rBe/eYqwi1YG/Y --> ssh-ed25519 AcegYA /b901V1aFQRau4gkFZCZI1iaMUMRVAH+IgV9amZldxE -cLS9vh5nCYR59Sw0f7oqbgqEqgEXvZJsipWrAtROGPU --> ssh-ed25519 HMNWnw 14p8qhRCpr+uPlk4e0TdYI2TZCKiaEjbh2bz6dqhRkk -jrPOTSdGQlgQZ/VbOQVPMCrSU2o0/TBJwcSbzz/7DgU ---- sAYECrOx62PupGuHIGTcXPLcC64SmlWEXzWrqzeVJRg -o[87e, -}iG&eg6~$3Anל5$dr#Pnސ򅺨^p\ƇKar!zk'bRa'WMX \ No newline at end of file +-> ssh-ed25519 6bbh4g lDvj7yboKJLG3qB74bFw09qTDCzu5KGUhzVLjZSDYxc +7szgniathBhlgJwnZeb1jehVGI4Ku0mv6UvGNLCaWZE +-> ssh-ed25519 VsDKrw SyYw0WqRmwYZbYVAAVCuLnWF6jiKy8ceSXTwOn1ubnY +NQCBXkDtXtnPOSNXH7fG+CvJ72Fd0nMzEqi+e9HOE1s +-> ssh-ed25519 6rQlWQ EgxldGA6qyuaOkI1FqPIEyt0svORWlU1amLpbsYiw38 +nPzQ4d2Kg+THRciYy3jMJchtyIvIk5fUH6gyXDuwA/w +-> ssh-ed25519 AcegYA tyBWRfwPeRGSKo7E//v9J9z/ElrtVQNvYZgGiPy7RyM +u8cZaQb3yz74n+VOqJUGFGzdwPvKPxzcUL1sL20S6j0 +-> ssh-ed25519 HMNWnw GMFuHhtXa1EF5hvfMZ39uLdimyjF7YLngL8+3//RxQM +3cZLt2thg2Skb88ZzqEat8os3d2FKuLrdHgFfWoU0Cc +--- 5rq6g0jqUfdGLPvmnS/GvYC7Vh+IyOKXQGYVo1RigcQ +dX\?hLsjvR[T2N8̶X}kaQG@5R7/% !B.MgZZ mֱI7JK \ No newline at end of file diff --git a/secrets/user-ssh-key.age b/secrets/user-ssh-key.age index 355cf10..877e687 100644 Binary files a/secrets/user-ssh-key.age and b/secrets/user-ssh-key.age differ diff --git a/secrets/work-mail.age b/secrets/work-mail.age index 75f396f..3005d73 100644 --- a/secrets/work-mail.age +++ b/secrets/work-mail.age @@ -1,12 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 6bbh4g m0pOnu0NNuv2qcq24i4c1+Pk7sTcBnTvg64CWVoPpi4 -bud+AyspzVbwDiuhK5GtT3XvCh3GbPmazSfxoq4QegA --> ssh-ed25519 VsDKrw YDE4+4IJYiE8jBpTM+bUsKuR8vBVLQiNi6UeAeheghA -QiTiPfNiT7SikKi8XklTyOOj4KaQpYVD0U/tUqP9fUU --> ssh-ed25519 AcegYA TlWm9o9RxFp6VQZ6o29xCNJA/eI2Bo+cDpwPQ/AySxs -Vp/dvB1NCqHjdh+xjHDJGkx2Zz2872JWMI13j0CiFG0 --> ssh-ed25519 HMNWnw nn5hJucwg2Z0oy5CM9/rsfS0vpvxOxTZF2ljnP3ETzo -HS6JzCyOtXxQPYbg9s3tXh38VyedBYpiW1VkkopD0Ts ---- p05A6cDASoTJwlaeazJyvwMNhCDq4xHEVR7105DJ19M -;ܒẇHD - )?%ftle>l]JS \ No newline at end of file +-> ssh-ed25519 6bbh4g B58pVNMnxei45dbeGx/Wx3RQm/mra8y0tikUNmSuMUw +NiuDbda8SyCmDDrDxjbTp8OPZRvyF2yKUxO35SOyrns +-> ssh-ed25519 VsDKrw qL8t146DKRBddDPIeI7Vo/uDdmJ6+94xReypJLQiGTk +uJvwTxbGg2eas9J7dkjTtBsL8rng6/qdPXJvUgbNycs +-> ssh-ed25519 6rQlWQ hmwryLXQl/5/kjLiSNP9nIUSanaFWBglgMyDSJ6nPx8 +YzAdR/5gkcXoOHeMkJiiOTC+xRj69V6kexjFQKHoDlA +-> ssh-ed25519 AcegYA EW0jfguCGqYWMu4D8dQ9I6bujOhsOBYlxn/rq+KWsyQ +YRcZCcQYtmQa8ZH9aoiM2dKJYHQZM7M5VHt5T/ptGnI +-> ssh-ed25519 HMNWnw 7KuRwRQXKXyH9Cyi+SRoUqFRHBWL8VPB2wlgzTBuryQ +AekDJJeFSETMDguHAOKShuBJxNi4/S6zKp0BC+Z9A6E +--- hC+KoA8D5HmrgV8QhediAb6XNoAXgOg2wijsb7WrtmQ +òt]M@gW<&Yl#kUgD,ʆI1W+ \ No newline at end of file diff --git a/users/leonardo.nix b/users/leonardo.nix deleted file mode 100644 index ed59bf2..0000000 --- a/users/leonardo.nix +++ /dev/null @@ -1,273 +0,0 @@ -{ pkgs, config, inputs, ... }: -let - hosts-pub-keys = import ../secrets/host-pub-keys.nix; -in -{ - imports = [ - ../modules/gnome.nix - ../modules/emacs/emacs.nix - ]; - config = { - nix = { - package = pkgs.lib.mkForce pkgs.nixVersions.nix_2_23; - settings = { - trusted-users = [ "root" "leonardo" ]; - auto-optimise-store = true; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - environment.systemPackages = with pkgs;[ - prismlauncher - rage - ]; - - - nixpkgs = { - config.allowUnfree = true; - config.allowUnfreePredicate = _: true; - }; - programs.bash = { - vteIntegration = true; - enableLsColors = true; - completion.enable = true; - promptInit = - '' - PS1="\[\033[1;95m\][\h]\[\033[0m\] \[\033[0;32m\]\w\[\033[0m\] :: " - [ -n "$EAT_SHELL_INTEGRATION_DIR" ] && source "$EAT_SHELL_INTEGRATION_DIR/bash" - ''; - }; - fonts = { - fontconfig = { - enable = true; - defaultFonts = { - monospace = [ "Iosevka" "IPAGothic" ]; - serif = [ "DejaVu Serif" "IPAPMincho" ]; - }; - }; - packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Iosevka" "FiraCode" ]; }) - ipafont - kochi-substitute - dejavu_fonts - ]; - }; - - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - programs.ssh.startAgent = true; - services.pipewire = { - enable = true; - extraConfig.pipewire = { - "context.properties"."module.x11.bell" = false; - }; - }; - services.openssh = { - enable = true; - settings = { - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - }; - }; - users.mutableUsers = false; - users.users.leonardo = { - isNormalUser = true; - description = "leonardo"; - extraGroups = [ "networkmanager" "wheel" ]; - shell = pkgs.bashInteractive; - hashedPasswordFile = config.age.secrets.user-pass.path; - openssh.authorizedKeys.keys = [ (builtins.readFile ../secrets/user-ssh-key.pub)] ++ builtins.attrValues (hosts-pub-keys); - }; - - age = { - secrets = { - user-ssh-key = { - file = ../secrets/user-ssh-key.age; - path = "/home/leonardo/.ssh/id_ed25519"; - owner = "leonardo"; - group = "users"; - }; - } // (builtins.foldl' (acc: filename: acc // { - ${filename} = { - file = ../secrets/${filename}.age; - owner = "leonardo"; - group = "users"; - }; - }) {} [ "personal-mail" "work-mail" "university-mail" "authinfo" "user-pass" ]); - }; - services.gnome.gnome-browser-connector.enable = true; - home-manager = { - backupFileExtension = "backup"; - useGlobalPkgs = true; - useUserPackages = true; - users.leonardo = { pkgs, ... } : { - imports = [ ./../modules/gnome-config.nix ]; - home = { - file.".ssh/id_ed25519.pub".source = ../secrets/user-ssh-key.pub; - file.".mozilla/firefox/leonardo/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme; - username = "leonardo"; - homeDirectory = "/home/leonardo"; - stateVersion = "23.05"; - sessionVariables.GTK_THEME = "Adwaita-dark"; - packages = with pkgs; [ - discord - slack - whatsapp-for-linux - telegram-desktop - ]; - }; - - programs = { - firefox = { - enable = true; - package = pkgs.firefox.override { # nixpkgs' firefox/wrapper.nix - nativeMessagingHosts = [ - pkgs.gnome-browser-connector - ]; - }; - profiles.leonardo = { - userChrome = '' - @import "firefox-gnome-theme/userChrome.css"; - ''; - userContent = '' - @import "firefox-gnome-theme/userContent.css"; - ''; - settings = { - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.cs - "browser.uidensity" = 0; # Set UI density to normal - "svg.context-properties.content.enabled" = true; # Enable SVG context-propertes - # firefox-gnome-theme - "gnomeTheme.activeTabContrast" = true; - "gnomeTheme.hideWebrtcIndicator" = true; - "gnomeTheme.bookmarksToolbarUnderTabs" = true; - "gnomeTheme.hideSingleTab" = true; - }; - }; - policies = { - DisableTelemetry = true; - DisableFirefoxStudies = true; - EnableTrackingProtection = { - Value= true; - Locked = true; - Cryptomining = true; - Fingerprinting = true; - }; - DisablePocket = true; - DisableFirefoxAccounts = true; - DisableAccounts = true; - DisableFirefoxScreenshots = true; - OverrideFirstRunPage = ""; - OverridePostUpdatePage = ""; - DontCheckDefaultBrowser = true; - ExtensionSettings = { - "*".installation_mode = "blocked"; # blocks all addons except the ones specified below - # uBlock Origin: - "uBlock0@raymondhill.net" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; - installation_mode = "force_installed"; - }; - }; - }; - }; - bash = { - enable = true; - enableVteIntegration = true; - enableCompletion = true; - initExtra = '' - shopt -s -q autocd - shopt -s no_empty_cmd_completion - ''; - }; - fzf = { - enable = true; - enableBashIntegration = true; - }; - git = { - enable = true; - lfs.enable = true; - diff-so-fancy.enable = true; - extraConfig = { - user = { - name = "Leonardo Santiago"; - email = "leonardo.ribeiro.santiago@gmail.com"; - signingkey = "~/.ssh/id_ed25519"; - }; - color.ui = true; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - }; - mu.enable = true; - msmtp.enable = true; - mbsync.enable = true; - }; - - services.mbsync = { - enable = true; - frequency = "*:0/5"; - }; - - accounts.email.accounts = { - personal = { - address = "leonardo.ribeiro.santiago@gmail.com"; - userName = "leonardo.ribeiro.santiago@gmail.com"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - primary = true; - realName = "Leonardo Ribeiro Santiago"; - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - }; - msmtp.enable = true; - mu.enable = true; - passwordCommand = "cat ${config.age.secrets.personal-mail.path}"; - }; - university = { - address = "leonardors@dcc.ufrj.br"; - userName = "leonardors@dcc.ufrj.br"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - realName = "Leonardo Ribeiro Santiago"; - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - }; - msmtp.enable = true; - mu.enable = true; - passwordCommand = "cat ${config.age.secrets.university-mail.path}"; - }; - work = { - address = "leonardo@mixrank.com"; - userName = "leonardo@mixrank.com"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - realName = "Leonardo Ribeiro Santiago"; - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - }; - msmtp.enable = true; - mu.enable = true; - passwordCommand = "cat ${config.age.secrets.work-mail.path}"; - }; - }; - }; - }; - - }; -} -- cgit v1.2.3