Browse Source

i forgot

master
parent
commit
34e228bba4
Signed by: govanify GPG Key ID: DE62E1E2A6145556
11 changed files with 128 additions and 42 deletions
  1. +1
    -10
      README.md
  2. +9
    -0
      TODO.md
  3. +23
    -0
      common/bluetooth.nix
  4. +1
    -1
      common/default.nix
  5. +1
    -1
      common/gaming.nix
  6. +63
    -8
      common/graphical.nix
  7. +3
    -6
      common/headfull.nix
  8. +2
    -2
      common/mac.nix
  9. +12
    -3
      common/xdg.nix
  10. +7
    -6
      dotfiles/graphical/sway/config
  11. +6
    -5
      machines/xanadu/default.nix

+ 1
- 10
README.md View File

@@ -8,13 +8,4 @@ Currently the machines populated by this configuration are:
* xanadu


TODo list sorted by priority:
* security: tor profiles and fix iana
* workflow: weechat-matrix setup
* workflow: make cursor visible in sway
* security: add default firefox config
* security: security hardening through sandboxing
* workflow: set up patchouli to have regular and automated backups
* server: make firefox sync to fujiwara and setup fujiwara
* xdg: nixpkgs PR, check if xdg patches actually work
* locale: sync mozc/ibus settings, saner defaults, make panel work in wayland


+ 9
- 0
TODO.md View File

@@ -0,0 +1,9 @@
TODO list sorted by priority:
* security: tor profiles and fix iana
* security: add default firefox config
* security: security hardening through sandboxing
* workflow: set up patchouli to have regular and automated backups
* server: make firefox sync to fujiwara and setup fujiwara
* xdg: nixpkgs PR, check if xdg patches actually work
* locale: sync mozc/ibus settings, saner defaults, make panel work in wayland
* workflow: discrepancy for cursor between x11 and non x11 apps

+ 23
- 0
common/bluetooth.nix View File

@@ -0,0 +1,23 @@
{ config, pkgs, ... }: {
hardware.bluetooth.enable = true;
services.blueman.enable = true;


hardware.pulseaudio = {
enable = true;

# NixOS allows either a lightweight build (default) or full build of PulseAudio to be installed.
# Only the full build has Bluetooth support, so it must be selected here.
package = pkgs.pulseaudioFull;
};

hardware.bluetooth.config = { General = { Enable = "Source,Sink,Media,Socket"; }; };

systemd.user.services.mpris-proxy = {
description = "Mpris proxy";
after = [ "network.target" "sound.target" ];
serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
wantedBy = [ "default.target" ];
};
}


+ 1
- 1
common/default.nix View File

@@ -6,7 +6,7 @@
./locale.nix
./xdg.nix
./sandboxing.nix
(import "${builtins.fetchTarball https://github.com/rycee/home-manager/archive/master.tar.gz}/nixos")
(import "${builtins.fetchTarball https://github.com/rycee/home-manager/archive/release-20.03.tar.gz}/nixos")
./../secrets/deployment.nix
./../pkgs/vim.nix
./../pkgs/zsh.nix


+ 1
- 1
common/gaming.nix View File

@@ -6,7 +6,7 @@


environment.systemPackages = with pkgs; [
#steam
steam
(
pkgs.writeTextFile {
name = "startsteam";


+ 63
- 8
common/graphical.nix View File

@@ -17,20 +17,74 @@
# multimedia
mpv imv
# reading
calibre okular
calibre okular kcc
# web browsers
# standard firefox is used for basically everything and is "impossible" to
# fingerprint with my configuration, but i do login on websites sometimes.
# As such tor is used as a clean cut identity that also make sure I didn't
# fuck up tracking when need happens.
firefox-wayland tor-browser-bundle-bin
#firefox-bin
# art
blender krita kdenlive ardour
# stem
freecad kicad wireshark android-studio
freecad kicad wireshark

android-studio
(
pkgs.writeTextFile {
name = "startandroid";
destination = "/bin/startandroid";
executable = true;
text = ''
#! ${pkgs.bash}/bin/bash
# Java sucks
export QT_QPA_PLATFORM=xcb
export GDK_BACKEND=xcb
mkdir -p $XDG_DATA_HOME/android-home
export HOME=$XDG_DATA_HOME/android-home
# then start the launcher
exec android-studio
'';
}
)
#ghidra in the future when it is actually updated
# themes
breeze-gtk breeze-qt5 breeze-icons
# ELECTRON BELOW
# you should try to run with GDK_BACKEND=x11
# this is good for lean
vscodium lean elan
(
pkgs.writeTextFile {
name = "vscodium-x11";
destination = "/bin/vscodium-x11";
executable = true;
text = ''
#! ${pkgs.bash}/bin/bash
# Electron sucks
GDK_BACKEND=x11
# then start the launcher
exec codium
'';
}
)
# matrix
riot-desktop
(
pkgs.writeTextFile {
name = "riot-x11";
destination = "/bin/riot-x11";
executable = true;
text = ''
#! ${pkgs.bash}/bin/bash
# Electron sucks
GDK_BACKEND=x11
# then start the launcher
exec riot-desktop
'';
}
)
];
};

@@ -119,10 +173,6 @@

environment = {
etc = {
"sway/config".source = ./../dotfiles/graphical/sway/config;
"sway/locale.sh".source = ./../dotfiles/graphical/sway/locale.sh;
"sway/status.sh".source = ./../dotfiles/graphical/sway/status.sh;

# GTK theme
"xdg/gtk-3.0/settings.ini" = { text = ''
[Settings]
@@ -163,7 +213,7 @@
# unreliable yet so we just try to clone until it works
~/.cache/clone-pass.sh &
fi
if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then
if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]] && [[ $EUID -ne 0 ]]; then
xrdb -load /etc/X11/Xresources &> /dev/null
exec sway
fi
@@ -172,11 +222,16 @@
home-manager.users.govanify = {
# initial pass setup
# should i make this global?
home.file.".cache/clone-pass.sh".source = ./../dotfiles/clone-pass.sh;
home.file.".cache/hello.sh".source = ./../dotfiles/clone-pass.sh;

# QT theme
home.file.".config/qt5ct/qt5ct.conf".source = ./../dotfiles/graphical/qt5ct/qt5ct.conf;
home.file.".config/qt5ct/colors/breeze-dark.conf".source = ./../dotfiles/graphical/qt5ct/breeze-dark.conf;

home.file.".config/sway/config".source = ./../dotfiles/graphical/sway/config;
home.file.".config/sway/locale.sh".source = ./../dotfiles/graphical/sway/locale.sh;
home.file.".config/sway/status.sh".source = ./../dotfiles/graphical/sway/status.sh;


};
}

+ 3
- 6
common/headfull.nix View File

@@ -19,16 +19,12 @@
texlive.combined.scheme-medium
# dev
cargo python R clang meson ninja
gnumake
gnumake
lean elan
];



# TODO: do that cleanly
#home-manager.users.govanify = {
#home.file.".config/weechat".source = ./../dotfiles/weechat;
#};

networking.networkmanager.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
@@ -53,6 +49,7 @@
signByDefault = true;
key = "52142D39A7CEF8FA872BCA7FDE62E1E2A6145556";
};
home.file.".config/weechat".source = ./../dotfiles/weechat;

};



+ 2
- 2
common/mac.nix View File

@@ -26,7 +26,7 @@ in {
# The more people use tor, the better our security will be.
config = lib.mkIf cfg.enable {

environment.systemPackages = with pkgs; [ macchanger ];
environment.systemPackages = with pkgs; [ macchanger nettools ];
systemd.services.macspoofer = {
wantedBy = [ "multi-user.target" ];
description = "Mac Spoofer service";
@@ -36,7 +36,7 @@ in {
after = [ "sys-subsystem-net-devices-${cfg.interface}.device" ];
# we do NOT want out mac spoofer to fail. seems to happen if wireless
# cached connection on bootup
onFailure = [ "emergency.target" ];
#onFailure = [ "emergency.target" ];

serviceConfig = {
Type = "oneshot";


+ 12
- 3
common/xdg.nix View File

@@ -43,9 +43,9 @@
'';
});

## a PR is in development but knowing the entire thing has been in the work
## since 15 years ago I'd assume it's going to take a _little_ bit longer
## https://phabricator.services.mozilla.com/D6995
# a PR is in development but knowing the entire thing has been in the work
# since 15 years ago I'd assume it's going to take a _little_ bit longer
# https://phabricator.services.mozilla.com/D6995
firefox-wayland = super.firefox-wayland.overrideAttrs (oldAttrs: rec {
postPatch = ''
sed -i 's/"\.mozilla"/"\.local\/share\/mozilla"/' $(grep -Rl '"\.mozilla"')
@@ -74,6 +74,13 @@
'';
});

vscodium = super.vscodium.overrideAttrs (oldAttrs: rec {
installPhase = oldAttrs.installPhase + ''
sed -i 's/"\.vscode-oss"/"\.config\/VSCodium\/oss"/' $(grep -Rl '"\.vscode-oss"' $out)
'';
});


};
};

@@ -101,6 +108,8 @@
# i'm... not sure myself but this seems to be required for ssh to use the
# godforsaken correct xdg path
GIT_SSH = "ssh";
ANDROID_SDK_HOME = "$XDG_CONFIG_HOME/android";
ADB_VENDOR_KEY = "$XDG_CONFIG_HOME/android";
};

home-manager.users.govanify = {


+ 7
- 6
dotfiles/graphical/sway/config View File

@@ -3,22 +3,23 @@ set $left h
set $down j
set $up k
set $right l
set $lock "swaylock -i ~/Pictures/wallpaper.png -l -F --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033"
set $lock "swaylock --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033 --line-color 00000000 --inside-color 00000088 --separator-color 00000000 -i ~/Pictures/wallpaper.png"

# auto lock
exec swayidle -w \
timeout 300 'swaylock -i ~/Pictures/wallpaper.png -l -F --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033' \
timeout 300 "swaylock --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033 --line-color 00000000 --inside-color 00000088 --separator-color 00000000 -i ~/Pictures/wallpaper.png" \
timeout 600 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock -i ~/Pictures/wallpaper.png -l -F --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033'
before-sleep "swaylock --indicator-radius 100 --indicator-thickness 7 --ring-color bb00cc --key-hl-color 880033 --line-color 00000000 --inside-color 00000088 --separator-color 00000000 -i ~/Pictures/wallpaper.png"

# screen
output * bg ~/Pictures/wallpaper.png fill
output eDP-1 scale 2.0

# all you need to have a good day
exec swaymsg "workspace 1; exec firefox"
exec swaymsg "workspace 1; exec ibus-daemon -dr"
exec swaymsg "workspace 1; exec firefox"
exec swaymsg "workspace 3; exec riot-x11"
exec swaymsg "workspace 2; exec termite -e tmux"

# ui chrome
@@ -61,7 +62,7 @@ bindsym XF86AudioPrev exec playerctl previous
bindsym $mod+z exec "wofi --show run"

bindsym $mod+c exec "grim /tmp/screenshot.png"
bindsym $mod+d exec "grim -g $(slurp) /tmp/screenshot.png"
bindsym $mod+d exec "grim -g "$(slurp)" /tmp/screenshot.png"

bindsym $mod+Ctrl+l exec $lock

@@ -205,7 +206,7 @@ bar {

# When the status_command prints a new line to stdout, swaybar updates.
# The default just shows the current date and time.
status_command while /etc/sway/status.sh; do sleep 1; done
status_command while ~/.config/sway/status.sh; do sleep 1; done

colors {
statusline #ffffff


+ 6
- 5
machines/xanadu/default.nix View File

@@ -8,6 +8,7 @@
../../common/mac.nix
../../common/laptop.nix
../../common/gaming.nix
../../common/bluetooth.nix
];
networking.hostName = "xanadu"; # Define your hostname.
users.motd = ''
@@ -68,11 +69,11 @@
Welcome to Xanadu
'';

modules.tor.transparentProxy = {
enable = true;
outputNic = "wlp1s0";
inputNic = "wlp1s0";
};
#modules.tor.transparentProxy = {
# enable = true;
# outputNic = "wlp1s0";
# inputNic = "wlp1s0";
# };
services.macspoofer = {
enable = true;
interface = "wlp1s0";


Loading…
Cancel
Save