Browse Source

components: abstract username and branding

master
parent
commit
c56970c014
Signed by: govanify GPG Key ID: DE62E1E2A6145556
10 changed files with 45 additions and 26 deletions
  1. +8
    -8
      components/bootloader.nix
  2. +19
    -0
      components/default.nix
  3. +1
    -1
      components/headfull/editor.nix
  4. +1
    -1
      components/headfull/graphical/browser.nix
  5. +1
    -1
      components/headfull/graphical/splash.nix
  6. +3
    -3
      components/headfull/graphical/wm.nix
  7. +8
    -8
      components/headfull/mail.nix
  8. +2
    -2
      components/headfull/music.nix
  9. +1
    -1
      components/shell.nix
  10. +1
    -1
      components/xdg.nix

+ 8
- 8
components/bootloader.nix View File

@ -7,9 +7,9 @@ let
# grub should be a coreboot payload when possible and patched: disable
# grub-rescue, only cryptomount the given drive in argument and navi names.
grubPatch = ''
sed -i 's/"Welcome to GRUB/"Welcome to navi/' $(grep -Rl '"Welcome to GRUB')
sed -i 's/GNU GRUB version %s/navi bootloader/' $(grep -Rl 'GNU GRUB version %s')
sed -i 's/grub>/navi>/' $(grep -Rl 'grub>')
sed -i 's/"Welcome to GRUB/"Welcome to ${config.navi.branding}/' $(grep -Rl '"Welcome to GRUB')
sed -i 's/GNU GRUB version %s/${config.navi.branding} bootloader/' $(grep -Rl 'GNU GRUB version %s')
sed -i 's/grub>/${config.navi.branding}>/' $(grep -Rl 'grub>')
sed -i 's/GRUB menu\."/menu\."/' $(grep -Rl 'GRUB menu\."')
${optionalString cfg.no_mercy
"sed -i 's/grub_rescue_run ();/grub_exit ();/' $(grep -Rl 'grub_rescue_run ();')"}
@ -39,9 +39,9 @@ in
boot.loader.grub.copyKernels = true;
boot.loader.grub.extraGrubInstallArgs = [
"--pubkey=${pkgs.copyPathToStore /var/lib/bootloader/pub.gpg}"
"--modules=gcry_sha256 gcry_sha512 gcry_dsa gcry_rsa" ];
boot.loader.grub.configurationName = "navi";
"--pubkey=${pkgs.copyPathToStore /var/lib/bootloader/pub.gpg}"
"--modules=gcry_sha256 gcry_sha512 gcry_dsa gcry_rsa" ];
boot.loader.grub.configurationName = config.navi.branding;
# we wait one second for esc keyboard mashing, otherwise we boot normally
# unset background_color if you want to see the boot framebuffer by default
@ -52,7 +52,7 @@ in
# if our users can load some signed config it'd be neat if they couldn't
# also modify it
boot.loader.grub.users.govanify.hashedPasswordFile = "/var/lib/bootloader/pass_hash";
boot.loader.grub.users.${config.navi.username}.hashedPasswordFile = "/var/lib/bootloader/pass_hash";
# this shows the UEFI framebuffer if it isn't cleaned, get a UEFI that likes
# you or configure grub to clear that
@ -61,7 +61,7 @@ in
# branding and signature of stage 1 files
boot.loader.grub.extraInstallCommands = ''
${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
sed -i 's/NixOS/navi/g' /boot/grub/grub.cfg
sed -i 's/NixOS/${config.navi.branding}/g' /boot/grub/grub.cfg
old_gpg_home=$GNUPGHOME
export GNUPGHOME="$(mktemp -d)"


+ 19
- 0
components/default.nix View File

@ -1,3 +1,5 @@
{ config, lib, ... }:
with lib;
{
imports = [
(import "${builtins.fetchTarball
@ -12,4 +14,21 @@
./hardening.nix
./headfull
];
options.navi = {
username = mkOption {
type = types.str;
default = "govanify";
description = ''
The main username of the infrastructure
'';
};
branding = mkOption {
type = types.str;
default = "navi";
description = ''
The name of the infrastructure to use for branding
'';
};
};
}

+ 1
- 1
components/headfull/editor.nix View File

@ -213,7 +213,7 @@ in
};
};
config = mkIf cfg.enable {
home-manager.users.govanify = vimConf;
home-manager.users.${config.navi.username} = vimConf;
home-manager.users.root = vimConf;
environment.variables = {
EDITOR = "vim";


+ 1
- 1
components/headfull/graphical/browser.nix View File

@ -113,7 +113,7 @@ in
SkipOnboarding = true;
};
SupportMenu = {
Title = "navi's browser";
Title = "${config.navi.branding}'s browser";
URL = "https://govanify.com";
};
SearchBar = "unified";


+ 1
- 1
components/headfull/graphical/splash.nix View File

@ -4,7 +4,7 @@ let
cfg = config.navi.components.headfull.graphical.splash;
breeze-navi = pkgs.breeze-plymouth.override {
logoFile = config.boot.plymouth.logo;
logoName = "navi";
logoName = config.navi.branding;
osName = "";
osVersion = "";
};


+ 3
- 3
components/headfull/graphical/wm.nix View File

@ -273,7 +273,7 @@ in
];
};
services.getty.autologinUser = mkIf cfg.autologin "govanify";
services.getty.autologinUser = mkIf cfg.autologin config.navi.username;
# QT theme engine
programs.qt5ct.enable = true;
@ -335,7 +335,7 @@ in
};
environment.shellInit = ''
if [[ -z $DISPLAY ]] && [[ "$(whoami)" == "govanify" ]]; then
if [[ -z $DISPLAY ]] && [[ "$(whoami)" == "${config.navi.username}" ]]; then
if ! systemctl is-active --quiet swaywm; then
xrdb -load /etc/X11/Xresources &> /dev/null
systemctl --user import-environment
@ -344,7 +344,7 @@ in
fi
'';
home-manager.users.govanify = {
home-manager.users.${config.navi.username} = {
# QT theme
home.file.".config/qt5ct/qt5ct.conf".text = qt5ct-conf;
home.file.".config/qt5ct/colors/breeze-dark.conf".text = qt5ct-dark;


+ 8
- 8
components/headfull/mail.nix View File

@ -10,7 +10,7 @@ let
notmuch_config = concatStringsSep "\n" (mapAttrsToList (name: account:
optionalString account.primary ''
[database]
path=/home/govanify/.local/share/mail
path=/home/${config.navi.username}/.local/share/mail
[user]
name=${account.name}
primary_email=${account.email}
@ -78,7 +78,7 @@ let
Host ${account.host}
Port 993
User ${account.email}
PassCmd "pass navi/${account.email} | head -n 1"
PassCmd "pass ${config.navi.branding}/${account.email} | head -n 1"
SSLType IMAPS
CertificateFile /etc/ssl/certs/ca-certificates.crt
@ -113,7 +113,7 @@ let
port 587
from ${account.email}
user ${account.email}
passwordeval "pass navi/${account.email} | head -n 1"
passwordeval "pass ${config.navi.branding}/${account.email} | head -n 1"
'') cfg.accounts);
# 3 steps:
@ -132,9 +132,9 @@ let
set from = "${account.email}"
set sendmail = "msmtp -a ${name}"
alias me ${account.name} <${account.email}>
set folder = "/home/govanify/.local/share/mail/${name}"
set header_cache = /home/govanify/.cache/mutt/${name}-headers
set message_cachedir = /home/govanify/.cache/mutt/${name}-bodies
set folder = "/home/${config.navi.username}/.local/share/mail/${name}"
set header_cache = /home/${config.navi.username}/.cache/mutt/${name}-headers
set message_cachedir = /home/${config.navi.username}/.cache/mutt/${name}-bodies
set signature="${(pkgs.writeTextFile { name=name+"-signature"; text=account.signature; })}"
# general folder mappings for email adresses
set mbox_type = Maildir
@ -143,7 +143,7 @@ let
set postponed = "+INBOX.Drafts"
set trash = "+INBOX.Trash"
folder-hook . 'set record=^'
mailboxes `find "/home/govanify/.local/share/mail/${name}" -type d -name cur | sort | sed -e 's:/cur/*$::' -e 's/ /\\ /g' | tr '\n' ' '`
mailboxes `find "/home/${config.navi.username}/.local/share/mail/${name}" -type d -name cur | sort | sed -e 's:/cur/*$::' -e 's/ /\\ /g' | tr '\n' ' '`
'' + optionalString (account.pgp_key != "") ''
set crypt_use_gpgme = yes
set crypt_autosign=yes
@ -422,7 +422,7 @@ in
# XDG_CONFIG_HOME does not get parsed correctly so we do it manually
# you need to create the caching folder otherwise this fails
home-manager.users.govanify.home.file = {
home-manager.users.${config.navi.username}.home.file = {
".config/msmtp/config".text = msmtp_config;
".config/mbsync/config".text = isync_config;
".config/mutt/muttrc".text = mutt_config;


+ 2
- 2
components/headfull/music.nix View File

@ -11,9 +11,9 @@ in
services.mpd = {
enable = true;
startWhenNeeded = true;
user = "govanify";
user = config.navi.username;
group = "users";
musicDirectory = "/home/govanify/Music";
musicDirectory = "/home/${config.navi.username}/Music";
extraConfig = ''
auto_update "yes"
'';


+ 1
- 1
components/shell.nix View File

@ -166,7 +166,7 @@ in
shellAliases.nbuild = "nix-build /nix/var/nix/profiles/per-user/root/channels/nixos/ --run fish --run-env -A";
};
# TODO: make it for all users?
home-manager.users.govanify = {
home-manager.users.${config.navi.username} = {
home.file.".config/fish/config.fish".text = fish_config;
home.file.".config/fish/functions/fish_prompt.fish".text = fish_prompt;
};


+ 1
- 1
components/xdg.nix View File

@ -115,7 +115,7 @@ in
NUGET_PACKAGES = "$XDG_CACHE_HOME/NuGetPackages";
};
home-manager.users.govanify = {
home-manager.users.${config.navi.username} = {
home.file.".config/wgetrc".text = "hsts-file = \"$XDG_CACHE_HOME\"/wget-hsts";
home.file.".config/python/startup.py".text = ''
import sys


Loading…
Cancel
Save