restructure

Signed-off-by: unexplrd <unexplrd@linerds.us>

modules/nixos/desktop/default.nix

@@ -1,10 +1,10 @@
 {
   imports = [
     ./common
-    ./cosmic.nix
-    ./gnome.nix
-    ./hyprland.nix
-    ./niri.nix
-    ./plasma.nix
+    ./cosmic
+    ./gnome
+    ./hyprland
+    ./niri
+    ./plasma
   ];
 }

modules/nixos/desktop/plasma/default.nix

@@ -7,9 +7,6 @@
 with lib; let
   cfg = config.desktop.plasma;
 in {
-  imports = [
-    ./common/pipewire.nix
-  ];
   options = {
     desktop.plasma = {
       enable = mkEnableOption "enable plasma desktop";

modules/nixos/shared/security/default.nix

@@ -1,119 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib) mkIf mkDefault;
-in {
-  security = {
-    sudo.enable = false;
-    # doas.enable = true;
-    sudo-rs = {
-      enable = true;
-      execWheelOnly = true;
-    };
-    polkit.enable = true;
-    polkit.extraConfig = ''
-      polkit.addRule(function(action, subject) {
-        if (
-          subject.isInGroup("users")
-            && (
-              action.id == "org.freedesktop.login1.reboot" ||
-              action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
-              action.id == "org.freedesktop.login1.power-off" ||
-              action.id == "org.freedesktop.login1.power-off-multiple-sessions"
-            )
-          )
-        {
-          return polkit.Result.YES;
-        }
-      });
-    '';
-    apparmor.enable = mkDefault true;
-    pam.sshAgentAuth.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [
-    (mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
-  ];
-
-  services.dbus = {
-    apparmor = "enabled";
-    implementation = "broker";
-  };
-  services.ntpd-rs = {
-    enable = true;
-    #settings = {
-    #  server = {
-    #    require-nts = true;
-    #  };
-    #};
-  };
-
-  boot.kernel.sysctl = {
-    "dev.tty.ldisc_autoload" = 0;
-    "fs.protected_fifos" = 2;
-    "fs.protected_regular" = 2;
-    "fs.suid_dumpable" = 0;
-    "kernel.kptr_restrict" = 2;
-    "kernel_kexec_load_disabled" = 1;
-    # "kernel.modules_disabled" = 1;
-    "kernel.sysrq" = 0;
-    "kernel.unprivileged_bpf_disabled" = 1;
-    "net.ipv4.conf.all.forwarding" = 0;
-    "net.ipv4.conf.all.log_martians" = 1;
-    "net.ipv4.conf.all.rp_filter" = 1;
-    "net.ipv4.conf.all.send_redirects" = 0;
-    "net.ipv4.conf.default.accept_redirects" = 0;
-    "net.ipv4.conf.default.log_martians" = 1;
-    "net.ipv6.conf.all.accept_redirects" = 0;
-    "net.ipv6.conf.default.accept_redirects" = 0;
-  };
-  boot.kernelParams = [
-    "amd_iommu=force_isolation"
-    "debugfs=off"
-    "efi=disable_early_pci_dma"
-    "gather_data_sampling=force"
-    "intel_iommu=on"
-    "iommu.passthrough=0"
-    "iommu.strict=1"
-    "iommu=force"
-    "page_alloc.shuffle=1"
-    "vsyscall=none"
-    # "ia32_emulation=0"
-    # "lockdown=confidentiality"
-    # "module.sig_enforce=1"
-  ];
-
-  boot.blacklistedKernelModules = [
-    # Obscure network protocols
-    "ax25"
-    "netrom"
-    "rose"
-    # Old or rare or insufficiently audited filesystems
-    "adfs"
-    "affs"
-    "bfs"
-    "befs"
-    "cramfs"
-    "efs"
-    "erofs"
-    "exofs"
-    "freevxfs"
-    "f2fs"
-    "hfs"
-    "hpfs"
-    "jfs"
-    "minix"
-    "nilfs2"
-    "ntfs"
-    "omfs"
-    "qnx4"
-    "qnx6"
-    "sysv"
-    "ufs"
-  ];
-
-  nix.settings.allowed-users = mkDefault ["@users"];
-}

modules/shared/nixos/default.nix

@@ -44,15 +44,18 @@ in {
         keyboards = {
           internal = {
             ids = ["0001:0001" "048d:c101"];
-            settings.main = {
-              a = "lettermod(alt, a, 200, 150)";
-              s = "lettermod(meta, s, 200, 150)";
-              d = "lettermod(control, d, 200, 150)";
-              f = "lettermod(shift, f, 200, 150)";
-              j = "lettermod(shift, j, 200, 150)";
-              k = "lettermod(control, k, 200, 150)";
-              l = "lettermod(meta, l, 200, 150)";
-              ";" = "lettermod(alt, ;, 200, 150)";
+            settings.main = let
+              idleTimeout = toString 220;
+              holdTimeout = toString 170;
+            in {
+              a = "lettermod(alt, a, ${idleTimeout}, ${holdTimeout})";
+              s = "lettermod(meta, s, ${idleTimeout}, ${holdTimeout})";
+              d = "lettermod(control, d, ${idleTimeout}, ${holdTimeout})";
+              f = "lettermod(shift, f, ${idleTimeout}, ${holdTimeout})";
+              j = "lettermod(shift, j, ${idleTimeout}, ${holdTimeout})";
+              k = "lettermod(control, k, ${idleTimeout}, ${holdTimeout})";
+              l = "lettermod(meta, l, ${idleTimeout}, ${holdTimeout})";
+              ";" = "lettermod(alt, ;, ${idleTimeout}, ${holdTimeout})";
             };
           };
         };

modules/shared/nixos/security/default.nix

@@ -0,0 +1,123 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf mkDefault;
+in {
+  security = {
+    sudo.enable = false;
+    # doas.enable = true;
+    sudo-rs = {
+      enable = true;
+      execWheelOnly = true;
+    };
+    polkit = {
+      enable = true;
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+          if (
+            subject.isInGroup("users")
+              && (
+                action.id == "org.freedesktop.login1.reboot" ||
+                action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+                action.id == "org.freedesktop.login1.power-off" ||
+                action.id == "org.freedesktop.login1.power-off-multiple-sessions"
+              )
+            )
+          {
+            return polkit.Result.YES;
+          }
+        });
+      '';
+    };
+    apparmor.enable = mkDefault true;
+    pam.sshAgentAuth.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    (mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
+  ];
+  services = {
+    dbus = {
+      apparmor = "enabled";
+      implementation = "broker";
+    };
+    ntpd-rs = {
+      enable = true;
+      #settings = {
+      #  server = {
+      #    require-nts = true;
+      #  };
+      #};
+    };
+  };
+  boot = {
+    kernel.sysctl = {
+      "dev.tty.ldisc_autoload" = 0;
+      "fs.protected_fifos" = 2;
+      "fs.protected_regular" = 2;
+      "fs.suid_dumpable" = 0;
+      "kernel.kptr_restrict" = 2;
+      "kernel_kexec_load_disabled" = 1;
+      # "kernel.modules_disabled" = 1;
+      "kernel.sysrq" = 0;
+      "kernel.unprivileged_bpf_disabled" = 1;
+      "net.ipv4.conf.all.forwarding" = 0;
+      "net.ipv4.conf.all.log_martians" = 1;
+      "net.ipv4.conf.all.rp_filter" = 1;
+      "net.ipv4.conf.all.send_redirects" = 0;
+      "net.ipv4.conf.default.accept_redirects" = 0;
+      "net.ipv4.conf.default.log_martians" = 1;
+      "net.ipv6.conf.all.accept_redirects" = 0;
+      "net.ipv6.conf.default.accept_redirects" = 0;
+    };
+    kernelParams = [
+      "amd_iommu=force_isolation"
+      "debugfs=off"
+      "efi=disable_early_pci_dma"
+      "gather_data_sampling=force"
+      "intel_iommu=on"
+      "iommu.passthrough=0"
+      "iommu.strict=1"
+      "iommu=force"
+      "page_alloc.shuffle=1"
+      "vsyscall=none"
+      # "ia32_emulation=0"
+      # "lockdown=confidentiality"
+      # "module.sig_enforce=1"
+    ];
+
+    blacklistedKernelModules = [
+      # Obscure network protocols
+      "ax25"
+      "netrom"
+      "rose"
+      # Old or rare or insufficiently audited filesystems
+      "adfs"
+      "affs"
+      "bfs"
+      "befs"
+      "cramfs"
+      "efs"
+      "erofs"
+      "exofs"
+      "freevxfs"
+      "f2fs"
+      "hfs"
+      "hpfs"
+      "jfs"
+      "minix"
+      "nilfs2"
+      "ntfs"
+      "omfs"
+      "qnx4"
+      "qnx6"
+      "sysv"
+      "ufs"
+    ];
+  };
+
+  nix.settings.allowed-users = mkDefault ["@users"];
+}

modules/shared/nixos/services.nix

@@ -1,25 +1,25 @@
-{lib, ...}: {
+{
   services = {
     # hardware.openrgb.enable = true;
     avahi.enable = true;
-    flatpak.enable = true;
-    fwupd.enable = true;
-    openssh.enable = true;
-    speechd.enable = lib.mkForce false;
-    syncthing.openDefaultPorts = true;
-    userborn.enable = true;
     dnscrypt-proxy2 = {
       enable = true;
       settings = {
+        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
         require_dnssec = true;
         server_names = ["mullvad-doh"];
-        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
       };
     };
+    flatpak.enable = true;
     fstrim = {
       enable = true;
       interval = "daily";
     };
+    fwupd.enable = true;
+    logind = {
+      lidSwitch = "ignore";
+      powerKey = "suspend";
+    };
     opensnitch = {
       enable = false;
       settings = {
@@ -29,13 +29,10 @@
         ProcMonitorMethod = "ebpf";
       };
     };
-    scx = {
-      enable = true;
-      scheduler = "scx_flash";
-    };
-    logind = {
-      lidSwitch = "ignore";
-      powerKey = "suspend";
-    };
+    openssh.enable = true;
+    scx.enable = true;
+    scx.scheduler = "scx_flash";
+    syncthing.openDefaultPorts = true;
+    userborn.enable = true;
   };
 }

modules/shared/nixos/users.nix

@@ -17,9 +17,7 @@ in {
       hashedPasswordFile = secrets."user-password-hashed".path;
       extraGroups =
         ["wheel" "video" "libvirtd" "dialout"]
-        /*
-        for lisgd
-        */
+        # for lisgd
         ++ lib.optional (hostName == "morphius" && config.desktop.niri.enable) "input";
       isNormalUser = true;
       shell = pkgs.fish;

modules/shared/user/common.nix

@@ -0,0 +1,14 @@
+{
+  inputs,
+  osConfig,
+  ...
+}: {
+  imports = with inputs; [
+    nix-index-database.hmModules.nix-index
+    self.homeModules.desktop
+    self.homeModules.programs
+  ];
+  inherit (osConfig) desktop;
+  home.stateVersion = osConfig.system.stateVersion;
+  home.sessionPath = ["$HOME/.local/bin"];
+}

modules/shared/user/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./common.nix
+    ./flatpak.nix
+    ./programs.nix
+  ];
+}

modules/shared/user/flatpak.nix

@@ -0,0 +1,134 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = with inputs; [
+    nix-flatpak.homeManagerModules.nix-flatpak
+  ];
+  home.packages = with pkgs; [flatpak];
+  services.flatpak = {
+    enable = true;
+    uninstallUnmanaged = true;
+    update.auto = {
+      enable = true;
+      onCalendar = "weekly";
+    };
+    remotes = [
+      {
+        name = "flathub";
+        location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
+      }
+    ];
+    packages =
+      [
+        # browsers
+        "app.zen_browser.zen"
+        # "com.vivaldi.Vivaldi"
+        "net.mullvad.MullvadBrowser"
+        "org.torproject.torbrowser-launcher"
+      ]
+      ++ [
+        # editing
+        "com.github.PintaProject.Pinta" # bootleg paint
+        "org.gimp.GIMP" # the holy gimp
+        "org.kde.kdenlive" # video editor
+      ]
+      ++ [
+        # chatting
+        "im.riot.Riot" # matrix client
+        "io.github.kukuruzka165.materialgram" # telegram client
+        "io.github.spacingbat3.webcord" # discord client
+        # "org.mozilla.Thunderbird" # mail client
+        "org.signal.Signal"
+        # "org.telegram.desktop"
+      ]
+      ++ [
+        # media
+        # "ca.edestcroix.Recordbox" # music player
+        "com.github.neithern.g4music" # music player
+        # "io.bassi.Amberol" # music player
+        "io.freetubeapp.FreeTube" # youtube client
+        # "org.atheme.audacious" # music player
+      ]
+      ++ [
+        # gaming
+        "com.heroicgameslauncher.hgl" # gog/egs launcher
+        "com.valvesoftware.Steam"
+        "net.lutris.Lutris" # everything launcher
+        "org.prismlauncher.PrismLauncher" # minecraft launcher
+        "org.freedesktop.Platform.VulkanLayer.MangoHud//24.08"
+        "org.freedesktop.Platform.VulkanLayer.gamescope//24.08"
+      ]
+      ++ [
+        # misc
+        "app.drey.Warp" # share files using magic wormhole
+        "com.bitwarden.desktop"
+        "com.github.tchx84.Flatseal" # control flatpak permissions
+        "com.logseq.Logseq"
+        "com.obsproject.Studio"
+        "com.usebottles.bottles" # wine containers
+        "de.capypara.FieldMonitor" # libvirt
+        "de.haeckerfelix.Fragments" # torrents
+        "io.github.amit9838.mousam" # weather
+        "io.github.finefindus.Hieroglyphic" # find latex symbols (in rust)
+        "io.github.lainsce.Khronos" # log time for tasks
+        "io.gitlab.news_flash.NewsFlash" # rss reader
+        "me.iepure.devtoolbox" # some cool utils
+        "org.nicotine_plus.Nicotine" # soulseek
+      ];
+    overrides = let
+      homeNoNetwork = {
+        Context.share = ["!network"];
+        Context.filesystems = ["home"];
+      };
+      game.sockets = ["x11" "wayland"];
+      game.folder = folder: ["/storage/games/${folder}" "~/games/${folder}"];
+    in {
+      "global" = {
+        Context = {
+          sockets = ["wayland" "!x11" "!fallback-x11"];
+          filesystems = [
+            "!home"
+            "!host"
+            "!~/.ssh"
+            "/nix/store:ro"
+            "xdg-config/gtk-3.0:ro"
+            "xdg-config/gtk-4.0:ro"
+            "xdg-run/pipewire-0"
+            "~/.local/share/icons:ro"
+          ];
+        };
+        Environment = {
+          ELECTRON_OZONE_PLATFORM_HINT = "wayland";
+        };
+      };
+      "ca.edestcroix.Recordbox".Context.filesystems = ["xdg-music"];
+      "com.valvesoftware.Steam" = {
+        Context = {
+          inherit (game) sockets;
+          filesystems = game.folder "steam";
+        };
+        Environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.3";
+      };
+      "net.lutris.Lutris".Context = {
+        inherit (game) sockets;
+        filesystems = game.folder "lutris";
+      };
+      "com.heroicgameslauncher.hgl".Context = {
+        inherit (game) sockets;
+        filesystems = game.folder "heroic";
+      };
+      "com.github.PintaProject.Pinta" = {inherit (homeNoNetwork) Context;};
+      "com.logseq.Logseq" = {inherit (homeNoNetwork) Context;};
+      "com.obsproject.Studio" = {inherit (homeNoNetwork) Context;};
+      "com.usebottles.Bottles".Context = {inherit (game) sockets;};
+      "io.bassi.Amberol" = {inherit (homeNoNetwork) Context;};
+      "io.freetubeapp.FreeTube" = {inherit (homeNoNetwork) Context;};
+      "org.atheme.audacious" = {inherit (homeNoNetwork) Context;};
+      "org.gimp.GIMP" = {inherit (homeNoNetwork) Context;};
+      "org.kde.kdenlive" = {inherit (homeNoNetwork) Context;};
+      "org.signal.Signal".Environment.SIGNAL_PASSWORD_STORE = "gnome-libsecret";
+    };
+  };
+}

modules/shared/user/programs.nix

@@ -0,0 +1,126 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+in {
+  console.yazi.enable = true;
+  editor.helix.enable = true;
+  shell = {
+    fish.enable = true;
+    oh-my-posh.enable = true;
+  };
+  syncthing.enable = true;
+  # terminal.wezterm.enable = true;
+  terminal.ghostty.enable = true;
+  systemd.user.settings.Manager.DefaultEnvironment = {
+    TERMINAL = "ghostty";
+  };
+
+  services = {
+    pueue.enable = true; # process queue in rust
+    ssh-agent.enable = true;
+  };
+
+  programs = {
+    bat.enable = true; # cat in rust
+    btop = {
+      enable = true;
+      settings.update_ms = 200;
+    };
+    # direnv.enable = true;
+    # direnv.silent = true;
+    eza.enable = true; # ls in rust
+    fd.enable = true; # find in rust
+    fzf.enable = true; # fuzzy finder in rust
+    git = {
+      enable = true;
+      delta.enable = true; # diff in rust
+      signing.format = "ssh";
+      aliases = {
+        cl = "clone";
+        co = "checkout";
+        pom = "push origin main";
+      };
+    };
+    gitui.enable = true; # git ui in rust
+    jujutsu.enable = true; # vcs in rust
+    keychain = {
+      enable = true;
+      keys = ["id_ed25519"];
+    };
+    nix-index-database.comma.enable = true;
+    nix-index.enable = true;
+    nix-your-shell.enable = true;
+    pay-respects.enable = true; # thefuck in rust
+    ripgrep.enable = true; # grep in rust
+    zk.enable = true;
+    zoxide.enable = true; # fuzzy cd in rust
+    zellij.enable = true;
+  };
+
+  home.packages = with pkgs;
+    [
+      # development utils
+      alejandra # nix formatter in rust
+      # devenv # programming deps in rust
+      (mkIf config.programs.jujutsu.enable jj-fzf) # fuzzy finder jujutsu tui
+      just # make in rust
+      silicon # create code pics in rust
+    ]
+    ++ [
+      # console utils
+      # bluetuith # bluetooth tui in go
+      dua # disk space usage in rust
+      duf # better df in go
+      fend # calculator in rust
+      mprocs # process runner in rust
+      ouch # archive manager in rust
+      # procs # ps in rust
+      rbw # bitwarden cli in rust
+      sd # sed in rust
+      systemctl-tui # systemctl tui in rust
+      trashy # trash cli in rust
+    ]
+    ++ [
+      # misc apps
+      adwaita-icon-theme
+      # vial # qmk keyboard configuring app
+      pinentry-qt # pinentry for rbw
+      virt-manager # libvirt gui
+      # waycheck # check wayland protocols
+      gpu-screen-recorder-gtk
+    ]
+    ++ [
+      # gui libadwaita apps
+      celluloid # mpv gui in libadwaita
+      # gnome-text-editor
+      helvum # pipewire patchbay in rust
+      junction # app chooser
+      # loupe # image viewer and editor in rust
+      mission-center # task manager in rust (partly)
+      # nautilus # file manager
+      overskride # bluetooth gui in rust
+      papers # pdf reader in rust
+      pika-backup # borg gui in rust
+      pwvucontrol # pipewire gui in rust
+      sonusmix # pipewire routing tool in rust
+      # wdisplays # wlroots display configurator
+    ];
+
+  xdg.desktopEntries = {
+    uni = {
+      actions."Copy".exec = "fish -c \"~/.local/bin/uni --copy\"";
+      categories = ["Utility" "X-Launch" "Network"];
+      comment = "Select and open or copy URLs from a list.";
+      exec = "fish -c \"~/.local/bin/uni\"";
+      icon = "web-browser";
+      name = "Uni URL Handler";
+      startupNotify = true;
+      terminal = false;
+      type = "Application";
+    };
+  };
+}