niri/services/kanshi: some more config

Signed-off-by: unexplrd <unexplrd@linerds.us>

hosts/dunamis/users/user/home-configuration.nix

@@ -1,7 +1 @@
-{
+{flake, ...}: {imports = [flake.modules.shared.user];}
-  imports = [
-    ./common.nix
-    ./flatpak.nix
-    ./programs.nix
-  ];
-}

hosts/eldrid/users/user/home-configuration.nix

@@ -1,7 +1 @@
-{lib, ...}: {
+{flake, ...}: {imports = [flake.modules.shared.user];}
-  imports = [
-    ../../../dunamis/users/user/common.nix
-    ../../../dunamis/users/user/programs.nix
-    ../../../dunamis/users/user/flatpak.nix
-  ];
-}

hosts/legion/users/user/home-configuration.nix

@@ -1,7 +1 @@
-{
+{flake, ...}: {imports = [flake.modules.shared.user];}
-  imports = [
-    ../../../dunamis/users/user/common.nix
-    ../../../dunamis/users/user/flatpak.nix
-    ../../../dunamis/users/user/programs.nix
-  ];
-}

hosts/morphius/users/user/home-configuration.nix

@@ -1,10 +1 @@
-{lib, ...}: {
+{flake, ...}: {imports = [flake.modules.shared.user];}
-  imports = [
-    ../../../dunamis/users/user/common.nix
-    ../../../dunamis/users/user/programs.nix
-    ../../../dunamis/users/user/flatpak.nix
-  ];
-  systemd.user.settings.Manager.DefaultEnvironment = {
-    TERMINAL = lib.mkForce "ghostty";
-  };
-}

hosts/sarien/configuration.nix

@@ -7,7 +7,7 @@
   imports = with inputs; [
     self.nixosModules.desktop
     self.nixosModules.system
-    self.nixosModules.shared
+    self.modules.shared.nixos
     ./disko
     ./hardware
     ./misc

hosts/sarien/users/user/home-configuration.nix

@@ -1,7 +1 @@
-{
+{flake, ...}: {imports = [flake.modules.shared.user];}
-  imports = [
-    ../../../dunamis/users/user/common.nix
-    ../../../dunamis/users/user/programs.nix
-    ../../../dunamis/users/user/flatpak.nix
-  ];
-}

modules/home/desktop/niri/services/kanshi/default.nix

@@ -1,18 +1,25 @@
 {
   enable = true;
-  settings = [
+  settings = let
+    main = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
+    second = "Samsung Electric Company S24R65x H4TMA03291";
+    builtin = {
+      eldrid = "Chimei Innolux Corporation 0x1406 Unknown";
+      sarien = "LG Display 0x068B Unknown";
+      # morphius =;
+    };
+  in [
     {
       output = {
-        criteria = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
+        criteria = main;
         position = "0,0";
-        scale = 1.33;
+        scale = 4.0 / 3.0;
         adaptiveSync = true;
       };
     }
     {
-      # eldrid built-in
       output = {
-        criteria = "Chimei Innolux Corporation 0x1406 Unknown";
+        criteria = builtin.eldrid;
         position = "0,0";
         scale = 1.2;
         # adaptiveSync = true;
@@ -20,7 +27,15 @@
     }
     {
       output = {
-        criteria = "Samsung Electric Company S24R65x H4TMA03291";
+        criteria = builtin.sarien;
+        position = "0,0";
+        scale = 1.25;
+        # adaptiveSync = true;
+      };
+    }
+    {
+      output = {
+        criteria = second;
         mode = "1920x1080@74.973";
         position = "1920,0";
         transform = "90";
@@ -28,39 +43,64 @@
       };
     }
     {
-      profile.name = "desktop";
+      profile = {
-      profile.outputs = [
+        name = "dunamis";
-        {
+        outputs = [{criteria = main;} {criteria = second;}];
-          criteria = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
+      };
-        }
-        {
-          criteria = "Samsung Electric Company S24R65x H4TMA03291";
-        }
-      ];
     }
     {
-      profile.name = "eldrid-docked";
+      profile = {
-      profile.outputs = [
+        name = "eldrid-docked";
-        {
+        outputs = [
-          criteria = "Philips Consumer Electronics Company 27M2N5500 UK02418033254";
+          {
-          position = "0,0";
+            criteria = main;
-        }
+            position = "0,0";
-        {
+            scale = 4.0 / 3.0;
-          # some scaling quirks
+          }
-          criteria = "Chimei Innolux Corporation 0x1406 Unknown";
+          {
-          position = "1933,0";
+            criteria = builtin.eldrid;
-        }
+            position = "1920,0";
-      ];
+          }
+        ];
+      };
     }
     {
-      profile.name = "eldrid-undocked";
+      profile = {
-      profile.outputs = [
+        name = "eldrid-undocked";
-        {
+        outputs = [
-          criteria = "Chimei Innolux Corporation 0x1406 Unknown";
+          {
-          position = "0,0";
+            criteria = builtin.eldrid;
-        }
+            position = "0,0";
-      ];
+          }
+        ];
+      };
+    }
+    {
+      profile = {
+        name = "sarien-docked";
+        outputs = [
+          {
+            criteria = main;
+            position = "0,0";
+            scale = 4.0 / 3.0;
+          }
+          {
+            criteria = builtin.sarien;
+            position = "1920,0";
+          }
+        ];
+      };
+    }
+    {
+      profile = {
+        name = "sarien-undocked";
+        outputs = [
+          {
+            criteria = builtin.sarien;
+            position = "0,0";
+          }
+        ];
+      };
     }
   ];
 }
-

modules/nixos/desktop/default.nix

@@ -1,10 +1,10 @@
 {
   imports = [
     ./common
-    ./cosmic.nix
+    ./cosmic
-    ./gnome.nix
+    ./gnome
-    ./hyprland.nix
+    ./hyprland
-    ./niri.nix
+    ./niri
-    ./plasma.nix
+    ./plasma
   ];
 }

modules/nixos/desktop/plasma/default.nix

@@ -7,9 +7,6 @@
 with lib; let
   cfg = config.desktop.plasma;
 in {
-  imports = [
-    ./common/pipewire.nix
-  ];
   options = {
     desktop.plasma = {
       enable = mkEnableOption "enable plasma desktop";

modules/nixos/shared/security/default.nix

@@ -1,119 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib) mkIf mkDefault;
-in {
-  security = {
-    sudo.enable = false;
-    # doas.enable = true;
-    sudo-rs = {
-      enable = true;
-      execWheelOnly = true;
-    };
-    polkit.enable = true;
-    polkit.extraConfig = ''
-      polkit.addRule(function(action, subject) {
-        if (
-          subject.isInGroup("users")
-            && (
-              action.id == "org.freedesktop.login1.reboot" ||
-              action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
-              action.id == "org.freedesktop.login1.power-off" ||
-              action.id == "org.freedesktop.login1.power-off-multiple-sessions"
-            )
-          )
-        {
-          return polkit.Result.YES;
-        }
-      });
-    '';
-    apparmor.enable = mkDefault true;
-    pam.sshAgentAuth.enable = true;
-  };
-
-  environment.systemPackages = with pkgs; [
-    (mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
-  ];
-
-  services.dbus = {
-    apparmor = "enabled";
-    implementation = "broker";
-  };
-  services.ntpd-rs = {
-    enable = true;
-    #settings = {
-    #  server = {
-    #    require-nts = true;
-    #  };
-    #};
-  };
-
-  boot.kernel.sysctl = {
-    "dev.tty.ldisc_autoload" = 0;
-    "fs.protected_fifos" = 2;
-    "fs.protected_regular" = 2;
-    "fs.suid_dumpable" = 0;
-    "kernel.kptr_restrict" = 2;
-    "kernel_kexec_load_disabled" = 1;
-    # "kernel.modules_disabled" = 1;
-    "kernel.sysrq" = 0;
-    "kernel.unprivileged_bpf_disabled" = 1;
-    "net.ipv4.conf.all.forwarding" = 0;
-    "net.ipv4.conf.all.log_martians" = 1;
-    "net.ipv4.conf.all.rp_filter" = 1;
-    "net.ipv4.conf.all.send_redirects" = 0;
-    "net.ipv4.conf.default.accept_redirects" = 0;
-    "net.ipv4.conf.default.log_martians" = 1;
-    "net.ipv6.conf.all.accept_redirects" = 0;
-    "net.ipv6.conf.default.accept_redirects" = 0;
-  };
-  boot.kernelParams = [
-    "amd_iommu=force_isolation"
-    "debugfs=off"
-    "efi=disable_early_pci_dma"
-    "gather_data_sampling=force"
-    "intel_iommu=on"
-    "iommu.passthrough=0"
-    "iommu.strict=1"
-    "iommu=force"
-    "page_alloc.shuffle=1"
-    "vsyscall=none"
-    # "ia32_emulation=0"
-    # "lockdown=confidentiality"
-    # "module.sig_enforce=1"
-  ];
-
-  boot.blacklistedKernelModules = [
-    # Obscure network protocols
-    "ax25"
-    "netrom"
-    "rose"
-    # Old or rare or insufficiently audited filesystems
-    "adfs"
-    "affs"
-    "bfs"
-    "befs"
-    "cramfs"
-    "efs"
-    "erofs"
-    "exofs"
-    "freevxfs"
-    "f2fs"
-    "hfs"
-    "hpfs"
-    "jfs"
-    "minix"
-    "nilfs2"
-    "ntfs"
-    "omfs"
-    "qnx4"
-    "qnx6"
-    "sysv"
-    "ufs"
-  ];
-
-  nix.settings.allowed-users = mkDefault ["@users"];
-}

modules/shared/nixos/default.nix

@@ -44,15 +44,18 @@ in {
         keyboards = {
           internal = {
             ids = ["0001:0001" "048d:c101"];
-            settings.main = {
+            settings.main = let
-              a = "lettermod(alt, a, 200, 150)";
+              idleTimeout = toString 200;
-              s = "lettermod(meta, s, 200, 150)";
+              holdTimeout = toString 150;
-              d = "lettermod(control, d, 200, 150)";
+            in {
-              f = "lettermod(shift, f, 200, 150)";
+              a = "lettermod(alt, a, ${idleTimeout}, ${holdTimeout})";
-              j = "lettermod(shift, j, 200, 150)";
+              s = "lettermod(meta, s, ${idleTimeout}, ${holdTimeout})";
-              k = "lettermod(control, k, 200, 150)";
+              d = "lettermod(control, d, ${idleTimeout}, ${holdTimeout})";
-              l = "lettermod(meta, l, 200, 150)";
+              f = "lettermod(shift, f, ${idleTimeout}, ${holdTimeout})";
-              ";" = "lettermod(alt, ;, 200, 150)";
+              j = "lettermod(shift, j, ${idleTimeout}, ${holdTimeout})";
+              k = "lettermod(control, k, ${idleTimeout}, ${holdTimeout})";
+              l = "lettermod(meta, l, ${idleTimeout}, ${holdTimeout})";
+              ";" = "lettermod(alt, ;, ${idleTimeout}, ${holdTimeout})";
             };
           };
         };

modules/shared/nixos/security/default.nix

@@ -0,0 +1,123 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf mkDefault;
+in {
+  security = {
+    sudo.enable = false;
+    # doas.enable = true;
+    sudo-rs = {
+      enable = true;
+      execWheelOnly = true;
+    };
+    polkit = {
+      enable = true;
+      extraConfig = ''
+        polkit.addRule(function(action, subject) {
+          if (
+            subject.isInGroup("users")
+              && (
+                action.id == "org.freedesktop.login1.reboot" ||
+                action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
+                action.id == "org.freedesktop.login1.power-off" ||
+                action.id == "org.freedesktop.login1.power-off-multiple-sessions"
+              )
+            )
+          {
+            return polkit.Result.YES;
+          }
+        });
+      '';
+    };
+    apparmor.enable = mkDefault true;
+    pam.sshAgentAuth.enable = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    (mkIf config.security.doas.enable doas-sudo-shim) # if doas install doas sudo shim
+  ];
+  services = {
+    dbus = {
+      apparmor = "enabled";
+      implementation = "broker";
+    };
+    ntpd-rs = {
+      enable = true;
+      #settings = {
+      #  server = {
+      #    require-nts = true;
+      #  };
+      #};
+    };
+  };
+  boot = {
+    kernel.sysctl = {
+      "dev.tty.ldisc_autoload" = 0;
+      "fs.protected_fifos" = 2;
+      "fs.protected_regular" = 2;
+      "fs.suid_dumpable" = 0;
+      "kernel.kptr_restrict" = 2;
+      "kernel_kexec_load_disabled" = 1;
+      # "kernel.modules_disabled" = 1;
+      "kernel.sysrq" = 0;
+      "kernel.unprivileged_bpf_disabled" = 1;
+      "net.ipv4.conf.all.forwarding" = 0;
+      "net.ipv4.conf.all.log_martians" = 1;
+      "net.ipv4.conf.all.rp_filter" = 1;
+      "net.ipv4.conf.all.send_redirects" = 0;
+      "net.ipv4.conf.default.accept_redirects" = 0;
+      "net.ipv4.conf.default.log_martians" = 1;
+      "net.ipv6.conf.all.accept_redirects" = 0;
+      "net.ipv6.conf.default.accept_redirects" = 0;
+    };
+    kernelParams = [
+      "amd_iommu=force_isolation"
+      "debugfs=off"
+      "efi=disable_early_pci_dma"
+      "gather_data_sampling=force"
+      "intel_iommu=on"
+      "iommu.passthrough=0"
+      "iommu.strict=1"
+      "iommu=force"
+      "page_alloc.shuffle=1"
+      "vsyscall=none"
+      # "ia32_emulation=0"
+      # "lockdown=confidentiality"
+      # "module.sig_enforce=1"
+    ];
+
+    blacklistedKernelModules = [
+      # Obscure network protocols
+      "ax25"
+      "netrom"
+      "rose"
+      # Old or rare or insufficiently audited filesystems
+      "adfs"
+      "affs"
+      "bfs"
+      "befs"
+      "cramfs"
+      "efs"
+      "erofs"
+      "exofs"
+      "freevxfs"
+      "f2fs"
+      "hfs"
+      "hpfs"
+      "jfs"
+      "minix"
+      "nilfs2"
+      "ntfs"
+      "omfs"
+      "qnx4"
+      "qnx6"
+      "sysv"
+      "ufs"
+    ];
+  };
+
+  nix.settings.allowed-users = mkDefault ["@users"];
+}

modules/shared/nixos/services.nix

@@ -1,25 +1,25 @@
-{lib, ...}: {
+{
   services = {
     # hardware.openrgb.enable = true;
     avahi.enable = true;
-    flatpak.enable = true;
-    fwupd.enable = true;
-    openssh.enable = true;
-    speechd.enable = lib.mkForce false;
-    syncthing.openDefaultPorts = true;
-    userborn.enable = true;
     dnscrypt-proxy2 = {
       enable = true;
       settings = {
+        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
         require_dnssec = true;
         server_names = ["mullvad-doh"];
-        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
       };
     };
+    flatpak.enable = true;
     fstrim = {
       enable = true;
       interval = "daily";
     };
+    fwupd.enable = true;
+    logind = {
+      lidSwitch = "ignore";
+      powerKey = "suspend";
+    };
     opensnitch = {
       enable = false;
       settings = {
@@ -29,13 +29,10 @@
         ProcMonitorMethod = "ebpf";
       };
     };
-    scx = {
+    openssh.enable = true;
-      enable = true;
+    scx.enable = true;
-      scheduler = "scx_flash";
+    scx.scheduler = "scx_flash";
-    };
+    syncthing.openDefaultPorts = true;
-    logind = {
+    userborn.enable = true;
-      lidSwitch = "ignore";
-      powerKey = "suspend";
-    };
   };
 }

modules/shared/nixos/users.nix

@@ -17,9 +17,7 @@ in {
       hashedPasswordFile = secrets."user-password-hashed".path;
       extraGroups =
         ["wheel" "video" "libvirtd" "dialout"]
-        /*
+        # for lisgd
-        for lisgd
-        */
         ++ lib.optional (hostName == "morphius" && config.desktop.niri.enable) "input";
       isNormalUser = true;
       shell = pkgs.fish;

modules/shared/user/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./common.nix
+    ./flatpak.nix
+    ./programs.nix
+  ];
+}