diff options
Diffstat (limited to 'nix/modules')
| -rw-r--r-- | nix/modules/configuration.nix | 11 | ||||
| -rw-r--r-- | nix/modules/home/default.nix | 3 | ||||
| -rw-r--r-- | nix/modules/home/firefox.nix | 2 | ||||
| -rw-r--r-- | nix/modules/home/hyprland.nix | 36 | ||||
| -rw-r--r-- | nix/modules/home/secrets.nix | 43 | ||||
| -rw-r--r-- | nix/modules/secrets.nix | 24 | ||||
| -rw-r--r-- | nix/modules/ssh.nix | 2 | ||||
| -rw-r--r-- | nix/modules/vars.nix | 2 | ||||
| -rw-r--r-- | nix/modules/znc.nix | 4 |
9 files changed, 92 insertions, 35 deletions
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index caeb1f7..7234333 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -53,6 +53,10 @@ boot = { + + extraModprobeConfig = '' + options snd-usb-audio vid=0x1235 pid=0x8200 device_setup=1 +''; extraModulePackages = [ ]; initrd = { @@ -89,6 +93,7 @@ ]; kernelParams = [ + "usbcore.autosuspend=-1" "debugfs=off" "page_alloc.shuffle=1" "slab_nomerge" @@ -278,13 +283,13 @@ }; xdg.portal = { - enable = true; + enable = (! config.monorepo.profiles.ttyonly.enable); wlr.enable = true; - extraPortals = with pkgs; [ + extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ xdg-desktop-portal-gtk xdg-desktop-portal xdg-desktop-portal-hyprland - ]; + ] else []; config.common.default = "*"; }; diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix index 7bfee42..596e236 100644 --- a/nix/modules/home/default.nix +++ b/nix/modules/home/default.nix @@ -1,6 +1,7 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, sops-nix, ... }: { imports = [ + sops-nix.homeManagerModules.sops ../vars.nix ./fcitx.nix ./secrets.nix diff --git a/nix/modules/home/firefox.nix b/nix/modules/home/firefox.nix index 7e51433..b99544b 100644 --- a/nix/modules/home/firefox.nix +++ b/nix/modules/home/firefox.nix @@ -2,11 +2,11 @@ { programs.firefox = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + package = pkgs.firefox-bin; policies = { EnableTrackingProtection = true; OfferToSaveLogins = false; }; - package = pkgs.firefox-wayland; profiles = { default = { id = 0; diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix index 9f9e4fe..819f1fa 100644 --- a/nix/modules/home/hyprland.nix +++ b/nix/modules/home/hyprland.nix @@ -36,24 +36,24 @@ monitor = [ "Unknown-1,disable" ]; - windowrule = [ - "workspace 1, title:(^(.*emacs.*)$)" - "workspace 2, title:(^(.*firefox.*)$)" - "workspace 2, title:(^(.*Tor Browser.*)$)" - "workspace 2, title:(^(.*Chromium-browser.*)$)" - "workspace 2, title:(^(.*chromium.*)$)" - "workspace 3, title:(^(.*discord.*)$)" - "workspace 3, title:^(.*vesktop.*)$)" - "workspace 3, title:(^(.*fluffychat.*)$)" - "workspace 3, title:(^(.*element-desktop.*)$)" - "workspace 4, title:(^(.*qpwgraph.*)$)" - "workspace 4, title:(^(.*mpv.*)$)" - "workspace 5, title:(^(.*Monero.*)$)" - "workspace 5, title:(^(.*org\.bitcoin\..*)$)" - "workspace 5, title:(^(.*Bitcoin Core - preston.*)$)" - "workspace 5, title:(^(.*org\.getmonero\..*)$)" - "workspace 5, title:(^(.*Monero - preston.*)$)" - "workspace 5, title:(^(.*electrum.*)$)" + windowrulev2 = [ + "workspace 1, class:^(emacs)$" + "workspace 2, class:^(firefox)$" + "workspace 2, title:^(.*Tor Browser.*)$" + "workspace 2, title:^(.*Chromium-browser.*)$" + "workspace 2, class:^(chromium)$" + "workspace 3, class:^(discord)$" + "workspace 3, class:^(vesktop)$" + "workspace 3, title:^(.*fluffychat.*)$" + "workspace 3, class:^(.*element-desktop.*)$" + "workspace 4, class:^(.*qpwgraph.*)$" + "workspace 4, class:^(.*mpv.*)$" + "workspace 5, title:^(.*Monero.*)$" + "workspace 5, title:^(.*org\.bitcoin\..*)$" + "workspace 5, title:^(.*Bitcoin Core - preston.*)$" + "workspace 5, title:^(.*org\.getmonero\..*)$" + "workspace 5, title:^(.*Monero - preston.*)$" + "workspace 5, title:^(.*electrum.*)$" "pseudo,title:fcitx" ]; bind = [ diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix index 29e8c4c..20c3d44 100644 --- a/nix/modules/home/secrets.nix +++ b/nix/modules/home/secrets.nix @@ -5,15 +5,42 @@ age = { keyFile = "/home/${config.monorepo.vars.userName}/.ssh/keys.txt"; }; - secrets.mail = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/mail"; - }; - secrets.digikey = { - format = "yaml"; - path = "${config.sops.defaultSymlinkPath}/digikey"; - }; + secrets = { + mail = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/mail"; + }; + cloudflare-dns = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/cloudflare-dns"; + }; + digikey = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/digikey"; + }; + dn42 = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/dn42"; + }; + znc = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/znc"; + }; + znc_password_salt = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/znc_password_salt"; + }; + znc_password_hash = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/znc_password_hash"; + }; + + matrix_bridge = { + format = "yaml"; + path = "${config.sops.defaultSymlinkPath}/matrix_bridge"; + }; + }; defaultSymlinkPath = "/run/user/1000/secrets"; defaultSecretsMountPoint = "/run/user/1000/secrets.d"; }; diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix index 943f41f..29504f6 100644 --- a/nix/modules/secrets.nix +++ b/nix/modules/secrets.nix @@ -8,26 +8,50 @@ secrets = { mail = { format = "yaml"; + sopsFile = config.sops.defaultSopsFile; +# sopsFile = ../../secrets/secrets.yaml; path = "${config.sops.defaultSymlinkPath}/mail"; }; cloudflare-dns = { format = "yaml"; + sopsFile = config.sops.defaultSopsFile; path = "${config.sops.defaultSymlinkPath}/cloudflare-dns"; }; digikey = { format = "yaml"; + sopsFile = config.sops.defaultSopsFile; path = "${config.sops.defaultSymlinkPath}/digikey"; }; dn42 = { format = "yaml"; + sopsFile = config.sops.defaultSopsFile; +# sopsFile = ../../secrets/secrets.yaml; path = "${config.sops.defaultSymlinkPath}/dn42"; }; znc = { format = "yaml"; + sopsFile = config.sops.defaultSopsFile; +# sopsFile = ../../secrets/secrets.yaml; path = "${config.sops.defaultSymlinkPath}/znc"; }; + znc_password_salt = { + format = "yaml"; + sopsFile = config.sops.defaultSopsFile; +# sopsFile = ../../secrets/secrets.yaml; + path = "${config.sops.defaultSymlinkPath}/znc_password_salt"; + }; + + znc_password_hash = { + format = "yaml"; + sopsFile = config.sops.defaultSopsFile; +# sopsFile = ../../secrets/secrets.yaml; + path = "${config.sops.defaultSymlinkPath}/znc_password_hash"; + }; + matrix_bridge = { format = "yaml"; + sopsFile = config.sops.defaultSopsFile; +# sopsFile = ../../secrets/secrets.yaml; path = "${config.sops.defaultSymlinkPath}/matrix_bridge"; }; }; diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix index 076ee47..db0ebd3 100644 --- a/nix/modules/ssh.nix +++ b/nix/modules/ssh.nix @@ -5,7 +5,7 @@ settings = { PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable); AllowUsers = [ config.monorepo.vars.userName "root" "git" ]; - PermitRootLogin = "yes"; + PermitRootLogin = "prohibit-password"; KbdInteractiveAuthentication = false; }; }; diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix index 48da971..4b7c894 100644 --- a/nix/modules/vars.nix +++ b/nix/modules/vars.nix @@ -8,7 +8,7 @@ description = "device that NixOS is installed to"; }; - myDiskoSpec = lib.mkOption { + diskoSpec = lib.mkOption { type = lib.types.attrs; description = "retains a copy of the disko spec for reflection"; }; diff --git a/nix/modules/znc.nix b/nix/modules/znc.nix index c2e2079..5570802 100644 --- a/nix/modules/znc.nix +++ b/nix/modules/znc.nix @@ -8,8 +8,8 @@ passBlock = '' <Pass password> Method = sha256 - Hash = d4abdd69aa24de69693885c5bd83a4a0e9ee989e1a69a905041b0dad9abc06ea - Salt = sDY,?H5AxC-!gH3a.:)D + Hash = ${config.sops.secrets.znc_password_hash} + Salt = ${config.sops.secrets.znc_password_salt} </Pass> ''; modules = [ |