aboutsummaryrefslogtreecommitdiff
path: root/nix/systems
diff options
context:
space:
mode:
Diffstat (limited to 'nix/systems')
-rw-r--r--nix/systems/desktop/configuration.nix399
-rw-r--r--nix/systems/desktop/home.nix14
-rw-r--r--nix/systems/desktop/sda-simple.nix39
-rw-r--r--nix/systems/desktop/user.nix1395
-rw-r--r--nix/systems/desktop/vars.nix54
-rw-r--r--nix/systems/installer/commits.nix4
-rw-r--r--nix/systems/installer/iso.nix181
7 files changed, 2086 insertions, 0 deletions
diff --git a/nix/systems/desktop/configuration.nix b/nix/systems/desktop/configuration.nix
new file mode 100644
index 0000000..8359d25
--- /dev/null
+++ b/nix/systems/desktop/configuration.nix
@@ -0,0 +1,399 @@
+{ pkgs, lib, ... }:
+let
+ vars = import ./vars.nix;
+in
+{
+ imports = [];
+
+ hardware.enableAllFirmware = true;
+
+ documentation = {
+ enable = true;
+ man.enable = true;
+ dev.enable = true;
+ };
+
+ environment = {
+ etc = {
+ securetty.text = ''
+ # /etc/securetty: list of terminals on which root is allowed to login.
+ # See securetty(5) and login(1).
+ '';
+ };
+ };
+
+ systemd = {
+ coredump.enable = false;
+ network.config.networkConfig.IPv6PrivacyExtensions = "kernel";
+ tmpfiles.settings = {
+ "restricthome"."/home/*".Z.mode = "~0700";
+
+ "restrictetcnixos"."/etc/nixos/*".Z = {
+ mode = "0000";
+ user = "root";
+ group = "root";
+ };
+ };
+ };
+
+
+ boot = {
+ extraModulePackages = [ ];
+
+ initrd = {
+ availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "usb_storage"
+ "sd_mod"
+ "nvme"
+ "sd_mod"
+ "ehci_pci"
+ "rtsx_pci_sdmmc"
+ "usbhid"
+ ];
+
+ kernelModules = [ ];
+ };
+
+ lanzaboote = {
+ enable = vars.secureBoot;
+ pkiBundle = "/etc/secureboot";
+ };
+
+ loader = {
+ systemd-boot.enable = lib.mkForce (! vars.secureBoot);
+ efi.canTouchEfiVariables = true;
+ };
+
+ kernelModules = [
+ "snd-seq"
+ "snd-rawmidi"
+ "xhci_hcd"
+ "kvm_intel"
+ ];
+
+ kernelParams = [
+ "debugfs=off"
+ "page_alloc.shuffle=1"
+ "slab_nomerge"
+ "page_poison=1"
+
+ # madaidan
+ "pti=on"
+ "randomize_kstack_offset=on"
+ "vsyscall=none"
+ "module.sig_enforce=1"
+ "lockdown=confidentiality"
+
+ # cpu
+ "spectre_v2=on"
+ "spec_store_bypass_disable=on"
+ "tsx=off"
+ "tsx_async_abort=full,nosmt"
+ "mds=full,nosmt"
+ "l1tf=full,force"
+ "nosmt=force"
+ "kvm.nx_huge_pages=force"
+
+ # hardened
+ "extra_latent_entropy"
+
+ # mineral
+ "init_on_alloc=1"
+ "random.trust_cpu=off"
+ "random.trust_bootloader=off"
+ "intel_iommu=on"
+ "amd_iommu=force_isolation"
+ "iommu=force"
+ "iommu.strict=1"
+ "init_on_free=1"
+ "quiet"
+ "loglevel=0"
+ ];
+
+ blacklistedKernelModules = [
+ "netrom"
+ "rose"
+
+ "adfs"
+ "affs"
+ "bfs"
+ "befs"
+ "cramfs"
+ "efs"
+ "erofs"
+ "exofs"
+ "freevxfs"
+ "f2fs"
+ "hfs"
+ "hpfs"
+ "jfs"
+ "minix"
+ "nilfs2"
+ "ntfs"
+ "omfs"
+ "qnx4"
+ "qnx6"
+ "sysv"
+ "ufs"
+ ];
+
+ kernel.sysctl = {
+ "kernel.ftrace_enabled" = false;
+ "net.core.bpf_jit_enable" = false;
+ "kernel.kptr_restrict" = 2;
+
+ # madaidan
+ "vm.swappiness" = 1;
+ "vm.unprivileged_userfaultfd" = 0;
+ "dev.tty.ldisc_autoload" = 0;
+ "kernel.kexec_load_disabled" = 1;
+ "kernel.sysrq" = 4;
+ "kernel.perf_event_paranoid" = 3;
+
+ # net
+ "net.ipv4.icmp_echo_ignore_broadcasts" = true;
+
+ "net.ipv4.conf.all.accept_redirects" = false;
+ "net.ipv4.conf.all.secure_redirects" = false;
+ "net.ipv4.conf.default.accept_redirects" = false;
+ "net.ipv4.conf.default.secure_redirects" = false;
+ "net.ipv6.conf.all.accept_redirects" = false;
+ "net.ipv6.conf.default.accept_redirects" = false;
+ };
+ };
+
+ networking = {
+ useDHCP = lib.mkDefault true;
+ hostName = vars.hostName;
+ networkmanager = {
+ enable = true;
+ # wifi.macAddress = "";
+ };
+ firewall = {
+ allowedTCPPorts = [ ];
+ allowedUDPPorts = [ ];
+ };
+ };
+
+ hardware = {
+ cpu.intel.updateMicrocode = true;
+ bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ };
+
+ graphics = {
+ enable = true;
+ };
+
+ pulseaudio.enable = false;
+ };
+
+ services = {
+ chrony = {
+ enable = true;
+ enableNTS = true;
+ servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ];
+ };
+
+ jitterentropy-rngd.enable = true;
+ resolved.dnssec = true;
+ # usbguard.enable = true;
+ usbguard.enable = false;
+ dbus = {
+ apparmor = "enabled";
+ };
+
+ tor = {
+ enable = true;
+ openFirewall = true;
+ client = {
+ enable = true;
+ socksListenAddress = {
+ IsolateDestAddr = true;
+ addr = "127.0.0.1";
+ port = 9050;
+ };
+ dns.enable = true;
+ };
+ torsocks = {
+ enable = true;
+ server = "127.0.0.1:9050";
+ };
+ };
+
+ xserver = {
+ displayManager = {
+ startx.enable = true;
+ };
+
+ windowManager = {
+ i3 = {
+ enable = true;
+ package = pkgs.i3-gaps;
+ };
+ };
+
+ desktopManager = {
+ runXdgAutostartIfNone = true;
+ };
+
+ xkb = {
+ layout = "us";
+ variant = "";
+ options = "caps:escape";
+ };
+
+ videoDrivers = vars.videoDrivers;
+ enable = true;
+ };
+
+ pipewire = {
+ enable = true;
+ alsa = {
+ enable = true;
+ support32Bit = true;
+ };
+ pulse.enable = true;
+ jack.enable = true;
+ wireplumber.enable = true;
+ extraConfig.pipewire-pulse."92-low-latency" = {
+ "context.properties" = [
+ {
+ name = "libpipewire-module-protocol-pulse";
+ args = { };
+ }
+ ];
+ "pulse.properties" = {
+ "pulse.min.req" = "32/48000";
+ "pulse.default.req" = "32/48000";
+ "pulse.max.req" = "32/48000";
+ "pulse.min.quantum" = "32/48000";
+ "pulse.max.quantum" = "32/48000";
+ };
+ "stream.properties" = {
+ "node.latency" = "32/48000";
+ "resample.quality" = 1;
+ };
+ };
+ };
+
+ kanata = {
+ enable = true;
+ };
+
+ openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = true;
+ AllowUsers = [ vars.userName ];
+ PermitRootLogin = "no";
+ KbdInteractiveAuthentication = false;
+ };
+ };
+
+ # Misc.
+ udev = {
+ extraRules = '''';
+ packages = with pkgs; [
+ platformio-core
+ platformio-core.udev
+ openocd
+ ];
+ };
+
+ printing.enable = true;
+ udisks2.enable = true;
+ };
+
+ programs = {
+ nix-ld.enable = true;
+ zsh.enable = true;
+ light.enable = true;
+ ssh.enableAskPassword = false;
+ };
+
+ nixpkgs = {
+ hostPlatform = lib.mkDefault "x86_64-linux";
+ config = {
+ allowUnfree = true;
+ cudaSupport = false;
+ };
+ };
+
+ security = {
+ apparmor = {
+ enable = true;
+ killUnconfinedConfinables = true;
+ };
+
+ pam.loginLimits = [
+ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; }
+ { domain = "*"; item = "memlock"; type = "-"; value = "32768"; }
+ ];
+ rtkit.enable = true;
+
+ lockKernelModules = true;
+ protectKernelImage = true;
+ allowSimultaneousMultithreading = false;
+ forcePageTableIsolation = true;
+
+ tpm2 = {
+ enable = true;
+ pkcs11.enable = true;
+ tctiEnvironment.enable = true;
+ };
+
+ auditd.enable = true;
+ audit.enable = true;
+ chromiumSuidSandbox.enable = true;
+ sudo.enable = true;
+ };
+
+ xdg.portal = {
+ enable = true;
+ wlr.enable = true;
+ extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal xdg-desktop-portal-hyprland ];
+ config.common.default = "*";
+ };
+
+ environment.systemPackages = with pkgs; [
+ cryptsetup
+ restic
+ sbctl
+ linux-manual
+ man-pages
+ man-pages-posix
+ tree
+ ];
+
+
+ users.users = {
+ root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
+ ];
+
+ "${vars.userName}" = {
+ initialPassword = "${vars.userName}";
+ isNormalUser = true;
+ description = vars.fullName;
+ extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ];
+ shell = pkgs.zsh;
+ packages = [];
+ };
+ };
+
+
+ nix.settings.experimental-features = "nix-command flakes";
+ time.timeZone = vars.timeZone;
+ i18n.defaultLocale = "en_CA.UTF-8";
+
+ system = {
+ stateVersion = "24.11";
+ nixos = {
+ tags = [ "continuity-2.0" ];
+ };
+ };
+}
diff --git a/nix/systems/desktop/home.nix b/nix/systems/desktop/home.nix
new file mode 100644
index 0000000..166bd16
--- /dev/null
+++ b/nix/systems/desktop/home.nix
@@ -0,0 +1,14 @@
+{ sops-nix, ... }:
+let
+ vars = import ./vars.nix;
+in
+{
+ home-manager = {
+ sharedModules = [
+ sops-nix.homeManagerModules.sops
+ ];
+ useGlobalPkgs = true;
+ useUserPackages = true;
+ users."${vars.userName}" = ./user.nix;
+ };
+}
diff --git a/nix/systems/desktop/sda-simple.nix b/nix/systems/desktop/sda-simple.nix
new file mode 100644
index 0000000..86263dd
--- /dev/null
+++ b/nix/systems/desktop/sda-simple.nix
@@ -0,0 +1,39 @@
+# This will install a simple system with a root and boot partition.
+# Make sure to change the entry device entry to the one that you
+# are installing the configuration to.
+{
+ disko.devices = {
+ disk = {
+ my-disk = {
+ # change this entry
+ device = "/dev/sda";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ type = "EF00";
+ size = "500M";
+ priority = 1;
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ root = {
+ size = "100%";
+ priority = 2;
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/nix/systems/desktop/user.nix b/nix/systems/desktop/user.nix
new file mode 100644
index 0000000..85dcd20
--- /dev/null
+++ b/nix/systems/desktop/user.nix
@@ -0,0 +1,1395 @@
+{ lib, config, pkgs, wallpapers, scripts, ... }:
+let
+ vars = import ./vars.nix;
+in
+{
+ sops = {
+ defaultSopsFile = ../../secrets/secrets.yaml;
+ age = {
+ keyFile = "/home/${vars.userName}/.ssh/keys.txt";
+ };
+ secrets.mail = {
+ format = "yaml";
+ path = "${config.sops.defaultSymlinkPath}/mail";
+ };
+ secrets.digikey = {
+ format = "yaml";
+ path = "${config.sops.defaultSymlinkPath}/digikey";
+ };
+
+ defaultSymlinkPath = "/run/user/1000/secrets";
+ defaultSecretsMountPoint = "/run/user/1000/secrets.d";
+ };
+
+ home = {
+ activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] ''
+ if [ ! -d "/home/${vars.userName}/org/website/" ]; then
+ mkdir -p /home/${vars.userName}/org/website/
+ ${pkgs.git}/bin/git clone https://git.${vars.remoteHost}/ret2pop-website.git /home/${vars.userName}/org/website/
+ fi
+
+ if [ ! -d "/home/${vars.userName}/src/publish-org-roam-ui" ]; then
+ mkdir -p /home/${vars.userName}/src
+ ${pkgs.git}/bin/git clone https://git.${vars.remoteHost}/publish-org-roam-ui.git /home/${vars.userName}/src/publish-org-roam-ui
+ fi
+
+ if [ ! -d "/home/${vars.userName}/.password-store" ]; then
+ ${pkgs.git}/bin/git clone https://git.${vars.remoteHost}/passwords.git /home/${vars.userName}/.password-store
+ fi
+
+ if [ ! -d "/home/${vars.userName}/email/ret2pop/" ]; then
+ mkdir -p /home/${vars.userName}/email/ret2pop/
+ fi
+
+ if [ ! -d "/home/${vars.userName}/music" ]; then
+ mkdir -p /home/${vars.userName}/music
+ fi
+
+ if [ ! -d "/home/${vars.userName}/sounds" ]; then
+ mkdir -p /home/${vars.userName}/sounds
+ fi
+ touch /home/${vars.userName}/org/agenda.org
+ touch /home/${vars.userName}/org/notes.org
+
+ if [ ! -f "/home/${vars.userName}/.toughnix" ]; then
+ echo "Don't delete this file. Autogen by home manager" > "/home/${vars.userName}/.toughnix"
+ fi
+ '';
+
+ enableNixpkgsReleaseCheck = false;
+ username = vars.userName;
+ homeDirectory = "/home/${vars.userName}";
+ stateVersion = "24.11";
+
+ packages = with pkgs; [
+ # kicad
+ age
+ acpilight
+ alsa-utils
+ autobuild
+ bash-language-server
+ bear
+ bitcoin
+ bun
+ cargo
+ clang
+ clang-tools
+ curl
+ electrum
+ ffmpeg
+ fira-code
+ font-awesome_6
+ fswebcam
+ gdb
+ ghostscript
+ git
+ gnumake
+ gnupg
+ graphviz
+ grim
+ gum
+ (writeShellScriptBin "post-install" ''
+cd $HOME
+ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the post-install..." || nmtui
+sudo chown -R "$(whoami)":users toughnix
+
+sudo nixos-rebuild switch --flake ./toughnix#continuity
+echo "Post install done! Now install your ssh and gpg keys. Log in again."
+sleep 3
+exit
+'')
+ helvum
+ imagemagick
+ inkscape
+ jq
+ krita
+ libnotify
+ miniserve
+ monero-cli
+ monero-gui
+ mpc-cli
+ mu
+ nil
+ nixd
+ nixfmt-rfc-style
+ nodejs
+ noto-fonts
+ noto-fonts-cjk-sans
+ noto-fonts-emoji
+ octaveFull
+ openscad
+ openscad-lsp
+ pandoc
+ passExtensions.pass-otp
+ pavucontrol
+ pfetch
+ pinentry
+ poetry
+ python3
+ python312Packages.jedi
+ rsync
+ rust-analyzer
+ rustfmt
+ solc
+ sops
+ sox
+ swww
+ texliveFull
+ tor-browser
+ torsocks
+ typescript
+ vesktop
+ vim
+ vscode-langservers-extracted
+ x11_ssh_askpass
+ xdg-utils
+ yarn
+ (aspellWithDicts
+ (dicts: with dicts; [ en en-computers en-science ]))
+ (nerdfonts.override { fonts = [ "Iosevka" ]; })
+ (pass.withExtensions (ext: with ext; [
+ pass-otp
+ pass-import
+ pass-genphrase
+ pass-update
+ pass-tomb
+ ]))
+ ];
+ };
+
+ services = {
+ mako = {
+ enable = true;
+ backgroundColor = "#11111bf8";
+ textColor = "#cdd6f4";
+ borderColor = "#89b4faff";
+ borderRadius = 1;
+ font = "Fira Code 10";
+ defaultTimeout = 3000;
+ extraConfig = ''
+on-notify=exec mpv /home/${vars.userName}/sounds/notification.wav --no-config --no-video
+'';
+ };
+
+ gpg-agent = {
+ pinentryPackage = pkgs.pinentry-emacs;
+ enable = true;
+ extraConfig = ''
+ allow-emacs-pinentry
+ allow-loopback-pinentry
+ '';
+ };
+
+ gammastep = {
+ enable = true;
+ provider = "manual";
+ latitude = 49.282730;
+ longitude = -123.120735;
+
+ temperature = {
+ day = 5000;
+ night = 3000;
+ };
+
+ settings = {
+ general = {
+ adjustment-method = "wayland";
+ };
+ };
+ };
+
+ mpd = {
+ enable = true;
+ dbFile = "/home/${vars.userName}/.config/mpd/db";
+ dataDir = "/home/${vars.userName}/.config/mpd/";
+ network.port = 6600;
+ musicDirectory = "/home/${vars.userName}/music";
+ playlistDirectory = "/home/${vars.userName}/.config/mpd/playlists";
+ network.listenAddress = "0.0.0.0";
+ extraConfig = ''
+ audio_output {
+ type "pipewire"
+ name "pipewire output"
+ }
+ audio_output {
+ type "httpd"
+ name "My HTTP Stream"
+ encoder "opus" # optional
+ port "8000"
+ # quality "5.0" # do not define if bitrate is defined
+ bitrate "128000" # do not define if quality is defined
+ format "48000:16:1"
+ always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ tags "yes" # httpd supports sending tags to listening streams.
+ }
+ '';
+ };
+ };
+
+ programs = {
+ chromium = {
+ package = pkgs.chromium;
+ enable = true;
+ extensions = [
+ "ddkjiahejlhfcafbddmgiahcphecmpfh" # ublock-origin lite
+ "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
+ "eimadpbcbfnmbkopoojfekhnkhdbieeh" # dark reader
+ "oicakdoenlelpjnkoljnaakdofplkgnd" # tree style tabs
+ "nkbihfbeogaeaoehlefnkodbefgpgknn" # metamask
+ ];
+ };
+
+ mpv = {
+ enable = true;
+ config = {
+ profile = "gpu-hq";
+ force-window = true;
+ ytdl-format = "bestvideo+bestaudio";
+ cache-default = 4000000;
+ };
+ };
+
+ yt-dlp = {
+ enable = true;
+ settings = {
+ embed-thumbnail = true;
+ embed-subs = true;
+ sub-langs = "all";
+ downloader = "aria2c";
+ downloader-args = "aria2c:'-c -x8 -s8 -k1M'";
+ };
+ };
+
+ wofi = {
+ enable = true;
+ settings = {
+ location = "bottom-right";
+ allow_markup = true;
+ show = "drun";
+ width = 750;
+ height = 400;
+ always_parse_args = true;
+ show_all = false;
+ term = "kitty";
+ hide_scroll = true;
+ print_command = true;
+ insensitive = true;
+ prompt = "Run what, Commander?";
+ columns = 2;
+ };
+
+ style = ''
+ @define-color rosewater #f5e0dc;
+ @define-color rosewater-rgb rgb(245, 224, 220);
+ @define-color flamingo #f2cdcd;
+ @define-color flamingo-rgb rgb(242, 205, 205);
+ @define-color pink #f5c2e7;
+ @define-color pink-rgb rgb(245, 194, 231);
+ @define-color mauve #cba6f7;
+ @define-color mauve-rgb rgb(203, 166, 247);
+ @define-color red #f38ba8;
+ @define-color red-rgb rgb(243, 139, 168);
+ @define-color maroon #eba0ac;
+ @define-color maroon-rgb rgb(235, 160, 172);
+ @define-color peach #fab387;
+ @define-color peach-rgb rgb(250, 179, 135);
+ @define-color yellow #f9e2af;
+ @define-color yellow-rgb rgb(249, 226, 175);
+ @define-color green #a6e3a1;
+ @define-color green-rgb rgb(166, 227, 161);
+ @define-color teal #94e2d5;
+ @define-color teal-rgb rgb(148, 226, 213);
+ @define-color sky #89dceb;
+ @define-color sky-rgb rgb(137, 220, 235);
+ @define-color sapphire #74c7ec;
+ @define-color sapphire-rgb rgb(116, 199, 236);
+ @define-color blue #89b4fa;
+ @define-color blue-rgb rgb(137, 180, 250);
+ @define-color lavender #b4befe;
+ @define-color lavender-rgb rgb(180, 190, 254);
+ @define-color text #cdd6f4;
+ @define-color text-rgb rgb(205, 214, 244);
+ @define-color subtext1 #bac2de;
+ @define-color subtext1-rgb rgb(186, 194, 222);
+ @define-color subtext0 #a6adc8;
+ @define-color subtext0-rgb rgb(166, 173, 200);
+ @define-color overlay2 #9399b2;
+ @define-color overlay2-rgb rgb(147, 153, 178);
+ @define-color overlay1 #7f849c;
+ @define-color overlay1-rgb rgb(127, 132, 156);
+ @define-color overlay0 #6c7086;
+ @define-color overlay0-rgb rgb(108, 112, 134);
+ @define-color surface2 #585b70;
+ @define-color surface2-rgb rgb(88, 91, 112);
+ @define-color surface1 #45475a;
+ @define-color surface1-rgb rgb(69, 71, 90);
+ @define-color surface0 #313244;
+ @define-color surface0-rgb rgb(49, 50, 68);
+ @define-color base #1e1e2e;
+ @define-color base-rgb rgb(30, 30, 46);
+ @define-color mantle #181825;
+ @define-color mantle-rgb rgb(24, 24, 37);
+ @define-color crust #11111b;
+ @define-color crust-rgb rgb(17, 17, 27);
+
+ * {
+ font-family: 'Iosevka Nerd Font', monospace;
+ font-size: 14px;
+ }
+
+ /* Window */
+ window {
+ margin: 0px;
+ padding: 10px;
+ border: 0.16em solid @lavender;
+ border-radius: 0.1em;
+ background-color: @base;
+ animation: slideIn 0.5s ease-in-out both;
+ }
+
+ /* Slide In */
+ @keyframes slideIn {
+ 0% {
+ opacity: 0;
+ }
+
+ 100% {
+ opacity: 1;
+ }
+ }
+
+ /* Inner Box */
+ #inner-box {
+ margin: 5px;
+ padding: 10px;
+ border: none;
+ background-color: @base;
+ animation: fadeIn 0.5s ease-in-out both;
+ }
+
+ /* Fade In */
+ @keyframes fadeIn {
+ 0% {
+ opacity: 0;
+ }
+
+ 100% {
+ opacity: 1;
+ }
+ }
+
+ /* Outer Box */
+ #outer-box {
+ margin: 5px;
+ padding: 10px;
+ border: none;
+ background-color: @base;
+ }
+
+ /* Scroll */
+ #scroll {
+ margin: 0px;
+ padding: 10px;
+ border: none;
+ background-color: @base;
+ }
+
+ /* Input */
+ #input {
+ margin: 5px 20px;
+ padding: 10px;
+ border: none;
+ border-radius: 0.1em;
+ color: @text;
+ background-color: @base;
+ animation: fadeIn 0.5s ease-in-out both;
+ }
+
+ #input image {
+ border: none;
+ color: @red;
+ }
+
+ #input * {
+ outline: 4px solid @red!important;
+ }
+
+ /* Text */
+ #text {
+ margin: 5px;
+ border: none;
+ color: @text;
+ animation: fadeIn 0.5s ease-in-out both;
+ }
+
+ #entry {
+ background-color: @base;
+ }
+
+ #entry arrow {
+ border: none;
+ color: @lavender;
+ }
+
+ /* Selected Entry */
+ #entry:selected {
+ border: 0.11em solid @lavender;
+ }
+
+ #entry:selected #text {
+ color: @mauve;
+ }
+
+ #entry:drop(active) {
+ background-color: @lavender!important;
+ }
+ '';
+ };
+
+ kitty = {
+ enable = true;
+ settings = {
+ enable_audio_bell = false;
+ font_family = "Iosevka Nerd Font";
+ font_size = 14;
+ confirm_os_window_close = 0;
+ background_opacity = "0.9";
+ # Catppuccin theme
+ foreground = "#cdd6f4";
+ background = "#1e1e2e";
+ selection_foreground = "#1e1e2e";
+ selection_background = "#f5e0dc";
+ cursor = "#f5e0dc";
+ cursor_text_color = "#1e1e2e";
+ url_color = "#f5e0dc";
+ active_border_color = "#B4BEFE";
+ inactive_border_color = "#6C7086";
+ bell_border_color = "#F9E2AF";
+ wayland_titlebar_color = "#1E1E2E";
+ macos_titlebar_color = "#1E1E2E";
+ active_tab_foreground = "#11111B";
+ active_tab_background = "#CBA6F7";
+ inactive_tab_foreground = "#CDD6F4";
+ inactive_tab_background = "#181825";
+ tab_bar_background = "#11111B";
+ mark1_foreground = "#1E1E2E";
+ mark1_background = "#B4BEFE";
+ mark2_foreground = "#1E1E2E";
+ mark2_background = "#CBA6F7";
+ mark3_foreground = "#1E1E2E";
+ mark3_background = "#74C7EC";
+ color0 = "#45475A";
+ color8 = "#585B70";
+ color1 = "#F38BA8";
+ color9 = "#F38BA8";
+ color2 = "#A6E3A1";
+ color10 = "#A6E3A1";
+ color3 = "#F9E2AF";
+ color11 = "#F9E2AF";
+ color4 = "#89B4FA";
+ color12 = "#89B4FA";
+ color5 = "#F5C2E7";
+ color13 = "#F5C2E7";
+ color6 = "#94E2D5";
+ color14 = "#94E2D5";
+ color7 = "#BAC2DE";
+ color15 = "#A6ADC8";
+ };
+ };
+
+ firefox = {
+ policies = {
+ EnableTrackingProtection = true;
+ OfferToSaveLogins = false;
+ };
+
+ package = pkgs.firefox-wayland;
+ enable = true;
+
+ profiles = {
+ default = {
+ id = 0;
+ name = "default";
+ isDefault = true;
+
+ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+ ublock-origin
+ tree-style-tab
+ firefox-color
+ vimium
+ metamask
+ ];
+
+ settings = {
+ media = {
+ memory_cache_max_size = 65536;
+ cache_readahead_limit = 7200;
+ cache_resume_threshold = 3600;
+ peerconnection.ice = {
+ proxy_only_if_behind_proxy = true;
+ default_address_only = true;
+ };
+ };
+
+ gfx = {
+ content.skia-font-cache-size = 20;
+ canvas.accelerated = {
+ cache-items = 4096;
+ cache-size = 512;
+ };
+ };
+
+ network = {
+ http = {
+ max-connections = 1800;
+ max-persistent-connections-per-server = 10;
+ max-urgent-start-excessive-connections-per-host = 5;
+ referer.XOriginTrimmingPolicy = 2;
+ };
+
+ buffer.cache = {
+ size = 262144;
+ count = 128;
+ };
+
+ dns = {
+ max_high_priority_threads = 8;
+ disablePrefetch = true;
+ };
+
+ pacing.requests.enabled = false;
+ dnsCacheExpiration = 3600;
+ ssl_tokens_cache_capacity = 10240;
+ prefetch-next = false;
+ predictor.enabled = false;
+ cookie.sameSite.noneRequiresSecure = true;
+ IDN_show_punycode = true;
+ auth.subresource-http-auth-allow = 1;
+ captive-portal-service.enabled = false;
+ connectivity-service.enabled = false;
+ };
+
+ browser = {
+ download = {
+ always_ask_before_handling_new_types = true;
+ manager.addToRecentDocs = false;
+ open_pdf_attachments_inline = true;
+ start_downloads_in_tmp_dir = true;
+ };
+
+ urlbar = {
+ suggest.quicksuggest.sponsored = false;
+ suggest.quicksuggest.nonsponsored = false;
+ suggest.calculator = true;
+ update2.engineAliasRefresh = true;
+ unitConversion.enabled = true;
+ trending.featureGate = false;
+ };
+
+ search = {
+ separatePrivateDefault.ui.enabled = true;
+ suggest.enabled = false;
+ };
+
+ newtabpage.activity-stream = {
+ feeds = {
+ topsites = false;
+ section.topstories = false;
+ telemetry = false;
+ };
+ asrouter.userprefs.cfr = {
+ addons = false;
+ features = false;
+ };
+ telemetry = false;
+ };
+
+ privatebrowsing = {
+ vpnpromourl = "";
+ forceMediaMemoryCache = true;
+ };
+
+ display = {
+ focus_ring_on_anything = true;
+ focus_ring_style = 0;
+ focus_ring_width = 0;
+ };
+
+ cache.jsbc_compression_level = 3;
+ helperApps.deleteTempFileOnExit = true;
+ uitour.enabled = false;
+ sessionstore.interval = 60000;
+ formfill.enable = false;
+ xul.error_pages.expert_bad_cert = true;
+ contentblocking.category = "strict";
+ ping-centre.telemetry = false;
+ discovery.enabled = false;
+ shell.checkDefaultBrowser = false;
+ preferences.moreFromMozilla = false;
+ tabs.tabmanager.enabled = false;
+ aboutConfig.showWarning = false;
+ aboutwelcome.enabled = false;
+ bookmarks.openInTabClosesMenu = false;
+ menu.showViewImageInfo = true;
+ compactmode.show = true;
+ safebrowsing.downloads.remote.enabled = false;
+ tabs.crashReporting.sendReport = false;
+ crashReports.unsubmittedCheck.autoSubmit2 = false;
+ privateWindowSeparation.enabled = false;
+ };
+
+ security = {
+ mixed_content = {
+ block_display_content = true;
+ upgrade_display_content = true;
+ };
+ insecure_connection_text = {
+ enabled = true;
+ pbmode.enabled = true;
+ };
+ OCSP.enabled = 0;
+ remote_settings.crlite_filters.enabled = true;
+ pki.crlite_mode = 2;
+ ssl.treat_unsafe_negotiation_as_broken = true;
+ tls.enable_0rtt_data = false;
+ };
+
+ toolkit = {
+ telemetry = {
+ unified = false;
+ enabled = false;
+ server = "data:,";
+ archive.enabled = false;
+ newProfilePing.enabled = false;
+ shutdownPingSender.enabled = false;
+ updatePing.enabled = false;
+ bhrPing.enabled = false;
+ firstShutdownPing.enabled = false;
+ coverage.opt-out = true;
+ };
+ coverage = {
+ opt-out = true;
+ endpoint.base = "";
+ };
+ legacyUserProfileCustomizations.stylesheets = true;
+ };
+
+ dom = {
+ security = {
+ https_first = true;
+ https_first_schemeless = true;
+ sanitizer.enabled = true;
+ };
+ enable_web_task_scheduling = true;
+ };
+
+ layout = {
+ css = {
+ grid-template-masonry-value.enabled = true;
+ has-selector.enabled = true;
+ prefers-color-scheme.content-override = 2;
+ };
+ word_select.eat_space_to_next_word = false;
+ };
+
+ urlclassifier = {
+ trackingSkipURLs = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
+ features.socialtracking.skipURLs = "*.instagram.com, *.twitter.com, *.twimg.com";
+ };
+
+ privacy = {
+ globalprivacycontrol.enabled = true;
+ history.custom = true;
+ userContext.ui.enabled = true;
+ };
+