From e9e01cbb26efca6e392df2f720729c672b711f2f Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@gmail.com>
Date: Mon, 8 Sep 2025 03:00:59 -0700
Subject: Fix sops-nix; fix hyprland windowrules; fix security things

---
 nix/modules/home/default.nix  |  3 ++-
 nix/modules/home/firefox.nix  |  2 +-
 nix/modules/home/hyprland.nix | 36 ++++++++++++++++++------------------
 nix/modules/home/secrets.nix  | 43 +++++++++++++++++++++++++++++++++++--------
 4 files changed, 56 insertions(+), 28 deletions(-)

(limited to 'nix/modules/home')

diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix
index 7bfee42..596e236 100644
--- a/nix/modules/home/default.nix
+++ b/nix/modules/home/default.nix
@@ -1,6 +1,7 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, sops-nix, ... }:
 {
   imports = [
+    sops-nix.homeManagerModules.sops
     ../vars.nix
     ./fcitx.nix
     ./secrets.nix
diff --git a/nix/modules/home/firefox.nix b/nix/modules/home/firefox.nix
index 7e51433..b99544b 100644
--- a/nix/modules/home/firefox.nix
+++ b/nix/modules/home/firefox.nix
@@ -2,11 +2,11 @@
 {
   programs.firefox = {
     enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
+    package = pkgs.firefox-bin;
     policies = {
       EnableTrackingProtection = true;
       OfferToSaveLogins = false;
     };
-    package = pkgs.firefox-wayland;
     profiles = {
       default = {
         id = 0;
diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix
index 9f9e4fe..819f1fa 100644
--- a/nix/modules/home/hyprland.nix
+++ b/nix/modules/home/hyprland.nix
@@ -36,24 +36,24 @@
       monitor = [
         "Unknown-1,disable"
       ];
-      windowrule = [
-        "workspace 1, title:(^(.*emacs.*)$)"
-        "workspace 2, title:(^(.*firefox.*)$)"
-        "workspace 2, title:(^(.*Tor Browser.*)$)"
-        "workspace 2, title:(^(.*Chromium-browser.*)$)"
-        "workspace 2, title:(^(.*chromium.*)$)"
-        "workspace 3, title:(^(.*discord.*)$)"
-        "workspace 3, title:^(.*vesktop.*)$)"
-        "workspace 3, title:(^(.*fluffychat.*)$)"
-        "workspace 3, title:(^(.*element-desktop.*)$)"
-        "workspace 4, title:(^(.*qpwgraph.*)$)"
-        "workspace 4, title:(^(.*mpv.*)$)"
-        "workspace 5, title:(^(.*Monero.*)$)"
-        "workspace 5, title:(^(.*org\.bitcoin\..*)$)"
-        "workspace 5, title:(^(.*Bitcoin Core - preston.*)$)"
-        "workspace 5, title:(^(.*org\.getmonero\..*)$)"
-        "workspace 5, title:(^(.*Monero - preston.*)$)"
-        "workspace 5, title:(^(.*electrum.*)$)"
+      windowrulev2 = [
+        "workspace 1, class:^(emacs)$"
+        "workspace 2, class:^(firefox)$"
+        "workspace 2, title:^(.*Tor Browser.*)$"
+        "workspace 2, title:^(.*Chromium-browser.*)$"
+        "workspace 2, class:^(chromium)$"
+        "workspace 3, class:^(discord)$"
+        "workspace 3, class:^(vesktop)$"
+        "workspace 3, title:^(.*fluffychat.*)$"
+        "workspace 3, class:^(.*element-desktop.*)$"
+        "workspace 4, class:^(.*qpwgraph.*)$"
+        "workspace 4, class:^(.*mpv.*)$"
+        "workspace 5, title:^(.*Monero.*)$"
+        "workspace 5, title:^(.*org\.bitcoin\..*)$"
+        "workspace 5, title:^(.*Bitcoin Core - preston.*)$"
+        "workspace 5, title:^(.*org\.getmonero\..*)$"
+        "workspace 5, title:^(.*Monero - preston.*)$"
+        "workspace 5, title:^(.*electrum.*)$"
         "pseudo,title:fcitx"
       ];
       bind = [
diff --git a/nix/modules/home/secrets.nix b/nix/modules/home/secrets.nix
index 29e8c4c..20c3d44 100644
--- a/nix/modules/home/secrets.nix
+++ b/nix/modules/home/secrets.nix
@@ -5,15 +5,42 @@
     age = {
       keyFile = "/home/${config.monorepo.vars.userName}/.ssh/keys.txt";
     };
-    secrets.mail = {
-      format = "yaml";
-      path = "${config.sops.defaultSymlinkPath}/mail";
-    };
-    secrets.digikey = {
-      format = "yaml";
-      path = "${config.sops.defaultSymlinkPath}/digikey";
-    };
+    secrets = {
+      mail = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/mail";
+      };
+      cloudflare-dns = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/cloudflare-dns";
+      };
+      digikey = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/digikey";
+      };
+      dn42 = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/dn42";
+      };
+      znc = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/znc";
+      };
+      znc_password_salt = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/znc_password_salt";
+      };
 
+      znc_password_hash = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/znc_password_hash";
+      };
+
+      matrix_bridge = {
+        format = "yaml";
+        path = "${config.sops.defaultSymlinkPath}/matrix_bridge";
+      };
+    };
     defaultSymlinkPath = "/run/user/1000/secrets";
     defaultSecretsMountPoint = "/run/user/1000/secrets.d";
   };
-- 
cgit v1.3