hyprland/decorations.nix: enable theming

boot/module.nix: quiesce boot process
style: cleanup gtk theming
2025-04-21 21:24:30 +02:00 · 2025-04-21 21:22:52 +02:00 · 2025-04-21 21:22:30 +02:00 · 2025-04-21 21:22:12 +02:00 · 2025-04-21 21:21:36 +02:00 · 2025-04-20 20:48:25 +02:00
15 changed files with 157 additions and 132 deletions
--- a/flake.lock
+++ b/flake.lock
@ -594,11 +594,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1744098102,
-        "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=",
+        "lastModified": 1744932701,
+        "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7",
+        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
        "type": "github"
      },
      "original": {
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -27,17 +27,17 @@ inputs: let
      modules = concatLists [
        # This is used to pre-emptively set the hostPlatform for nixpkgs.
        # Also, we set the system hostname here.
-        [
-          # self.nixosModules.user
-        ]
        (singleton {
          networking.hostName = hostname;
          nixpkgs.hostPlatform = system;
        })
        (flatten (
          concatLists [
+            # configuration for the host, passed as an argument.
            (singleton ./${hostname}/default.nix)
+            # common configuration,  which all hosts share.
            (singleton ./common.nix)
+            # Import all files called module.nix from my modules directory.
            (
              filter (hasSuffix "module.nix") (
                map toString (listFilesRecursive ../modules)
--- a/hosts/hermit/configuration.nix
+++ b/hosts/hermit/configuration.nix
@ -69,7 +69,7 @@
      btop.enable = true;
      nh.enable = true;
      thunar.enable = true;
-      schizofox.enable = true;
+      schizofox.enable = false;
    };
  };
  system.stateVersion = "23.11";
--- a/hosts/hermit/programs.nix
+++ b/hosts/hermit/programs.nix
@ -12,7 +12,6 @@
      brave
      cachix
      calc
-      # calibre
      cbonsai
      cinny-desktop
      cmus
@ -39,19 +38,14 @@
      inetutils
      jujutsu
      just
-      jrnl
      keepassxc
      lazygit
      libtool
      librewolf
      links2
      linuxHeaders
-      moc
      mpv
-      ncmpcpp
-      neofetch
      networkmanagerapplet
-      nicotine-plus
      nil
      nitch
      obsidian
@ -59,11 +53,10 @@
      microfetch
      nmap
      pamixer
-      pavucontrol
+      pwvucontrol
      pdfarranger
      pdfpc
      pfetch
-      pidgin
      playerctl
      polkit
      pulsemixer
@ -73,26 +66,15 @@
      signal-desktop
      smartmontools
      telegram-desktop
-      texliveFull
-      tldr
      thunderbird
-      tor-browser
      trash-cli
      typst
      util-linux
      v4l-utils
-      vesktop
      vlc
      vscodium
-      weechat
      wireguard-tools
      xournalpp
-      zapzap
-      zip
-      zoxide
-      kakoune
-      kakoune-lsp
-      television
      ;
    inherit (self.packages.${pkgs.stdenv.system}) helix;
  };
--- a/modules/services/greetd/module.nix
+++ b/modules/services/greetd/module.nix
@ -4,7 +4,7 @@
  pkgs,
  ...
 }: let
-  inherit (lib.meta) getExe;
+  inherit (lib.meta) getExe getExe';
  inherit (lib.modules) mkIf;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.types) str listOf;
@ -36,14 +36,15 @@ in {
  config = mkIf cfg.enable {
    services.greetd = let
      session = {
-        command = ''
-          ${pkgs.greetd.tuigreet}/bin/tuigreet \
-            -c \"${cfg.session}\" \
-            -r
-            -t --time-format "DD.MM.YYYY"
-            --asteriks'';
-        # command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
-        # user = username;
+        # command = ''
+        # ${pkgs.greetd.tuigreet}/bin/tuigreet \
+        #   -c \"${cfg.session}\" \
+        #   -r
+        #   -t --time-format "DD.MM.YYYY"
+        #   --asteriks'';
+
+        command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
+        user = username;
      };
    in {
      enable = true;
--- a/modules/services/wayneko/module.nix
+++ b/modules/services/wayneko/module.nix
@ -1,5 +1,4 @@
 {
-  config,
  lib,
  pkgs,
  ...
@ -22,29 +21,38 @@ in {
      RestartSec = 1;
      TimeoutStopSec = 10;

+      CapabilityBoundingSet = [""];
+      DevicePolicy = "closed";
      LockPersonality = true;
      MemoryDenyWriteExecute = true;
      NoNewPrivileges = true;
-
-      PrivateTmp = true;
      PrivateDevices = true;
-      DevicePolicy = "closed";
      PrivateNetwork = true;
+      PrivateTmp = true;
+      PrivateUsers = true;
+      ProcSubset = "pid";
      ProtectClock = true;
      ProtectControlGroups = true;
      ProtectControlGroup = true;
+      ProtectHome = "true";
+      ProtectHostname = true;
      ProtectKernelLogs = true;
      ProtectKernelModules = true;
      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
      ProtectSystem = "strict";
-      ProtectHome = "read-only";
-
      RestrictNamespaces = true;
      RestrictRealtime = true;
      RestrictRealTime = true;
      RestrictSUIDSGID = true;

-      SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap";
+      SystemCallArchitectures = ["native"];
+
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+        "~@resources"
+      ];
    };
  };
 }
--- a/modules/style/gtk.nix
+++ b/modules/style/gtk.nix
@ -4,18 +4,43 @@
  pkgs,
  ...
 }: let
-  inherit (lib.modules) mkIf;
+  inherit (builtins) toString isBool;
+  inherit (lib.generators) toINI;
+  inherit (lib.modules) mkMerge mkIf;
  inherit (lib.options) mkOption mkEnableOption;
  inherit (lib.types) str package;
+  inherit (lib.strings) escape;
+  inherit (lib.trivial) boolToString;

  cfg = config.modules.theming.gtk;
+
+  toGtk3Ini = toINI {
+    mkKeyValue = key: value: let
+      value' =
+        if isBool value
+        then boolToString value
+        else toString value;
+    in "${escape ["="] key}=${value'}";
+  };
+
+  gtkIni = {
+    gtk-application-prefer-dark-theme = 1;
+    gtk-font-name = "Lexend 11";
+    gtk-icon-theme-name = "Papirus";
+    gtk-xft-antialias = 1;
+    gtk-xft-hinting = 1;
+    gtk-xft-hintstyle = "hintslight";
+    gtk-xft-rgba = "rgb";
+    gtk-cursor-theme-name = "BreezeX-RosePine-Linux";
+    gtk-theme-name = "Gruvbox-Dark";
+  };
 in {
  options.modules.theming.gtk = {
    enable = mkEnableOption "Wether to enable GTK theming";
    theme = {
      name = mkOption {
        description = "The GTK theme name";
-        default = "Gruvbox-Dark-BL";
+        default = "Gruvbox-Dark";
        type = str;
      };
      package = mkOption {
@ -28,7 +53,7 @@ in {
      description = "The GTK icon theme";
      name = mkOption {
        description = "The GTK icon theme name";
-        default = "Papirus-Dark";
+        default = "Papirus";
        type = str;
      };
      package = mkOption {
@ -38,28 +63,49 @@ in {
      };
    };
  };
-  config = mkIf cfg.enable {
-    # NOTE: we need this or gtk breaks
-    programs.dconf.enable = true;
+  config = let
+    cursorSize = 32;
+  in
+    mkIf cfg.enable {
+      programs.dconf.enable = true;
+      environment = {
+        systemPackages = builtins.attrValues {
+          inherit
+            (pkgs)
+            rose-pine-cursor
+            gruvbox-gtk-theme
+            papirus-icon-theme
+            ;
+        };
+        variables = {
+          GTK_THEME = cfg.theme.name;
+          XCURSOR_THEME = "BreezeX-RosePine-Linux";
+          XCURSOR_SIZE = toString cursorSize;

-    environment = {
-      systemPackages = builtins.attrValues {
-        inherit
-          (pkgs)
-          gruvbox-gtk-theme
-          papirus-icon-theme
-          ;
-      };
-      variables = let
-        cursorSize = 32;
-      in {
-        GTK_THEME = "Gruvbox-Dark";
-        XCURSOR_THEME = "BreezeX-RosePine-Linux";
-        XCURSOR_SIZE = cursorSize;
+          HYPRCURSOR_THEME = "BreezeX-RosePine-Linux";
+          HYPRCURSOR_SIZE = toString cursorSize;
+        };
+        etc = {
+          "xdg/gtk-4.0/settings.ini".text = toGtk3Ini {
+            Settings = gtkIni;
+          };
+          "xdg/gtk-3.0/settings.ini".text = toGtk3Ini {
+            Settings = gtkIni;
+          };

-        HYPRCURSOR_THEME = "BreezeX-RosePine-Linux";
-        HYPRCURSOR_SIZE = cursorSize;
+          "xdg/gtk-2.0/gtkrc".text = ''
+            gtk-cursor-theme-name = BreezeX-RosePine-Linux
+            gtk-cursor-theme-size = ${toString cursorSize}
+            gtk-theme-name = ${cfg.theme.name}
+            gtk-icon-theme-name = ${cfg.iconTheme.name}
+            gtk-font-name = Lexend 11
+          '';
+
+          "xdg/Xresources".text = ''
+            Xcursor.size: ${toString cursorSize}
+            Xcursor.theme: BreezeX-RosePine-Linux
+          '';
+        };
      };
    };
-  };
 }
--- a/modules/style/theming.nix
+++ b/modules/style/theming.nix
@ -4,67 +4,15 @@
  pkgs,
  ...
 }: let
-  inherit (builtins) toString isBool;
-  inherit (lib.generators) toINI;
  inherit (lib.modules) mkMerge mkIf;
  inherit (lib.options) mkEnableOption;
-  inherit (lib.strings) escape;
-  inherit (lib.trivial) boolToString;

  cfg = config.modules.theming;
-
-  toGtk3Ini = toINI {
-    mkKeyValue = key: value: let
-      value' =
-        if isBool value
-        then boolToString value
-        else toString value;
-    in "${escape ["="] key}=${value'}";
-  };
-
-  gtkIni = {
-    gtk-application-prefer-dark-theme = 1;
-    gtk-font-name = "Lexend 11";
-    gtk-icon-theme-name = "Papirus-Dark";
-    gtk-xft-antialias = 1;
-    gtk-xft-hinting = 1;
-    gtk-xft-hintstyle = "hintslight";
-    gtk-xft-rgba = "rgb";
-    gtk-cursor-theme-name = "BreezeX-RosePine-Linux";
-    gtk-theme-name = "Gruvbox-Dark";
-  };
 in {
  options.modules.theming = {
    qt.enable = mkEnableOption "qt theming";
  };
-  config = mkMerge [
-    (mkIf cfg.gtk.enable {
-      environment = {
-        systemPackages = builtins.attrValues {
-          inherit (pkgs) rose-pine-cursor;
-        };
-        etc = {
-          "xdg/gtk-4.0/settings.ini".text = toGtk3Ini {
-            Settings = gtkIni;
-          };
-          "xdg/gtk-3.0/settings.ini".text = toGtk3Ini {
-            Settings = gtkIni;
-          };
-
-          "xdg/gtk-2.0/gtkrc".text = ''
-            gtk-cursor-theme-name = BreezeX-RosePine-Linux
-            gtk-cursor-theme-size = 32
-            gtk-theme-name = Gruvbox-Dark
-            gtk-icon-theme-name = Papirus-Dark
-            gtk-font-name = Lexend 11
-          '';
-
-          "xdg/Xresources".text = ''
-            Xcursor.size: 32
-            Xcursor.theme: BreezeX-RosePine-Linux
-          '';
-        };
-      };
-    })
-  ];
+  config =
+    mkMerge [
+    ];
 }
--- a/modules/system/boot/module.nix
+++ b/modules/system/boot/module.nix
@ -35,6 +35,17 @@ in {
    ];
    boot = {
      tmp.useTmpfs = true;
+      consoleLogLevel = 0;
+
+      kernelParams = [
+        "quiet"
+        "splash"
+        "rd.systemd.show_status=false"
+        "rd.udev.log_level=3"
+        "udev.log_priority=3"
+        "boot.shell_on_fail"
+      ];
+
      initrd = {
        verbose = false;
        systemd.enable = true;
--- a/modules/system/hardware/bluetooth.nix
+++ b/modules/system/hardware/bluetooth.nix
@ -11,7 +11,7 @@ in {
  config = mkIf cfg.enable {
    hardware.bluetooth = {
      enable = true;
-      powerOnBoot = mkIf cfg.powerOnBoot true;
+      inherit (cfg) powerOnBoot;
    };
    environment.systemPackages = builtins.attrValues {
      inherit
--- a/modules/system/os/networking/module.nix
+++ b/modules/system/os/networking/module.nix
@ -6,6 +6,17 @@ in {
  ];
  networking = {
    enableIPv6 = true;
+
+    # INFO: This disables wpa_supplicant,
+    # I use nenetworkmanager instead.
+    wireless.enable = false;
+
+    dhcpcd = {
+      # faster boot times
+      wait = "background";
+      extraConfig = "noarp";
+    };
+
    nameservers = [
      # quad9 DNS
      "9.9.9.9"
@ -14,8 +25,17 @@ in {
  };
  services.resolved = {
    enable = true;
+    dnssec = "false";
+    dnsovertls = "oppertunistic";
    # quad9 dns
    fallbackDns = ["9.9.9.9" "2620::fe::fe"];
  };
  users.users.${username}.extraGroups = ["networkmanager"];
+
+  # systemd = {
+  #   network = {
+  #     enable = true;
+  #     wait-online.anyInterface = true;
+  #   };
+  # };
 }
--- a/modules/system/os/networking/networkmanager.nix
+++ b/modules/system/os/networking/networkmanager.nix
@ -3,8 +3,8 @@
 in {
  networking.networkmanager = {
    enable = true;
-    # Removes about 2GB of stuff we do no need.
-    plugins = mkForce [];
+    # # Removes about 2GB of stuff we do no need.
+    # plugins = mkForce [];

    dns = "systemd-resolved";
    unmanaged = [
--- a/modules/wms/wayland/hyprland/decorations.nix
+++ b/modules/wms/wayland/hyprland/decorations.nix
@ -2,7 +2,8 @@ _: {
  programs.hyprland.settings = {
    #Decoration settings
    decoration = {
-      rounding = 0;
+      rounding = 10;
+      rounding_power = 3;
      blur = {
        enabled = false;
        size = 3;
@ -16,15 +17,15 @@ _: {
    ];
    # Hyprland anomations, using the above bezier curves
    animations = {
-      enabled = false;
-      # animation = [
-      #   "windows, 1, 4, dupa, popin"
-      #   "windowsOut, 1, 4, dupa, slide"
-      #   "border, 1, 15, default"
-      #   "fade, 1, 10, default"
-      #   "workspaces, 1, 5, dupa, slidevert"
-      # ];
+      enabled = true;
    };
+      animation = [
+        "windows, 1, 4, dupa, popin"
+        "windowsOut, 1, 4, dupa, slide"
+        "border, 1, 15, default"
+        "fade, 1, 10, default"
+        "workspaces, 1, 5, dupa, slidevert"
+      ];

    cursor = {
      hide_on_key_press = true;
@ -35,8 +36,10 @@ _: {
      enable_swallow = true;
      swallow_regex = "foot";
      focus_on_activate = true;
+
      vrr = 1;
      vfr = true;
+
      animate_manual_resizes = false;
      animate_mouse_windowdragging = false;
      force_default_wallpaper = 0;
--- a/modules/wms/wayland/hyprland/exec.nix
+++ b/modules/wms/wayland/hyprland/exec.nix
@ -5,6 +5,7 @@
  ...
 }: let
  # inherit (config.modules.style) cursor;
+  inherit (lib.meta) getExe;
 in {
  programs.hyprland.settings = {
    # Hyprland settings
@ -13,6 +14,7 @@ in {
      "uwsm finalize"

      "hyprctl setcursor BreezeX-RosePine-Linux 32"
+      "hyprctl seterror disable"

      "[workspace special:keepassxc; silent;tile] ${pkgs.keepassxc}/bin/keepassxc"
      "[workspace special:audio; silent;tile] ${pkgs.pwvucontrol}/bin/pwvucontrol"
@ -25,6 +27,7 @@ in {
      "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent"
      "hyprctl dispatch split-workspace 1"

+      "${getExe pkgs.hyprlock}"
    ];
  };
 }
--- a/modules/wms/wayland/hyprland/settings.nix
+++ b/modules/wms/wayland/hyprland/settings.nix
@ -57,6 +57,9 @@ in {
          no_border_on_floating = true;
        };

+        # No annoying startup errors
+        debug.suppress_errors = true;
+
        ecosystem.no_update_news = true;

        plugin = {
Author	SHA1	Message	Date
Bloxx12	fcbd4cd0af	hyprland/decorations.nix: enable theming	2025-04-21 21:24:30 +02:00
Bloxx12	fc1175b8a0	boot/module.nix: quiesce boot process	2025-04-21 21:22:52 +02:00
Bloxx12	03374732ad	style: cleanup gtk theming	2025-04-21 21:22:30 +02:00
Bloxx12	b998471e57	hermit/configuration.nix: disable schizofox	2025-04-21 21:22:12 +02:00
Bloxx12	5a54d79b92	hyprland/settings.nix: suppress startup errors	2025-04-21 21:21:36 +02:00
Bloxx12	6e70e952e2	greetd, hyprland: fix greeter and lock screen	2025-04-20 20:48:25 +02:00
Bloxx12	57af25abe7	wayneko/module.nix: extra hardening	2025-04-20 20:48:08 +02:00
Bloxx12	2836770da9	hardware/bluetooth.nix: configure powerOnBoot properly	2025-04-20 20:47:32 +02:00
Bloxx12	f7e85b6cde	hermit/programs.nix: cleanup	2025-04-20 20:47:11 +02:00
Bloxx12	d3ad51f43c	hosts/default.nix: cleanup	2025-04-20 20:33:05 +02:00
Bloxx12	1ccc346287	flake.lock: bump inputs	2025-04-20 20:33:05 +02:00
Bloxx12	b168b0bb49	networking/module.nix: networking improvements	2025-04-20 20:33:05 +02:00