From 596d699abc6751e6d6c2d69838ede7d9448b4aa9 Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sun, 6 Apr 2025 22:08:59 +0200 Subject: [PATCH 1/5] usbguard/module.nix: init --- modules/services/usbguard/module.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 modules/services/usbguard/module.nix diff --git a/modules/services/usbguard/module.nix b/modules/services/usbguard/module.nix new file mode 100644 index 0000000..bf4cd0a --- /dev/null +++ b/modules/services/usbguard/module.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (config.meta.mainUser) username; +in { + environment.systemPackages = [pkgs.usbguard]; + services.usbguard = { + IPCAllowedUsers = ["root" "${username}"]; + presentDevicePolicy = "allow"; + rules = '' + allow with-interface equals { 08:*:* } + + # Reject devices with suspicious combination of interfaces + reject with-interface all-of { 08:*:* 03:00:* } + reject with-interface all-of { 08:*:* 03:01:* } + reject with-interface all-of { 08:*:* e0:*:* } + reject with-interface all-of { 08:*:* 02:*:* } + ''; + }; +} From ed5b7c46258ca72fdbdb839ac79b12275ddd8b01 Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sun, 6 Apr 2025 22:09:09 +0200 Subject: [PATCH 2/5] greetd.nix: fix session escaping --- modules/services/greetd.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/greetd.nix b/modules/services/greetd.nix index 3a01e75..ffec7f4 100644 --- a/modules/services/greetd.nix +++ b/modules/services/greetd.nix @@ -37,12 +37,12 @@ in { settings.default_session = { command = '' ${pkgs.greetd.tuigreet}/bin/tuigreet \ - -c '${cfg.session}' \ + -c \"${cfg.session}\" \ -r -t --time-format "DD.MM.YYYY" --asteriks''; }; - vt = 1; + vt = 7; }; }; } From 83335cf7a289ae6d11aef97ae720e268ec4871b1 Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sun, 6 Apr 2025 22:09:17 +0200 Subject: [PATCH 3/5] lanzaboote: init --- flake.lock | 147 ++++++++++++++++++++++ flake.nix | 6 + modules/system/boot/lanzaboote/module.nix | 30 +++++ modules/system/os/impermanence/module.nix | 1 + 4 files changed, 184 insertions(+) create mode 100644 modules/system/boot/lanzaboote/module.nix diff --git a/flake.lock b/flake.lock index 7f15afc..a2e3009 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,79 @@ { "nodes": { + "crane": { + "locked": { + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", + "owner": "ipetkov", + "repo": "crane", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -15,6 +89,31 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1742288794, @@ -31,13 +130,61 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "impermanence": "impermanence", + "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", "systems": "systems" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741228283, + "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, diff --git a/flake.nix b/flake.nix index ab87d7b..03d8bb6 100644 --- a/flake.nix +++ b/flake.nix @@ -37,5 +37,11 @@ systems.url = "github:nix-systems/default-linux"; impermanence.url = "github:nix-community/impermanence"; + + # secure booting + lanzaboote = { + url = "github:nix-community/lanzaboote"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; } diff --git a/modules/system/boot/lanzaboote/module.nix b/modules/system/boot/lanzaboote/module.nix new file mode 100644 index 0000000..e7fd7a5 --- /dev/null +++ b/modules/system/boot/lanzaboote/module.nix @@ -0,0 +1,30 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: let + inherit (lib.modules) mkIf; +in { + imports = [ + inputs.lanzaboote.nixosModules.lanzaboote + ]; + + config = mkIf false { + boot = { + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + loader.systemd-boot.enable = lib.mkForce false; + }; + + environment.systemPackages = [pkgs.sbctl]; + }; +} diff --git a/modules/system/os/impermanence/module.nix b/modules/system/os/impermanence/module.nix index acd8f4e..e5e67f4 100644 --- a/modules/system/os/impermanence/module.nix +++ b/modules/system/os/impermanence/module.nix @@ -36,6 +36,7 @@ in { "/var/lib/nixos" "/var/lib/pipewire" "/var/lib/systemd/coredump" + "/etc/secureboot" ]; users.cr = { From 7e39e12b649de685f393db2e1c3aeeec5fb2b179 Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sun, 6 Apr 2025 22:09:32 +0200 Subject: [PATCH 4/5] security/module.nix: add polkit ad apparmor --- modules/system/os/security/module.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/system/os/security/module.nix b/modules/system/os/security/module.nix index 46c037e..4ecdcf6 100644 --- a/modules/system/os/security/module.nix +++ b/modules/system/os/security/module.nix @@ -1,5 +1,18 @@ -_: { +{pkgs, ...}: { imports = [ ./sudo.nix ]; + + security = { + polkit = { + enable = true; + package = pkgs.polkit; + }; + + apparmor = { + enable = true; + killUnconfinedConfinables = true; + packages = [pkgs.apparmor-profiles]; + }; + }; } From 8df1696ac9be5a28be76e64a1258d0e6a44313db Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sun, 6 Apr 2025 22:25:03 +0200 Subject: [PATCH 5/5] hyprland: switch to config generator from the flake --- flake.lock | 403 +++++++++++++++++- flake.nix | 6 + modules/wms/wayland/hyprland/decorations.nix | 14 +- modules/wms/wayland/hyprland/module.nix | 7 +- modules/wms/wayland/hyprland/nixos-module.nix | 204 --------- 5 files changed, 418 insertions(+), 216 deletions(-) delete mode 100644 modules/wms/wayland/hyprland/nixos-module.nix diff --git a/flake.lock b/flake.lock index a2e3009..a38bc60 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,38 @@ { "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743265529, + "narHash": "sha256-QbjP15/2N+VJl0b5jxrrTc+VOt39aU4XrDvtP0Lz5ik=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "1d2dbd72c2bbaceab031c592d4810f744741d203", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1741148495, @@ -16,6 +49,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -53,6 +102,28 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -74,6 +145,269 @@ "type": "github" } }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1742215578, + "narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "2fd36421c21aa87e2fe3bee11067540ae612f719", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1739049071, + "narHash": "sha256-3+7TpXMrbsUXSwgr5VAKAnmkzMb6JO+Rvc9XRb5NMg4=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "175c6b29b6ff82100539e7c4363a35a02c74dd73", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks", + "systems": [ + "systems" + ], + "xdph": "xdph" + }, + "locked": { + "lastModified": 1743953518, + "narHash": "sha256-TAEUQ7yWGm/gx2irRieD1zoCo9wA39EfgS3EPMmz0EI=", + "owner": "hyprwm", + "repo": "hyprland", + "rev": "3c128679ee8c86bbbeb5ae38621f6de622525cf1", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743714874, + "narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1737634706, + "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "8810df502cdee755993cb803eba7b23f189db795", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1739048983, + "narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1741191527, + "narHash": "sha256-kM+11Nch47Xwfgtw2EpRitJuORy4miwoMuRi5tyMBDY=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "72df3861f1197e41b078faa3e38eedd60e00018d", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1743950287, + "narHash": "sha256-/6IAEWyb8gC/NKZElxiHChkouiUOrVYNq9YqG0Pzm4Y=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "f2dc70e448b994cef627a157ee340135bd68fbc6", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1739870480, + "narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -92,7 +426,7 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" @@ -130,13 +464,36 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -158,6 +515,7 @@ }, "root": { "inputs": { + "hyprland": "hyprland", "impermanence": "impermanence", "lanzaboote": "lanzaboote", "nixpkgs": "nixpkgs", @@ -199,6 +557,47 @@ "repo": "default-linux", "type": "github" } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1741934139, + "narHash": "sha256-ZhTcTH9FoeAtbPfWGrhkH7RjLJZ7GeF18nygLAMR+WE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "150b0b6f52bb422a1b232a53698606fe0320dde0", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 03d8bb6..9a4b1c2 100644 --- a/flake.nix +++ b/flake.nix @@ -43,5 +43,11 @@ url = "github:nix-community/lanzaboote"; inputs.nixpkgs.follows = "nixpkgs"; }; + + hyprland = { + url = "github:hyprwm/hyprland"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.systems.follows = "systems"; + }; }; } diff --git a/modules/wms/wayland/hyprland/decorations.nix b/modules/wms/wayland/hyprland/decorations.nix index 77edb4d..fd3a2c5 100644 --- a/modules/wms/wayland/hyprland/decorations.nix +++ b/modules/wms/wayland/hyprland/decorations.nix @@ -17,13 +17,13 @@ _: { # Hyprland anomations, using the above bezier curves animations = { enabled = false; - animation = [ - "windows, 1, 4, dupa, popin" - "windowsOut, 1, 4, dupa, slide" - "border, 1, 15, default" - "fade, 1, 10, default" - "workspaces, 1, 5, dupa, slidevert" - ]; + # animation = [ + # "windows, 1, 4, dupa, popin" + # "windowsOut, 1, 4, dupa, slide" + # "border, 1, 15, default" + # "fade, 1, 10, default" + # "workspaces, 1, 5, dupa, slidevert" + # ]; }; cursor = { diff --git a/modules/wms/wayland/hyprland/module.nix b/modules/wms/wayland/hyprland/module.nix index e6e42c7..e745493 100644 --- a/modules/wms/wayland/hyprland/module.nix +++ b/modules/wms/wayland/hyprland/module.nix @@ -1,7 +1,8 @@ { config, - pkgs, + inputs, lib, + pkgs, ... }: let cfg = config.modules.desktops.hyprland; @@ -16,10 +17,10 @@ in { ./exec.nix ./settings.nix ./workspaces.nix - ./nixos-module.nix + inputs.hyprland.nixosModules.default ]; # we disable the default hyprland module - disabledModules = ["programs/hyprland.nix"]; + # disabledModules = ["programs/hyprland.nix"]; options.modules.desktops.hyprland = { enable = mkOption { diff --git a/modules/wms/wayland/hyprland/nixos-module.nix b/modules/wms/wayland/hyprland/nixos-module.nix deleted file mode 100644 index a77a27a..0000000 --- a/modules/wms/wayland/hyprland/nixos-module.nix +++ /dev/null @@ -1,204 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.programs.hyprland; - - toHyprconf = { - attrs, - indentLevel ? 0, - importantPrefixes ? ["$"], - }: let - inherit - (lib) - all - concatMapStringsSep - concatStrings - concatStringsSep - filterAttrs - foldl - generators - hasPrefix - isAttrs - isList - mapAttrsToList - replicate - ; - - initialIndent = concatStrings (replicate indentLevel " "); - - toHyprconf' = indent: attrs: let - sections = - filterAttrs (n: v: isAttrs v || (isList v && all isAttrs v)) attrs; - - mkSection = n: attrs: - if lib.isList attrs - then (concatMapStringsSep "\n" (a: mkSection n a) attrs) - else '' - ${indent}${n} { - ${toHyprconf' " ${indent}" attrs}${indent}} - ''; - - mkFields = generators.toKeyValue { - listsAsDuplicateKeys = true; - inherit indent; - }; - - allFields = - filterAttrs (n: v: !(isAttrs v || (isList v && all isAttrs v))) - attrs; - - isImportantField = n: _: - foldl (acc: prev: - if hasPrefix prev n - then true - else acc) - false - importantPrefixes; - - importantFields = filterAttrs isImportantField allFields; - - fields = - builtins.removeAttrs allFields - (mapAttrsToList (n: _: n) importantFields); - in - mkFields importantFields - + concatStringsSep "\n" (mapAttrsToList mkSection sections) - + mkFields fields; - in - toHyprconf' initialIndent attrs; -in { - options.programs.hyprland = { - plugins = lib.mkOption { - type = with lib.types; listOf (either package path); - default = []; - description = '' - List of Hyprland plugins to use. Can either be packages or - absolute plugin paths. - ''; - }; - - settings = lib.mkOption { - type = with lib.types; let - valueType = - nullOr (oneOf [ - bool - int - float - str - path - (attrsOf valueType) - (listOf valueType) - ]) - // { - description = "Hyprland configuration value"; - }; - in - valueType; - default = {}; - description = '' - Hyprland configuration written in Nix. Entries with the same key - should be written as lists. Variables' and colors' names should be - quoted. See for more examples. - - ::: {.note} - Use the [](#opt-wayland.windowManager.hyprland.plugins) option to - declare plugins. - ::: - - ''; - example = lib.literalExpression '' - { - decoration = { - shadow_offset = "0 5"; - "col.shadow" = "rgba(00000099)"; - }; - - "$mod" = "SUPER"; - - bindm = [ - # mouse movements - "$mod, mouse:272, movewindow" - "$mod, mouse:273, resizewindow" - "$mod ALT, mouse:272, resizewindow" - ]; - } - ''; - }; - - extraConfig = lib.mkOption { - type = lib.types.lines; - default = ""; - example = '' - # window resize - bind = $mod, S, submap, resize - - submap = resize - binde = , right, resizeactive, 10 0 - binde = , left, resizeactive, -10 0 - binde = , up, resizeactive, 0 -10 - binde = , down, resizeactive, 0 10 - bind = , escape, submap, reset - submap = reset - ''; - description = '' - Extra configuration lines to add to `~/.config/hypr/hyprland.conf`. - ''; - }; - - sourceFirst = - lib.mkEnableOption '' - putting source entries at the top of the configuration - '' - // { - default = true; - }; - - importantPrefixes = lib.mkOption { - type = with lib.types; listOf str; - default = - ["$" "bezier" "name"] - ++ lib.optionals cfg.sourceFirst ["source"]; - example = ["$" "bezier"]; - description = '' - List of prefix of attributes to source at the top of the config. - ''; - }; - }; - config = lib.mkIf cfg.enable { - environment.systemPackages = lib.concatLists [ - (lib.optional (cfg.package != null) cfg.package) - (lib.optional (cfg.xwayland.enable) pkgs.xwayland) - ]; - environment.etc."xdg/hypr/hyprland.conf" = let - shouldGenerate = cfg.extraConfig != "" || cfg.settings != {} || cfg.plugins != []; - - pluginsToHyprconf = plugins: - toHyprconf { - attrs = { - plugin = let - mkEntry = entry: - if lib.types.package.check entry - then "${entry}/lib/lib${entry.pname}.so" - else entry; - in - map mkEntry cfg.plugins; - }; - inherit (cfg) importantPrefixes; - }; - in - lib.mkIf shouldGenerate { - text = - lib.optionalString (cfg.plugins != []) - (pluginsToHyprconf cfg.plugins) - + lib.optionalString (cfg.settings != {}) - (toHyprconf { - attrs = cfg.settings; - inherit (cfg) importantPrefixes; - }) - + lib.optionalString (cfg.extraConfig != "") cfg.extraConfig; - }; - }; -}