From c6ef036c13bdf056d41f25c26ba089757b00b079 Mon Sep 17 00:00:00 2001 From: faukah Date: Fri, 1 Aug 2025 12:29:06 +0200 Subject: [PATCH 01/17] temperance: programs: add blender Signed-off-by: faukah Change-Id: I6a6a6964badbd541d919c1f5f679b14a3629e25e --- hosts/temperance/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/temperance/programs.nix b/hosts/temperance/programs.nix index 75478fe..17e57ba 100644 --- a/hosts/temperance/programs.nix +++ b/hosts/temperance/programs.nix @@ -6,6 +6,7 @@ anki asciinema beets + blender bubblewrap cachix calc From c886c43b1de4e266ea73ec5b32d6316c710bedfa Mon Sep 17 00:00:00 2001 From: faukah Date: Fri, 8 Aug 2025 14:06:34 +0200 Subject: [PATCH 02/17] niri: config updates Signed-off-by: faukah Change-Id: I6a6a6964c1a887cd268e485544fd183c7e6b8bce --- modules/wms/niri/config.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/wms/niri/config.nix b/modules/wms/niri/config.nix index 85748bc..c3278a0 100644 --- a/modules/wms/niri/config.nix +++ b/modules/wms/niri/config.nix @@ -67,12 +67,13 @@ in (leaf "center-focused-column" "on-overflow") (plain "focus-ring" [ + (flag "off") (leaf "width" 2) - (leaf "active-color" "#f9e2af") + # (leaf "active-color" "#f9e2af") (leaf "inactive-color" "transparent") (leaf "active-gradient" { - from = "#E5989B"; - to = "#FFB4A2"; + from = "#32552b"; + to = "#788dc9"; angle = 45; relative-to = "workspace-view"; "in" = "oklch longer hue"; @@ -113,12 +114,13 @@ in (leaf "background-color" "transparent") ]) (plain "environment" [ - (leaf "DISPLAY" ":0") + # (leaf "DISPLAY" ":0") ]) (plain "layer-rule" [ (leaf "match" { namespace = "overview$"; }) (leaf "place-within-backdrop" true) ]) + (flag "prefer-no-csd") (plain "switch-events" [ (plain "lid-close" [ (leaf "spawn" <| getExe pkgs.swaylock) @@ -192,19 +194,19 @@ in ]) (plain "XF86AudioPlay" [ (leaf "spawn" [ - (getExe' pkgs.avizo "playerctl") + (getExe pkgs.playerctl) "play-pause" ]) ]) (plain "XF86AudioNext" [ (leaf "spawn" [ - (getExe' pkgs.avizo "playerctl") + (getExe pkgs.playerctl) "next" ]) ]) (plain "XF86AudioPrev" [ (leaf "spawn" [ - (getExe' pkgs.avizo "playerctl") + (getExe pkgs.playerctl) "previous" ]) ]) @@ -478,7 +480,8 @@ in (plain "Mod+Ctrl+K" [ (flag "focus-monitor-up") ]) (plain "Mod+Ctrl+L" [ (flag "focus-monitor-right") ]) (plain "Mod+Ctrl+R" [ (flag "reset-window-height") ]) - (plain "Mod+D" [ (leaf "spawn" <| getExe pkgs.fuzzel) ]) + (plain "Mod+D" [ (leaf "spawn" <| getExe' pkgs.xfce.xfce4-appfinder "xfce4-appfinder") ]) + (plain "Mod+Shift+D" [ (leaf "spawn" <| getExe pkgs.fuzzel) ]) (plain "Mod+End" [ (flag "focus-column-last") ]) (plain "Mod+Equal" [ (leaf "set-column-width" [ "+10%" ]) ]) (plain "Mod+F" [ (flag "maximize-column") ]) @@ -546,5 +549,6 @@ in "unset" "org.gnome.Nautilus" "org.freedesktop.impl.portal.desktop.kde" + "xfce4-appfinder" ] ) From af1e0364e0c2bef0b2416edf3d32071ecefc3b32 Mon Sep 17 00:00:00 2001 From: faukah Date: Sat, 9 Aug 2025 00:35:07 +0200 Subject: [PATCH 03/17] flake: remove niri tag and niri --- flake.lock | 272 +---------------------------------------------------- flake.nix | 6 -- 2 files changed, 3 insertions(+), 275 deletions(-) diff --git a/flake.lock b/flake.lock index 9ee60ba..c33cc06 100644 --- a/flake.lock +++ b/flake.lock @@ -31,29 +31,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "niri-tag", - "naersk", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1752475459, - "narHash": "sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU=", - "owner": "nix-community", - "repo": "fenix", - "rev": "bf0d6f70f4c9a9cf8845f992105652173f4b617f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -247,25 +224,6 @@ "type": "github" } }, - "naersk": { - "inputs": { - "fenix": "fenix", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1752689277, - "narHash": "sha256-uldUBFkZe/E7qbvxa3mH1ItrWZyT6w1dBKJQF/3ZSsc=", - "owner": "nix-community", - "repo": "naersk", - "rev": "0e72363d0938b0208d6c646d10649164c43f4d64", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, "nh": { "inputs": { "nixpkgs": [ @@ -306,99 +264,6 @@ "type": "github" } }, - "niri": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable", - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1756801989, - "narHash": "sha256-eOIQ1CUMHwU4zsBGaCj9jCgNTxzyq2aeHuwgx0xLFwo=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "d6a98b86d86b512c6167601ea646ab785137bada", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-tag": { - "inputs": { - "naersk": "naersk", - "niri": "niri_2", - "nixpkgs": "nixpkgs_4", - "systems": "systems_3" - }, - "locked": { - "lastModified": 1755582059, - "narHash": "sha256-fDyhFfRazK2SvPQVGi6tcMTpOAu6CoUhZSyaaE2edtE=", - "ref": "refs/heads/main", - "rev": "0c1a104cea3de07c3416edb0d16db324daf5f61f", - "revCount": 37, - "type": "git", - "url": "https://git.atagen.co/atagen/niri-tag" - }, - "original": { - "type": "git", - "url": "https://git.atagen.co/atagen/niri-tag" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1756728273, - "narHash": "sha256-7tYNlNO/qVRA6shdWxNuBMYOE+pGgxqE0f54S4Wr9PE=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "77465e11fe36fdd9bc0a304b96bb2558116568af", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, - "niri_2": { - "flake": false, - "locked": { - "lastModified": 1755539138, - "narHash": "sha256-8LoWAwBqHFOM1Je3b+XCs6gM5LbJlMfZtSpJvTe3sQk=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "43a2648e579fc81366fc81b15f834c9c9dff119b", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1755972213, @@ -412,71 +277,7 @@ "url": "https://channels.nixos.org/nixos-unstable-small/nixexprs.tar.xz" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1756754095, - "narHash": "sha256-9Rsn9XEWINExosFkKEqdp8EI6Mujr1gmQiyrEcts2ls=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7c815e513adbf03c9098b2bd230c1e0525c8a7f9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1756542300, - "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1752077645, - "narHash": "sha256-HM791ZQtXV93xtCY+ZxG1REzhQenSQO020cu6rHtAPk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "be9e214982e20b8310878ac2baa063a961c1bdf6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1756696532, - "narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 315532800, "narHash": "sha256-JaSDu+RYnaHrkMCcW95rc8pG9QjD7nzX+/VHleiPVxA=", @@ -489,7 +290,7 @@ "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz" } }, - "nixpkgs_6": { + "nixpkgs_3": { "locked": { "lastModified": 1754214453, "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", @@ -560,9 +361,7 @@ "lanzaboote": "lanzaboote", "nh": "nh", "nil": "nil", - "niri": "niri", - "niri-tag": "niri-tag", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_2", "quickshell": "quickshell", "sops-nix": "sops-nix", "watt": "watt", @@ -570,23 +369,6 @@ "zen-browser-flake": "zen-browser-flake" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1752428706, - "narHash": "sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu+QEnJn2Sfg=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "591e3b7624be97e4443ea7b5542c191311aa141d", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -703,21 +485,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, "watt": { "inputs": { "nixpkgs": [ @@ -738,43 +505,10 @@ "type": "github" } }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1756679414, - "narHash": "sha256-yQGJ/n6mRwoIQnaL5oV2TGOHg4SEHpINTaoHrvkjr1Q=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "c0497c990d46fcc012d9deff885bbe533e91e044", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, "zedless": { "inputs": { "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1754831523, diff --git a/flake.nix b/flake.nix index dded9b9..74a8e1b 100644 --- a/flake.nix +++ b/flake.nix @@ -61,12 +61,6 @@ flake = false; }; - niri.url = "github:sodiboo/niri-flake"; - - niri-tag = { - url = "git+https://git.atagen.co/atagen/niri-tag"; - # inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = _: { }; From 507bc75a433afffea0384a65af494c712ee69a16 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:29:09 +0200 Subject: [PATCH 04/17] minecraft: rename to minecraft.mod.nix --- modules/programs/gui/{minecraft.nix => minecraft.mod.nix} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename modules/programs/gui/{minecraft.nix => minecraft.mod.nix} (92%) diff --git a/modules/programs/gui/minecraft.nix b/modules/programs/gui/minecraft.mod.nix similarity index 92% rename from modules/programs/gui/minecraft.nix rename to modules/programs/gui/minecraft.mod.nix index fd5632a..5108753 100644 --- a/modules/programs/gui/minecraft.nix +++ b/modules/programs/gui/minecraft.mod.nix @@ -16,7 +16,7 @@ in wayland = mkEnableOption "wayland"; }; - config = mkIf cfg.enable { + config = mkIf true { environment.systemPackages = [ pkgs.prismlauncher ]; }; } From b25ea40436191ea92137c9fca1be82f6b3fd652b Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:30:36 +0200 Subject: [PATCH 05/17] secrets: add temperance --- modules/system/os/impermanence.mod.nix | 1 + .../system/secrets/organization_scope.toml | 8 ++++-- modules/system/secrets/personal_info.json | 10 +++++--- modules/system/secrets/secrets.json | 8 ++++-- modules/system/secrets/sops.mod.nix | 25 +++++++------------ modules/system/secrets/uni_scope.toml | 8 ++++-- 6 files changed, 35 insertions(+), 25 deletions(-) diff --git a/modules/system/os/impermanence.mod.nix b/modules/system/os/impermanence.mod.nix index f380833..ea12735 100644 --- a/modules/system/os/impermanence.mod.nix +++ b/modules/system/os/impermanence.mod.nix @@ -31,6 +31,7 @@ in directories = [ "/etc/nixos" "/etc/nix" + "/etc/ssh" "/etc/NetworkManager/system-connections" "/var/db/sudo" "/var/log" diff --git a/modules/system/secrets/organization_scope.toml b/modules/system/secrets/organization_scope.toml index 59a106e..d5d8268 100644 --- a/modules/system/secrets/organization_scope.toml +++ b/modules/system/secrets/organization_scope.toml @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRE5xR1RISy9rM3FkOGpu\ncGRCL2ZYOU5PeXNhaUtXSWxRWXN5bWNkSmlnCjB1Q0VlNDhmNmVCME5IMTU5SzVV\nSUt3RVFGRFJMc21TTXFGTzJSYkpjRTgKLS0tIHVZZnh4cG1FendxSENNRmhVY1gv\ndG55UVdhN2Nka2hJS0NwbTBud1V0L28KxHGZdIQUQ3/fG5q4rFiBrXpISdqgXsIc\n05vEYEkO0PSOeFSAkOZiSgPPVmcCQMMHj4RyeHc/BdzUDZbGA/rGtw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSy9XdnBQbld5Ly9ET3ZR\nb0U3aW16LytkOUdxNmNVUU40V3NZTWNnNEJjClA2WE5XS0xjdUN3TENoRWlaR2Vn\nQ0MzTnBzME42TVY0cFRQNk4xcng1dkEKLS0tIFJOSC9OT01TNTZTWERjRXFCZFVq\nbEpFRHpVYXI0YXJYcjVxN3hkWEpZM0kKynHKxZwBUWiCdUx/fqYsWWHmIJLrYGTC\naXQXbjR2fprPsyZb7tTZ4L8DtxdjKgmxsbgi+8QYumy/S/ivH4Gipw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeVFxRGhvSm1lTW5VeDlX\nbXlIS0JOZGpjTmd0U3NWMFY3aFdra3ZiazFRCjdpT0k2d0dyUXQwUjhEaWsvd2lp\nU1FvNFc3cVNKdXdGWFdjUGd4a2hrQzQKLS0tIFhtMkhCUFdoVzVIOFFEelNJMG1Q\nMk0wNXg0ekxNU0RzREJicHFvUzFkajgKe+2lC/eUPYfzdNNDEuOheXO7EioBg6HM\nJ25diaPvFSUypux76SdFHAXqd75gMcWbhpeFcOlhXMMQ01UPeXNlYA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYVU3V2xkNm9qRGd5enBB\nK3YyRjN1YjhDbjRsbEdteVRFa3Q2QkNPZDNNCkI4Qk1kcU9XUlo2eXpDdnl0WFdN\nSnZweHFIZmQ0UjBoRmxzekxoRDhNRVEKLS0tIGE2d1o2czVMbXFzODl4NjZib2Nv\nNnVZMVJScGc0cTRlYzVocHpPdmlsekUKlsFnd1aNCDBBlCto+vBdchtaRBJ/7LJT\nrW4h5YE9RbbMF1TEJOJf+Pkeikgkv3EPOHdH3eJPJ5yckNA4tc67ag==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age16p3h2xu69lpy3f2msfs69q4uhu2hytkqk2p80ss9hxqcwky4cc6ss38x85", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneUFoZ1FtYmJuRnppRHMx\nQWZQK2xGWmNFMXQvNldNSFVLMUVka1p2MmpNCkFWSHozVGQxeVRiZFVwRnU3RkEv\ncDYxRE1ESVNrcW45c0IxQWwwSlJ2aEUKLS0tIG0veVU3YXJuZURCS2JkOXptV09J\nQzlpNVBqSC9sQVh5dDJpb3c2M3dlOTQKu3PufhYt42QwB1ncc2QjBSdTbJ5EYu2z\nRFrAz2nq0rRDIjL4EFHdlSFWgI2amQwpbgZxy/+YeEpWO/Zd7uGX3w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-03T16:39:42Z", diff --git a/modules/system/secrets/personal_info.json b/modules/system/secrets/personal_info.json index b9d0784..a833b81 100644 --- a/modules/system/secrets/personal_info.json +++ b/modules/system/secrets/personal_info.json @@ -9,15 +9,19 @@ "age": [ { "recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVXBWbnJxWW80VEROOXFx\nVzJseVl3OXNkNWd6bFJOQkVBVENIc2xJTFdFCkFOOHFZMHBaUExsRlV2UmdTK0Ju\nWXlQeXF3RW9acnpWL0RzRnpqN3ZTL2MKLS0tIGlKaU40L2JFbExGbEpUSUNsaEFu\nOWZrR1FsMWMwN3ZSUHR0OXZxZ3Vacm8KlwLxvJoU3QJ6LdM+t0Xey9G4500FCVLy\nSsF7lYGT6WyNeD1G9qqirUysg4x3Kf3tIBlbgOtKovmabiE5kMLbBw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WUlpSkI5dElCVmpzNEw5\nc2pTaFBxWWNoOVJsb0NBWkw4VFQ4aDN4WFU0CjBSKy9oc2pJVzl0M0Z3bUpvNzB4\neU1RT2JWMndHUUFITE03aDBDU1BoUVEKLS0tIC9DNE9ZUnJMb0V0dlpkSUFYNk1K\nTnhRMTl0eENpRmhhYlhKTVg4MGlSS3MKMWY+ezH2HjRd5p/KqUBCFU8sn+FmYd/f\nrHQZhPo481+U6zMyiiu35lcujNRcEtJfcIAL2tobiTDNLQs94re5fg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkVVgrdHRiMENMZHVKYXMx\nQ3BoRURCSVdIdEE1NFZ5TllOaUNYOCtzSndBCmszZ3FkQ25sdDF4YjhZcFlEbDY1\nWWF2ckhtdGNaTE1iRC9LdmE1ZkFtdEUKLS0tIGpaelYrWnVHY2M1MmhwL1F2OGhO\naHVyc0tDcU5iM3hiNHpvWTI4UzRtekUKC72surldBztOc6PGaoR+2Z8LlWkFRFRk\nISPQvqo7l0TCK1sbHv7aqOjb4R2mQNgYV9AiHRUhP5azdU4FfbLVVg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqYVZ4THhxVlkzRi9ETTht\nOWtINWUxU0R1SGZhK3FqbHdSWmlhaGc1WGpZCklqL2Jpb2F0bzJqYXZHZVZHS25L\nZVc0dnRBOG9lVTZYQkpkQTVKY04zTjQKLS0tIGdVK1Y2VFFMbTVmVWo2eFpKbFY1\nYU5LaW90eWxDNUlhMmRnTTEvRTA1ZkEKFnX/HzVMIK9XT+cO80cCzVJxIj3dicjG\nbvxz/o7/dVmmx0bUusWIiR/SA5JXPkbi0C8F+llkPoYV3idWUOvnKA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age18ga6m08fjs2azav73sl8y4xudhld9ger3zwpnc5euy2j3cjam35sstud9w", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpOUpORGlEdXFWZVFyNTNw\nYVVBOGErOTYyTEkrRWUrbnhnUUNkUlQ5UEQwCjE4SkFqQUlJTHl5dE9iTkE0Vk9B\nc0RUa28va0R1TzFxd0N5WUZNYVUyTEUKLS0tIGNjRkorRzF5a1RmN0VMcFEycy9B\nS0hmOGthMFZlSWNWZnNFM3Y1TWhFZWsKF+JReUAwAFY7J5P5kFBeq/8vnK6idNVx\n0mc0IoeCFXLFONUKs4D7na5YRTnih5s1X74wrLSCLFpNd26Kbw9lsQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbFBXZFdFQjREeVpaelhQ\nWGVBOWNnNERYT0JGSDNsWDYzcFA1Q1R0ZlVRCjJ4V3R5UU1zT0FJTU5taEgrRmht\nY3J5OG1qREV1a3FTSy9hMmZubXVDMFEKLS0tIFplOHpkTmZkWDBYSUxQVkxjZ215\naS83dUdUMFVhVkZaWW55akxiM2dPaU0KTVp2Bwt9/UD42HJ9UJRYwWQrmbxxXdKF\ngjKHvWNiASiPczj/DDuGDR0tjbYvtS2DTqDLECr3EQYqRIiPW8Lq9g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age16p3h2xu69lpy3f2msfs69q4uhu2hytkqk2p80ss9hxqcwky4cc6ss38x85", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SStPblpVVFRpbk9FWGxl\nY25yUXpkUFlxV1lkSjlpZUZlY212L0prN21vCmtlVDJQcWV4TjlYNnFUSmI2Tkxp\nMHYrTi9aMmNlY25penJKR1NQN1VJWW8KLS0tIDNvVUcyUXdCR2xPTkZjWTRqenhm\nMk5oU0tOUHVmbmhUSklHQ2s5dVlLbVkKoRvSoy2BsJaOdCuOW1lD1vGpu8czakmA\nWztrXYqwo57E6z2dPjb0Fo/RJlo4OWQ2/bYOYYpq8aS1HvuRV5096w==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-01T21:25:00Z", diff --git a/modules/system/secrets/secrets.json b/modules/system/secrets/secrets.json index b56d024..57c27fe 100644 --- a/modules/system/secrets/secrets.json +++ b/modules/system/secrets/secrets.json @@ -3,11 +3,15 @@ "age": [ { "recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT1VLNEVwZ09TODBYd0ZR\nQ2FUOXYzZGxQWkNmSUt5N0JhYlk5Wm9kWnc0Cm5XbUQyU1lBWUFBNVdLSk50aHI0\naTk0by9KOWw4VkJ2a0tHdjUyRzB1bU0KLS0tIDVEekdTNnNBamV5WWhmcmJMV3Vh\nKzZaVHBVT1F6U2FoQUZrenNyQnZJZUkKwQc4NaU0xk1TWqSHGYnbnKZGtC22j2MD\nUmlg9qmuGOy371Djx6dgdnXQy1367PTpoT+MWFWsMEPNbTbimHmJxA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNmlKZkpZMC80SXU4TUdt\nSC94eVFEMXk4c2pVcGx6UmZhaVVKc2VtOFZjClhZSzI4MGdyc1FaZ255dnhiQkI4\nUnBsNGFsOXVtZ1NBSkcvKzZiRG41UEEKLS0tIFdhSXc2bUErUmJydnJqUERLaVB6\nQko2RkdOeE80VEc2cmQwbkpLMTBFa1kKQ1SjECLkGyI48s6ky9JReFtlpB8l11dd\nvXTCtvt8hMoMckvpPXXLUiLCE0O33mLJhON7qqVaRXPyAV4XPjY3vQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QkJqblYxNjBPNitUeW5j\nZloxL2VwV0dTOTErSTd1ajNqTlRqTWdOMmhzCnlsT1ZiYVdCVVVQOXlCY0hKeVJz\nbDgyeXhUaWFGY0lNM0JyNHAvR2dSRE0KLS0tIGVBdlB6ZU1PNStkbloyeHhPdG1L\nUnhzYm9qQldOVVhjV2o3R3cvNFRoYzgK+D7d7VuBTm3SZJ5ErURJmBzC4mh6hH/0\nP81s+n3No8QEIzt9FVj/WuKo0T9wm9X7l4ItzD27Y3xOCmAtpM7Fwg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRWRDemoxSFI1c1FIMDYy\neUxWMjlhNTBsMlRoZkVUM2tFVDQwQytuV0JzCm8xRFNwM1lnY1doMGRxZ0ExWk1Z\nQVhQdkFOMTF6RVlGK2xZTGFlcXJKU2cKLS0tIHVUalhRbVlvZVQxVVlsZm1LbGhP\nZmd4dEp0V2V4aTNsWms1eU1XTVBDWHcKIn2OHML1JX/Nji446wnw8qJFn1Bo0Bv+\ncq2tcEZeZMEq4/F/u4OWmAfGqVNrMrn7Chr4CjniMEP3gK6tAr4qSg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age16p3h2xu69lpy3f2msfs69q4uhu2hytkqk2p80ss9hxqcwky4cc6ss38x85", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUM1JCSkNQVW1iWUhSc285\nMFRienl6MUc1b29iMGs5QTcrOXRRYzFBL0g0Ck1UdVNxOHpEeWJuUWZxOWdJa29m\ncGxFZ2tUNzZLNEJtRjFiUkp6RzFiNmsKLS0tIC9XdGxmWUIyTVM3bitDU1lXcEFR\neFBacnVDeHNoNXVjUkl4OVk4TGVCa1kKjfIvM9SNYY+usnRr09db+4obAhByE3/h\noVJufP5RqqHtm0gWyJKXFpUcIhZUVUaRX4pqPmnhuz1pNC+4NXOXuA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-01T22:22:52Z", diff --git a/modules/system/secrets/sops.mod.nix b/modules/system/secrets/sops.mod.nix index 527282d..611ff45 100644 --- a/modules/system/secrets/sops.mod.nix +++ b/modules/system/secrets/sops.mod.nix @@ -24,6 +24,8 @@ let # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'. # sops_master_key master_key = "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc"; + # tempeance /persist/etc/ssh/ssh_host_ed25519_key + temperance_host_key = "age16p3h2xu69lpy3f2msfs69q4uhu2hytkqk2p80ss9hxqcwky4cc6ss38x85"; # hermit /etc/ssh/ssh_host_ed25519_key hermit_host_key = "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff"; @@ -32,6 +34,7 @@ let keys = concatStringsSep "," [ master_key hermit_host_key + temperance_host_key ]; sops = pkgs.symlinkJoin { @@ -47,17 +50,11 @@ let mkRecipients = list: [ { age = list; } ]; sopsConfig = fromYAML ".sops.yaml" { - keys = [ - master_key - hermit_host_key - ]; + inherit keys; creation_rules = [ { path_regex = "secrets.json"; - key_groups = mkRecipients [ - master_key - hermit_host_key - ]; + key_groups = mkRecipients keys; } { path_regex = "personal_info.json"; @@ -65,6 +62,7 @@ let master_key hermit_host_key tower_host_key + temperance_host_key ]; } { @@ -72,21 +70,16 @@ let key_groups = mkRecipients [ master_key tower_host_key + temperance_host_key ]; } { path_regex = "uni_scope.toml"; - key_groups = mkRecipients [ - master_key - hermit_host_key - ]; + key_groups = mkRecipients keys; } { path_regex = "organization_scope.toml"; - key_groups = mkRecipients [ - master_key - hermit_host_key - ]; + key_groups = mkRecipients keys; } ]; }; diff --git a/modules/system/secrets/uni_scope.toml b/modules/system/secrets/uni_scope.toml index 506fab1..330c167 100644 --- a/modules/system/secrets/uni_scope.toml +++ b/modules/system/secrets/uni_scope.toml @@ -4,11 +4,15 @@ "age": [ { "recipient": "age1a4jv2avdlj5zzq9p7ss9958t4wt3an95c3j86eclge7q2qc6n3wq4ucymc", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzYTJaa1RETEFOdENzQXl6\nakg0bk1icTllRHdkb0Q1WGFxMWE5RXdGTVhzCmhsRkVVUC80Um5CcUtrY2NQVmJv\nYzZCVUllSi9hamdKemduME9BdGJjM0UKLS0tIC8zS3RaUUpBSm4xK1ozeXFHQzdz\nYmd2Z3V3ODkvQjcvdnliVVNPdmY2azAKA/2YkNAjwbTWdoQLV8qM012EzAx8yM8l\nH1cSLyfXfulUA3DGTeSck8MJmd/c5kTSkH6TqGs2XxnGSI8W92c/Uw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlLzZCMVNkcmRMQTIvdk5N\nUVZ6TUVBT2s3RTYxMVlJZHU4RzFjVUdIckVZCks2MDRJSDdYVkpHN3llUXNnZDc5\nV29zMm12TmN6K0t3VmY2MmFBVVdZd1EKLS0tIFNXREFUOUoyZTNuWFdNdXBYY3FT\naTBickFBOUhBUTFvZXhMVHNGRmR0T3MKdSUtmD9xB5qypB+hj62/U57VyOzj5yt7\nhOoNvkOyVJuRWwtwEo8SBMKvFs+mzULqHJh7slFamM6VjEokhDE+zw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age12neldqxts6h3zstmk5hvmn2pq8s9qfhkt7cjcdd9wygekqrmparq6djsff", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQk9ZU3JXYXFNZm5pdCtz\nQis4TFlqanRlY3lHdVA3S1FyQTFsTmI2MzBnCk80K041NDZmMnBUUURrZFcyMzR2\nSitjY2xLeE40V1pTckdpNHZQNjBPOEUKLS0tIGpQVnB3MUd5b0FZOUlqNzlvWFZt\nb2RMZGJVbk1ZOHpqV0dOZ0ZudXNQNWcKg5v6dzKUPR5W1B8FM5hnsLA+HjcAObES\nc+Ff371ERAFfA8S9z4kxUmjRpdp+5AORakyf4PrtlUeEx7Ah9uARug==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaXRGOXp5ZEVFcGN5V1JL\nM1NIcEhMUEFOZUJxRi9iYXJSRXhEZHVWZUdBCmxtN00yRXV2U0RlOUhiVU5PS2xz\nUWRYdHltTnlaQmR3SnJpY2VTbThKOGMKLS0tIEZiQlJLRDhvL2pMaEx5ZEpoS2xi\nQmdxcG9lTHVVYUlnY3JyOW1ybnEwc2sKqi80VUMu5lgXPbkQDGp4C7JuWSwESSqy\nVbm4TdvAXEn69t03O4+Vff+Bx5HsAzcWerA1+ZvlLBdkAYcGC2YKIw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age16p3h2xu69lpy3f2msfs69q4uhu2hytkqk2p80ss9hxqcwky4cc6ss38x85", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMjJBb3RROUFkWURZejlv\nYXVXK0pkK2ZPTHpSZEJoaTlFY2hYMm1xREQ4Clh1VFFWVkRqTnJoT01EZkg3VytX\nakZ4UUJ4MSt4WVg3R2ZRRXJraUtxWFEKLS0tIHRWNjJYU1QydFZUZ0UzWmoyeU9t\nZ0gyMzRkOEt6TVZQMTZmdGpaUU9rTVkKct5ZlfiPrEJWC3hZsESbEr5ewUWgFL7r\n5WESkGmeA1coph5XzbO+asEfPcs2kRCZcOzRSsU55SNTwloDyCtuWg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-09-03T16:39:27Z", From b412042f48558147703d6f0364853442fd0146ab Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:31:46 +0200 Subject: [PATCH 06/17] ghostty: config updates --- modules/home/programs/ghostty.hjem.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/home/programs/ghostty.hjem.nix b/modules/home/programs/ghostty.hjem.nix index ed95503..3009178 100644 --- a/modules/home/programs/ghostty.hjem.nix +++ b/modules/home/programs/ghostty.hjem.nix @@ -47,7 +47,7 @@ let confirm-close-surface = "false"; cursor-style-blink = "false"; gtk-single-instance = "true"; - gtk-tabs-location = "bottom"; + gtk-tabs-location = "top"; gtk-wide-tabs = false; mouse-hide-while-typing = "true"; resize-overlay-duration = "0s"; @@ -56,10 +56,12 @@ let theme = "GruvboxDarkHard"; window-decoration = "none"; window-padding-balance = true; - window-padding-x = 8; - window-padding-y = 8; - window-theme = "ghostty"; + window-padding-x = 2; + window-padding-y = 2; + window-theme = "system"; cursor-style = "block"; + gtk-adwaita = true; + gtk-titlebar = false; # Whether to automatically copy selected text to the clipboard. true will prefer to copy to the selection clipboard, otherwise it will copy to the system clipboard. # The value clipboard will always copy text to the selection clipboard as well as the system clipboard. From e798a97809b7d31292f288d130f339022ed880f3 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:33:05 +0200 Subject: [PATCH 07/17] brave.mod.nix: drop --- modules/programs/gui/brave.mod.nix | 245 ----------------------------- 1 file changed, 245 deletions(-) delete mode 100644 modules/programs/gui/brave.mod.nix diff --git a/modules/programs/gui/brave.mod.nix b/modules/programs/gui/brave.mod.nix deleted file mode 100644 index e69cfe7..0000000 --- a/modules/programs/gui/brave.mod.nix +++ /dev/null @@ -1,245 +0,0 @@ -{ - lib, - pkgs, - ... -}: -let - inherit (lib.lists) map; - inherit (lib.strings) concatStringsSep; - - # https://peter.sh/experiments/chromium-command-line-switches/ - flags = concatStringsSep " " [ - "--no-first-run" - "--enable-gpu-rasterization" - "--force-dark-mode" - "--enable-smooth-scrolling" - "--enable-features=UseOzonePlatform" - "--ozone-platform=wayland" - "--user-agent='Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.3'" - # https://source.chromium.org/chromium/chromium/src/+/main:headless/app/headless_shell_switches.cc;drc=3556fbff47c18193f4a39d2496596e89b8307a15;l=47-55 - "--password-store=gnome-keyring" - ]; - brave-wrapped = pkgs.symlinkJoin { - name = "brave"; - paths = [ - pkgs.brave - ]; - nativeBuildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - wrapProgram $out/bin/brave --append-flags "${flags}" - ''; - }; -in -{ - environment.systemPackages = [ - # brave-wrapped - ]; - programs.chromium = { - enable = false; - - # This sets a bunch of flags to make Brave usable. - # This was made possible through several similar projects, - # which facilitated this process a lot: - # https://gist.github.com/yashgorana/869542b66d7188729716379abe7464e0 - # https://github.com/yashgorana/chrome-debloat - # https://chromeenterprise.google/intl/en_ca/policies - extraOpts = { - BraveRewardsDisabled = true; - BraveWalletDisabled = true; - - # Setting the policy to False prevents Google Chrome from showing - # product promotional content. - PromotionsEnabled = false; - TorDisabled = true; - BraveVPNDisabled = true; - BraveAIChatEnabled = false; - SyncDisabled = true; - - # Setting the policy to False stops Google Chrome from ever checking if - # it's the default and turns user controls off for this option. - DefaultBrowserSettingEnabled = false; - - # In background mode, a Google Chrome process is started on OS sign-in and keeps - # running when the last browser window is closed, allowing background apps and - # the browsing session to remain active. - BackgroundModeEnabled = false; - - # By default the browser will show media recommendations that are personalized to the user. - # Setting this policy to Disabled will result in these recommendations being hidden from the user. - MediaRecommendationsEnabled = false; - - # This policy controls the availability of the shopping list feature. - # If enabled, users will be presented with UI to track the price of - # the product displayed on the current page. The tracked product will - # be shown in the bookmarks side panel. If this policy is set to Enabled - # or not set, the shopping list feature will be available to users. - # If this policy is set to Disabled, the shopping list feature will be unavailable. - ShoppingListEnabled = false; - BraveSyncUrl = ""; - PrivacySandboxFingerprintingProtectionEnabled = true; - PrivacySandboxIpProtectionEnabled = true; - DefaultSearchProviderEnabled = true; - DefaultSearchProviderName = "Kagi"; - DefaultSearchProviderSearchURL = "https://kagi.com/search?q={searchTerms}"; - DefaultSearchProviderNewTabURL = "https://kagi.com"; - SearchSuggestEnabled = true; - DefaultSearchProviderSuggestURL = "https://kagi.com/api/autosuggest?q={searchTerms}"; - - # Prevents webpage elements that aren't from the domain - # that's in the browser's address bar from setting cookies. - BlockThirdPartyCookies = true; - DnsOverHttpsMode = "automatic"; - MetricsReportingEnabled = false; - SafeBrowsingExtendedReportingEnabled = false; - # Setting the policy to Enabled means URL-keyed anonymized data collection, - # which sends URLs of pages the user visits to Google to make searches and - # browsing better, is always active. - # Setting the policy to Disabled results in no URL-keyed anonymized data collection. - UrlKeyedAnonymizedDataCollectionEnabled = false; - - # Google Chrome in-product surveys collect user feedback for the browser. - # Survey responses are not associated with user accounts. When this policy - # is Enabled or not set, in-product surveys may be shown to users. - # When this policy is Disabled, in-product surveys are not shown to users. - FeedbackSurveysEnabled = false; - - PasswordManagerEnabled = false; - # Disable sharing user credentials with other users - PasswordSharingEnabled = false; - # Disable leak detection for entered credentials - PasswordLeakDetectionEnabled = false; - - AutofillAddressEnabled = false; - AutofillCreditCardEnabled = false; - ParcelTrackingEnabled = false; - - # Setting the policy to 2 denies sites tracking the users' physical locationing. - DefaultGeolocationSetting = 2; - DefaultNotificationsSetting = 2; - # Setting the policy to BlockLocalFonts (value 2) automatically denies the local fonts - # permission to sites by default. This will limit the ability of sites to see - # information about local fonts. - DefaultLocalFontsSetting = 2; - - # Setting the policy to 1 lets websites access and use sensors such as motion and light. - # Setting the policy to 2 denies access to sensors. - DefaultSensorsSetting = 2; - # Setting the policy to 3 lets websites ask for access to serial ports. - # Setting the policy to 2 denies access to serial ports. - DefaultSerialGuardSetting = 2; - # This policy allows to control the Related Website Sets feature enablement. - # This policy overrides the FirstPartySetsEnabled policy. - # When this policy is set to False, the Related Website Sets feature is disabled. - RelatedWebsiteSetsEnabled = false; - - # This policy controls the sign-in behavior of the browser. - # It allows you to specify if the user can sign in to Google Chrome with - # their account and use account related services like Google Chrome Sync. - BrowserSignin = 0; - - QuicAllowed = true; - - # Setting the policy to Enabled turns the internal PDF viewer off in Google Chrome, - # treats PDF files as a download, and lets users open PDFs with the default application. - AlwaysOpenPdfExternally = true; - - SpellcheckEnabled = false; - EnableDoNotTrack = true; - - # If this policy is set to Disabled, Google Chrome will not allow guest profiles to be started. - # Guest logins are Google Chrome profiles where all windows are in incognito mode. - BrowserGuestModeEnabled = false; - - # This policy controls which software stack is used to communicate with the DNS server: - # the Operating System DNS client, or Google Chrome's built-in DNS client. This policy - # does not affect which DNS servers are used: if, for example, the operating system is - # configured to use an enterprise DNS server, that same server would be used by the - # built-in DNS client. It also does not control if DNS-over-HTTPS is used; Google Chrome - # will always use the built-in resolver for DNS-over-HTTPS requests. - # If this policy is set to Disabled, the built-in DNS client will only be used when DNS-over-HTTPS is in use. - BuiltinDnsClientEnabled = false; - - # Control if Manifest v2 extensions can be used by browser. - ExtensionManifestV2Availability = 2; - - # Setting the policy to True means Google Chrome uses alternate error - # pages built into (such as "page not found"). Setting the policy to - # False means Google Chrome never uses alternate error pages. - AlternateErrorPagesEnabled = false; - - "3rdparty" = { - extensions = { - # Ublock Origin - cjpalhdlnbpafiamejdnhcphjbkeiagm = { - toOverwrite = { - filterLists = [ - # Default UBlock Origin filter lists - "user-filters" - "ublock-filters" - "ublock-badware" - "ublock-privacy" - "ublock-abuse" - "ublock-unbreak" - "easylist" - "easyprivacy" - "urlhaus-1" - "plowe-0" - - "https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/privacy_essentials.txt" - "https://raw.githubusercontent.com/hagezi/dns-blocklists/refs/heads/main/adblock/pro.plus.mini.txt" - "https://raw.githubusercontent.com/DandelionSprout/adfilt/refs/heads/master/LegitimateURLShortener.txt" - "https://raw.githubusercontent.com/yokoffing/filterlists/refs/heads/main/annoyance_list.txt" - "https://raw.githubusercontent.com/DandelionSprout/adfilt/refs/heads/master/BrowseWebsitesWithoutLoggingIn.txt" - ]; - }; - }; - }; - }; - }; - extensions = [ - # NoScript - "doojmbjmlfjjnbmnoijecmcbfeoakpjm" - # KeePassXC-Browser - # "oboonakemofpalcgghocfoadofidjkkk" - # Bitwarden Password Manager - "nngceckbapebfimnlniiiahkandclblb" - # Catppuccin Mocha - "bkkmolkhemgaeaeggcmfbghljjjoofoh" - # Dark Reader - "eimadpbcbfnmbkopoojfekhnkhdbieeh" - # UBlock Origin - "cjpalhdlnbpafiamejdnhcphjbkeiagm" - # I still don't care about cookies - "edibdbjcniadpccecjdfdjjppcpchdlm" - # Sponsorblock - "mnjggcdmjocbbbhaepdhchncahnbgone" - # Decentraleyes - "ldpochfccmkkmhdbclfhpagapcfdljkj" - # Humble new tab page - "mfgdmpfihlmdekaclngibpjhdebndhdj" - ]; - }; - - networking.extraHosts = - concatStringsSep "\n" - <| map (addr: "localhost ${addr}") [ - "rewards.brave.com" - "api.rewards.brave.com" - "grant.rewards.brave.com" - "variations.brave.com" - "laptop-updates.brave.com" - "static.brave.com" - "static1.brave.com" - "crlsets.brave.com" - "ads.brave.com" - "ads-admin.brave.com" - "ads-help.brave.com" - "referrals.brave.com" - "analytics.brave.com" - "search.anonymous.ads.brave.com" - "p3a.brave.com" - "variations.brave.com" - "star-randsrv.bsg.brave.com" - "usage-ping.brave.com" - ]; -} From 059bba30448ce56ddb6c6b76b10535718f31090d Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:33:13 +0200 Subject: [PATCH 08/17] mako: drop --- modules/services/mako.mod.nix | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 modules/services/mako.mod.nix diff --git a/modules/services/mako.mod.nix b/modules/services/mako.mod.nix deleted file mode 100644 index 2df18f9..0000000 --- a/modules/services/mako.mod.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -let - mako-wrapped = pkgs.symlinkJoin { - name = "mako-wrapped"; - paths = [ pkgs.mako ]; - nativeBuildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - wrapProgram $out/bin/mako --add-flags "\ - --font 'Lexend 11' \ - --border-radius 8 \ - --padding 8 \ - --border-size 5 \ - --default-timeout 4000" - ''; - }; -in -{ - environment.systemPackages = [ mako-wrapped ]; -} From b1969ff91e640a8f3b332f12145c73436ae62315 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:34:21 +0200 Subject: [PATCH 09/17] nushell: set environment variables --- modules/home/nushell/nu.hjem.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/home/nushell/nu.hjem.nix b/modules/home/nushell/nu.hjem.nix index e57933e..de28466 100644 --- a/modules/home/nushell/nu.hjem.nix +++ b/modules/home/nushell/nu.hjem.nix @@ -11,6 +11,11 @@ carapace fish ]; + + environment.sessionVariables = { + CARAPACE_BRIDGES = "fish,inshellisense,carapace,clap,bash"; + CARAPACE_MATCH = 1; + }; files = { ".config/nushell/config.nu".source = ./config.nu; From 6ba36ebaa3182c1fdaaea44b5fab2eaa57d69f55 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:34:54 +0200 Subject: [PATCH 10/17] sops: fix keys --- modules/system/secrets/sops.mod.nix | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/modules/system/secrets/sops.mod.nix b/modules/system/secrets/sops.mod.nix index 611ff45..4f3ca7a 100644 --- a/modules/system/secrets/sops.mod.nix +++ b/modules/system/secrets/sops.mod.nix @@ -50,11 +50,18 @@ let mkRecipients = list: [ { age = list; } ]; sopsConfig = fromYAML ".sops.yaml" { - inherit keys; + keys = [ + master_key + hermit_host_key + ]; creation_rules = [ { path_regex = "secrets.json"; - key_groups = mkRecipients keys; + key_groups = mkRecipients [ + master_key + hermit_host_key + temperance_host_key + ]; } { path_regex = "personal_info.json"; @@ -75,11 +82,19 @@ let } { path_regex = "uni_scope.toml"; - key_groups = mkRecipients keys; + key_groups = mkRecipients [ + master_key + hermit_host_key + temperance_host_key + ]; } { path_regex = "organization_scope.toml"; - key_groups = mkRecipients keys; + key_groups = mkRecipients [ + master_key + hermit_host_key + temperance_host_key + ]; } ]; }; From 2b5fbe35977b919e60fec1514cc33447a2e108a3 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:38:21 +0200 Subject: [PATCH 11/17] temperance: set isWorkstation and isGraphical --- hosts/temperance/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/temperance/configuration.nix b/hosts/temperance/configuration.nix index d668190..d222e38 100644 --- a/hosts/temperance/configuration.nix +++ b/hosts/temperance/configuration.nix @@ -24,6 +24,10 @@ meta = { mainUser.gitSigningKey = ""; + system = { + isWorkstation = true; + isGraphical = true; + }; }; modules = { system = { From edda78cdda0eb6a0b2b82d53b5a287d419c7856f Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:47:40 +0200 Subject: [PATCH 12/17] packages: fix with pkgs; scoping --- modules/packages/packages.mod.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/packages/packages.mod.nix b/modules/packages/packages.mod.nix index 7b03fc6..82006a8 100644 --- a/modules/packages/packages.mod.nix +++ b/modules/packages/packages.mod.nix @@ -1,4 +1,5 @@ { + config, inputs, lib, pkgs, @@ -18,13 +19,13 @@ let doInstallCheck = false; meta.mainProgram = "nil"; }; + in { environment = { defaultPackages = [ ]; systemPackages = - with pkgs; - [ + (with pkgs; [ asciinema atuin bat @@ -108,9 +109,9 @@ in ty python3 comma - radicle-tui radicle-node - ] + radicle-tui + ]) ++ [ nil ]; From ffc8ccaf1f1255f8a377750282685f2951eb6da9 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:47:57 +0200 Subject: [PATCH 13/17] secrets: add factorio_token --- modules/system/secrets/secrets.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/system/secrets/secrets.json b/modules/system/secrets/secrets.json index 57c27fe..f62c216 100644 --- a/modules/system/secrets/secrets.json +++ b/modules/system/secrets/secrets.json @@ -1,4 +1,5 @@ { + "factorio_token": "ENC[AES256_GCM,data:l6o2LzFRcY43lieDBaFOk5ACqmp408AZNinfF2c7,iv:AiXRw30CZ9dJYP2jBvK89LiwG+d8sbQmyWVMDDUpxYU=,tag:/oHfsW6NFmr2bnH0WXMQWw==,type:str]", "sops": { "age": [ { @@ -14,8 +15,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUM1JCSkNQVW1iWUhSc285\nMFRienl6MUc1b29iMGs5QTcrOXRRYzFBL0g0Ck1UdVNxOHpEeWJuUWZxOWdJa29m\ncGxFZ2tUNzZLNEJtRjFiUkp6RzFiNmsKLS0tIC9XdGxmWUIyTVM3bitDU1lXcEFR\neFBacnVDeHNoNXVjUkl4OVk4TGVCa1kKjfIvM9SNYY+usnRr09db+4obAhByE3/h\noVJufP5RqqHtm0gWyJKXFpUcIhZUVUaRX4pqPmnhuz1pNC+4NXOXuA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-01T22:22:52Z", - "mac": "ENC[AES256_GCM,data:FJo1PM2DqR3ImZoo7zl3IZRVKHdkTD1f5UIf/qSIVNA5UiSZuGX22XCZQRaGFc0XhI6oFLlnqXHGFUjcm5W487oVa9L/DiLE8iqCnMFcg2TmDb2n0BBzTkFusRaG1xBk4DvXGwXyRqY6kkn3vL1MoOmKJK13UkpTcgKa0bVWwBM=,iv:Qc0S5CBkgBAyKpEeBaqhZZsnDXkr5pHvTFVR99uGcNw=,tag:KBGcvx2j/BEPcd9bpLuY7A==,type:str]", + "lastmodified": "2025-09-04T19:38:09Z", + "mac": "ENC[AES256_GCM,data:2QT0gRTp1eiu+ugKJXeLWcw1O+9RElL5R8zl0vUu8gBpR381xW7anQIwpZ1A/3rKnaosD4g/yvsoXioMv6ueeZ66A4HX8gXhQbGt2o4In2rY2/LpXMIG4xS3u380kvaCfU83Aib+rkOKfOyeNaOtN8nNiyIWwZeHzj7AObng+6o=,iv:wZVGSFiFU5ddjw5HMZwYc2khKyTYHVYQD6WOWGcoFxM=,tag:ZDkJsTKQzzb8PyaVOr+TrA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 203e569c89963648a5a1e90f45aeac67fd1cd06c Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:48:17 +0200 Subject: [PATCH 14/17] sudo: cleanup --- modules/system/os/security/sudo.mod.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/os/security/sudo.mod.nix b/modules/system/os/security/sudo.mod.nix index 8bd3fa8..8c2869a 100644 --- a/modules/system/os/security/sudo.mod.nix +++ b/modules/system/os/security/sudo.mod.nix @@ -8,7 +8,6 @@ let in { security = { - sudo-rs.enable = mkForce false; sudo = { enable = true; # We use the default sudo package, but with insults if we From 83e4256fe50ceffb98abc32d7bb68e6952a5773f Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:48:27 +0200 Subject: [PATCH 15/17] sops: fix factorio_token file permissions --- modules/system/secrets/sops.mod.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/system/secrets/sops.mod.nix b/modules/system/secrets/sops.mod.nix index 4f3ca7a..86f00e6 100644 --- a/modules/system/secrets/sops.mod.nix +++ b/modules/system/secrets/sops.mod.nix @@ -31,11 +31,6 @@ let # tower /etc/ssh/ssh_host_ed25519_key tower_host_key = "age18ga6m08fjs2azav73sl8y4xudhld9ger3zwpnc5euy2j3cjam35sstud9w"; - keys = concatStringsSep "," [ - master_key - hermit_host_key - temperance_host_key - ]; sops = pkgs.symlinkJoin { name = "sops-wrapped"; @@ -102,8 +97,10 @@ let secretFiles = filter (file: hasSuffix "json" file) <| attrNames <| readDir ./.; secretNames = file: remove "sops" <| attrNames <| fromJSON <| readFile <| ./. + "/${file}"; - - fileModes."personal_info.json" = "0444"; + fileModes = { + "personal_info.json" = "0444"; + "factorio_token" = "0444"; + }; generateSecrets = file: From 950a5b52304b916ca38c1b21c62b3e284e64ed81 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:48:41 +0200 Subject: [PATCH 16/17] niri: drop niri-tag again --- modules/wms/niri/config.nix | 255 +++------------------------------- modules/wms/niri/niri.mod.nix | 22 +-- 2 files changed, 25 insertions(+), 252 deletions(-) diff --git a/modules/wms/niri/config.nix b/modules/wms/niri/config.nix index c3278a0..93f6cf3 100644 --- a/modules/wms/niri/config.nix +++ b/modules/wms/niri/config.nix @@ -5,7 +5,6 @@ plain, leaf, flag, - tagctl, zen-browser, }: let @@ -59,7 +58,6 @@ in }) ]) - (flag "prefer-no-csd") (leaf "screenshot-path" "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png") (plain "layout" [ @@ -230,240 +228,27 @@ in ]) ]) - (plain "Mod+0" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "0" - ]) - ]) - (plain "Mod+1" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "1" - ]) - ]) - (plain "Mod+2" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "2" - ]) - ]) - (plain "Mod+3" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "3" - ]) - ]) - (plain "Mod+4" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "4" - ]) - ]) - (plain "Mod+5" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "5" - ]) - ]) - (plain "Mod+6" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "6" - ]) - ]) - (plain "Mod+7" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "7" - ]) - ]) - (plain "Mod+8" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "8" - ]) - ]) - (plain "Mod+9" [ - (leaf "spawn" [ - tagctl - "toggle-tag" - "9" - ]) - ]) + (plain "Mod+0" [ (leaf "focus-workspace" 0) ]) + (plain "Mod+1" [ (leaf "focus-workspace" 1) ]) + (plain "Mod+2" [ (leaf "focus-workspace" 2) ]) + (plain "Mod+3" [ (leaf "focus-workspace" 3) ]) + (plain "Mod+4" [ (leaf "focus-workspace" 4) ]) + (plain "Mod+5" [ (leaf "focus-workspace" 5) ]) + (plain "Mod+6" [ (leaf "focus-workspace" 6) ]) + (plain "Mod+7" [ (leaf "focus-workspace" 7) ]) + (plain "Mod+8" [ (leaf "focus-workspace" 8) ]) + (plain "Mod+9" [ (leaf "focus-workspace" 9) ]) - # (plain "Mod+0" [ (leaf "focus-workspace" 0) ]) - # (plain "Mod+1" [ (leaf "focus-workspace" 1) ]) - # (plain "Mod+2" [ (leaf "focus-workspace" 2) ]) - # (plain "Mod+3" [ (leaf "focus-workspace" 3) ]) - # (plain "Mod+4" [ (leaf "focus-workspace" 4) ]) - # (plain "Mod+5" [ (leaf "focus-workspace" 5) ]) - # (plain "Mod+6" [ (leaf "focus-workspace" 6) ]) - # (plain "Mod+7" [ (leaf "focus-workspace" 7) ]) - # (plain "Mod+8" [ (leaf "focus-workspace" 8) ]) - # (plain "Mod+9" [ (leaf "focus-workspace" 9) ]) - # - (plain "Mod+Shift+0" [ - (leaf "spawn" [ - tagctl - "toggle" - "0" - ]) - ]) - (plain "Mod+Shift+1" [ - (leaf "spawn" [ - tagctl - "toggle" - "1" - ]) - ]) - (plain "Mod+Shift+2" [ - (leaf "spawn" [ - tagctl - "toggle" - "2" - ]) - ]) - (plain "Mod+Shift+3" [ - (leaf "spawn" [ - tagctl - "toggle" - "3" - ]) - ]) - (plain "Mod+Shift+4" [ - (leaf "spawn" [ - tagctl - "toggle" - "4" - ]) - ]) - (plain "Mod+Shift+5" [ - (leaf "spawn" [ - tagctl - "toggle" - "5" - ]) - ]) - (plain "Mod+Shift+6" [ - (leaf "spawn" [ - tagctl - "toggle" - "6" - ]) - ]) - (plain "Mod+Shift+7" [ - (leaf "spawn" [ - tagctl - "toggle" - "7" - ]) - ]) - (plain "Mod+Shift+8" [ - (leaf "spawn" [ - tagctl - "toggle" - "8" - ]) - ]) - (plain "Mod+Shift+9" [ - (leaf "spawn" [ - tagctl - "toggle" - "9" - ]) - ]) - - # (plain "Mod+Shift+0" [ (leaf "move-column-to-workspace" 0) ]) - # (plain "Mod+Shift+1" [ (leaf "move-column-to-workspace" 1) ]) - # (plain "Mod+Shift+2" [ (leaf "move-column-to-workspace" 2) ]) - # (plain "Mod+Shift+3" [ (leaf "move-column-to-workspace" 3) ]) - # (plain "Mod+Shift+4" [ (leaf "move-column-to-workspace" 4) ]) - # (plain "Mod+Shift+5" [ (leaf "move-column-to-workspace" 5) ]) - # (plain "Mod+Shift+6" [ (leaf "move-column-to-workspace" 6) ]) - # (plain "Mod+Shift+7" [ (leaf "move-column-to-workspace" 7) ]) - # (plain "Mod+Shift+8" [ (leaf "move-column-to-workspace" 8) ]) - # (plain "Mod+Shift+9" [ (leaf "move-column-to-workspace" 9) ]) - - (plain "Mod+Ctrl+0" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "0" - ]) - ]) - (plain "Mod+Ctrl+1" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "1" - ]) - ]) - (plain "Mod+Ctrl+2" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "2" - ]) - ]) - (plain "Mod+Ctrl+3" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "3" - ]) - ]) - (plain "Mod+Ctrl+4" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "4" - ]) - ]) - (plain "Mod+Ctrl+5" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "5" - ]) - ]) - (plain "Mod+Ctrl+6" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "6" - ]) - ]) - (plain "Mod+Ctrl+7" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "7" - ]) - ]) - (plain "Mod+Ctrl+8" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "8" - ]) - ]) - (plain "Mod+Ctrl+9" [ - (leaf "spawn" [ - tagctl - "exclusive-tag" - "9" - ]) - ]) + (plain "Mod+Shift+0" [ (leaf "move-column-to-workspace" 0) ]) + (plain "Mod+Shift+1" [ (leaf "move-column-to-workspace" 1) ]) + (plain "Mod+Shift+2" [ (leaf "move-column-to-workspace" 2) ]) + (plain "Mod+Shift+3" [ (leaf "move-column-to-workspace" 3) ]) + (plain "Mod+Shift+4" [ (leaf "move-column-to-workspace" 4) ]) + (plain "Mod+Shift+5" [ (leaf "move-column-to-workspace" 5) ]) + (plain "Mod+Shift+6" [ (leaf "move-column-to-workspace" 6) ]) + (plain "Mod+Shift+7" [ (leaf "move-column-to-workspace" 7) ]) + (plain "Mod+Shift+8" [ (leaf "move-column-to-workspace" 8) ]) + (plain "Mod+Shift+9" [ (leaf "move-column-to-workspace" 9) ]) (plain "Ctrl+Print" [ (flag "screenshot-screen") ]) (plain "Mod+Alt+L" [ (leaf "spawn" <| getExe pkgs.swaylock) ]) diff --git a/modules/wms/niri/niri.mod.nix b/modules/wms/niri/niri.mod.nix index d09e4ec..234f805 100644 --- a/modules/wms/niri/niri.mod.nix +++ b/modules/wms/niri/niri.mod.nix @@ -8,14 +8,11 @@ let inherit (lib.modules) mkForce mkIf; inherit (lib.options) mkEnableOption; - inherit (lib.meta) getExe'; inherit (config.modules.system) isGraphical; inherit (config.meta.mainUser) username; inherit (lib) getFlakePkg'; - niri-tag = inputs.niri-tag.packages.${builtins.currentSystem}.unstable; zen-browser = getFlakePkg' inputs.zen-browser-flake "beta"; - tagctl = getExe' niri-tag "tagctl"; cfg = config.modules.desktops.niri; @@ -57,33 +54,24 @@ let flag lib pkgs - tagctl zen-browser ; } ); in { - imports = [ - inputs.niri-tag.nixosModules.niri-tag - inputs.niri.nixosModules.niri - ]; options.modules.desktops.niri.enable = mkEnableOption "Niri, a scolling tiling wayland compositor"; config = mkIf (cfg.enable || isGraphical) { programs.niri = { enable = true; - # package = pkgs.niri; - }; - services = { - # The niri module auto enables the gnome keyring, - # which is something I direly want to avoid. - gnome.gnome-keyring.enable = mkForce false; - niri-tag = { - enable = true; - }; + package = pkgs.niri; }; + # The niri module auto enables the gnome keyring, + # which is something I direly want to avoid. + services.gnome.gnome-keyring.enable = mkForce false; + hjem.users.${username}.files.".config/niri/config.kdl".source = niri-config; environment.systemPackages = builtins.attrValues { From eba5856f4738c5a23e5f662ce67983310b76f648 Mon Sep 17 00:00:00 2001 From: faukah Date: Thu, 4 Sep 2025 21:48:49 +0200 Subject: [PATCH 17/17] Quickshell progress dump --- modules/style/quickshell/shell/Test.qml | 35 ++++++ .../style/quickshell/shell/config/Config.qml | 23 ---- .../shell/modules/BackgroundImage.qml | 2 +- .../quickshell/shell/modules/BottomBar.qml | 36 +++++++ .../style/quickshell/shell/modules/Clock.qml | 91 ++++++++++++++++ .../quickshell/shell/modules/ClockPopup.qml | 91 ++++++++++++++++ .../style/quickshell/shell/modules/Main.qml | 46 ++++++++ .../style/quickshell/shell/modules/TopBar.qml | 45 ++++++++ .../shell/modules/drawers/Drawers.qml | 100 ------------------ modules/style/quickshell/shell/shell.qml | 5 +- 10 files changed, 348 insertions(+), 126 deletions(-) create mode 100644 modules/style/quickshell/shell/Test.qml create mode 100644 modules/style/quickshell/shell/modules/BottomBar.qml create mode 100644 modules/style/quickshell/shell/modules/Clock.qml create mode 100644 modules/style/quickshell/shell/modules/ClockPopup.qml create mode 100644 modules/style/quickshell/shell/modules/Main.qml create mode 100644 modules/style/quickshell/shell/modules/TopBar.qml delete mode 100644 modules/style/quickshell/shell/modules/drawers/Drawers.qml diff --git a/modules/style/quickshell/shell/Test.qml b/modules/style/quickshell/shell/Test.qml new file mode 100644 index 0000000..91f6b44 --- /dev/null +++ b/modules/style/quickshell/shell/Test.qml @@ -0,0 +1,35 @@ +import Quickshell +import Quickshell.Wayland +import QtQuick + +import qs.config + +WlrLayershell { + id: root + required property ShellScreen screen + + property var overviewZoom: 0.6 + layer: WlrLayer.Background + namespace: "shell:overview" + exclusionMode: ExclusionMode.Ignore + property int bottomMargin: (screen.height - screen.height * overviewZoom) / 2 + implicitHeight: 65 + implicitWidth: screen.width * overviewZoom + anchors { + bottom: true + } + margins { + bottom: root.bottomMargin - root.implicitHeight + } + Rectangle { + anchors.fill: parent + opacity: 0.6 + color: Colors.base + } + Text { + color: "white" + font.pixelSize: 20 + text: "TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST " + } + color: "transparent" +} diff --git a/modules/style/quickshell/shell/config/Config.qml b/modules/style/quickshell/shell/config/Config.qml index 9e44e32..060e637 100644 --- a/modules/style/quickshell/shell/config/Config.qml +++ b/modules/style/quickshell/shell/config/Config.qml @@ -6,27 +6,4 @@ import QtQuick Singleton { id: root - readonly property QtObject bar: QtObject { - readonly property int width: 50 - readonly property var colors: QtObject { - readonly property color bar: "#1e1e2e" - readonly property color barOutline: "#50ffffff" - readonly property color widget: "#25ceffff" - readonly property color widgetActive: "#80ceffff" - readonly property color widgetOutline: "#40ffffff" - readonly property color widgetOutlineSeparate: "#20ffffff" - readonly property color separator: "#60ffffff" - } - } - - readonly property QtObject border: QtObject { - readonly property int thickness: 0 - readonly property color color: "#1e1e2e" - readonly property int rounding: 0 - } - - readonly property QtObject volumeslider: QtObject { - readonly property int width: 50 - } - } diff --git a/modules/style/quickshell/shell/modules/BackgroundImage.qml b/modules/style/quickshell/shell/modules/BackgroundImage.qml index 9cf0ded..b27c655 100644 --- a/modules/style/quickshell/shell/modules/BackgroundImage.qml +++ b/modules/style/quickshell/shell/modules/BackgroundImage.qml @@ -12,7 +12,7 @@ PanelWindow { property string basePath: "file:///home/cr/Documents/Backgrounds/" property var absPath: folderModel.get(Math.floor(Math.random() * folderModel.count), "filePath") - property var finalPath: absPath + property var finalPath: basePath + "/whole_foods.png" // property bool _: log() // function log() { diff --git a/modules/style/quickshell/shell/modules/BottomBar.qml b/modules/style/quickshell/shell/modules/BottomBar.qml new file mode 100644 index 0000000..7de3220 --- /dev/null +++ b/modules/style/quickshell/shell/modules/BottomBar.qml @@ -0,0 +1,36 @@ +import Quickshell +import Quickshell.Wayland +import QtQuick + +import qs.config + +WlrLayershell { + id: root + property ShellScreen screen + + property var overviewZoom: 0.6 + property int bottomMargin: (screen.height - screen.height * overviewZoom) / 2 + layer: WlrLayer.Background + namespace: "shell:overview" + exclusionMode: ExclusionMode.Ignore + + implicitHeight: screen.height * 0.1 * overviewZoom + implicitWidth: screen.width * overviewZoom + anchors { + bottom: true + } + margins { + bottom: root.bottomMargin - root.implicitHeight + } + Rectangle { + anchors.fill: parent + opacity: 0.6 + color: Colors.base + } + Text { + color: "white" + font.pixelSize: 20 + text: "TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST TEST " + } + color: "transparent" +} diff --git a/modules/style/quickshell/shell/modules/Clock.qml b/modules/style/quickshell/shell/modules/Clock.qml new file mode 100644 index 0000000..d8eaff7 --- /dev/null +++ b/modules/style/quickshell/shell/modules/Clock.qml @@ -0,0 +1,91 @@ +import Quickshell +import QtQuick +import QtQuick.Shapes +import QtQuick.Layouts + +import qs.config + +Rectangle { + id: root + implicitWidth: shape.implicitWidth + implicitHeight: shape.implicitHeight + color: "transparent" + height: 50 + + Layout.alignment: Qt.AlignCenter + // Layout.fillHeight: true + Layout.fillWidth: true + antialiasing: true + + property int rounding: root.height / 3 + + Shape { + id: shape + anchors.centerIn: parent + + width: parent.width + height: parent.height + + implicitWidth: 300 + implicitHeight: root.height + + + ShapePath { + fillColor: Colors.base + strokeWidth: -1 + strokeColor: Colors.mantle + startY: root.implicitHeight + + PathArc { + relativeY: -root.rounding * 2 + relativeX: root.rounding * 2 + radiusX: root.rounding * 2 + radiusY: root.rounding * 2 + direction: PathArc.Counterclockwise + } + PathArc { + relativeY: -root.rounding + relativeX: root.rounding + radiusX: root.rounding + radiusY: root.rounding + } + PathLine { relativeX: root.width / 2; relativeY: 0 } + PathArc { + relativeY: root.rounding + relativeX: root.rounding + radiusX: root.rounding + radiusY: root.rounding + } + PathArc { + relativeY: root.rounding * 2 + relativeX: root.rounding * 2 + radiusX: root.rounding * 2 + radiusY: root.rounding * 2 + direction: PathArc.Counterclockwise + } + } + } + + Item { + anchors.centerIn: parent + + SystemClock { + id: clock + precision: SystemClock.Seconds + } + + Text { + id: text + anchors.centerIn: parent + property var date: Date() + + text: Qt.formatDateTime(clock.date, "hh mm") + + font.family: "ComicShannsMono Nerd Font Mono" + font.weight: Font.ExtraBold + font.pointSize: 12 + + color: "white" + } + } +} diff --git a/modules/style/quickshell/shell/modules/ClockPopup.qml b/modules/style/quickshell/shell/modules/ClockPopup.qml new file mode 100644 index 0000000..ef3084ca --- /dev/null +++ b/modules/style/quickshell/shell/modules/ClockPopup.qml @@ -0,0 +1,91 @@ +pragma ComponentBehavior: Bound +import Quickshell +import Quickshell.Wayland +import Quickshell.Widgets + +import QtQuick.Shapes +import QtQuick + +import qs.config + +WlrLayershell { + id: root + required property ShellScreen screen + + color: "transparent" + property int rounding: implicitHeight / 3 + + implicitWidth: clock.implicitWidth + implicitHeight: clock.implicitHeight + + anchors { + top: true + right: true + } + + layer: WlrLayer.Top + namespace: "shell:overview" + exclusionMode: ExclusionMode.Ignore + + Rectangle { + id: clock + visible: handler.hovered + implicitHeight: 60 + implicitWidth: shape.implicitWidth + color: "transparent" + + Behavior on implicitHeight { + NumberAnimation { + duration: 400 + easing.type: Easing.OutCubic + } + } + Shape { + id: shape + height: clock.visible ? parent.height : 0 + width: parent.width + + ShapePath { + id: path + fillColor: Colors.base + strokeWidth: -1 + + PathArc { + relativeX: root.rounding * 2 + relativeY: root.rounding * 2 + radiusX: root.rounding * 2 + radiusY: root.rounding * 2 + } + PathArc { + relativeX: root.rounding + relativeY: root.rounding + radiusX: root.rounding + radiusY: root.rounding + direction: PathArc.Counterclockwise + } + PathLine { + relativeX: 200 + relativeY: 0 + } + PathArc { + relativeX: root.rounding + relativeY: -root.rounding + radiusX: root.rounding + radiusY: root.rounding + direction: PathArc.Counterclockwise + } + PathArc { + relativeX: root.rounding * 2 + relativeY: -root.rounding * 2 + radiusX: root.rounding * 2 + radiusY: root.rounding * 2 + } + } + } + } + + HoverHandler { + id: handler + acceptedDevices: PointerDevice.Mouse | PointerDevice.TouchPad + } +} diff --git a/modules/style/quickshell/shell/modules/Main.qml b/modules/style/quickshell/shell/modules/Main.qml new file mode 100644 index 0000000..d0b2ea8 --- /dev/null +++ b/modules/style/quickshell/shell/modules/Main.qml @@ -0,0 +1,46 @@ +pragma ComponentBehavior: Bound + +import Quickshell +import Quickshell.Wayland +import QtQuick + +import qs.modules + +Variants { + model: Quickshell.screens + + delegate: Component { + Scope { + id: scope + required property ShellScreen modelData + + BackgroundImage { + id: backgroundimage + screen: scope.modelData + } + BackgroundImage { + id: background_overview + screen: scope.modelData + + WlrLayershell.namespace: "shell:background-overview" + } + + // ClockPopup { + // screen: scope.modelData + // } + // Rectangle { + // implicitHeight: 72 + // Clock {} + // } + + TopBar { + id: topBar + screen: scope.modelData + } + // BottomBar { + // id: bottomBar + // screen: scope.modelData + // } + } + } +} diff --git a/modules/style/quickshell/shell/modules/TopBar.qml b/modules/style/quickshell/shell/modules/TopBar.qml new file mode 100644 index 0000000..58223ed --- /dev/null +++ b/modules/style/quickshell/shell/modules/TopBar.qml @@ -0,0 +1,45 @@ +import Quickshell +import Quickshell.Wayland +import QtQuick +import QtQuick.Layouts + +import qs.config + +WlrLayershell { + id: root + property ShellScreen screen + + property var overviewZoom: 0.6 + property int bottomMargin: (screen.height - screen.height * overviewZoom) / 2 + property int barHeight: screen.height * 0.1 * overviewZoom + + layer: WlrLayer.Background + namespace: "shell:overview" + exclusionMode: ExclusionMode.Ignore + + implicitWidth: screen.width * overviewZoom + implicitHeight: screen.height * 0.1 * overviewZoom + + color: "transparent" + + anchors { + top: true + } + margins { + top: root.bottomMargin - root.implicitHeight + } + // Rectangle { + // anchors.fill: parent + // color: "transparent" + // border.width: 1 + // } + RowLayout { + id: layout + Layout.fillHeight: parent + Layout.fillWidth: parent + + // Clock { + // Layout.preferredHeight: root.barHeight + // } + } +} diff --git a/modules/style/quickshell/shell/modules/drawers/Drawers.qml b/modules/style/quickshell/shell/modules/drawers/Drawers.qml deleted file mode 100644 index 466182c..0000000 --- a/modules/style/quickshell/shell/modules/drawers/Drawers.qml +++ /dev/null @@ -1,100 +0,0 @@ -pragma ComponentBehavior: Bound - -import Quickshell -import Quickshell.Wayland -import QtQuick -import QtQuick.Effects - -import qs.modules.bar - -import qs.config -import qs.modules - -Variants { - model: Quickshell.screens - - Scope { - id: scope - required property ShellScreen modelData - - Exclusions { - screen: scope.modelData - bar: bar - } - - PanelWindow { - id: win - - screen: scope.modelData - color: "transparent" - - WlrLayershell.exclusionMode: ExclusionMode.Ignore - WlrLayershell.keyboardFocus: WlrKeyboardFocus.None - - // Clickthrough mask. - // Clickable areas of the window are determined by the provided region. - mask: Region { - // Start at the bottom left; right of the bar and on top of the border - x: bar.implicitWidth - y: Config.border.thickness - - // Width is the window width - the bar's width - the border thickness - width: win.width - bar.implicitWidth - Config.border.thickness - - // Height is window width - the border thickness x2 —top border and bottom border. - height: win.height - Config.border.thickness * 2 - - // Setting the intersection mode to Xor will invert the mask and make everything in the mask region not clickable and pass through clicks inside it through the window. - intersection: Intersection.Xor - // Region { - // item: volume - // intersection: Intersection.Subtract - // } - } - - anchors { - top: true - bottom: true - left: true - right: true - } - - Item { - id: background - - anchors.fill: parent - visible: false - - Border { - bar: bar - } - - Backgrounds { - bar: bar - } - } - - MultiEffect { - anchors.fill: source - source: background - shadowEnabled: true - blurMax: 15 - } - - Bar { - id: bar - screen: scope.modelData - } - } - BackgroundImage { - id: backgroundimage - screen: scope.modelData - } - BackgroundImage { - id: background_overview - screen: scope.modelData - - WlrLayershell.namespace: "shell:background-overview" - } - } -} diff --git a/modules/style/quickshell/shell/shell.qml b/modules/style/quickshell/shell/shell.qml index 0ff4469..e85d2c9 100644 --- a/modules/style/quickshell/shell/shell.qml +++ b/modules/style/quickshell/shell/shell.qml @@ -3,7 +3,8 @@ import Quickshell import QtQuick -import qs.modules.drawers +// import qs.modules.drawers +import qs.modules import qs ShellRoot { @@ -11,5 +12,5 @@ ShellRoot { Component.onCompleted: [Launcher.init(), AudioPopup.init()] - Drawers {} + Main {} }