From 824e30fc7cb571a655768353a9f500bcb0142f78 Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Apr 2025 15:31:18 +0200
Subject: [PATCH 1/5] wayneko/module.nix: more systemd hardening tweaks

---
 modules/services/wayneko/module.nix | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/modules/services/wayneko/module.nix b/modules/services/wayneko/module.nix
index 511304d..fe2f49e 100644
--- a/modules/services/wayneko/module.nix
+++ b/modules/services/wayneko/module.nix
@@ -31,10 +31,11 @@ in {
       PrivateTmp = true;
       PrivateUsers = true;
       ProcSubset = "pid";
+
       ProtectClock = true;
       ProtectControlGroups = true;
       ProtectControlGroup = true;
-      ProtectHome = "true";
+      ProtectHome = "read-only";
       ProtectHostname = true;
       ProtectKernelLogs = true;
       ProtectKernelModules = true;
@@ -48,11 +49,7 @@ in {
 
       SystemCallArchitectures = ["native"];
 
-      SystemCallFilter = [
-        "@system-service"
-        "~@privileged"
-        "~@resources"
-      ];
+      SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
     };
   };
 }

From 3dce32f616a6e90309a1470135df60be052fb1de Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Apr 2025 15:31:18 +0200
Subject: [PATCH 2/5] style: working gtk colors Still have to set the stuff
 using dconf tho L

---
 modules/style/gtk-colors.nix | 92 ++++++++++++++++++++++++++++++++++++
 modules/style/gtk.nix        | 15 ++++--
 2 files changed, 102 insertions(+), 5 deletions(-)
 create mode 100644 modules/style/gtk-colors.nix

diff --git a/modules/style/gtk-colors.nix b/modules/style/gtk-colors.nix
new file mode 100644
index 0000000..b714eed
--- /dev/null
+++ b/modules/style/gtk-colors.nix
@@ -0,0 +1,92 @@
+# blatantly stolen from sioodmy, thanks :3
+{colors}:
+with colors; ''
+  @define-color accent_color #${base0D};
+  @define-color accent_bg_color #${base0D};
+  @define-color accent_fg_color #${base00};
+  @define-color destructive_color #${base08};
+  @define-color destructive_bg_color #${base08};
+  @define-color destructive_fg_color #${base00};
+  @define-color success_color #${base0B};
+  @define-color success_bg_color #${base0B};
+  @define-color success_fg_color #${base00};
+  @define-color warning_color #${base0E};
+  @define-color warning_bg_color #${base0E};
+  @define-color warning_fg_color #${base00};
+  @define-color error_color #${base08};
+  @define-color error_bg_color #${base08};
+  @define-color error_fg_color #${base00};
+  @define-color window_bg_color #${base00};
+  @define-color window_fg_color #${base05};
+  @define-color view_bg_color #${base00};
+  @define-color view_fg_color #${base05};
+  @define-color headerbar_bg_color #${base01};
+  @define-color headerbar_fg_color #${base05};
+  @define-color headerbar_border_color #${base01};
+  @define-color headerbar_backdrop_color @window_bg_color;
+  @define-color headerbar_shade_color rgba(0, 0, 0, 0.07);
+  @define-color headerbar_darker_shade_color rgba(0, 0, 0, 0.07);
+  @define-color sidebar_bg_color #${base01};
+  @define-color sidebar_fg_color #${base05};
+  @define-color sidebar_backdrop_color @window_bg_color;
+  @define-color sidebar_shade_color rgba(0, 0, 0, 0.07);
+  @define-color secondary_sidebar_bg_color @sidebar_bg_color;
+  @define-color secondary_sidebar_fg_color @sidebar_fg_color;
+  @define-color secondary_sidebar_backdrop_color @sidebar_backdrop_color;
+  @define-color secondary_sidebar_shade_color @sidebar_shade_color;
+  @define-color card_bg_color #${base01};
+  @define-color card_fg_color #${base05};
+  @define-color card_shade_color rgba(0, 0, 0, 0.07);
+  @define-color dialog_bg_color #${base01};
+  @define-color dialog_fg_color #${base05};
+  @define-color popover_bg_color #${base01};
+  @define-color popover_fg_color #${base05};
+  @define-color popover_shade_color rgba(0, 0, 0, 0.07);
+  @define-color shade_color rgba(0, 0, 0, 0.07);
+  @define-color scrollbar_outline_color #${base02};
+  @define-color blue_1 #${base0D};
+  @define-color blue_2 #${base0D};
+  @define-color blue_3 #${base0D};
+  @define-color blue_4 #${base0D};
+  @define-color blue_5 #${base0D};
+  @define-color green_1 #${base0B};
+  @define-color green_2 #${base0B};
+  @define-color green_3 #${base0B};
+  @define-color green_4 #${base0B};
+  @define-color green_5 #${base0B};
+  @define-color yellow_1 #${base0A};
+  @define-color yellow_2 #${base0A};
+  @define-color yellow_3 #${base0A};
+  @define-color yellow_4 #${base0A};
+  @define-color yellow_5 #${base0A};
+  @define-color orange_1 #${base09};
+  @define-color orange_2 #${base09};
+  @define-color orange_3 #${base09};
+  @define-color orange_4 #${base09};
+  @define-color orange_5 #${base09};
+  @define-color red_1 #${base08};
+  @define-color red_2 #${base08};
+  @define-color red_3 #${base08};
+  @define-color red_4 #${base08};
+  @define-color red_5 #${base08};
+  @define-color purple_1 #${base0E};
+  @define-color purple_2 #${base0E};
+  @define-color purple_3 #${base0E};
+  @define-color purple_4 #${base0E};
+  @define-color purple_5 #${base0E};
+  @define-color brown_1 #${base0F};
+  @define-color brown_2 #${base0F};
+  @define-color brown_3 #${base0F};
+  @define-color brown_4 #${base0F};
+  @define-color brown_5 #${base0F};
+  @define-color light_1 #${base01};
+  @define-color light_2 #${base01};
+  @define-color light_3 #${base01};
+  @define-color light_4 #${base01};
+  @define-color light_5 #${base01};
+  @define-color dark_1 #${base01};
+  @define-color dark_2 #${base01};
+  @define-color dark_3 #${base01};
+  @define-color dark_4 #${base01};
+  @define-color dark_5 #${base01};
+''
diff --git a/modules/style/gtk.nix b/modules/style/gtk.nix
index 3a09c87..c1b5983 100644
--- a/modules/style/gtk.nix
+++ b/modules/style/gtk.nix
@@ -6,11 +6,11 @@
 }: let
   inherit (builtins) toString isBool;
   inherit (lib.generators) toINI;
-  inherit (lib.modules) mkMerge mkIf;
+  inherit (lib.modules) mkIf;
   inherit (lib.options) mkOption mkEnableOption;
-  inherit (lib.types) str package;
   inherit (lib.strings) escape;
   inherit (lib.trivial) boolToString;
+  inherit (lib.types) str package;
 
   cfg = config.modules.theming.gtk;
 
@@ -75,23 +75,28 @@ in {
             rose-pine-cursor
             gruvbox-gtk-theme
             papirus-icon-theme
+            colloid-icon-theme
             ;
         };
         variables = {
           GTK_THEME = cfg.theme.name;
           XCURSOR_THEME = "BreezeX-RosePine-Linux";
-          XCURSOR_SIZE = toString cursorSize;
+          XCURSOR_SIZE = cursorSize;
 
           HYPRCURSOR_THEME = "BreezeX-RosePine-Linux";
-          HYPRCURSOR_SIZE = toString cursorSize;
+          HYPRCURSOR_SIZE = cursorSize;
         };
-        etc = {
+        etc = let
+          css = import ./gtk-colors.nix {inherit (config.modules.style.colorScheme) colors;};
+        in {
           "xdg/gtk-4.0/settings.ini".text = toGtk3Ini {
             Settings = gtkIni;
           };
           "xdg/gtk-3.0/settings.ini".text = toGtk3Ini {
             Settings = gtkIni;
           };
+          "xdg/gtk-4.0/gtk.css".text = css;
+          "xdg/gtk-3.0/gtk.css".text = css;
 
           "xdg/gtk-2.0/gtkrc".text = ''
             gtk-cursor-theme-name = BreezeX-RosePine-Linux

From 25943c1b71bba863e5305453543b64b276f1d648 Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Apr 2025 15:31:18 +0200
Subject: [PATCH 3/5] hermit/programs.nix: remove emacs

---
 hosts/hermit/programs.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hosts/hermit/programs.nix b/hosts/hermit/programs.nix
index 6070964..eefb77d 100644
--- a/hosts/hermit/programs.nix
+++ b/hosts/hermit/programs.nix
@@ -19,7 +19,6 @@
       difftastic
       element
       element-desktop
-      emacs30-pgtk
       evince
       eza
       gcc

From 1e8007f2334a9b3b5d01023fe0b6010fcb321be2 Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Apr 2025 15:31:18 +0200
Subject: [PATCH 4/5] hermit/configuration.nix: enable gtk theming

---
 hosts/hermit/configuration.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/hermit/configuration.nix b/hosts/hermit/configuration.nix
index 7e45d0a..d56dcb1 100644
--- a/hosts/hermit/configuration.nix
+++ b/hosts/hermit/configuration.nix
@@ -25,6 +25,9 @@
 
   modules = {
     desktops.hyprland.enable = true;
+    theming = {
+      gtk.enable = true;
+    };
     system = {
       boot.systemd-boot.enable = true;
       impermanence.enable = false;

From e35cad125281ca5290a46356dead450399604429 Mon Sep 17 00:00:00 2001
From: Bloxx12 <charlie@charlieroot.dev>
Date: Wed, 9 Apr 2025 15:31:18 +0200
Subject: [PATCH 5/5] hermit/configuration.nix: enable docker (blegh)

---
 hosts/hermit/configuration.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/hermit/configuration.nix b/hosts/hermit/configuration.nix
index d56dcb1..6d73933 100644
--- a/hosts/hermit/configuration.nix
+++ b/hosts/hermit/configuration.nix
@@ -22,6 +22,7 @@
       openFirewall = true;
     };
   };
+  virtualisation.docker.enable = true;
 
   modules = {
     desktops.hyprland.enable = true;