From b168b0bb49a1c05a235f700d9bd8cbbb60f195ba Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 01/12] networking/module.nix: networking improvements --- modules/system/os/networking/module.nix | 20 +++++++++++++++++++ .../system/os/networking/networkmanager.nix | 4 ++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/modules/system/os/networking/module.nix b/modules/system/os/networking/module.nix index fd4ca78..188d4fa 100644 --- a/modules/system/os/networking/module.nix +++ b/modules/system/os/networking/module.nix @@ -6,6 +6,17 @@ in { ]; networking = { enableIPv6 = true; + + # INFO: This disables wpa_supplicant, + # I use nenetworkmanager instead. + wireless.enable = false; + + dhcpcd = { + # faster boot times + wait = "background"; + extraConfig = "noarp"; + }; + nameservers = [ # quad9 DNS "9.9.9.9" @@ -14,8 +25,17 @@ in { }; services.resolved = { enable = true; + dnssec = "false"; + dnsovertls = "oppertunistic"; # quad9 dns fallbackDns = ["9.9.9.9" "2620::fe::fe"]; }; users.users.${username}.extraGroups = ["networkmanager"]; + + # systemd = { + # network = { + # enable = true; + # wait-online.anyInterface = true; + # }; + # }; } diff --git a/modules/system/os/networking/networkmanager.nix b/modules/system/os/networking/networkmanager.nix index d0c2228..174b896 100644 --- a/modules/system/os/networking/networkmanager.nix +++ b/modules/system/os/networking/networkmanager.nix @@ -3,8 +3,8 @@ in { networking.networkmanager = { enable = true; - # Removes about 2GB of stuff we do no need. - plugins = mkForce []; + # # Removes about 2GB of stuff we do no need. + # plugins = mkForce []; dns = "systemd-resolved"; unmanaged = [ From 1ccc346287dda66e9182aed1edc3df78b402f14f Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 02/12] flake.lock: bump inputs --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ed91b3c..040c2a6 100644 --- a/flake.lock +++ b/flake.lock @@ -594,11 +594,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744098102, - "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { From d3ad51f43c86ea9a203954cade1f45cf18089236 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 03/12] hosts/default.nix: cleanup --- hosts/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/default.nix b/hosts/default.nix index 7a34711..820c9b6 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -27,17 +27,17 @@ inputs: let modules = concatLists [ # This is used to pre-emptively set the hostPlatform for nixpkgs. # Also, we set the system hostname here. - [ - # self.nixosModules.user - ] (singleton { networking.hostName = hostname; nixpkgs.hostPlatform = system; }) (flatten ( concatLists [ + # configuration for the host, passed as an argument. (singleton ./${hostname}/default.nix) + # common configuration, which all hosts share. (singleton ./common.nix) + # Import all files called module.nix from my modules directory. ( filter (hasSuffix "module.nix") ( map toString (listFilesRecursive ../modules) From f7e85b6cdebd4326323f1f1efb7af2da262bf2f5 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 04/12] hermit/programs.nix: cleanup --- hosts/hermit/programs.nix | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/hosts/hermit/programs.nix b/hosts/hermit/programs.nix index f5eb236..6070964 100644 --- a/hosts/hermit/programs.nix +++ b/hosts/hermit/programs.nix @@ -12,7 +12,6 @@ brave cachix calc - # calibre cbonsai cinny-desktop cmus @@ -39,19 +38,14 @@ inetutils jujutsu just - jrnl keepassxc lazygit libtool librewolf links2 linuxHeaders - moc mpv - ncmpcpp - neofetch networkmanagerapplet - nicotine-plus nil nitch obsidian @@ -59,11 +53,10 @@ microfetch nmap pamixer - pavucontrol + pwvucontrol pdfarranger pdfpc pfetch - pidgin playerctl polkit pulsemixer @@ -73,26 +66,15 @@ signal-desktop smartmontools telegram-desktop - texliveFull - tldr thunderbird - tor-browser trash-cli typst util-linux v4l-utils - vesktop vlc vscodium - weechat wireguard-tools xournalpp - zapzap - zip - zoxide - kakoune - kakoune-lsp - television ; inherit (self.packages.${pkgs.stdenv.system}) helix; }; From 2836770da92398388f11520ef6d07c210096558a Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 05/12] hardware/bluetooth.nix: configure powerOnBoot properly --- modules/system/hardware/bluetooth.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/hardware/bluetooth.nix b/modules/system/hardware/bluetooth.nix index b882011..81a3255 100644 --- a/modules/system/hardware/bluetooth.nix +++ b/modules/system/hardware/bluetooth.nix @@ -11,7 +11,7 @@ in { config = mkIf cfg.enable { hardware.bluetooth = { enable = true; - powerOnBoot = mkIf cfg.powerOnBoot true; + inherit (cfg) powerOnBoot; }; environment.systemPackages = builtins.attrValues { inherit From 57af25abe7cbea2e9d41e118679282dceba57706 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 06/12] wayneko/module.nix: extra hardening --- modules/services/wayneko/module.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/modules/services/wayneko/module.nix b/modules/services/wayneko/module.nix index d3385e5..511304d 100644 --- a/modules/services/wayneko/module.nix +++ b/modules/services/wayneko/module.nix @@ -1,5 +1,4 @@ { - config, lib, pkgs, ... @@ -22,29 +21,38 @@ in { RestartSec = 1; TimeoutStopSec = 10; + CapabilityBoundingSet = [""]; + DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = true; NoNewPrivileges = true; - - PrivateTmp = true; PrivateDevices = true; - DevicePolicy = "closed"; PrivateNetwork = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; ProtectClock = true; ProtectControlGroups = true; ProtectControlGroup = true; + ProtectHome = "true"; + ProtectHostname = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; + ProtectProc = "invisible"; ProtectSystem = "strict"; - ProtectHome = "read-only"; - RestrictNamespaces = true; RestrictRealtime = true; RestrictRealTime = true; RestrictSUIDSGID = true; - SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap"; + SystemCallArchitectures = ["native"]; + + SystemCallFilter = [ + "@system-service" + "~@privileged" + "~@resources" + ]; }; }; } From 6e70e952e2b1b0410b4340580a0fd296f17d98cf Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 07/12] greetd, hyprland: fix greeter and lock screen --- modules/services/greetd/module.nix | 19 ++++++++++--------- modules/wms/wayland/hyprland/exec.nix | 3 +++ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/modules/services/greetd/module.nix b/modules/services/greetd/module.nix index 633e644..a772bee 100644 --- a/modules/services/greetd/module.nix +++ b/modules/services/greetd/module.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - inherit (lib.meta) getExe; + inherit (lib.meta) getExe getExe'; inherit (lib.modules) mkIf; inherit (lib.options) mkOption mkEnableOption; inherit (lib.types) str listOf; @@ -36,14 +36,15 @@ in { config = mkIf cfg.enable { services.greetd = let session = { - command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - -c \"${cfg.session}\" \ - -r - -t --time-format "DD.MM.YYYY" - --asteriks''; - # command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop"; - # user = username; + # command = '' + # ${pkgs.greetd.tuigreet}/bin/tuigreet \ + # -c \"${cfg.session}\" \ + # -r + # -t --time-format "DD.MM.YYYY" + # --asteriks''; + + command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop"; + user = username; }; in { enable = true; diff --git a/modules/wms/wayland/hyprland/exec.nix b/modules/wms/wayland/hyprland/exec.nix index 66d206c..52d0298 100644 --- a/modules/wms/wayland/hyprland/exec.nix +++ b/modules/wms/wayland/hyprland/exec.nix @@ -5,6 +5,7 @@ ... }: let # inherit (config.modules.style) cursor; + inherit (lib.meta) getExe; in { programs.hyprland.settings = { # Hyprland settings @@ -13,6 +14,7 @@ in { "uwsm finalize" "hyprctl setcursor BreezeX-RosePine-Linux 32" + "hyprctl seterror disable" "[workspace special:keepassxc; silent;tile] ${pkgs.keepassxc}/bin/keepassxc" "[workspace special:audio; silent;tile] ${pkgs.pwvucontrol}/bin/pwvucontrol" @@ -25,6 +27,7 @@ in { "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent" "hyprctl dispatch split-workspace 1" + "${getExe pkgs.hyprlock}" ]; }; } From 5a54d79b92386037153ab0dffc4847c6e9b2815c Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 08/12] hyprland/settings.nix: suppress startup errors --- modules/wms/wayland/hyprland/settings.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/wms/wayland/hyprland/settings.nix b/modules/wms/wayland/hyprland/settings.nix index bab7083..624a0f3 100644 --- a/modules/wms/wayland/hyprland/settings.nix +++ b/modules/wms/wayland/hyprland/settings.nix @@ -57,6 +57,9 @@ in { no_border_on_floating = true; }; + # No annoying startup errors + debug.suppress_errors = true; + ecosystem.no_update_news = true; plugin = { From b998471e57b1031ad756ce0dc22e42a706517496 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 09/12] hermit/configuration.nix: disable schizofox --- hosts/hermit/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hermit/configuration.nix b/hosts/hermit/configuration.nix index 4350337..7e45d0a 100644 --- a/hosts/hermit/configuration.nix +++ b/hosts/hermit/configuration.nix @@ -69,7 +69,7 @@ btop.enable = true; nh.enable = true; thunar.enable = true; - schizofox.enable = true; + schizofox.enable = false; }; }; system.stateVersion = "23.11"; From 03374732adf4cb387733e5cca525ed80758f5f60 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 10/12] style: cleanup gtk theming --- modules/style/gtk.nix | 92 +++++++++++++++++++++++++++++---------- modules/style/theming.nix | 58 ++---------------------- 2 files changed, 72 insertions(+), 78 deletions(-) diff --git a/modules/style/gtk.nix b/modules/style/gtk.nix index 2e180bc..3a09c87 100644 --- a/modules/style/gtk.nix +++ b/modules/style/gtk.nix @@ -4,18 +4,43 @@ pkgs, ... }: let - inherit (lib.modules) mkIf; + inherit (builtins) toString isBool; + inherit (lib.generators) toINI; + inherit (lib.modules) mkMerge mkIf; inherit (lib.options) mkOption mkEnableOption; inherit (lib.types) str package; + inherit (lib.strings) escape; + inherit (lib.trivial) boolToString; cfg = config.modules.theming.gtk; + + toGtk3Ini = toINI { + mkKeyValue = key: value: let + value' = + if isBool value + then boolToString value + else toString value; + in "${escape ["="] key}=${value'}"; + }; + + gtkIni = { + gtk-application-prefer-dark-theme = 1; + gtk-font-name = "Lexend 11"; + gtk-icon-theme-name = "Papirus"; + gtk-xft-antialias = 1; + gtk-xft-hinting = 1; + gtk-xft-hintstyle = "hintslight"; + gtk-xft-rgba = "rgb"; + gtk-cursor-theme-name = "BreezeX-RosePine-Linux"; + gtk-theme-name = "Gruvbox-Dark"; + }; in { options.modules.theming.gtk = { enable = mkEnableOption "Wether to enable GTK theming"; theme = { name = mkOption { description = "The GTK theme name"; - default = "Gruvbox-Dark-BL"; + default = "Gruvbox-Dark"; type = str; }; package = mkOption { @@ -28,7 +53,7 @@ in { description = "The GTK icon theme"; name = mkOption { description = "The GTK icon theme name"; - default = "Papirus-Dark"; + default = "Papirus"; type = str; }; package = mkOption { @@ -38,28 +63,49 @@ in { }; }; }; - config = mkIf cfg.enable { - # NOTE: we need this or gtk breaks - programs.dconf.enable = true; + config = let + cursorSize = 32; + in + mkIf cfg.enable { + programs.dconf.enable = true; + environment = { + systemPackages = builtins.attrValues { + inherit + (pkgs) + rose-pine-cursor + gruvbox-gtk-theme + papirus-icon-theme + ; + }; + variables = { + GTK_THEME = cfg.theme.name; + XCURSOR_THEME = "BreezeX-RosePine-Linux"; + XCURSOR_SIZE = toString cursorSize; - environment = { - systemPackages = builtins.attrValues { - inherit - (pkgs) - gruvbox-gtk-theme - papirus-icon-theme - ; - }; - variables = let - cursorSize = 32; - in { - GTK_THEME = "Gruvbox-Dark"; - XCURSOR_THEME = "BreezeX-RosePine-Linux"; - XCURSOR_SIZE = cursorSize; + HYPRCURSOR_THEME = "BreezeX-RosePine-Linux"; + HYPRCURSOR_SIZE = toString cursorSize; + }; + etc = { + "xdg/gtk-4.0/settings.ini".text = toGtk3Ini { + Settings = gtkIni; + }; + "xdg/gtk-3.0/settings.ini".text = toGtk3Ini { + Settings = gtkIni; + }; - HYPRCURSOR_THEME = "BreezeX-RosePine-Linux"; - HYPRCURSOR_SIZE = cursorSize; + "xdg/gtk-2.0/gtkrc".text = '' + gtk-cursor-theme-name = BreezeX-RosePine-Linux + gtk-cursor-theme-size = ${toString cursorSize} + gtk-theme-name = ${cfg.theme.name} + gtk-icon-theme-name = ${cfg.iconTheme.name} + gtk-font-name = Lexend 11 + ''; + + "xdg/Xresources".text = '' + Xcursor.size: ${toString cursorSize} + Xcursor.theme: BreezeX-RosePine-Linux + ''; + }; }; }; - }; } diff --git a/modules/style/theming.nix b/modules/style/theming.nix index d276442..11be807 100644 --- a/modules/style/theming.nix +++ b/modules/style/theming.nix @@ -4,67 +4,15 @@ pkgs, ... }: let - inherit (builtins) toString isBool; - inherit (lib.generators) toINI; inherit (lib.modules) mkMerge mkIf; inherit (lib.options) mkEnableOption; - inherit (lib.strings) escape; - inherit (lib.trivial) boolToString; cfg = config.modules.theming; - - toGtk3Ini = toINI { - mkKeyValue = key: value: let - value' = - if isBool value - then boolToString value - else toString value; - in "${escape ["="] key}=${value'}"; - }; - - gtkIni = { - gtk-application-prefer-dark-theme = 1; - gtk-font-name = "Lexend 11"; - gtk-icon-theme-name = "Papirus-Dark"; - gtk-xft-antialias = 1; - gtk-xft-hinting = 1; - gtk-xft-hintstyle = "hintslight"; - gtk-xft-rgba = "rgb"; - gtk-cursor-theme-name = "BreezeX-RosePine-Linux"; - gtk-theme-name = "Gruvbox-Dark"; - }; in { options.modules.theming = { qt.enable = mkEnableOption "qt theming"; }; - config = mkMerge [ - (mkIf cfg.gtk.enable { - environment = { - systemPackages = builtins.attrValues { - inherit (pkgs) rose-pine-cursor; - }; - etc = { - "xdg/gtk-4.0/settings.ini".text = toGtk3Ini { - Settings = gtkIni; - }; - "xdg/gtk-3.0/settings.ini".text = toGtk3Ini { - Settings = gtkIni; - }; - - "xdg/gtk-2.0/gtkrc".text = '' - gtk-cursor-theme-name = BreezeX-RosePine-Linux - gtk-cursor-theme-size = 32 - gtk-theme-name = Gruvbox-Dark - gtk-icon-theme-name = Papirus-Dark - gtk-font-name = Lexend 11 - ''; - - "xdg/Xresources".text = '' - Xcursor.size: 32 - Xcursor.theme: BreezeX-RosePine-Linux - ''; - }; - }; - }) - ]; + config = + mkMerge [ + ]; } From fc1175b8a021162d4a6ce6d62a50fff259f32a55 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 11/12] boot/module.nix: quiesce boot process --- modules/system/boot/module.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/system/boot/module.nix b/modules/system/boot/module.nix index dbc245b..89b5b43 100644 --- a/modules/system/boot/module.nix +++ b/modules/system/boot/module.nix @@ -35,6 +35,17 @@ in { ]; boot = { tmp.useTmpfs = true; + consoleLogLevel = 0; + + kernelParams = [ + "quiet" + "splash" + "rd.systemd.show_status=false" + "rd.udev.log_level=3" + "udev.log_priority=3" + "boot.shell_on_fail" + ]; + initrd = { verbose = false; systemd.enable = true; From fcbd4cd0afc27a9424c31936c30ba34264f9a676 Mon Sep 17 00:00:00 2001 From: Bloxx12 Date: Wed, 9 Apr 2025 15:31:18 +0200 Subject: [PATCH 12/12] hyprland/decorations.nix: enable theming --- modules/wms/wayland/hyprland/decorations.nix | 21 +++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/wms/wayland/hyprland/decorations.nix b/modules/wms/wayland/hyprland/decorations.nix index fd3a2c5..5d75710 100644 --- a/modules/wms/wayland/hyprland/decorations.nix +++ b/modules/wms/wayland/hyprland/decorations.nix @@ -2,7 +2,8 @@ _: { programs.hyprland.settings = { #Decoration settings decoration = { - rounding = 0; + rounding = 10; + rounding_power = 3; blur = { enabled = false; size = 3; @@ -16,15 +17,15 @@ _: { ]; # Hyprland anomations, using the above bezier curves animations = { - enabled = false; - # animation = [ - # "windows, 1, 4, dupa, popin" - # "windowsOut, 1, 4, dupa, slide" - # "border, 1, 15, default" - # "fade, 1, 10, default" - # "workspaces, 1, 5, dupa, slidevert" - # ]; + enabled = true; }; + animation = [ + "windows, 1, 4, dupa, popin" + "windowsOut, 1, 4, dupa, slide" + "border, 1, 15, default" + "fade, 1, 10, default" + "workspaces, 1, 5, dupa, slidevert" + ]; cursor = { hide_on_key_press = true; @@ -35,8 +36,10 @@ _: { enable_swallow = true; swallow_regex = "foot"; focus_on_activate = true; + vrr = 1; vfr = true; + animate_manual_resizes = false; animate_mouse_windowdragging = false; force_default_wallpaper = 0;