reidlab/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

usbguard and drop todo

Browse source
This commit is contained in:
Reid 2025-01-28 21:28:00 -08:00
parent 3e9d8af023
commit d5f82d159e
Signed by: reidlab
GPG key ID: DAF5EAF6665839FD
5 changed files with 20 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -4,7 +4,7 @@ nix flake config! this is just used on my personal computer
## users ## users
this flake is built upon a single user system for all hosts, enforced by [`modules/user.nix`](./modules/user.nix). this makes it alot easier to make modules that use nixos and `home-manager` this flake is built upon a single user system for all hosts, enforced by [`modules/user.nix`](./modules/user.nix). this makes it a lot easier to make modules that use nixos and `home-manager`
for something more server oriented, check out [`nix-server`](https://git.reidlab.pink/reidlab/nix-server) for something more server oriented, check out [`nix-server`](https://git.reidlab.pink/reidlab/nix-server)
@ -14,15 +14,3 @@ each host should have these files:
- `default.nix`, contains everything relating to the basic system - `default.nix`, contains everything relating to the basic system
- `hardware.nix`, hardware configuration. - `hardware.nix`, hardware configuration.
## todo
- multi architecture configuration ([nix-systems](https://github.com/nix-systems/nix-systems)?)
- hidpi option ? mostly auto these days though
- better theming for hyprlock, rofi, dunst (accent for hyprlock & dunst, variants for rofi)
- some way for border radius, border, tranparency theme options
- tags for pip and popups in hyprland config
- make wl-clip-persist and networkmanager applet systemd services?
- gtk cursors are MESSED UP. top priority rn
- niri.. yum
- international keyboard for Spanish

1
modules/desktop/dunst.nix
View file

@ -17,6 +17,7 @@ in {
follow = "mouse"; follow = "mouse";
width = 300; width = 300;
height = 145; height = 145;
# TODO: make more dynamic
frame_color = "#f5c2e7"; # catppuccin pink frame_color = "#f5c2e7"; # catppuccin pink
origin = "top-right"; origin = "top-right";

1
modules/desktop/hyprlock.nix
View file

@ -57,6 +57,7 @@ in {
position = "0, 105"; position = "0, 105";
text = "cmd[update:1000] echo \"<span font_weight='1000'>$(date +'%H')</span>\""; text = "cmd[update:1000] echo \"<span font_weight='1000'>$(date +'%H')</span>\"";
font_size = 78; font_size = 78;
# TODO: make more dynamic
color = "rgb(f5c2e7)"; # catppuccin pink color = "rgb(f5c2e7)"; # catppuccin pink
font_family = config.modules.desktop.fonts.fonts.sansSerif.family; font_family = config.modules.desktop.fonts.fonts.sansSerif.family;
halign = "center"; valign = "center"; halign = "center"; valign = "center";

1
modules/desktop/themes/catppuccin/rofi.rasi
View file

@ -20,6 +20,7 @@ window {
height: 500px; height: 500px;
border: 1px; border: 1px;
border-radius: 1em; border-radius: 1em;
/* TODO: make more dynamic */
border-color: @pink; border-color: @pink;
background-color: @bg-col; background-color: @bg-col;
} }

17
modules/security.nix
View file

@ -63,7 +63,22 @@ in {
# personal computer? no firewall ty :3 # personal computer? no firewall ty :3
networking.firewall.enable = false; networking.firewall.enable = false;
# TODO: usbguard
services.usbguard = {
IPCAllowedUsers = [ "root" "${env.mainUser}" ];
presentDevicePolicy = "allow";
rules = ''
allow with-interface equals { 08:*:* }
# reject devices with suspicious combination of interfaces (ex. mass storage + keyboard)
reject with-interface all-of { 08:*:* 03:00:* }
reject with-interface all-of { 08:*:* 03:01:* }
reject with-interface all-of { 08:*:* e0:*:* }
reject with-interface all-of { 08:*:* 02:*:* }
'';
};
services.fwupd.enable = true;
} // (mkIf cfg.useDoas { } // (mkIf cfg.useDoas {
security.sudo.enable = false; security.sudo.enable = false;
security.doas.enable = true; security.doas.enable = true;