diff --git a/hosts/goopnet-interface/default.nix b/hosts/goopnet-interface/default.nix index 17740ef..82b4f8b 100755 --- a/hosts/goopnet-interface/default.nix +++ b/hosts/goopnet-interface/default.nix @@ -17,18 +17,16 @@ # debug strace ltrace lsof # apps - firefox qalculate-gtk krita inkscape onlyoffice-bin vlc + firefox qalculate-gtk krita inkscape handbrake # compatibility wineWowPackages.waylandFull winetricks # misc - bat file which yt-dlp wl-screenrec - # games - prismlauncher + bat file which prismlauncher yt-dlp wl-screenrec ] ++ (with pkgs.my; [ # none yet ]) ++ (with pkgs.gnome; [ # yay gnomeware!!!!!!!!!!!!!! yum - nautilus gnome-font-viewer gnome-disk-utility ghex pkgs.gnome-text-editor pkgs.baobab file-roller gnome-system-monitor loupe + nautilus gnome-disk-utility ghex pkgs.gnome-text-editor pkgs.baobab file-roller gnome-system-monitor loupe ]); modules = { @@ -57,8 +55,6 @@ waybar.enable = true; batsignal.enable = true; wob.enable = true; - gammastep.enable = true; - clipse.enable = true; # display manager sddm.enable = true; diff --git a/modules/desktop/clipse.nix b/modules/desktop/clipse.nix deleted file mode 100644 index 2cf47db..0000000 --- a/modules/desktop/clipse.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; -let - cfg = config.modules.desktop.clipse; -in { - options.modules.desktop.clipse = { - enable = mkEnableOption "Enable clipse, a generic clipboard manager"; - package = mkOption { - type = types.package; - default = pkgs.clipse; - }; - }; - - config = mkIf cfg.enable { - # runtime dependencies - user.packages = with pkgs; [ wl-clipboard ]; - - hm.wayland.windowManager.hyprland.settings = let - class = "clipse"; - in { - exec-once = [ "${lib.getExe cfg.package} -listen-shell" ]; - - windowrulev2 = [ - "float, class:^${class}$" - "size 622 652, class:^${class}$" - "center, class:^${class}$" - "stayfocused, class:^${class}$" - "dimaround, class:^${class}$" - ]; - - bind = [ - "$mod, V, exec, ${lib.getExe pkgs.wezterm} start --class ${class} -e '${lib.getExe cfg.package}'" - ]; - }; - }; -} \ No newline at end of file diff --git a/modules/desktop/gammastep.nix b/modules/desktop/gammastep.nix deleted file mode 100644 index 0e2a8fc..0000000 --- a/modules/desktop/gammastep.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; -let - cfg = config.modules.desktop.gammastep; -in { - options.modules.desktop.gammastep = { - enable = mkEnableOption "Enable gammastep, a blue-light filter for Wayland desktop environments"; - }; - - config = mkIf cfg.enable { - hm.wayland.windowManager.hyprland.settings.exec-once = [ "${pkgs.gammastep}/bin/gammastep-indicator" ]; - hm.services.gammastep = { - enable = true; - # portland, oregon - latitude = 45.3112; - longitude = -122.4055; - provider = "manual"; - }; - }; -} \ No newline at end of file diff --git a/modules/desktop/hyprland.nix b/modules/desktop/hyprland.nix index e4f8266..028ef82 100644 --- a/modules/desktop/hyprland.nix +++ b/modules/desktop/hyprland.nix @@ -174,7 +174,7 @@ in { exec-once = [ "${lib.getExe pkgs.networkmanagerapplet}" # network applet "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1" # polkit agent - "${lib.getExe pkgs.wl-clip-persist} --clipboard regular" # to fix wl clipboards disappearing + "${lib.getExe pkgs.wl-clip-persist} --clipboard primary" # to fix wl clipboards disappearing ]; env = [ @@ -197,56 +197,35 @@ in { # common popups "float, class:org.gnome.FileRoller" "size 1100 650, class:org.gnome.FileRoller" - "center, class:org.gnome.FileRoller" "float, class:org.gnome.Loupe" "size 1100 650, class:org.gnome.Loupe" - "center class:org.gnome.Loupe" "float, class:com.gabm.satty" "size 1100 650, class:com.gabm.satty" - "center 1100 650, class:com.gabm.satty" "float, initialTitle:^Open Folder$" "size 1100 650, initialTitle:^Open Folder$" - "center, initialTitle:^Open Folder$" "float, initialTitle:^Open File$" "size 1100 650, initialTitle:^Open File$" - "center, initialTitle:^Open File$" "float, initialTitle:^Open Files$" "size 1100 650, initialTitle:^Open Files$" - "center, initialTitle:^Open Files$" "float, initialTitle:^Save As$" "size 1100 650, initialTitle:^Save As$" - "center, initialTitle:^Save As$" "float, initialTitle:^Select a file to open$" "size 1100 650, initialTitle:^Select a file to open$" - "center, initialTitle:^Select a file to open$" "float, initialTitle:^File Upload$" "size 1100 650, initialTitle:^File Upload$" - "center, initialTitle:^File Upload$" "float, class:\.exe$" # fix focus "stayfocused, class:^gcr-prompter" - "dimaround, class:^gcr-prompter" "stayfocused, class:^pinentry-" - "dimaround, class:^pinentry-" "stayfocused, class:^polkit-" - "dimaround, class:^polkit-" "stayfocused, class:^rofi-" - # firefox pip - "float, title:^Picture-in-Picture$" - "pin, title:^Picture-in-Picture$" - "noborder, title:^Picture-in-Picture$" - "keepaspectratio, title:^Picture-in-Picture$" - # discord pip - "pin, initialTitle:^Discord Popout$" - "float, initialTitle:^Discord Popout$" - # workspace moving - "workspace 1 silent, class:^firefox" - "workspace 2 silent, class:code-url-handler" - "workspace 4 silent, class:vesktop" + "workspace 1, class:^firefox" + "workspace 2, class:code-url-handler" + "workspace 4, class:vesktop" ]; blurls = [ @@ -270,9 +249,9 @@ in { popups = true; }; - drop_shadow = true; - shadow_range = 4; - shadow_render_power = 3; + drop_shadow = false; + #shadow_range = 4; + #shadow_render_power = 3; }; animations = { diff --git a/modules/desktop/themes/catppuccin/default.nix b/modules/desktop/themes/catppuccin/default.nix index 8f093d9..54987d2 100644 --- a/modules/desktop/themes/catppuccin/default.nix +++ b/modules/desktop/themes/catppuccin/default.nix @@ -73,8 +73,8 @@ in { col.inactive_border=$surface0 } decoration { - col.shadow=$crust - col.shadow_inactive=$crust + col.shadow=$surface0 + col.shadow_inactive=$surface0 } misc { background_color=$crust @@ -95,10 +95,6 @@ in { }; rofi = ./rofi.rasi; - - wezterm = '' - config.color_scheme = 'Catppuccin ${pascalCase variant}' - ''; }; }; } diff --git a/modules/desktop/themes/default.nix b/modules/desktop/themes/default.nix index 8cc93d7..d38dbc4 100644 --- a/modules/desktop/themes/default.nix +++ b/modules/desktop/themes/default.nix @@ -58,8 +58,6 @@ in { }; rofi = mkOpt (nullOr path) null; - - wezterm = mkOpt (nullOr str) null; }; config = mkIf (cfg.active != null) { @@ -80,14 +78,12 @@ in { cursorTheme = cfg.cursorTheme; iconTheme = cfg.iconTheme; theme = cfg.gtkTheme; - gtk3.extraConfig.gtk-application-prefer-dark-theme = mkIf cfg.dark "1"; - gtk4.extraConfig.gtk-application-prefer-dark-theme = mkIf cfg.dark "1"; }; - qt = { + hm.qt = { enable = true; - platformTheme = "gnome"; - style = "adwaita"; + platformTheme.name = "gtk"; + style.name = "gtk2"; }; hm.home.pointerCursor = { diff --git a/modules/security.nix b/modules/security.nix index 32fbd61..c4db9ad 100755 --- a/modules/security.nix +++ b/modules/security.nix @@ -13,40 +13,40 @@ in { tmp.useTmpfs = lib.mkDefault true; tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); - kernel.sysctl = { - # magic sysrq key, allows low-level commands through keyboard input - "kernel.sysrq" = 0; + kernel.sysctl = { + # magic sysrq key, allows low-level commands through keyboard input + "kernel.sysrq" = 0; - ## TCP hardening - # prevent bogus ICMP errors from filling up logs - "net.ipv4.icmp_ignore_bogus_error_responses" = 1; - # do not accept IP source packets (we are not a router) - "net.ipv4.conf.all.accept_source_route" = 0; - "net.ipv6.conf.all.accept_source_route" = 0; - # don't send ICMP redirects (again, we're not a router) - "net.ipv4.conf.all.send_redirects" = 0; - "net.ipv4.conf.default.send_redirects" = 0; - # refuse ICMP redirects (MITM mitigations) - "net.ipv4.conf.all.accept_redirects" = 0; - "net.ipv4.conf.default.accept_redirects" = 0; - "net.ipv4.conf.all.secure_redirects" = 0; - "net.ipv4.conf.default.secure_redirects" = 0; - "net.ipv6.conf.all.accept_redirects" = 0; - "net.ipv6.conf.default.accept_redirects" = 0; - # protects against SYN flood attacks - "net.ipv4.tcp_syncookies" = 1; - # incomplete protection against TIME-WAIT assassination - "net.ipv4.tcp_rfc1337" = 1; + ## TCP hardening + # prevent bogus ICMP errors from filling up logs + "net.ipv4.icmp_ignore_bogus_error_responses" = 1; + # do not accept IP source packets (we are not a router) + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + # don't send ICMP redirects (again, we're not a router) + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + # refuse ICMP redirects (MITM mitigations) + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + # protects against SYN flood attacks + "net.ipv4.tcp_syncookies" = 1; + # incomplete protection against TIME-WAIT assassination + "net.ipv4.tcp_rfc1337" = 1; - ## TCP optimization - # TCP fastopen - "net.ipv4.tcp_fastopen" = 3; - # bufferbloat mitigations + improvement in throughput and latency - "net.ipv4.tcp_conjestion_control" = "bbr"; - "net.core.default_qdisc" = "cake"; + ## TCP optimization + # TCP fastopen + "net.ipv4.tcp_fastopen" = 3; + # bufferbloat mitigations + improvement in throughput and latency + "net.ipv4.tcp_conjestion_control" = "bbr"; + "net.core.default_qdisc" = "cake"; + }; + kernelModules = [ "tcp_bbr" ]; }; - kernelModules = [ "tcp_bbr" ]; - }; security = { # prevents replacing the kernel without a reboot @@ -59,8 +59,6 @@ in { # personal computer? no firewall ty :3 networking.firewall.enable = false; - - # TODO: usbguard } // (mkIf cfg.useDoas { security.sudo.enable = false; security.doas.enable = true; diff --git a/modules/software/distractions/discord.nix b/modules/software/distractions/discord.nix index 2fd207b..8f66e18 100644 --- a/modules/software/distractions/discord.nix +++ b/modules/software/distractions/discord.nix @@ -5,6 +5,7 @@ let cfg = config.modules.software.distractions.discord; flags = [ "--flag-switches-begin" + "--flag-switches-end" "--disable-gpu-memory-buffer-video-frames" "--enable-accelerated-mjpeg-decode" "--enable-accelerated-video" @@ -12,38 +13,36 @@ let "--enable-native-gpu-memory-buffers" "--enable-zero-copy" "--ignore-gpu-blocklist" - "--enable-features=UseOzonePlatform" + "--disable-features=UseOzonePlatform" "--enable-features=VaapiVideoDecoder" - "--enable-features=VaapiVideoEncoder" - "--enable-features=WebRTCPipeWireCapturer" - "--flag-switches-end" ]; - vanillaDiscordPackage = pkgs.discord-canary.override { - withOpenASAR = true; - withVencord = true; - }; - package = if cfg.armcord then pkgs.armcord else (if cfg.vesktop then pkgs.vesktop else vanillaDiscordPackage); in { options.modules.software.distractions.discord = { enable = mkEnableOption "Enable discord, a social messaging app"; - armcord = mkEnableOption "Use Armcord, an alternative Electron client"; - vesktop = mkEnableOption "Use Vesktop, an alternative Electron client with vencord preinstalled"; + vesktop = mkEnableOption "Use vesktop, an alternative discord client."; }; - config = mkIf cfg.enable { - assertions = [ - { - assertion = !(cfg.armcord && cfg.vesktop); - message = "You must either enable Armcord or Vesktop, not both"; - } - ]; - - user.packages = [ - (package.overrideAttrs (old: { - preInstall = '' - gappsWrapperArgs+=("--add-flags" "${concatStringsSep " " flags}") - ''; - })) - ]; - }; + config = mkIf cfg.enable (mkMerge [ + (mkIf (!cfg.vesktop) { + user.packages = let + discord = (pkgs.discord-canary.override { + withOpenASAR = true; + withVencord = true; + }).overrideAttrs (old: { + preInstall = '' + gappsWrapperArgs=+("--add-flags" "${concatStringsSep " " flags}") + ''; + }); + in [ discord ]; + }) + (mkIf cfg.vesktop { + user.packages = [ + (pkgs.vesktop.overrideAttrs (old: { + preInstall = '' + gappsWrapperArgs+=("--add-flags" "${concatStringsSep " " flags}") + ''; + })) + ]; + }) + ]); } \ No newline at end of file diff --git a/modules/software/editors/micro.nix b/modules/software/editors/micro.nix index 2fcc456..0618cf1 100644 --- a/modules/software/editors/micro.nix +++ b/modules/software/editors/micro.nix @@ -12,7 +12,6 @@ in { schemeName = "generated"; in mkIf cfg.enable { environment.variables.EDITOR = "micro"; - environment.variables.MICRO_TRUECOLOR = "1"; hm.programs.micro = { enable = true; @@ -24,7 +23,7 @@ in { tabsize = 2; tabstospaces = true; - colorscheme = schemeName; + colorScheme = schemeName; }; }; diff --git a/modules/software/system/fish.nix b/modules/software/system/fish.nix index 9b7e163..6ad2453 100644 --- a/modules/software/system/fish.nix +++ b/modules/software/system/fish.nix @@ -10,17 +10,9 @@ in { }; config = mkIf cfg.enable { - # runtime dependencies of plugins - user.packages = with pkgs; [ - # fzf-fish - bat fd fzf - # grc - grc - # tide - fishPlugins.tide - # done - libnotify - ]; + user.packages = with pkgs; [ bat fd fzf grc ]; + + environment.systemPackages = with pkgs.fishPlugins; [ fzf-fish tide ]; users.defaultUserShell = pkgs.fish; programs.fish.enable = true; @@ -28,14 +20,7 @@ in { colorScript = nix-colors-lib.shellThemeFromScheme { scheme = config.colorScheme; }; in { enable = true; - plugins = with pkgs.fishPlugins; [ - { name = "fzf-fish"; src = fzf-fish.src; } - { name = "grc"; src = grc.src; } - { name = "tide"; src = tide.src; } - { name = "done"; src = done.src; } - - { name = "autopair"; src = autopair.src; } - ]; + plugins = [ { name = "grc"; src = pkgs.fishPlugins.grc.src; } ]; interactiveShellInit = '' sh ${colorScript} ''; diff --git a/modules/software/system/wezterm.nix b/modules/software/system/wezterm.nix index 04f349e..e6740a8 100644 --- a/modules/software/system/wezterm.nix +++ b/modules/software/system/wezterm.nix @@ -24,12 +24,11 @@ in { config.font_size = ${toString fonts.monospaceBitmap.size} config.freetype_load_flags = 'MONOCHROME' config.enable_wayland = false + config.color_scheme = 'Catppuccin Mocha' config.use_fancy_tab_bar = false config.use_resize_increments = true config.initial_cols = 120 config.initial_rows = 40 - config.window_background_opacity = 0.8 - ${config.modules.desktop.themes.wezterm or ""} config.window_frame = { font = wezterm.font '${fonts.sansSerif.family}',