diff --git a/flake.lock b/flake.lock
index b696c63..a1ae7c3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,74 @@
{
"nodes": {
+ "catppuccin": {
+ "inputs": {
+ "catppuccin-v1_1": "catppuccin-v1_1",
+ "catppuccin-v1_2": "catppuccin-v1_2",
+ "home-manager": "home-manager",
+ "home-manager-stable": "home-manager-stable",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": "nixpkgs-stable",
+ "nuscht-search": "nuscht-search"
+ },
+ "locked": {
+ "lastModified": 1736069220,
+ "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
+ "owner": "catppuccin",
+ "repo": "nix",
+ "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "catppuccin",
+ "repo": "nix",
+ "type": "github"
+ }
+ },
+ "catppuccin-v1_1": {
+ "locked": {
+ "lastModified": 1734055249,
+ "narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=",
+ "rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7",
+ "revCount": 326,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz"
+ }
+ },
+ "catppuccin-v1_2": {
+ "locked": {
+ "lastModified": 1734728407,
+ "narHash": "sha256-Let3uJo4YDyfqbqaw66dpZxhJB2TrDyZWSFd5rpPLJA=",
+ "rev": "23ee86dbf4ed347878115a78971d43025362fab1",
+ "revCount": 341,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.0/0193e5e0-33b7-7149-a362-bfe56b20f64e/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz"
+ }
+ },
+ "crane": {
+ "locked": {
+ "lastModified": 1731098351,
+ "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
"disko": {
"inputs": {
"nixpkgs": [
@@ -20,6 +89,22 @@
"type": "github"
}
},
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@@ -38,7 +123,111 @@
"type": "github"
}
},
+ "flake-parts_2": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "lanzaboote",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1730504689,
+ "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "gitignore": {
+ "inputs": {
+ "nixpkgs": [
+ "lanzaboote",
+ "pre-commit-hooks-nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
"home-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "catppuccin",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1734622215,
+ "narHash": "sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "1395379a7a36e40f2a76e7b9936cc52950baa1be",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "home-manager-stable": {
+ "inputs": {
+ "nixpkgs": [
+ "catppuccin",
+ "nixpkgs-stable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1734366194,
+ "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "release-24.11",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@@ -74,6 +263,59 @@
"type": "github"
}
},
+ "ixx": {
+ "inputs": {
+ "flake-utils": [
+ "catppuccin",
+ "nuscht-search",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "catppuccin",
+ "nuscht-search",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1729958008,
+ "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
+ "owner": "NuschtOS",
+ "repo": "ixx",
+ "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NuschtOS",
+ "ref": "v0.0.6",
+ "repo": "ixx",
+ "type": "github"
+ }
+ },
+ "lanzaboote": {
+ "inputs": {
+ "crane": "crane",
+ "flake-compat": "flake-compat",
+ "flake-parts": "flake-parts_2",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "pre-commit-hooks-nix": "pre-commit-hooks-nix",
+ "rust-overlay": "rust-overlay"
+ },
+ "locked": {
+ "lastModified": 1734994463,
+ "narHash": "sha256-S9MgfQjNt4J3I7obdLOVY23h+Yl/hnyibwGfOl+1uOE=",
+ "owner": "nix-community",
+ "repo": "lanzaboote",
+ "rev": "93e6f0d77548be8757c11ebda5c4235ef4f3bc67",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "lanzaboote",
+ "type": "github"
+ }
+ },
"nixos-hardware": {
"locked": {
"lastModified": 1734954597,
@@ -117,17 +359,122 @@
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
}
},
+ "nixpkgs-stable": {
+ "locked": {
+ "lastModified": 1734600368,
+ "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-24.11",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-stable_2": {
+ "locked": {
+ "lastModified": 1730741070,
+ "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-24.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nuscht-search": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "ixx": "ixx",
+ "nixpkgs": [
+ "catppuccin",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1733773348,
+ "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
+ "owner": "NuschtOS",
+ "repo": "search",
+ "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NuschtOS",
+ "repo": "search",
+ "type": "github"
+ }
+ },
+ "pre-commit-hooks-nix": {
+ "inputs": {
+ "flake-compat": [
+ "lanzaboote",
+ "flake-compat"
+ ],
+ "gitignore": "gitignore",
+ "nixpkgs": [
+ "lanzaboote",
+ "nixpkgs"
+ ],
+ "nixpkgs-stable": "nixpkgs-stable_2"
+ },
+ "locked": {
+ "lastModified": 1731363552,
+ "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
+ "catppuccin": "catppuccin",
"disko": "disko",
"flake-parts": "flake-parts",
- "home-manager": "home-manager",
+ "home-manager": "home-manager_2",
"impermanence": "impermanence",
+ "lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
+ "rust-overlay": {
+ "inputs": {
+ "nixpkgs": [
+ "lanzaboote",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1731897198,
+ "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "type": "github"
+ }
+ },
"sops-nix": {
"inputs": {
"nixpkgs": [
@@ -147,6 +494,21 @@
"repo": "sops-nix",
"type": "github"
}
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 878e2fa..4095e74 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,6 +18,12 @@
home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
+
+ lanzaboote.url = "github:nix-community/lanzaboote";
+ lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
+
+ catppuccin.url = "github:catppuccin/nix";
+ catppuccin.inputs.nixpkgs.follows = "nixpkgs";
};
nixConfig = {
diff --git a/homes/min/default.nix b/homes/min/default.nix
index 28f8d8e..5585ca4 100644
--- a/homes/min/default.nix
+++ b/homes/min/default.nix
@@ -1,13 +1,17 @@
-{pkgs, ...}: {
+{inputs, ...}: {
imports = [
+ inputs.catppuccin.homeManagerModules.catppuccin
+
+ ./firefox.nix
./git.nix
./helix.nix
./hyprland.nix
+ ./mpris.nix
./nh.nix
./shell.nix
+ ./ssh.nix
+ ./social.nix
];
- home.packages = [pkgs.fastfetch];
-
home.stateVersion = "24.11";
}
diff --git a/homes/min/firefox.nix b/homes/min/firefox.nix
new file mode 100644
index 0000000..ea65650
--- /dev/null
+++ b/homes/min/firefox.nix
@@ -0,0 +1,12 @@
+_: {
+ programs.librewolf = {
+ enable = true;
+ settings = {
+ "webgl.disabled" = false;
+ "privacy.resistFingerprinting" = false;
+ "places.history.enabled" = false;
+ "middlemouse.paste" = false;
+ "general.autoScroll" = true;
+ };
+ };
+}
diff --git a/homes/min/git.nix b/homes/min/git.nix
index b3129bc..e741f80 100644
--- a/homes/min/git.nix
+++ b/homes/min/git.nix
@@ -10,6 +10,7 @@ _: {
extraConfig = {
gpg.format = "ssh";
+ user.signingkey = "~/.ssh/id_ecdsa.pub";
init.defaultBranch = "main";
core.pager = "";
};
diff --git a/homes/min/helix.nix b/homes/min/helix.nix
index 6bb434e..978c866 100644
--- a/homes/min/helix.nix
+++ b/homes/min/helix.nix
@@ -4,7 +4,7 @@ _: {
defaultEditor = true;
settings = {
- theme = "autumn";
+ # theme = "autumn";
editor = {
cursor-shape.insert = "bar";
file-picker.hidden = false;
diff --git a/homes/min/hyprland.nix b/homes/min/hyprland.nix
index 60e6b10..ca9bd9d 100644
--- a/homes/min/hyprland.nix
+++ b/homes/min/hyprland.nix
@@ -1,23 +1,194 @@
-{pkgs, ...}: {
+{
+ lib,
+ pkgs,
+ ...
+}: let
+ borderRadius = 8;
+ borderSize = 2;
+ # TODO: font
+ # TODO: status bar
+in {
+ imports = [
+ ./waybar.nix
+ ];
+
+ catppuccin = {
+ flavor = "mocha";
+ accent = "lavender";
+
+ hyprland.enable = true;
+ rofi.enable = true;
+ kitty.enable = true;
+ mako.enable = true;
+ waybar.enable = true;
+ helix.enable = true;
+ zsh-syntax-highlighting.enable = true;
+ cursors.enable = true;
+ };
+
programs.kitty = {
enable = true;
shellIntegration.enableZshIntegration = true;
+ settings = {
+ window_padding_width = 2;
+ };
};
# electron app hint
home.sessionVariables.NIXOS_OZONE_WL = "1";
+ xdg.portal = {
+ enable = true;
+ extraPortals = [pkgs.xdg-desktop-portal-hyprland];
+ configPackages = [pkgs.hyprland];
+ config = {};
+ };
+
+ home.packages = with pkgs; [
+ brightnessctl
+ playerctl
+ pavucontrol
+ hyprsunset
+ hyprpolkitagent
+ grimblast
+ ];
+
+ programs.rofi = {
+ enable = true;
+ package = pkgs.rofi-wayland;
+ };
+
+ # prefer dark mode for GTK
+ dconf.settings = {
+ "org/gnome/desktop/interface" = {
+ color-scheme = "prefer-dark";
+ };
+ };
+ gtk = {
+ enable = true;
+ gtk3.extraConfig = {
+ gtk-application-prefer-dark-theme = true;
+ };
+ gtk4.extraConfig = {
+ gtk-application-prefer-dark-theme = true;
+ };
+ };
+
+ services.mako = {
+ enable = true;
+
+ inherit borderRadius borderSize;
+
+ padding = "10";
+ };
+
+ services.hyprpaper = {
+ enable = true;
+ settings = {
+ preload = [];
+ wallpaper = [];
+ };
+ };
+
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
settings = {
"$mod" = "SUPER";
+ "$term" = "kitty";
+ "$menu" = "rofi -show drun";
+ "$scshot" = "grimblast copy area";
- bind = [
- "$mod, Return, exec, ${pkgs.kitty}/bin/kitty"
- "$mod, M, exit,"
+ monitor = [
+ "eDP-1, 2880x1920@120, 0x0, 1.875"
];
+
+ exec-once = [
+ "systemctl start --user hyprpolkitagent.service"
+ ];
+
+ bind =
+ [
+ "$mod SHIFT, Y, exit,"
+
+ "$mod SHIFT, Return, exec, $term"
+ "$mod, P, exec, $menu"
+ ", Print, exec, $scshot"
+
+ "$mod, W, killactive,"
+ "$mod, Return, togglefloating,"
+ "$mod, left, movefocus, l"
+ "$mod, right, movefocus, r"
+ "$mod, up, movefocus, u"
+ "$mod, down, movefocus, d"
+ ]
+ ++ (lib.concatLists (lib.genList (i: let
+ ws = i + 1;
+ in [
+ "$mod, code:1${toString i}, workspace, ${toString ws}"
+ "$mod SHIFT, code:1${toString i}, movetoworkspace, ${toString ws}"
+ ])
+ 9));
+ bindm = [
+ "$mod, mouse:272, movewindow"
+ "$mod, mouse:273, resizewindow"
+ ];
+
+ bindel = [
+ ",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1 @DEFAULT_AUDIO_SINK@ 5%+"
+ ",XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
+ ",XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
+ ",XF86MonBrightnessUp, exec, brightnessctl s 10%+"
+ ",XF86MonBrightnessDown, exec, brightnessctl s 10%-"
+ ];
+ bindl = [
+ ", XF86AudioNext, exec, playerctl next"
+ ", XF86AudioPause, exec, playerctl play-pause"
+ ", XF86AudioPlay, exec, playerctl play-pause"
+ ", XF86AudioPrev, exec, playerctl previous"
+ ];
+
+ windowrulev2 = [
+ "suppressevent maximize, class:.*"
+ "float, title:.*"
+ "float, initialTitle:.*(Open Files).*"
+ "nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0"
+ ];
+
+ misc = {
+ disable_hyprland_logo = true;
+ disable_splash_rendering = true;
+ };
+
+ general = {
+ layout = "dwindle";
+ border_size = borderSize;
+
+ "col.active_border" = "$lavender";
+ "col.inactive_border" = "$surface0";
+ };
+
+ decoration = {
+ rounding = borderRadius;
+ shadow = {
+ enabled = true;
+ range = 4;
+ render_power = 3;
+ color = "rgba(1a1a1aee)";
+ };
+ blur = {
+ enabled = true;
+ size = 3;
+ passes = 1;
+ vibrancy = 0.1696;
+ };
+ };
+
+ dwindle = {
+ pseudotile = true;
+ preserve_split = true;
+ };
};
};
}
diff --git a/homes/min/mpris.nix b/homes/min/mpris.nix
new file mode 100644
index 0000000..0fb217e
--- /dev/null
+++ b/homes/min/mpris.nix
@@ -0,0 +1,4 @@
+_: {
+ # Enable MPRIS proxy for Bluetooth media control
+ services.mpris-proxy.enable = true;
+}
diff --git a/homes/min/nh.nix b/homes/min/nh.nix
index 6043ff2..43a9bdb 100644
--- a/homes/min/nh.nix
+++ b/homes/min/nh.nix
@@ -2,4 +2,4 @@ _: {
programs.nh = {
enable = true;
};
-}
\ No newline at end of file
+}
diff --git a/homes/min/shell.nix b/homes/min/shell.nix
index 35d3f5c..e610994 100644
--- a/homes/min/shell.nix
+++ b/homes/min/shell.nix
@@ -14,12 +14,20 @@ _: {
autocd = true;
shellAliases = {
- l = "eza";
-
+ cl = "clear";
md = "mkdir -p";
ip = "ip --color";
};
+
+ initExtra = ''
+ unsetopt HIST_SAVE_BY_COPY
+ '';
+
+ oh-my-zsh = {
+ # enable = true;
+ theme = "eastwood";
+ };
};
direnv = enableZsh;
@@ -27,11 +35,13 @@ _: {
fzf = enableZsh;
eza = enableZsh;
zoxide = enableZsh;
+ ripgrep.enable = true;
+
+ fastfetch.enable = true;
- tmux.enable = true;
btop = {
enable = true;
- settings.color_theme = "ayu";
+ # settings.color_theme = "ayu";
};
};
}
diff --git a/homes/min/social.nix b/homes/min/social.nix
new file mode 100644
index 0000000..cfe9676
--- /dev/null
+++ b/homes/min/social.nix
@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+ home.packages = [pkgs.vesktop];
+}
diff --git a/homes/min/ssh.nix b/homes/min/ssh.nix
new file mode 100644
index 0000000..72c834d
--- /dev/null
+++ b/homes/min/ssh.nix
@@ -0,0 +1,40 @@
+{pkgs, ...}: {
+ home.packages = [pkgs.ssh-tpm-agent];
+
+ programs.zsh.profileExtra = ''
+ export SSH_AUTH_SOCK=$(ssh-tpm-agent --print-socket)
+ '';
+
+ # reworked from `ssh-tpm-agent --install-user-units`
+ systemd.user = {
+ services.ssh-tpm-agent = {
+ Unit = {
+ ConditionEnvironment = "!SSH_AGENT_PID";
+ Description = "ssh-tpm-agent service";
+ Documentation = "man:ssh-agent(1) man:ssh-add(1) man:ssh(1)";
+ Requires = "ssh-tpm-agent.socket";
+ };
+ Service = {
+ Environment = "SSH_AUTH_SOCK=%t/ssh-tpm-agent.sock";
+ ExecStart = "${pkgs.ssh-tpm-agent}/bin/ssh-tpm-agent";
+ PassEnvironment = "SSH_AGENT_PID";
+ SuccessExitStatus = 2;
+ Type = "simple";
+ };
+ Install.Also = "ssh-agent.socket";
+ };
+
+ sockets.ssh-tpm-agent = {
+ Unit = {
+ Description = "SSH TPM agent socket";
+ Documentation = "man:ssh-agent(1) man:ssh-add(1) man:ssh(1)";
+ };
+ Socket = {
+ ListenStream = "%t/ssh-tpm-agent.sock";
+ SocketMode = "0600";
+ Service = "ssh-tpm-agent.service";
+ };
+ Install.WantedBy = ["sockets.target"];
+ };
+ };
+}
diff --git a/homes/min/waybar.nix b/homes/min/waybar.nix
new file mode 100644
index 0000000..dd5227e
--- /dev/null
+++ b/homes/min/waybar.nix
@@ -0,0 +1,191 @@
+_: {
+ programs.waybar = {
+ enable = true;
+ systemd.enable = true;
+
+ settings = {
+ mainBar = {
+ layer = "top";
+ position = "top";
+ # Choose the order of the modules
+ modules-left = ["hyprland/workspaces"];
+ modules-center = ["custom/music"];
+ modules-right = ["wireplumber" "backlight" "battery" "clock" "tray" "custom/lock" "custom/power"];
+ "hyprland/workspaces" = {
+ "format" = " {icon} ";
+ "format-icons" = {
+ "default" = " ";
+ };
+ };
+ tray = {
+ "icon-size" = 21;
+ "spacing" = 10;
+ };
+ "custom/music" = {
+ format = " {}";
+ escape = true;
+ interval = 5;
+ tooltip = false;
+ exec = "playerctl metadata --format='{{ title }}'";
+ on-click = "playerctl play-pause";
+ max-length = 50;
+ };
+ clock = {
+ timezone = "America/New_York";
+ tooltip-format = "{:%Y %B}\n{calendar}";
+ format-alt = " {:%B %d, %Y}";
+ format = " {:%I:%M %p}";
+ };
+ backlight = {
+ device = "amdgpu_bl1";
+ format = "{icon} {percent}%";
+ format-icons = [" " " " " " " " " " " " " " " " " "];
+ };
+ battery = {
+ states = {
+ warning = 30;
+ critical = 15;
+ };
+ format = "{icon} {capacity}%";
+ format-icons = [" " " " " " " " " "];
+ };
+ wireplumber = {
+ format = "{icon} {volume}%";
+ format-muted = " ";
+ format-icons = {
+ default = ["" " " " "];
+ };
+ on-click = "pavucontrol";
+ };
+ "custom/lock" = {
+ "tooltip" = false;
+ "on-click" = "echo lock";
+ "format" = " ";
+ };
+ "custom/power" = {
+ "tooltip" = false;
+ "on-click" = "echo power";
+ "format" = " ";
+ };
+ };
+ };
+
+ style = ''
+ * {
+ font-family: "FantasqueSansM Nerd Font";
+ font-size: 17px;
+ min-height: 0;
+ }
+
+ #waybar {
+ background: transparent;
+ color: @text;
+ margin: 5px 5px;
+ }
+
+ #workspaces {
+ border: 2px solid @lavender;
+ border-radius: 8px;
+ margin: 5px;
+ background-color: @base;
+ margin-left: 20px;
+ }
+
+ #workspaces button {
+ color: @lavender;
+ border-radius: 8px;
+ padding: 0.4rem;
+ }
+
+ #workspaces button.active {
+ color: @mauve;
+ border-radius: 8px;
+ }
+
+ #workspaces button:hover {
+ color: @pink;
+ border-radius: 8px;
+ }
+
+ #custom-music,
+ #tray,
+ #backlight,
+ #clock,
+ #battery,
+ #wireplumber,
+ #custom-lock,
+ #custom-power {
+ border-top: 2px solid @lavender;
+ border-bottom: 2px solid @lavender;
+ background-color: @base;
+ padding: 0.5rem 1rem;
+ margin: 5px 0;
+ }
+
+ #clock {
+ color: @blue;
+ border-radius: 0px 8px 8px 0px;
+ margin-right: 1rem;
+ border-right: 2px solid @lavender;
+ }
+
+ #battery {
+ color: @green;
+ }
+
+ #battery.charging {
+ color: @green;
+ }
+
+ #battery.warning:not(.charging) {
+ color: @red;
+ }
+
+ #backlight {
+ color: @yellow;
+ }
+
+ #backlight, #battery {
+ border-radius: 0;
+ }
+
+ #wireplumber {
+ color: @maroon;
+ border-radius: 8px 0px 0px 8px;
+ border-left: 2px solid @lavender;
+ margin-left: 1rem;
+ }
+
+ #custom-music {
+ color: @text;
+ border-radius: 8px;
+ border-left: 2px solid @lavender;
+ border-right: 2px solid @lavender;
+ }
+
+ #custom-lock {
+ border-radius: 8px 0px 0px 8px;
+ border-top: 2px solid @lavender;
+ border-bottom: 2px solid @lavender;
+ border-left: 2px solid @lavender;
+ color: @lavender;
+ }
+
+ #custom-power {
+ margin-right: 20px;
+ border-radius: 0px 8px 8px 0px;
+ border-top: 2px solid @lavender;
+ border-bottom: 2px solid @lavender;
+ border-right: 2px solid @lavender;
+ color: @lavender;
+ }
+
+ #tray {
+ margin-right: 1rem;
+ border-radius: 8px;
+ border-left: 2px solid @lavender;
+ border-right: 2px solid @lavender;
+ }
+ '';
+ };
+}
diff --git a/hosts/mpl/audio.nix b/hosts/mpl/audio.nix
index f438632..932c013 100644
--- a/hosts/mpl/audio.nix
+++ b/hosts/mpl/audio.nix
@@ -12,4 +12,16 @@ _: {
security.rtkit.enable = true;
hardware.framework.laptop13.audioEnhancement.enable = true;
+
+ # Enable bluetooth.
+ hardware.bluetooth = {
+ enable = true;
+
+ settings = {
+ General = {
+ Experimental = true;
+ Enable = "Source,Sink,Media,Socket";
+ };
+ };
+ };
}
diff --git a/hosts/mpl/bootloader.nix b/hosts/mpl/bootloader.nix
index 8805588..408c628 100644
--- a/hosts/mpl/bootloader.nix
+++ b/hosts/mpl/bootloader.nix
@@ -1,14 +1,30 @@
-_: {
- # TODO: lanzaboote
+{
+ pkgs,
+ lib,
+ ...
+}: {
+ environment.systemPackages = [pkgs.sbctl];
+
boot = {
+ initrd.systemd = {
+ enable = true;
+ tpm2.enable = true;
+ };
+
loader = {
efi.canTouchEfiVariables = true;
- timeout = 2;
- systemd-boot = {
- enable = true;
- configurationLimit = 3;
- };
+ timeout = 1;
+
+ # disable systemd-boot in favor of lanzaboote
+ systemd-boot.enable = lib.mkForce false;
};
};
+
+ boot.lanzaboote = {
+ enable = true;
+
+ pkiBundle = "/etc/secureboot";
+ configurationLimit = 3;
+ };
}
diff --git a/hosts/mpl/configuration.nix b/hosts/mpl/configuration.nix
index 1c79cce..4910e06 100644
--- a/hosts/mpl/configuration.nix
+++ b/hosts/mpl/configuration.nix
@@ -30,6 +30,20 @@
keyMap = "us";
};
+ # Install fonts.
+ fonts = {
+ packages = with pkgs; [nerdfonts source-sans];
+
+ fontconfig = {
+ enable = true;
+ antialias = true; # >200dpi
+
+ defaultFonts = {
+ monospace = ["FantasqueSansMono Nerd Font"];
+ };
+ };
+ };
+
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
@@ -39,7 +53,7 @@
min = {
isNormalUser = true;
- extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
+ extraGroups = ["wheel" "networkmanager" "tss"];
hashedPasswordFile = config.sops.secrets."user-pw".path;
};
};
@@ -55,11 +69,19 @@
# started in user sessions.
programs.gnupg.agent = {
enable = true;
- enableSSHSupport = true;
# TODO: pinentryPackage - rofi/bemenu maybe
};
services.pcscd.enable = true;
+ # Enable TPM2
+ security.tpm2 = {
+ enable = true;
+ pkcs11.enable = true;
+ };
+
+ # SSH askpass
+ programs.ssh.enableAskPassword = true;
+
# Home-manager
home-manager = {
extraSpecialArgs = {inherit inputs;};
diff --git a/hosts/mpl/default.nix b/hosts/mpl/default.nix
index f896c12..021170a 100644
--- a/hosts/mpl/default.nix
+++ b/hosts/mpl/default.nix
@@ -6,6 +6,8 @@
inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.home-manager
+ inputs.lanzaboote.nixosModules.lanzaboote
+ inputs.catppuccin.nixosModules.catppuccin
./configuration.nix
];
homes = [
diff --git a/hosts/mpl/mounts.nix b/hosts/mpl/mounts.nix
index a746296..fe0aab7 100644
--- a/hosts/mpl/mounts.nix
+++ b/hosts/mpl/mounts.nix
@@ -27,6 +27,13 @@
mode = "0700";
}
".local/share/direnv"
+ ".local/share/zoxide"
+ ".local/share/nix" # trusted settings
+ ".local/state/wireplumber" # volumes, etc
+
+ # apps
+ ".config/vesktop"
+ ".librewolf"
# languages
".cargo"
@@ -39,6 +46,9 @@
# TODO: "Music" should probably be mounted via NFS
"p"
];
+ files = [
+ ".zsh_history"
+ ];
};
};
environment.systemPackages = [pkgs.ncdu];
diff --git a/modules/networking.nix b/modules/networking.nix
index afa9b90..9b07bcf 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,3 +1,5 @@
_: {
+ # prevent networkmanager from taking dns servers from dhcp (we have provided our own)
+ networking.networkmanager.dns = "none";
networking.nameservers = ["1.1.1.1" "1.0.0.1"];
}
diff --git a/modules/programs.nix b/modules/programs.nix
index 196e732..5f105ec 100644
--- a/modules/programs.nix
+++ b/modules/programs.nix
@@ -4,4 +4,4 @@
tmux
helix
];
-}
\ No newline at end of file
+}