diff --git a/flake.nix b/flake.nix index f17c5dc..9a4e1fa 100755 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,10 @@ url = "github:berberman/flakes"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -21,6 +25,9 @@ url = "github:hyprwm/Hyprland"; inputs.nixpkgs.follows = "nixpkgs"; # MESA/OpenGL HW workaround }; + impermanence = { + url = "github:nix-community/impermanence"; + }; lanzaboote = { url = "github:nix-community/lanzaboote"; inputs.nixpkgs.follows = "nixpkgs"; @@ -29,6 +36,12 @@ url = "github:LnL7/nix-darwin"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # TODO: Unused #nixos-hardware = { # url = "github:NixOS/nixos-hardware/master"; # #inputs.nixpkgs.follows = "nixpkgs"; @@ -37,17 +50,6 @@ # url = "github:nixpak/nixpak"; # inputs.nixpkgs.follows = "nixpkgs"; #}; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - impermanence = { - url = "github:nix-community/impermanence"; - }; ## Non-Flake ### Color scheme files @@ -66,29 +68,61 @@ outputs = { self, nixpkgs, berberman, + disko, home-manager, hosts, hyprland, lanzaboote, nix-darwin, sops-nix, - disko, impermanence, tokyonight, metacubexd, ... } @ inputs: { - # nix-darwin (macOS) + ### NixOS + nixosConfigurations = { + "81FW-NixOS" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos # Entrypoint + ./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations + ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations + + ./users/guanranwang/nixos.nix # Home Manager entrypoint (user-specific) + + { networking.hostName = "81FW-NixOS"; } # Hostname + ]; + }; + + ## Currently un-used. + "iMac-NixOS" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos + ./machines/nixos/imac-2017 + ./machines/nixos/imac-2017/machine-1 + + ./users/guanranwang/nixos.nix + + { networking.hostName = "iMac-NixOS"; } + ]; + }; + }; + + + ### nix-darwin (macOS) darwinConfigurations = { "iMac-macOS" = nix-darwin.lib.darwinSystem { system = "x86_64-darwin"; specialArgs = { inherit inputs; }; modules = [ - ./darwin # Entrypoint - ./machines/darwin/imac-2017 # Hardware-specific configurations - # Machine-specific configurations (does such stuff even exist on nix-darwin) - ./users/guanranwang/darwin.nix # User-specific configurations - # Flakes + ./darwin + ./machines/darwin/imac-2017 + + ./users/guanranwang/darwin.nix { networking.hostName = "iMac-macOS"; } ]; @@ -96,45 +130,14 @@ }; - # NixOS - nixosConfigurations = { - "81fw-nixos" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./nixos # Entrypoint - ./machines/nixos/81fw-lenovo-legion-y7000 # Hardware-specific configurations - ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations - ./users/guanranwang/nixos.nix # User-specific configurations - - { networking.hostName = "81fw-nixos"; } - ]; - }; - - ## Currently un-used. - "imac-nixos" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./nixos - ./machines/nixos/imac-2017 - ./machines/nixos/imac-2017/machine-1 - ./users/guanranwang/nixos.nix - - { networking.hostName = "imac-nixos"; } - ]; - }; - }; - - - # Home-Manager + ### Home-Manager + # TODO: Actually figure out how this works homeConfigurations = { "guanranwang@81fw-nixos" = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = { inherit inputs; }; modules = [ sops-nix.homeManagerModules.sops - hyprland.homeManagerModules.default { wayland.windowManager.hyprland = { @@ -153,7 +156,6 @@ extraSpecialArgs = { inherit inputs; }; modules = [ sops-nix.homeManagerModules.sops - hyprland.homeManagerModules.default { wayland.windowManager.hyprland = { diff --git a/flakes/nixos/disko.nix b/flakes/nixos/disko.nix index 452c8af..580078d 100644 --- a/flakes/nixos/disko.nix +++ b/flakes/nixos/disko.nix @@ -1,4 +1,4 @@ -{ disks ? [ "/dev/vdb" ], inputs, ... }: +{ inputs, disks ? [ "/dev/vdb" ], ... }: { imports = [ inputs.disko.nixosModules.disko ]; diff --git a/flakes/nixos/lanzaboote.nix b/flakes/nixos/lanzaboote.nix index e6ce0dd..8268684 100644 --- a/flakes/nixos/lanzaboote.nix +++ b/flakes/nixos/lanzaboote.nix @@ -1,10 +1,10 @@ -{ pkgs, lib, inputs, ... }: +{ inputs, pkgs, ... }: { imports = [ inputs.lanzaboote.nixosModules.lanzaboote ]; environment.systemPackages = with pkgs; [ sbctl ]; - boot.loader.systemd-boot.enable = lib.mkForce false; + boot.loader.systemd-boot.enable = false; boot.lanzaboote = { enable = true; pkiBundle = "/etc/secureboot"; diff --git a/machines/nixos/81fw-lenovo-legion-y7000/default.nix b/machines/nixos/81fw-lenovo-legion-y7000/default.nix index 08c9b06..64abac4 100644 --- a/machines/nixos/81fw-lenovo-legion-y7000/default.nix +++ b/machines/nixos/81fw-lenovo-legion-y7000/default.nix @@ -3,5 +3,6 @@ { imports = [ ./hardware.nix + ../../../nixos/presets/desktop.nix ]; } \ No newline at end of file diff --git a/machines/nixos/81fw-lenovo-legion-y7000/hardware.nix b/machines/nixos/81fw-lenovo-legion-y7000/hardware.nix index ba2251e..0246e02 100755 --- a/machines/nixos/81fw-lenovo-legion-y7000/hardware.nix +++ b/machines/nixos/81fw-lenovo-legion-y7000/hardware.nix @@ -5,6 +5,7 @@ ../hardware/misc/audio.nix ../hardware/misc/bluetooth.nix ../hardware/misc/opengl.nix + ../hardware/misc/tpm.nix ../hardware/cpu/intel.nix ../hardware/gpu/intel.nix ../hardware/gpu/nvidia.nix diff --git a/nixos/security/tpm.nix b/machines/nixos/hardware/misc/tpm.nix similarity index 100% rename from nixos/security/tpm.nix rename to machines/nixos/hardware/misc/tpm.nix diff --git a/machines/nixos/imac-2017/hardware.nix b/machines/nixos/imac-2017/hardware.nix index 906a3e3..d32bc96 100755 --- a/machines/nixos/imac-2017/hardware.nix +++ b/machines/nixos/imac-2017/hardware.nix @@ -11,12 +11,12 @@ (modulesPath + "/installer/scan/not-detected.nix") # what is this ]; - # from nixos-hardware - boot.kernelParams = [ "hid_apple.iso_layout=0" ]; - hardware.facetimehd.enable = true; # cam already works before adding this, not sure what is the point - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + # Options from github:NixOS/nixos-hardware + boot.kernelParams = [ "hid_apple.iso_layout=0" ]; + hardware.facetimehd.enable = true; # TODO: Camera already works before adding this, not sure what is the point... + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/nixos/boot/boot.nix b/nixos/boot/boot.nix index 0746182..40c31f8 100755 --- a/nixos/boot/boot.nix +++ b/nixos/boot/boot.nix @@ -7,7 +7,9 @@ loader = { efi.canTouchEfiVariables = true; systemd-boot = { - enable = lib.mkDefault true; # use lanzaboote instead for secureboot + enable = lib.mkDefault true; # mkDefault for Lanzaboote + editor = false; # Disabled for security + ### Utilities #netbootxyz.enable = true; #memtest86.enable = true; }; diff --git a/nixos/boot/default.nix b/nixos/boot/default.nix index b926494..d9a3ad0 100644 --- a/nixos/boot/default.nix +++ b/nixos/boot/default.nix @@ -4,5 +4,7 @@ imports = [ ./boot.nix ./kernel.nix + ./plymouth.nix + ./sysctl.nix ]; } \ No newline at end of file diff --git a/nixos/boot/kernel.nix b/nixos/boot/kernel.nix index 0a6c7ef..9eb2f0b 100644 --- a/nixos/boot/kernel.nix +++ b/nixos/boot/kernel.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - # NOTE: secureboot enabled in flake.nix boot = { - #kernelPackages = pkgs.linuxPackages_latest; # latest kernel - kernelPackages = pkgs.linuxPackages_zen; # zen kernel, often outdated - #kernelPackages = pkgs.linuxKernel.Packages.linux_6_1; + #kernelPackages = pkgs.linuxPackages_latest; # latest linux kernel + kernelPackages = pkgs.linuxPackages_zen; # latest linux-zen kernel + #kernelPackages = pkgs.linuxKernel.Packages.linux_6_1; # linux 6.1 LTS kernel }; } diff --git a/nixos/boot/plymouth.nix b/nixos/boot/plymouth.nix new file mode 100644 index 0000000..eb4d448 --- /dev/null +++ b/nixos/boot/plymouth.nix @@ -0,0 +1,5 @@ +{ lib, ... }: + +{ + boot.plymouth.enable = lib.mkDefault true; # mkDefault for headless devices, check out server.nix +} \ No newline at end of file diff --git a/nixos/security/sysctl.nix b/nixos/boot/sysctl.nix similarity index 100% rename from nixos/security/sysctl.nix rename to nixos/boot/sysctl.nix diff --git a/nixos/default.nix b/nixos/default.nix index 4f2958f..cd33a53 100755 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -8,7 +8,6 @@ ./nix ./packages ./power-management - ./security #./specialisation # dont actually use this ./users ]; diff --git a/nixos/i18n/i18n.nix b/nixos/i18n/i18n.nix index 56cc1ae..4cf4d62 100755 --- a/nixos/i18n/i18n.nix +++ b/nixos/i18n/i18n.nix @@ -1,7 +1,7 @@ { ... }: -# Internationalisation settings -# IME settings are at /etc/nixos/modules/graphical/input.nix +# Internationalisation configurations +# Use Home Manager for IME configurations { i18n = { defaultLocale = "en_US.UTF-8"; @@ -27,4 +27,6 @@ # keyMap = "us"; # useXkbConfig = true; # use xkbOptions in tty. # }; + + services.xserver.layout = "us"; # keymap in x11 } \ No newline at end of file diff --git a/nixos/networking/default.nix b/nixos/networking/default.nix index 8c74baa..cfdd816 100755 --- a/nixos/networking/default.nix +++ b/nixos/networking/default.nix @@ -6,7 +6,6 @@ ./network-manager ./dhcp.nix - ./dns ./firewall.nix ./proxy.nix ./timezone.nix diff --git a/nixos/networking/dns/default.nix b/nixos/networking/dns/default.nix index 4b651c8..06e1f2a 100644 --- a/nixos/networking/dns/default.nix +++ b/nixos/networking/dns/default.nix @@ -3,6 +3,6 @@ { imports = [ ./dns.nix - #./systemd-resolved.nix + #./systemd-resolved.nix # Returns NXDOMAIN in China Mainland, will investegate... ]; } \ No newline at end of file diff --git a/nixos/networking/dns/systemd-resolved.nix b/nixos/networking/dns/systemd-resolved.nix index b8a3d40..f2c4455 100644 --- a/nixos/networking/dns/systemd-resolved.nix +++ b/nixos/networking/dns/systemd-resolved.nix @@ -7,6 +7,6 @@ dnssec = "true"; domains = [ "~." ]; fallbackDns = [ "8.8.8.8#dns.google" "8.8.4.4#dns.google" "2001:4860:4860::8888#dns.google" "2001:4860:4860::8844#dns.google" ]; - #extraConfig = "DNSOverTLS=yes"; # broken as well + extraConfig = "DNSOverTLS=yes"; }; } \ No newline at end of file diff --git a/nixos/nix/flake.nix b/nixos/nix/flake.nix index 3e43041..22841dd 100755 --- a/nixos/nix/flake.nix +++ b/nixos/nix/flake.nix @@ -1,6 +1,10 @@ { ... }: { - nix.settings.experimental-features = [ "nix-command" "flakes" ]; # enable flakes - programs.command-not-found.enable = false; # Unavailable in Flakes build + # Enable Flakes + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Does not work with Flake based configurations + system.copySystemConfiguration = false; + programs.command-not-found.enable = false; } diff --git a/nixos/nix/gc.nix b/nixos/nix/gc.nix index dbdb2ee..a154e75 100755 --- a/nixos/nix/gc.nix +++ b/nixos/nix/gc.nix @@ -2,10 +2,10 @@ { nix = { - # hard linking + ### Auto hard linking settings.auto-optimise-store = true; - # auto delete older NixOS builds + ### Automatically delete older NixOS builds gc = { automatic = true; dates = "weekly"; diff --git a/nixos/nix/nix.nix b/nixos/nix/nix.nix index 5651e21..3f4904d 100755 --- a/nixos/nix/nix.nix +++ b/nixos/nix/nix.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { nix.settings = { @@ -29,15 +29,13 @@ nixos.enable = false; }; - #nix.useSandbox = false; - system = { # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # Does not work with flake based configurations - #copySystemConfiguration = true; + copySystemConfiguration = lib.mkDefault true; # This value determines the NixOS release from which the default diff --git a/nixos/packages/default.nix b/nixos/packages/default.nix index c081eef..20420dc 100755 --- a/nixos/packages/default.nix +++ b/nixos/packages/default.nix @@ -2,9 +2,8 @@ { imports = [ - ./core.nix ./hardware.nix - ./graphical + ./overlays ./unfree ]; diff --git a/nixos/packages/graphical/default.nix b/nixos/packages/graphical/default.nix index 080a3d6..da18b40 100755 --- a/nixos/packages/graphical/default.nix +++ b/nixos/packages/graphical/default.nix @@ -6,7 +6,9 @@ #./flatpak.nix ./fonts.nix + ./gnome-keyring.nix ./graphical.nix + ./polkit.nix ./xdg.nix ]; } diff --git a/nixos/packages/graphical/display-server/input.nix b/nixos/packages/graphical/display-server/input.nix index 7bc36e9..610829c 100755 --- a/nixos/packages/graphical/display-server/input.nix +++ b/nixos/packages/graphical/display-server/input.nix @@ -2,7 +2,6 @@ { services.xserver = { - layout = "us"; # keymap in x11 libinput = { enable = true; touchpad = { @@ -18,7 +17,7 @@ }; }; - # Removes debounce time + ### Removes debounce time # https://www.reddit.com/r/linux_gaming/comments/ku6gth environment.etc."libinput/local-overrides.quirks".text = '' [Never Debounce] diff --git a/nixos/packages/graphical/display-server/wayland.nix b/nixos/packages/graphical/display-server/wayland.nix index f0ccd72..5730bba 100755 --- a/nixos/packages/graphical/display-server/wayland.nix +++ b/nixos/packages/graphical/display-server/wayland.nix @@ -1,9 +1,9 @@ { ... }: { - programs.xwayland.enable = true; - hardware.nvidia.nvidiaSettings = false; # nvidia settings menu, wont do anything on wayland + programs.xwayland.enable = true; # enable XWayland + hardware.nvidia.nvidiaSettings = false; # NVIDIA settings menu, wont do anything on wayland environment.sessionVariables = { - "NIXOS_OZONE_WL" = "1"; # let electron applications use wayland + "NIXOS_OZONE_WL" = "1"; # let electron applications use wayland }; } \ No newline at end of file diff --git a/nixos/packages/graphical/fonts.nix b/nixos/packages/graphical/fonts.nix index 8fb8ea3..f1b1607 100755 --- a/nixos/packages/graphical/fonts.nix +++ b/nixos/packages/graphical/fonts.nix @@ -29,6 +29,6 @@ monospace = [ "JetBrainsMono Nerd Font" "JetBrains Mono" "FiraCode Nerd Font" "Fira Code" "Noto Sans Mono" ]; }; }; - # fontconfig is too limited here, use `$HOME/.config/fontconfig/fonts.conf` instead + # fontconfig is too limited here, and appling it globally is **bad**, use Home Manager instead }; } diff --git a/nixos/packages/graphical/gnome-keyring.nix b/nixos/packages/graphical/gnome-keyring.nix new file mode 100644 index 0000000..120e936 --- /dev/null +++ b/nixos/packages/graphical/gnome-keyring.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + # gnome keyring + services.gnome.gnome-keyring.enable = true; + programs.seahorse.enable = true; + security.pam.services."gnome-keyring".text = '' + auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so + session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start + password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so + ''; +} \ No newline at end of file diff --git a/nixos/packages/graphical/graphical.nix b/nixos/packages/graphical/graphical.nix index 38ce4bd..bffa889 100644 --- a/nixos/packages/graphical/graphical.nix +++ b/nixos/packages/graphical/graphical.nix @@ -1,8 +1,6 @@ { pkgs, ... }: { - boot.plymouth.enable = true; - security.polkit.enable = true; services = { # GNOME applications gvfs.enable = true; # nautilus @@ -25,10 +23,5 @@ end = "${pkgs.libnotify}/bin/notify-send 'GameMode Deactivated' 'GameMode Deactivated. Back to normal mode. ⏹️'"; }; }; - clash-verge = { - #enable = true; - autoStart = true; # not working at all, edit: works on gnome - tunMode = true; - }; }; } \ No newline at end of file diff --git a/nixos/security/polkit.nix b/nixos/packages/graphical/polkit.nix similarity index 95% rename from nixos/security/polkit.nix rename to nixos/packages/graphical/polkit.nix index 6631cdb..a7fbfdb 100644 --- a/nixos/security/polkit.nix +++ b/nixos/packages/graphical/polkit.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { + security.polkit.enable = true; environment.systemPackages = with pkgs; [ polkit_gnome ]; # polkit_gnome autostart for wms diff --git a/nixos/packages/hardware.nix b/nixos/packages/hardware.nix index ff6c9aa..7f0213e 100644 --- a/nixos/packages/hardware.nix +++ b/nixos/packages/hardware.nix @@ -2,10 +2,7 @@ { hardware = { - # Enable redistriutable firmware enableRedistributableFirmware = true; - - # Enable all firmware #enableAllFirmware = true; }; diff --git a/nixos/packages/server.nix b/nixos/packages/server.nix deleted file mode 100755 index c864340..0000000 --- a/nixos/packages/server.nix +++ /dev/null @@ -1 +0,0 @@ -# no i dont actually own a server \ No newline at end of file diff --git a/nixos/packages/unfree/unfree.nix b/nixos/packages/unfree/unfree.nix index 43faed6..7b95f4f 100755 --- a/nixos/packages/unfree/unfree.nix +++ b/nixos/packages/unfree/unfree.nix @@ -10,15 +10,15 @@ "facetimehd-firmware" # ../hardware/hardwares/imac-2017.nix # flatpak-able - "discord" - "google-chrome" - "lunar-client" "osu-lazer-bin" "osu-lazer-bin-2023.1008.0" # what? "spotify" "steam" "steam-original" - "microsoft-edge-stable" - "qq" + #"discord" + #"google-chrome" + #"lunar-client" + #"microsoft-edge-stable" + #"qq" ]; } diff --git a/nixos/power-management/default.nix b/nixos/power-management/default.nix index 84f8975..0a382fd 100644 --- a/nixos/power-management/default.nix +++ b/nixos/power-management/default.nix @@ -4,7 +4,7 @@ imports = [ ./cpu-governor.nix ./system76-scheduler.nix - #./tlp.nix # ] conflicts + #./tlp.nix # ] Conflicts with each other, only choose one ./power-profiles-daemon.nix # ] ]; } \ No newline at end of file diff --git a/nixos/packages/core.nix b/nixos/presets/core.nix similarity index 68% rename from nixos/packages/core.nix rename to nixos/presets/core.nix index a60331f..f4a06cc 100755 --- a/nixos/packages/core.nix +++ b/nixos/presets/core.nix @@ -1,9 +1,17 @@ { config, ... }: +# Imported by default, check out ./desktop.nix or ./server.nix { # Installed packages (System wide) environment = { - defaultPackages = []; + #defaultPackages = []; + }; + + users.mutableUsers = false; + environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id + security = { + apparmor.enable = true; + sudo.execWheelOnly = true; }; # Programs @@ -25,9 +33,18 @@ NixOS ${config.system.nixos.label} ${config.system.nixos.codeName} (\m) - \l --my-next-gpu-wont-be-nvidia ''; + + openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + #cron.enable = true; #dbus.enable = true; - openssh.enable = true; + # BTRFS De-Dupe # bruh how to make it not a background job # i want to run it manually diff --git a/nixos/presets/desktop.nix b/nixos/presets/desktop.nix new file mode 100644 index 0000000..1dbddfc --- /dev/null +++ b/nixos/presets/desktop.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./core.nix + ../packages/graphical + ]; +} \ No newline at end of file diff --git a/nixos/presets/server.nix b/nixos/presets/server.nix new file mode 100755 index 0000000..3ff7449 --- /dev/null +++ b/nixos/presets/server.nix @@ -0,0 +1,9 @@ +{ ... }: + +# no i dont actually own a server +{ + imports = [ + ./core.nix + ]; + boot.plymouth.enable = false; +} \ No newline at end of file diff --git a/nixos/security/default.nix b/nixos/security/default.nix deleted file mode 100644 index 27670d2..0000000 --- a/nixos/security/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - imports = [ - ./security.nix - - ./gnome-keyring.nix - ./machine-id.nix - ./polkit.nix - ./sysctl.nix - ./tpm.nix - ]; -} \ No newline at end of file diff --git a/nixos/security/gnome-keyring.nix b/nixos/security/gnome-keyring.nix deleted file mode 100644 index 2b99e61..0000000 --- a/nixos/security/gnome-keyring.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - # gnome keyring - services.gnome.gnome-keyring.enable = true; - security.pam.services."gnome-keyring".text = '' - auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so - session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start - password optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so - ''; -} \ No newline at end of file diff --git a/nixos/security/machine-id.nix b/nixos/security/machine-id.nix deleted file mode 100644 index 64e49b5..0000000 --- a/nixos/security/machine-id.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: - -{ - # whonix id - environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; -} \ No newline at end of file diff --git a/nixos/security/security.nix b/nixos/security/security.nix deleted file mode 100755 index 682ef10..0000000 --- a/nixos/security/security.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: - -{ - security = { - apparmor.enable = true; - sudo.execWheelOnly = true; - }; - - boot.loader.systemd-boot.editor = false; - - services.openssh.settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; -} diff --git a/nixos/users/users.nix b/nixos/users/users.nix index 8e2ffd8..b4ca478 100755 --- a/nixos/users/users.nix +++ b/nixos/users/users.nix @@ -1,5 +1,5 @@ { ... }: { - users.mutableUsers = false; + } \ No newline at end of file diff --git a/users/guanranwang/home-manager/common/dotfiles/config/hyprland/plugins.conf b/users/guanranwang/home-manager/common/dotfiles/config/hyprland/plugins.conf index af0ca5a..d424469 100644 --- a/users/guanranwang/home-manager/common/dotfiles/config/hyprland/plugins.conf +++ b/users/guanranwang/home-manager/common/dotfiles/config/hyprland/plugins.conf @@ -4,9 +4,9 @@ plugin = $HOME/.config/hypr/plugins/hyprfocus.so plugin { csgo-vulkan-fix { - res_w = 1440 - res_h = 1080 - } + res_w = 1440 + res_h = 1080 + } hyprfocus { enabled = false @@ -16,25 +16,25 @@ plugin { bezier = bezIn, 0.5,0.0,1.0,0.5 bezier = bezOut, 0.0,0.5,0.5,1.0 - } + } - flash { - flash_opacity = 0.7 + flash { + flash_opacity = 0.7 - in_bezier = bezIn - in_speed = 0.5 + in_bezier = bezIn + in_speed = 0.5 - out_bezier = bezOut - out_speed = 3 - } + out_bezier = bezOut + out_speed = 3 + } - shrink { - shrink_percentage = 0.99 + shrink { + shrink_percentage = 0.99 - in_bezier = bezIn - in_speed = 0.5 + in_bezier = bezIn + in_speed = 0.5 - out_bezier = bezOut - out_speed = 3 - } + out_bezier = bezOut + out_speed = 3 + } }