From 32f2213e8850b692efad5d18ae16ca67e2b26d0d Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 23 Mar 2025 16:12:22 +0100 Subject: [PATCH] FINALLY, it was stylix that was breaking the desktop!!! --- default.nix | 26 -- flake.nix | 7 +- lib/nixos.nix | 3 +- modules/home/desktop/plasma.nix | 315 ++++++++++++++-------- modules/home/desktop/terminal/ghostty.nix | 4 +- modules/home/shell/toolset/starship.nix | 18 +- modules/home/themes/default.nix | 34 ++- modules/system/options.nix | 5 + modules/system/security.nix | 127 ++++----- modules/system/theming.nix | 12 +- 10 files changed, 317 insertions(+), 234 deletions(-) delete mode 100644 default.nix diff --git a/default.nix b/default.nix deleted file mode 100644 index 201a215..0000000 --- a/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: -let - inherit (builtins) toString; - inherit (lib.modules) mkAliasOptionModule mkIf; - inherit (lib.my) mapModulesRec' mapModules mkSysUser mkHmUser; -in -{ - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - - config = { - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - environment.variables = { - NIXPKGS_ALLOW_UNFREE = "1"; - }; - - sops = { - defaultSopsFile = ./secrets/secrets.yml; - defaultSopsFormat = "yml"; - - age.keyFile = "/home/"; - }; - }; -} diff --git a/flake.nix b/flake.nix index 7ad63ca..f21ad28 100644 --- a/flake.nix +++ b/flake.nix @@ -74,12 +74,7 @@ }; }; - nixosModules = - { - sneeuwvlok = import ./.; - } - // mapModulesRec ./modules import; - + nixosModules = mapModulesRec ./modules import; nixosConfigurations = mapHosts ./hosts {}; }; } diff --git a/lib/nixos.nix b/lib/nixos.nix index f095725..071cbd7 100644 --- a/lib/nixos.nix +++ b/lib/nixos.nix @@ -27,7 +27,7 @@ in rec inputs.nixos-boot.nixosModules.default ({ options, config, ...}: { nixpkgs.pkgs = pkgs; - + networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path)); system = { @@ -57,7 +57,6 @@ in rec }; }) (filterAttrs (n: v: !elem n ["system"]) attrs) - ../. # ../default.nix (import path) ] ++ (map (user: { diff --git a/modules/home/desktop/plasma.nix b/modules/home/desktop/plasma.nix index 54017fa..07a8233 100644 --- a/modules/home/desktop/plasma.nix +++ b/modules/home/desktop/plasma.nix @@ -51,135 +51,222 @@ in sharedModules = [ inputs.plasma-manager.homeManagerModules.plasma-manager ]; - }; - home-manager.users.${user}.programs.plasma = { - enable = true; - immutableByDefault = false; - windows.allowWindowsToRememberPositions = true; + users.${user}.programs.plasma = { + enable = true; + immutableByDefault = true; + windows.allowWindowsToRememberPositions = true; - workspace = { - colorScheme = "CatppuccinMocha"; - }; - - spectacle.shortcuts = { - captureRectangularRegion = "Meta+Shift+S"; - }; - - kwin = { - edgeBarrier = 0; - cornerBarrier = false; - - effects = { - translucency.enable = true; - - blur = { - enable = true; - strength = 5; - noiseStrength = 5; - }; - - snapHelper.enable = true; + workspace = { + colorScheme = "CatppuccinMocha"; + wallpaper = config.stylix.image; }; - }; - panels = [ - # Windows-like panel at the bottom - { - location = "bottom"; - widgets = [ - "org.kde.plasma.kickoff" - { - name = "org.kde.plasma.icontasks"; - config = { - launchers = [ - "preferred://browser" - "applications:org.kde.konsole.desktop" - "applications:org.kde.dolphin.desktop" - "applications:equibop.desktop" - "applications:code.desktop" - "applications:com.obsproject.Studio" - "applications:spotify.desktop" - ]; - }; - } - "org.kde.plasma.systemtray" - "org.kde.plasma.digitalclock" - ]; - floating = true; - minLength = 1743; - maxLength = 1920; - hiding = "dodgewindows"; - } - ]; - - powerdevil = { - AC = { - powerButtonAction = "shutDown"; - whenLaptopLidClosed = "doNothing"; - - autoSuspend.action = "nothing"; - dimDisplay.enable = false; - - turnOffDisplay = { - idleTimeout = "never"; - }; + spectacle.shortcuts = { + captureRectangularRegion = "Meta+Shift+S"; }; - battery = { - powerButtonAction = "shutDown"; - whenLaptopLidClosed = "doNothing"; - autoSuspend.action = "nothing"; - dimDisplay.enable = false; + kwin = { + edgeBarrier = 0; + cornerBarrier = false; - turnOffDisplay = { - idleTimeout = "never"; - }; + effects = { + translucency.enable = true; + + blur = { + enable = true; + strength = 5; + noiseStrength = 5; + }; + + snapHelper.enable = true; + }; }; - lowBattery = { - powerButtonAction = "shutDown"; - whenLaptopLidClosed = "doNothing"; - autoSuspend.action = "nothing"; - dimDisplay.enable = false; + panels = [ + # Windows-like panel at the bottom + { + location = "bottom"; + floating = true; + lengthMode = "fill"; + height = 32; + hiding = "dodgewindows"; + screen = "all"; + widgets = [ + { + kickoff = { + applicationsDisplayMode = "list"; + compactDisplayStyle = false; + favoritesDisplayMode = "grid"; + sortAlphabetically = true; + showButtonsFor = { + custom = [ + "shutdown" + "reboot" + "logout" + "lock-screen" + ]; + }; + showActionButtonCaptions = true; + }; + } + { + appMenu = { + compactView = false; + }; + } + { + panelSpacer = { + expanding = true; + }; + } + { + iconTasks = { + appearance = { + fill = false; + highlightWindows = true; + iconSpacing = "medium"; + indicateAudioStreams = true; + rows = { + multirowView = "never"; + maximum = null; + }; + showTooltips = true; + }; + behavior = { + grouping = { + clickAction = "showPresentWindowsEffect"; + method = "byProgramName"; + }; + minimizeActiveTaskOnClick = true; + newTasksAppearOn = "right"; + showTasks = { + onlyInCurrentActivity = true; + onlyInCurrentDesktop = true; + onlyMinimized = false; + onlyInCurrentScreen = false; + }; + sortingMethod = "manually"; + unhideOnAttentionNeeded = true; + wheel = { + ignoreMinimizedTasks = true; + switchBetweenTasks = true; + }; + }; + launchers = [ + "applications:org.kde.dolphin.desktop" + "preferred://browser" + "preferred://terminal" + "preferred://editor" + "applications:vesktop.desktop" + "applications:steam.desktop" + ]; + }; + } + { + panelSpacer = { + expanding = true; + }; + } + { + systemTray = { + icons = { + scaleToFit = true; + spacing = "small"; + }; + items = { + hidden = [ + "org.kde.plasma.brightness" + ]; + }; + pin = false; + }; + } + { + digitalClock = { + date = { + enable = true; + format = "shortDate"; + position = "belowTime"; + }; + time = { + format = "24h"; + showSeconds = "onlyInTooltip"; + }; + }; + } + ]; + } + ]; - turnOffDisplay = { - idleTimeout = "never"; - }; - }; - }; + powerdevil = { + AC = { + powerButtonAction = "shutDown"; + whenLaptopLidClosed = "doNothing"; - kscreenlocker = { - autoLock = false; - lockOnResume = false; - lockOnStartup = false; + autoSuspend.action = "nothing"; + dimDisplay.enable = false; - appearance = { - alwaysShowClock = true; - showMediaControls = true; - }; - }; + turnOffDisplay = { + idleTimeout = "never"; + }; + }; + battery = { + powerButtonAction = "shutDown"; + whenLaptopLidClosed = "doNothing"; - configFile = { - kdeglobals = { - General = { - # enable font antialiasing - XftAntialias = true; - XftHintStyle = "hintslight"; - XftSubPixel = "rgb"; - }; + autoSuspend.action = "nothing"; + dimDisplay.enable = false; + + turnOffDisplay = { + idleTimeout = "never"; + }; + }; + lowBattery = { + powerButtonAction = "shutDown"; + whenLaptopLidClosed = "doNothing"; + + autoSuspend.action = "nothing"; + dimDisplay.enable = false; + + turnOffDisplay = { + idleTimeout = "never"; + }; + }; }; - kwalletrc = { - Wallet.Enabled = false; + + kscreenlocker = { + autoLock = false; + lockOnResume = false; + lockOnStartup = false; + + appearance = { + alwaysShowClock = true; + showMediaControls = true; + }; }; - plasmarc = { - General = { - RaiseMaximumVolume = true; - VolumeStep = 2; - }; - }; - kcminputrc = { - Keyboard.NumLock.value = 0; + + configFile = { + kdeglobals = { + General = { + # enable font antialiasing + XftAntialias = true; + XftHintStyle = "hintslight"; + XftSubPixel = "rgb"; + }; + }; + kwalletrc = { + Wallet.Enabled = false; + }; + plasmarc = { + General = { + RaiseMaximumVolume = true; + VolumeStep = 2; + }; + }; + kcminputrc = { + Keyboard.NumLock.value = 0; + }; }; }; }; diff --git a/modules/home/desktop/terminal/ghostty.nix b/modules/home/desktop/terminal/ghostty.nix index 1133e2b..b23a233 100644 --- a/modules/home/desktop/terminal/ghostty.nix +++ b/modules/home/desktop/terminal/ghostty.nix @@ -25,8 +25,8 @@ in { enable = true; settings = { background-blur-radius = 20; - theme = "dark:stylix,light:stylix"; - window-theme = config.stylix.polarity; + # theme = "dark:stylix,light:stylix"; + # window-theme = config.stylix.polarity; background-opacity = 0.8; minimum-contrast = 1.1; }; diff --git a/modules/home/shell/toolset/starship.nix b/modules/home/shell/toolset/starship.nix index 6aa3f19..6b86fc1 100644 --- a/modules/home/shell/toolset/starship.nix +++ b/modules/home/shell/toolset/starship.nix @@ -1,19 +1,25 @@ -{ config, options, lib, pkgs, user, ... }: +{ config, lib, user, ... }: let inherit (lib.modules) mkIf; + inherit (lib.options) mkEnableOption; in { - options.modules.${user}.shell.toolset.starship = let - inherit (lib.options) mkEnableOption; - in { - enable = mkEnableOption "minimal shell ricing"; + options.modules.${user}.shell.toolset.starship = { + enable = mkEnableOption "fancy pansy shell prompt"; }; config = mkIf config.modules.${user}.shell.toolset.starship.enable { home-manager.users.${user}.programs.starship = { enable = true; settings = let - inherit (config.lib.stylix.colors) cyan red magenta yellow green blue; + # inherit (config.lib.stylix.colors) cyan red magenta yellow green blue; + + cyan = "#00ffff"; + red = "#ff0000"; + magenta = "#ff00ff"; + yellow = "#ffff00"; + green = "#00ff00"; + blue = "#0000ff"; in { scan_timeout = 10; add_newline = true; diff --git a/modules/home/themes/default.nix b/modules/home/themes/default.nix index f782abc..21130c7 100644 --- a/modules/home/themes/default.nix +++ b/modules/home/themes/default.nix @@ -1,19 +1,13 @@ -{ inputs, config, options, lib, pkgs, user, ... }: +{ config, lib, pkgs, user, ... }: let - inherit (builtins) getEnv map; - inherit (lib.attrsets) attrValues mapAttrsToList; - inherit (lib.meta) getExe; - inherit (lib.modules) mkIf mkMerge; - inherit (lib.strings) concatStringsSep optionalString; + inherit (lib) mkIf mkDefault; + inherit (lib.options) mkOption mkEnableOption; + inherit (lib.types) nullOr enum; cfg = config.modules.${user}.themes; - desktop = config.modules.${user}.desktop; in { - options.modules.${user}.themes = let - inherit (lib.options) mkOption mkEnableOption; - inherit (lib.types) nullOr enum; - in { + options.modules.${user}.themes = { enable = mkEnableOption "Theming (Stylix)"; theme = mkOption { @@ -33,6 +27,24 @@ in { config = mkIf (cfg.enable) { modules.theming.enable = true; + environment.sessionVariables = { QT_QPA_PLATFORMTHEME = "kde"; }; + + home-manager.users.${user} = { + xdg.configFile."menus/applications.menu".source = "${pkgs.kdePackages.plasma-workspace}/etc/xdg/menus/plasma-applications.menu"; + + qt = { + enable = true; + platformTheme.package = with pkgs.kdePackages; [ + plasma-integration + systemsettings + ]; + style = { + package = pkgs.kdePackages.breeze; + name = mkDefault "Breeze"; + }; + }; + }; + stylix = { enable = true; autoEnable = true; diff --git a/modules/system/options.nix b/modules/system/options.nix index 8773040..0558323 100644 --- a/modules/system/options.nix +++ b/modules/system/options.nix @@ -14,6 +14,10 @@ in }; config = { + environment.variables = { + NIXPKGS_ALLOW_UNFREE = "1"; + }; + nix.settings = let inherit (lib) elem attrNames filterAttrs; @@ -22,6 +26,7 @@ in { trusted-users = users; allowed-users = users; + experimental-features = [ "nix-command" "flakes" ]; }; }; } diff --git a/modules/system/security.nix b/modules/system/security.nix index b001307..96a964f 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -1,70 +1,77 @@ -{ pkgs, ... }: +{ inputs, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - kdePackages.kwallet-pam - bitwarden - sops - ]; + imports = [ + inputs.sops-nix.nixosModules.sops + ]; - security = { - sudo.execWheelOnly = true; - acme.acceptTerms = true; - polkit.enable = true; - pam = { - u2f = { - enable = true; - settings.cue = true; - }; + config = { + environment.systemPackages = with pkgs; [ + bitwarden + sops + ]; - services.kwallet = { - name = "kwallet"; - enableKwallet = true; - }; - }; - }; + sops = { + defaultSopsFile = ./secrets/secrets.yml; + defaultSopsFormat = "yml"; - networking.firewall.enable = true; - programs.gnupg.agent.enable = true; - - boot = { - loader.systemd-boot = { - editor = false; - configurationLimit = 50; + age.keyFile = "/home/"; }; - kernelModules = [ "tcp_bbr" ]; - kernel.sysctl = { - ## TCP hardening - # Prevent bogus ICMP errors from filling up logs. - "net.ipv4.icmp_ignore_bogus_error_responses" = 1; - # Reverse path filtering causes the kernel to do source validation of - # packets received from all interfaces. This can mitigate IP spoofing. - "net.ipv4.conf.default.rp_filter" = 1; - "net.ipv4.conf.all.rp_filter" = 1; - # Do not accept IP source route packets (we're not a router) - "net.ipv4.conf.all.accept_source_route" = 0; - "net.ipv6.conf.all.accept_source_route" = 0; - # Don't send ICMP redirects (again, we're on a router) - "net.ipv4.conf.all.send_redirects" = 0; - "net.ipv4.conf.default.send_redirects" = 0; - # Refuse ICMP redirects (MITM mitigations) - "net.ipv4.conf.all.accept_redirects" = 0; - "net.ipv4.conf.default.accept_redirects" = 0; - "net.ipv4.conf.all.secure_redirects" = 0; - "net.ipv4.conf.default.secure_redirects" = 0; - "net.ipv6.conf.all.accept_redirects" = 0; - "net.ipv6.conf.default.accept_redirects" = 0; - # Protects against SYN flood attacks - "net.ipv4.tcp_syncookies" = 1; - # Incomplete protection again TIME-WAIT assassination - "net.ipv4.tcp_rfc1337" = 1; + security = { + sudo.execWheelOnly = true; + acme.acceptTerms = true; + polkit.enable = true; + pam = { + u2f = { + enable = true; + settings.cue = true; + }; + }; + }; - ## TCP optimization - # Enable TCP Fast Open for incoming and outgoing connections - "net.ipv4.tcp_fastopen" = 3; - # Bufferbloat mitigations + slight improvement in throughput & latency - "net.ipv4.tcp_congestion_control" = "bbr"; - "net.core.default_qdisc" = "cake"; + networking.firewall.enable = true; + programs.gnupg.agent.enable = true; + + boot = { + loader.systemd-boot = { + editor = false; + configurationLimit = 50; + }; + + kernelModules = [ "tcp_bbr" ]; + kernel.sysctl = { + ## TCP hardening + # Prevent bogus ICMP errors from filling up logs. + "net.ipv4.icmp_ignore_bogus_error_responses" = 1; + # Reverse path filtering causes the kernel to do source validation of + # packets received from all interfaces. This can mitigate IP spoofing. + "net.ipv4.conf.default.rp_filter" = 1; + "net.ipv4.conf.all.rp_filter" = 1; + # Do not accept IP source route packets (we're not a router) + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + # Don't send ICMP redirects (again, we're on a router) + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + # Refuse ICMP redirects (MITM mitigations) + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + # Protects against SYN flood attacks + "net.ipv4.tcp_syncookies" = 1; + # Incomplete protection again TIME-WAIT assassination + "net.ipv4.tcp_rfc1337" = 1; + + ## TCP optimization + # Enable TCP Fast Open for incoming and outgoing connections + "net.ipv4.tcp_fastopen" = 3; + # Bufferbloat mitigations + slight improvement in throughput & latency + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.core.default_qdisc" = "cake"; + }; }; }; } diff --git a/modules/system/theming.nix b/modules/system/theming.nix index 6b47e34..64dfa52 100644 --- a/modules/system/theming.nix +++ b/modules/system/theming.nix @@ -1,18 +1,16 @@ -{ inputs, config, options, lib, pkgs, ... }: +{ inputs, config, lib, ... }: let inherit (lib) mkIf; + inherit (lib.options) mkEnableOption; cfg = config.modules.theming; in { imports = [ - inputs.stylix.nixosModules.stylix - ]; + inputs.stylix.nixosModules.stylix + ]; - options.modules.theming = let - inherit (lib.options) mkEnableOption; - in - { + options.modules.theming = { enable = mkEnableOption "enable theming"; };