From 6eade157b39c38371dfca3334245ff06e9eed944 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 23 Jul 2024 17:46:03 +0200 Subject: [PATCH] . --- default.nix | 4 +- hosts/chris-pc/default.nix | 2 +- hosts/chris-pc/default.nix.back | 94 ---------- hosts/chris-pc/hardware-configuration.nix | 40 ----- hosts/chris-pc/hardware.nix | 47 +++++ hosts/chris-server/default.nix | 2 +- hosts/chris-server/hardware-configuration.nix | 38 ---- hosts/chris-server/hardware.nix | 41 +++++ modules/_programs/harden.nix | 10 -- modules/_programs/security.nix | 12 -- modules/develop/rust.nix | 12 +- modules/options.nix | 33 +++- modules/shell/toolset/git.nix | 162 +++++++++--------- modules/system/audio.nix | 2 +- modules/system/boot.nix | 2 +- modules/system/security.nix | 62 +++++++ modules/xgd.nix | 32 ++++ 17 files changed, 306 insertions(+), 289 deletions(-) delete mode 100644 hosts/chris-pc/default.nix.back delete mode 100644 hosts/chris-pc/hardware-configuration.nix create mode 100644 hosts/chris-pc/hardware.nix delete mode 100644 hosts/chris-server/hardware-configuration.nix create mode 100644 hosts/chris-server/hardware.nix delete mode 100644 modules/_programs/harden.nix delete mode 100644 modules/_programs/security.nix create mode 100644 modules/system/security.nix create mode 100644 modules/xgd.nix diff --git a/default.nix b/default.nix index c9f17ef..cbea429 100644 --- a/default.nix +++ b/default.nix @@ -13,9 +13,9 @@ in ] ++ (mapModulesRec' (toString ./modules) import); - environments.variables = { + environment.variables = { KAAS = config.kaas.dir; - KAAS_BIN = config.kaasbinDir; + KAAS_BIN = config.kaas.binDir; NIXPKGS_ALLOW_UNFREE = "1"; }; diff --git a/hosts/chris-pc/default.nix b/hosts/chris-pc/default.nix index b5a7d63..62540b7 100644 --- a/hosts/chris-pc/default.nix +++ b/hosts/chris-pc/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; + imports = [ ./hardware.nix ]; modules = { themes.active = "everforrest"; diff --git a/hosts/chris-pc/default.nix.back b/hosts/chris-pc/default.nix.back deleted file mode 100644 index 2b3a830..0000000 --- a/hosts/chris-pc/default.nix.back +++ /dev/null @@ -1,94 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: -{ - imports = [ - ./hardware-configuration.nix - ../../modules/system/boot.nix - ../../modules/system/networking.nix - ../../modules/system/audio.nix - ../../modules/system/zsa_voyager.nix - - ../../modules/desktop/plasma.nix - - - - - ../../modules/programs/security.nix - ../../modules/programs/theme.nix - ../../modules/programs/shell.nix - ../../modules/programs/gaming.nix - ../../modules/programs/harden.nix - ../../modules/programs/communication.nix - ../../modules/programs/office.nix - inputs.home-manager.nixosModules.default - ]; - - nixpkgs.config = { - allowUnfree = true; - }; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.chris = { - isNormalUser = true; - extraGroups = [ "wheel" "audio" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; []; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit inputs; }; - backupFileExtension = "backup"; - users = { - chris.imports = [ ../../users/chris.nix ]; -# root.imports = [ ../../users/root.nix ]; - }; - }; - - environment.systemPackages = with pkgs; [ - neovim - wget -# chromium - thunderbird - zoxide - atuin - btop - dust - bat - tldr - eza - nextcloud-client - ]; - - systemd.services.numLockOnTty = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = lib.mkForce (pkgs.writeShellScript "numLockOnTty" '' - for tty in /dev/tty{1..6}; do - ${pkgs.kbd}/bin/setleds -D +num < "$tty"; - done - ''); - }; - }; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? - -} - diff --git a/hosts/chris-pc/hardware-configuration.nix b/hosts/chris-pc/hardware-configuration.nix deleted file mode 100644 index 656bb4c..0000000 --- a/hosts/chris-pc/hardware-configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/8c4eaf57-fdb2-4c4c-bcc0-74e85a1c7985"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C842-316A"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/0ddf001a-5679-482e-b254-04a1b9094794"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/chris-pc/hardware.nix b/hosts/chris-pc/hardware.nix new file mode 100644 index 0000000..df2fc27 --- /dev/null +++ b/hosts/chris-pc/hardware.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, modulesPath, ... }: +let + inherit (lib.modules) mkDefault; + inherir (lib.attrsets) attrValues; +in +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8c4eaf57-fdb2-4c4c-bcc0-74e85a1c7985"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/C842-316A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/0ddf001a-5679-482e-b254-04a1b9094794"; } + ]; + + boot = { + initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + kernelParams = []; + extraModulePackages = [ ]; + }; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + services = { + power-profiles-deamon-enable = false; + thermald.enable = false; + }; + + modules.hardware = { + pipewire.enable = true; + bluetooth.enable = false; + pointer.enable = true; + }; +} diff --git a/hosts/chris-server/default.nix b/hosts/chris-server/default.nix index f2103f7..2e9cb5e 100644 --- a/hosts/chris-server/default.nix +++ b/hosts/chris-server/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ]; + imports = [ ./hardware.nix ]; modules = { themes.active = "everforrest"; diff --git a/hosts/chris-server/hardware-configuration.nix b/hosts/chris-server/hardware-configuration.nix deleted file mode 100644 index dad81c9..0000000 --- a/hosts/chris-server/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/dd518f17-61c9-4831-b1bd-e1cc2af292aa"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0A56-EBFE"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/chris-server/hardware.nix b/hosts/chris-server/hardware.nix new file mode 100644 index 0000000..e8b6a41 --- /dev/null +++ b/hosts/chris-server/hardware.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dd518f17-61c9-4831-b1bd-e1cc2af292aa"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0A56-EBFE"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + boot = { + initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + kernelParams = []; + extraModulePackages = [ ]; + }; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + services = { + power-profiles-deamon-enable = false; + thermald.enable = false; + }; + + modules.hardware = { + pipewire.enable = true; + bluetooth.enable = false; + pointer.enable = true; + }; +} diff --git a/modules/_programs/harden.nix b/modules/_programs/harden.nix deleted file mode 100644 index 3188581..0000000 --- a/modules/_programs/harden.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, user, sensitive, lib, ... }: { - networking.firewall.enable = true; - -# security.sudo.execWheelOnly = true; -# security.auditd.enable = true; -# security.audit.enable = !config.boot.isContainer; - - # PGP set up. - programs.gnupg.agent.enable = true; -} diff --git a/modules/_programs/security.nix b/modules/_programs/security.nix deleted file mode 100644 index 51ee3e7..0000000 --- a/modules/_programs/security.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, security, ... }: -{ - environment.systemPackages = with pkgs; [ - kdePackages.kwallet-pam - bitwarden - ]; - - security.pam.services.kwallet = { - name = "kwallet"; - enableKwallet = true; - }; -} diff --git a/modules/develop/rust.nix b/modules/develop/rust.nix index fa806ef..0a277de 100644 --- a/modules/develop/rust.nix +++ b/modules/develop/rust.nix @@ -13,23 +13,21 @@ in config = mkMerge [ (mkIf config.modules.develop.rust.enable { - nixpkgs.overlays = [ inputs.rust.overlays.default ]; - user.packages = attrValues { rust-package = pkgs.rust-bin.nightly.latest.default; inherit (pkgs) rust-analyser rust-script; }; - environment.shellAlliases = { + environment.shellAliases = { rs = "rustc"; ca = "cargo"; }; }) - (mkIf config.modules.develop.cdg.enable { - env = { - CARGO_HOME = "$XDG_DATA_HOME/cargo"; - PATH = [ "$CARGO_HOME/bin" ]; + (mkIf config.modules.develop.xdg.enable { + home = { + sessionVariables.CARGO_HOME = "$XDG_DATA_HOME/cargo"; + sessionPath = ["$CARGO_HOME/bin"]; }; }) ]; diff --git a/modules/options.nix b/modules/options.nix index 0d9b634..1080077 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -20,15 +20,44 @@ in "${config.user.home}/Workspace/public/kaas" "/etc/kaas" ]); - hostDir = mkOpt path "${config.kaas.dir}/hosts/${config.networking.hostName}"; + homeDir = mkOpt path "${config.kaas.dir}/hosts/${config.networking.hostName}"; binDir = mkOpt path "${config.kaas.dir}/bin"; configDir = mkOpt path "${config.kaas.dir}/config"; modulesDir = mkOpt path "${config.kaas.dir}/modules"; themesDir = mkOpt path "${config.kaas.modulesDir}/themes"; }; + }; + + config = { + user = let + user = builtins.getEnv "USER"; + name = + if builtins.elem user [ "" "root" ] then "chris" + else user; + in + { + inherit name; + description = "Primary user account"; + extraGroups = [ "wheel" ]; + isNormalUser = true; + home = "/home/${name}"; + group = "users"; + uid = 1000; + }; + + home-manager.useUserPackages = true; home = { - # HIER BEN IK GEBLEVEN!!! + stateVersion = config.system.stateVersion; + sessionPath = [ "$KAAS_BIN" "$XDG_BIN_HOME" "$PATH" ]; + }; + + users.users.${config.user.name} = mkAliasDefinitions options.user; + + nix.settings = let users = [ "" config.user.name ]; in + { + trusted-users = users; + allowed-users = users; }; }; } diff --git a/modules/shell/toolset/git.nix b/modules/shell/toolset/git.nix index b6e5aa0..673c579 100644 --- a/modules/shell/toolset/git.nix +++ b/modules/shell/toolset/git.nix @@ -21,95 +21,97 @@ in # Prevent x11 askPass prompt on git push: programs.ssh.askPassword = ""; - hm.programs.zsh.initExtra = '' - # -------===[ Helpful Git Fn's ]===------- # - gitignore() { - curl -s -o .gitignore https://gitignore.io/api/$1 - } - ''; + home.sessionVariables.GITHUB_TOKEN = "$(cat /run/agenix/tokenGH)"; - hm.programs.fish.functions = { - gitignore = "curl -sL https://www.gitignore.io/api/$argv"; - }; + hm.programs = { + zsh.initExtra = '' + # -------===[ Helpful Git Fn's ]===------- # + gitignore() { + curl -s -o .gitignore https://gitignore.io/api/$1 + } + ''; - env = {GITHUB_TOKEN = "$(cat /run/agenix/tokenGH)";}; - - hm.programs.git = { - enable = true; - package = pkgs.gitFull; - difftastic = { - enable = true; - background = "dark"; - color = "always"; - display = "inline"; + fish.functions = { + gitignore = "curl -sL https://www.gitignore.io/api/$argv"; }; - ignores = [ - # General: - "*.bloop" - "*.bsp" - "*.metals" - "*.metals.sbt" - "*metals.sbt" - "*.direnv" - "*.envrc" - "*hie.yaml" - "*.mill-version" - "*.jvmopts" - - # OS-related: - ".DS_Store?" - ".DS_Store" - ".CFUserTextEncoding" - ".Trash" - ".Xauthority" - "thumbs.db" - "Thumbs.db" - "Icon?" - - # Compiled residues: - "*.class" - "*.exe" - "*.o" - "*.pyc" - "*.elc" - ]; - - extraConfig = { - init.defaultBranch = "main"; - core = { - editor = "nvim"; - whitespace = "trailing-space,space-before-tab"; - }; - credential.helper = "${pkgs.gitFull}/bin/git-credential-libsecret"; - - user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - signingKey = readFile "${config.user.home}/.ssh/id_ed25519.pub"; + git = { + enable = true; + package = pkgs.gitFull; + difftastic = { + enable = true; + background = "dark"; + color = "always"; + display = "inline"; }; - gpg.format = "ssh"; - commit.gpgSign = true; - tag.gpgSign = true; + ignores = [ + # General: + "*.bloop" + "*.bsp" + "*.metals" + "*.metals.sbt" + "*metals.sbt" + "*.direnv" + "*.envrc" + "*hie.yaml" + "*.mill-version" + "*.jvmopts" - push = { - default = "current"; - gpgSign = "if-asked"; - autoSquash = true; - }; - pull.rebase = true; + # OS-related: + ".DS_Store?" + ".DS_Store" + ".CFUserTextEncoding" + ".Trash" + ".Xauthority" + "thumbs.db" + "Thumbs.db" + "Icon?" - filter = { - required = true; - smudge = "git-lfs smudge -- %f"; - process = "git-lfs filter-process"; - clean = "git-lfs clean -- %f"; - }; + # Compiled residues: + "*.class" + "*.exe" + "*.o" + "*.pyc" + "*.elc" + ]; - url = { - "https://github.com/".insteadOf = "gh:"; - "git@github.com:".insteadOf = "ssh+gh:"; + extraConfig = { + init.defaultBranch = "main"; + core = { + editor = "nvim"; + whitespace = "trailing-space,space-before-tab"; + }; + credential.helper = "${pkgs.gitFull}/bin/git-credential-libsecret"; + + user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + signingKey = readFile "${config.user.home}/.ssh/id_ed25519.pub"; + }; + + gpg.format = "ssh"; + commit.gpgSign = true; + tag.gpgSign = true; + + push = { + default = "current"; + gpgSign = "if-asked"; + autoSquash = true; + }; + pull.rebase = true; + + filter = { + required = true; + smudge = "git-lfs smudge -- %f"; + process = "git-lfs filter-process"; + clean = "git-lfs clean -- %f"; + }; + + url = { + "https://github.com/".insteadOf = "gh:"; + "git@github.com:".insteadOf = "ssh+gh:"; + }; }; }; }; diff --git a/modules/system/audio.nix b/modules/system/audio.nix index dcaaa55..8b5d438 100644 --- a/modules/system/audio.nix +++ b/modules/system/audio.nix @@ -32,7 +32,7 @@ in }; }; - home.configFile = mkIf config.module.hardware.bluetooth.enable { + home.configFile = mkIf config.modules.hardware.bluetooth.enable { wireplumber-bluetooth = { target = "wireplumber/bluetooth.lua.d/51-bluez-config.lua"; text = '' diff --git a/modules/system/boot.nix b/modules/system/boot.nix index e638edf..8cda96f 100644 --- a/modules/system/boot.nix +++ b/modules/system/boot.nix @@ -1,6 +1,6 @@ { config, options, lib, pkgs, ... }: { - boot.loader.systemd-boot-enable = true; + boot.loader.systemd-boot.enable = true; time.timeZone = "Europe/Amsterdam"; diff --git a/modules/system/security.nix b/modules/system/security.nix new file mode 100644 index 0000000..b8ba907 --- /dev/null +++ b/modules/system/security.nix @@ -0,0 +1,62 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + kdePackages.kwallet-pam + bitwarden + ]; + + security = { + sudo.execWheelOnly = true; + acme.acceptTerms = true; + polkit.enable = true; + pam.services.kwallet = { + name = "kwallet"; + enableKwallet = true; + }; + }; + + networking.firewall.enable = true; + programs.gnupg.agent.enable = true; + + boot = { + loader.systemd-boot = { + editor = false; + configurationLimit = 50; + }; + + kernalModules = [ "tcp_bbr" ]; + kernal.sysctl = { + ## TCP hardening + # Prevent bogus ICMP errors from filling up logs. + "net.ipv4.icmp_ignore_bogus_error_responses" = 1; + # Reverse path filtering causes the kernel to do source validation of + # packets received from all interfaces. This can mitigate IP spoofing. + "net.ipv4.conf.default.rp_filter" = 1; + "net.ipv4.conf.all.rp_filter" = 1; + # Do not accept IP source route packets (we're not a router) + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + # Don't send ICMP redirects (again, we're on a router) + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + # Refuse ICMP redirects (MITM mitigations) + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + # Protects against SYN flood attacks + "net.ipv4.tcp_syncookies" = 1; + # Incomplete protection again TIME-WAIT assassination + "net.ipv4.tcp_rfc1337" = 1; + + ## TCP optimization + # Enable TCP Fast Open for incoming and outgoing connections + "net.ipv4.tcp_fastopen" = 3; + # Bufferbloat mitigations + slight improvement in throughput & latency + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.core.default_qdisc" = "cake"; + }; + }; +} diff --git a/modules/xgd.nix b/modules/xgd.nix new file mode 100644 index 0000000..aa27891 --- /dev/null +++ b/modules/xgd.nix @@ -0,0 +1,32 @@ +{ config, ... }: +{ + hm.xdg.enable = true; + + environment = { + sessionVariables = { + XDG_CACHE_HOME = "$HOME/.cache"; + XDG_CONFIG_HOME = "$HOME/.config"; + XDG_DATA_HOME = "$HOME/.local/share"; + XDG_BIN_HOME = "$HOME/.local/bin"; + }; + + variables = { + __GL_SHADER_DISK_CACHE_PATH = "$XDG_CACHE_HOME/nv"; + ASPELL_CONF = '' + per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; + personal $XDG_CONFIG_HOME/aspell/en_US.pws; + repl $XDG_CONFIG_HOME/aspell/en.prepl; + ''; + CUDA_CACHE_PATH = "$XDG_CACHE_HOME/nv"; + HISTFILE = "$XDG_DATA_HOME/bash/history"; + INPUTRC = "$XDG_CONFIG_HOME/readline/inputrc"; + LESSHISTFILE = "$XDG_CACHE_HOME/lesshst"; + WGETRC = "$XDG_CONFIG_HOME/wgetrc"; + }; + + extraInit = '' + export XAUTHORITY=/tmp/Xauthority + [ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY" + ''; + }; +}