diff --git a/common.nix b/common.nix index 1b99392..ab47336 100644 --- a/common.nix +++ b/common.nix @@ -20,6 +20,13 @@ all: { programs.mosh.enable = lib.mkDefault true; + systemd.services.nix-gc.serviceConfig.IOSchedulingPriority = + lib.mkDefault 7; + systemd.services.nix-gc.serviceConfig.IOSchedulingClass = + lib.mkDefault "idle"; + systemd.services.nix-gc.serviceConfig.CPUSchedulingPolicy = + lib.mkDefault "idle"; + nix = { gc = { automatic = lib.mkDefault true; @@ -27,6 +34,10 @@ all: { options = lib.mkDefault "--delete-older-than 40d"; }; + daemonIOSchedPriority = lib.mkDefault 7; + daemonIOSchedClass = lib.mkDefault "idle"; + daemonCPUSchedPolicy = lib.mkDefault "idle"; + settings = { trusted-users = ["root" "builder" "@wheel"]; builders-use-substitutes = true; @@ -36,20 +47,20 @@ all: { # make nginx have good logging and defaults services.nginx = { - recommendedTlsSettings = lib.mkDefault true; - recommendedOptimisation = lib.mkDefault true; recommendedGzipSettings = lib.mkDefault true; - recommendedUwsgiSettings = lib.mkDefault true; + recommendedOptimisation = lib.mkDefault true; recommendedProxySettings = lib.mkDefault true; - recommendedBrotliSettings = lib.mkDefault true; appendHttpConfig = '' error_log stderr; access_log syslog:server=unix:/dev/log combined; ''; }; + # set some basic system props security.sudo.wheelNeedsPassword = lib.mkDefault false; + networking.networkmanager.enable = lib.mkDefault true; + # package list environment.systemPackages = with pkgs; [ exfat @@ -58,6 +69,7 @@ all: { ]; services.openssh = { + # Allow ssh enable = lib.mkDefault true; # lol no settings.PermitRootLogin = lib.mkDefault "no"; @@ -71,7 +83,6 @@ all: { # Use a firewall networking.firewall.enable = lib.mkDefault true; - # dont be stupid networking.firewall.allowPing = true; networking.firewall.allowedTCPPorts = lib.mkDefault [22]; # but not too much, don't break VPNs etc diff --git a/flake.nix b/flake.nix index 4ac10ac..2f036eb 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ workstation = import ./modules/workstation.nix; ezpw = import ./modules/ezpw.nix; ezpc = import ./modules/ezpc.nix; + nix-ssh-agent = import ./modules/nix-ssh-agent.nix; }; in m diff --git a/home-manager/common.nix b/home-manager/common.nix index 12e5c08..39df499 100644 --- a/home-manager/common.nix +++ b/home-manager/common.nix @@ -25,6 +25,19 @@ inputs: all: { ''; }; + programs.chromium = { + package = lib.mkDefault (pkgs.ungoogled-chromium.override { + commandLineArgs = lib.concatStringsSep " " [ + "--force-dark-mode" + "--enable-features=UseOzonePlatform,WebUIDarkMode,VaapiVideoDecoder" + "--ozone-platform=wayland" + "--ignore-gpu-blocklist" + "--enable-gpu-rasterization" + "--enable-zero-copy" + ]; + }); + }; + programs.mpv = { config = { profile = lib.mkDefault "gpu-hq"; @@ -39,19 +52,12 @@ inputs: all: { jq ripgrep lsd + lsof file + iotop htop - zip - unzip - ncdu - nix-index - unrar - lm_sensors - pciutils - usbutils - acpi corefonts ]; diff --git a/home-manager/modules/ezpcusr.nix b/home-manager/modules/ezpcusr.nix index 61f77f1..6f4697a 100644 --- a/home-manager/modules/ezpcusr.nix +++ b/home-manager/modules/ezpcusr.nix @@ -129,7 +129,6 @@ in { layerrule = [ "blur, bar-.*" "ignorezero, bar-.*" - "xray on, bar-.*" # "blur, notifications-window" # "blur, indicator" # "ignorezero, indicator" @@ -138,12 +137,6 @@ in { no_update_news = true; no_donation_nag = true; }; - animations = { - enabled = false; - }; - decoration = { - shadow.enabled = false; - }; misc = { disable_hyprland_logo = true; animate_manual_resizes = true; @@ -303,7 +296,7 @@ in { menus.clock = { time = { military = false; - hideSeconds = true; + hideSeconds = false; }; # weather.unit = "metric"; }; diff --git a/home-manager/modules/rofi.css b/home-manager/modules/rofi.css new file mode 100644 index 0000000..f7bc4b6 --- /dev/null +++ b/home-manager/modules/rofi.css @@ -0,0 +1,60 @@ +* { + background-color: transparent; + text-color: @foreground; + margin: 0; + padding: 0; + spacing: 0; +} + +window { + location: center; + width: 700px; + background-color: @background; + border: 2px solid; + border-color: @border-color; +} + +inputbar { + padding: 8px; + spacing: 4px; + background-color: @alternate-normal-background; + color: @alternate-normal-foreground; +} + +textbox { + padding: 4px 6px; + background-color: @alternate-normal-background; +} + +listview { + columns: 1; + spacing: 8px; + fixed-columns: true; +} + +element { + spacing: 1em; + padding: 4px; +} + +element normal urgent { + text-color: @urgent-foreground; +} + +element normal active { + text-color: @active-foreground; +} + +element selected { + background-color: @selected-normal-background; + color: @selected-normal-foreground; +} + +element selected urgent { + background-color: @selected-urgent-background; + color: @selected-urgent-foreground; +} + +element-text { + text-color: inherit; +} diff --git a/home-manager/users/notgne2.nix b/home-manager/users/notgne2.nix index ef085fe..405e44f 100644 --- a/home-manager/users/notgne2.nix +++ b/home-manager/users/notgne2.nix @@ -17,87 +17,8 @@ in { fzf xclip alejandra - pwgen - ncdu - zip ]; - programs.nixcord = { - package = pkgs.vencord; - - discord.enable = false; - - vesktop = { - enable = true; - package = pkgs.vesktop; - }; - - config = { - transparent = true; - frameless = true; - disableMinSize = true; - # enabledThemes = []; - plugins = { - ircColors.enable = true; - whoReacted.enable = true; - alwaysTrust.enable = true; - anonymiseFileNames = { - enable = true; - anonymiseByDefault = true; - consistent = "file"; - method = "consistent"; - }; - newGuildSettings = { - enable = true; - - messages = "only@Mentions"; - - everyone = true; - role = true; - events = true; - }; - copyEmojiMarkdown = { - enable = true; - }; - fakeNitro = { - enableEmojiBypass = false; - enableStickerBypass = false; - enableStreamQualityBypass = true; - }; - noPendingCount = { - enable = true; - hideFriendRequestsCount = true; - hideMessageRequestCount = true; - hidePremiumOffersCount = true; - }; - platformIndicators.enable = true; - userVoiceShow.enable = true; - }; - }; - dorion = { - enable = false; - package = pkgs.dorion; - - theme = "stylix"; - themes = ["stylix"]; - - useNativeTitlebar = true; - - # theme = "dark"; - # zoom = "1.1"; - blur = "acrylic"; # "none", "blur", or "acrylic" - sysTray = true; - openOnStartup = false; - # autoClearCache = true; - # rpcServer = true; - rpcProcessScanner = true; - pushToTalk = true; - pushToTalkKeys = ["RControl"]; - desktopNotifications = true; - unreadBadge = true; - }; - }; - programs.zed-editor = { extensions = [ "elm" diff --git a/modules/nix-ssh-agent.nix b/modules/nix-ssh-agent.nix new file mode 100644 index 0000000..7f6225b --- /dev/null +++ b/modules/nix-ssh-agent.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.nix.ssh-agent; +in { + options.nix.ssh-agent = { + sock = lib.mkOption { + description = "SSH agent socket for Nix to use"; + default = "/run/user/1000/ssh-agent"; + type = lib.types.str; + }; + }; + + config = lib.mkIf (cfg.sock != null) { + # systemd.services.ssh-agent-nix-proxy = { + # wantedBy = [ "nix-daemon.service" ]; + # partOf = [ "nix-daemon.service" ]; + # serviceConfig = { + # ExecStart = "${pkgs.socat}/bin/socat UNIX-LISTEN:/run/nix-ssh-agent,mode=770,group=nixbld,user=root,reuseaddr,fork UNIX-CONNECT:${cfg.sock}"; + # Restart = "always"; + # }; + # }; + + # systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/nix-ssh-agent"; + systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = cfg.sock; + }; +} diff --git a/modules/workstation.nix b/modules/workstation.nix index b0dc92b..30828b4 100644 --- a/modules/workstation.nix +++ b/modules/workstation.nix @@ -64,21 +64,56 @@ in { services.ezpw.enable = lib.mkDefault true; + security.pam.services = { + swaylock.text = '' + auth include login + ''; + }; + services.thermald.enable = lib.mkDefault true; # Don't kill the battery - services.upower.enable = lib.mkDefault cfg.battery; + services.upower = { + enable = lib.mkDefault cfg.battery; + percentageLow = lib.mkDefault 15; + percentageCritical = lib.mkDefault 10; + percentageAction = lib.mkDefault 5; + criticalPowerAction = lib.mkDefault "Hibernate"; + }; - # Make battery usage and performance sane - # hardware.system76.power-daemon.enable = lib.mkDefault true; - services.tlp.enable = false; - services.power-profiles-daemon.enable = lib.mkDefault true; - services.system76-scheduler.enable = lib.mkDefault true; - services.tuned = { - enable = lib.mkDefault true; - settings.dynamic_tuning = lib.mkDefault true; - ppdSettings.battery = lib.mkIf cfg.battery { - balanced = lib.mkDefault "laptop-battery-powersave"; + # Make battery usage sane + services.tlp = { + enable = lib.mkDefault cfg.battery; + settings = { + PCIE_ASPM_ON_BAT = lib.mkDefault "powersupersave"; + PCIE_ASPM_ON_AC = lib.mkDefault "default"; + + PLATFORM_PROFILE_ON_BAT = lib.mkDefault "low-power"; + PLATFORM_PROFILE_ON_AC = lib.mkDefault "performance"; + + CPU_SCALING_GOVERNOR_ON_BAT = lib.mkOverride 900 "powersave"; + CPU_SCALING_GOVERNOR_ON_AC = lib.mkOverride 900 "performance"; + + CPU_ENERGY_PERF_POLICY_ON_BAT = lib.mkDefault "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = lib.mkDefault "performance"; + + CPU_BOOST_ON_BAT = lib.mkDefault 0; + CPU_BOOST_ON_AC = lib.mkDefault 1; + + CPU_HWP_DYN_BOOST_ON_BAT = lib.mkDefault 0; + CPU_HWP_DYN_BOOST_ON_AC = lib.mkDefault 1; + + SCHED_POWERSAVE_ON_BAT = lib.mkDefault 1; + SCHED_POWERSAVE_ON_AC = lib.mkDefault 0; + + CPU_MAX_PERF_ON_BAT = lib.mkDefault 30; + CPU_MAX_PERF_ON_AC = lib.mkDefault 100; + + CPU_SCALING_MIN_FREQ_ON_BAT = lib.mkDefault 0; + CPU_SCALING_MIN_FREQ_ON_AC = lib.mkDefault 0; + + CPU_SCALING_MAX_FREQ_ON_BAT = lib.mkDefault 9999999; + CPU_SCALING_MAX_FREQ_ON_AC = lib.mkDefault 9999999; }; }; @@ -194,6 +229,10 @@ in { mouse.accelProfile = lib.mkDefault "flat"; touchpad.accelProfile = lib.mkDefault "flat"; }; + services.xserver = { + dpi = lib.mkDefault 96; + xkb.layout = lib.mkDefault "us"; + }; networking.networkmanager.wifi.macAddress = lib.mkDefault "random"; networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;