common.nix

@@ -20,6 +20,13 @@ all: {
 
   programs.mosh.enable = lib.mkDefault true;
 
+  systemd.services.nix-gc.serviceConfig.IOSchedulingPriority =
+    lib.mkDefault 7;
+  systemd.services.nix-gc.serviceConfig.IOSchedulingClass =
+    lib.mkDefault "idle";
+  systemd.services.nix-gc.serviceConfig.CPUSchedulingPolicy =
+    lib.mkDefault "idle";
+
   nix = {
     gc = {
       automatic = lib.mkDefault true;
@@ -27,6 +34,10 @@ all: {
       options = lib.mkDefault "--delete-older-than 40d";
     };
 
+    daemonIOSchedPriority = lib.mkDefault 7;
+    daemonIOSchedClass = lib.mkDefault "idle";
+    daemonCPUSchedPolicy = lib.mkDefault "idle";
+
     settings = {
       trusted-users = ["root" "builder" "@wheel"];
       builders-use-substitutes = true;
@@ -36,20 +47,20 @@ all: {
 
   # make nginx have good logging and defaults
   services.nginx = {
-    recommendedTlsSettings = lib.mkDefault true;
-    recommendedOptimisation = lib.mkDefault true;
     recommendedGzipSettings = lib.mkDefault true;
-    recommendedUwsgiSettings = lib.mkDefault true;
+    recommendedOptimisation = lib.mkDefault true;
     recommendedProxySettings = lib.mkDefault true;
-    recommendedBrotliSettings = lib.mkDefault true;
     appendHttpConfig = ''
       error_log stderr;
       access_log syslog:server=unix:/dev/log combined;
     '';
   };
 
+  # set some basic system props
   security.sudo.wheelNeedsPassword = lib.mkDefault false;
+  networking.networkmanager.enable = lib.mkDefault true;
 
+  # package list
   environment.systemPackages = with pkgs; [
     exfat
 
@@ -58,6 +69,7 @@ all: {
   ];
 
   services.openssh = {
+    # Allow ssh
     enable = lib.mkDefault true;
     # lol no
     settings.PermitRootLogin = lib.mkDefault "no";
@@ -71,7 +83,6 @@ all: {
 
   # Use a firewall
   networking.firewall.enable = lib.mkDefault true;
-  # dont be stupid
   networking.firewall.allowPing = true;
   networking.firewall.allowedTCPPorts = lib.mkDefault [22];
   # but not too much, don't break VPNs etc

flake.nix

@@ -42,6 +42,7 @@
         workstation = import ./modules/workstation.nix;
         ezpw = import ./modules/ezpw.nix;
         ezpc = import ./modules/ezpc.nix;
+        nix-ssh-agent = import ./modules/nix-ssh-agent.nix;
       };
     in
       m

home-manager/common.nix

@@ -25,6 +25,19 @@ inputs: all: {
     '';
   };
 
+  programs.chromium = {
+    package = lib.mkDefault (pkgs.ungoogled-chromium.override {
+      commandLineArgs = lib.concatStringsSep " " [
+        "--force-dark-mode"
+        "--enable-features=UseOzonePlatform,WebUIDarkMode,VaapiVideoDecoder"
+        "--ozone-platform=wayland"
+        "--ignore-gpu-blocklist"
+        "--enable-gpu-rasterization"
+        "--enable-zero-copy"
+      ];
+    });
+  };
+
   programs.mpv = {
     config = {
       profile = lib.mkDefault "gpu-hq";
@@ -39,19 +52,12 @@ inputs: all: {
     jq
     ripgrep
     lsd
+
     lsof
     file
+
     iotop
     htop
-    zip
-    unzip
-    ncdu
-    nix-index
-    unrar
-    lm_sensors
-    pciutils
-    usbutils
-    acpi
 
     corefonts
   ];

home-manager/modules/ezpcusr.nix

@@ -129,7 +129,6 @@ in {
         layerrule = [
           "blur, bar-.*"
           "ignorezero, bar-.*"
-          "xray on, bar-.*"
           # "blur, notifications-window"
           # "blur, indicator"
           # "ignorezero, indicator"
@@ -138,12 +137,6 @@ in {
           no_update_news = true;
           no_donation_nag = true;
         };
-        animations = {
-          enabled = false;
-        };
-        decoration = {
-          shadow.enabled = false;
-        };
         misc = {
           disable_hyprland_logo = true;
           animate_manual_resizes = true;
@@ -303,7 +296,7 @@ in {
         menus.clock = {
           time = {
             military = false;
-            hideSeconds = true;
+            hideSeconds = false;
           };
           # weather.unit = "metric";
         };

home-manager/modules/rofi.css

@@ -0,0 +1,60 @@
+* {
+	background-color: transparent;
+	text-color: @foreground;
+	margin: 0;
+	padding: 0;
+	spacing: 0;
+}
+
+window {
+	location: center;
+	width: 700px;
+	background-color: @background;
+	border: 2px solid;
+	border-color: @border-color;
+}
+
+inputbar {
+	padding: 8px;
+	spacing: 4px;
+	background-color: @alternate-normal-background;
+	color: @alternate-normal-foreground;
+}
+
+textbox {
+	padding: 4px 6px;
+	background-color: @alternate-normal-background;
+}
+
+listview {
+	columns: 1;
+	spacing: 8px;
+	fixed-columns: true;
+}
+
+element {
+	spacing: 1em;
+	padding: 4px;
+}
+
+element normal urgent {
+	text-color: @urgent-foreground;
+}
+
+element normal active {
+	text-color: @active-foreground;
+}
+
+element selected {
+	background-color: @selected-normal-background;
+	color: @selected-normal-foreground;
+}
+
+element selected urgent {
+	background-color: @selected-urgent-background;
+	color: @selected-urgent-foreground;
+}
+
+element-text {
+	text-color: inherit;
+}

home-manager/users/notgne2.nix

@@ -17,87 +17,8 @@ in {
     fzf
     xclip
     alejandra
-    pwgen
-    ncdu
-    zip
   ];
 
-  programs.nixcord = {
-    package = pkgs.vencord;
-
-    discord.enable = false;
-
-    vesktop = {
-      enable = true;
-      package = pkgs.vesktop;
-    };
-
-    config = {
-      transparent = true;
-      frameless = true;
-      disableMinSize = true;
-      # enabledThemes = [];
-      plugins = {
-        ircColors.enable = true;
-        whoReacted.enable = true;
-        alwaysTrust.enable = true;
-        anonymiseFileNames = {
-          enable = true;
-          anonymiseByDefault = true;
-          consistent = "file";
-          method = "consistent";
-        };
-        newGuildSettings = {
-          enable = true;
-
-          messages = "only@Mentions";
-
-          everyone = true;
-          role = true;
-          events = true;
-        };
-        copyEmojiMarkdown = {
-          enable = true;
-        };
-        fakeNitro = {
-          enableEmojiBypass = false;
-          enableStickerBypass = false;
-          enableStreamQualityBypass = true;
-        };
-        noPendingCount = {
-          enable = true;
-          hideFriendRequestsCount = true;
-          hideMessageRequestCount = true;
-          hidePremiumOffersCount = true;
-        };
-        platformIndicators.enable = true;
-        userVoiceShow.enable = true;
-      };
-    };
-    dorion = {
-      enable = false;
-      package = pkgs.dorion;
-
-      theme = "stylix";
-      themes = ["stylix"];
-
-      useNativeTitlebar = true;
-
-      # theme = "dark";
-      # zoom = "1.1";
-      blur = "acrylic";       # "none", "blur", or "acrylic"
-      sysTray = true;
-      openOnStartup = false;
-      # autoClearCache = true;
-      # rpcServer = true;
-      rpcProcessScanner = true;
-      pushToTalk = true;
-      pushToTalkKeys = ["RControl"];
-      desktopNotifications = true;
-      unreadBadge = true;
-    };
-  };
-
   programs.zed-editor = {
     extensions = [
       "elm"

modules/nix-ssh-agent.nix

@@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.nix.ssh-agent;
+in {
+  options.nix.ssh-agent = {
+    sock = lib.mkOption {
+      description = "SSH agent socket for Nix to use";
+      default = "/run/user/1000/ssh-agent";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf (cfg.sock != null) {
+    # systemd.services.ssh-agent-nix-proxy = {
+    #   wantedBy = [ "nix-daemon.service" ];
+    #   partOf = [ "nix-daemon.service" ];
+    #   serviceConfig = {
+    #     ExecStart = "${pkgs.socat}/bin/socat UNIX-LISTEN:/run/nix-ssh-agent,mode=770,group=nixbld,user=root,reuseaddr,fork UNIX-CONNECT:${cfg.sock}";
+    #     Restart = "always";
+    #   };
+    # };
+
+    # systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/nix-ssh-agent";
+    systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = cfg.sock;
+  };
+}

modules/workstation.nix

@@ -64,21 +64,56 @@ in {
 
     services.ezpw.enable = lib.mkDefault true;
 
+    security.pam.services = {
+      swaylock.text = ''
+        auth include login
+      '';
+    };
+
     services.thermald.enable = lib.mkDefault true;
 
     # Don't kill the battery
-    services.upower.enable = lib.mkDefault cfg.battery;
+    services.upower = {
+      enable = lib.mkDefault cfg.battery;
+      percentageLow = lib.mkDefault 15;
+      percentageCritical = lib.mkDefault 10;
+      percentageAction = lib.mkDefault 5;
+      criticalPowerAction = lib.mkDefault "Hibernate";
+    };
 
-    # Make battery usage and performance sane
+    # Make battery usage sane
-    # hardware.system76.power-daemon.enable = lib.mkDefault true;
+    services.tlp = {
-    services.tlp.enable = false;
+      enable = lib.mkDefault cfg.battery;
-    services.power-profiles-daemon.enable = lib.mkDefault true;
+      settings = {
-    services.system76-scheduler.enable = lib.mkDefault true;
+        PCIE_ASPM_ON_BAT = lib.mkDefault "powersupersave";
-    services.tuned = {
+        PCIE_ASPM_ON_AC = lib.mkDefault "default";
-      enable = lib.mkDefault true;
+
-      settings.dynamic_tuning = lib.mkDefault true;
+        PLATFORM_PROFILE_ON_BAT = lib.mkDefault "low-power";
-      ppdSettings.battery = lib.mkIf cfg.battery {
+        PLATFORM_PROFILE_ON_AC = lib.mkDefault "performance";
-        balanced = lib.mkDefault "laptop-battery-powersave";
+
+        CPU_SCALING_GOVERNOR_ON_BAT = lib.mkOverride 900 "powersave";
+        CPU_SCALING_GOVERNOR_ON_AC = lib.mkOverride 900 "performance";
+
+        CPU_ENERGY_PERF_POLICY_ON_BAT = lib.mkDefault "power";
+        CPU_ENERGY_PERF_POLICY_ON_AC = lib.mkDefault "performance";
+
+        CPU_BOOST_ON_BAT = lib.mkDefault 0;
+        CPU_BOOST_ON_AC = lib.mkDefault 1;
+
+        CPU_HWP_DYN_BOOST_ON_BAT = lib.mkDefault 0;
+        CPU_HWP_DYN_BOOST_ON_AC = lib.mkDefault 1;
+
+        SCHED_POWERSAVE_ON_BAT = lib.mkDefault 1;
+        SCHED_POWERSAVE_ON_AC = lib.mkDefault 0;
+
+        CPU_MAX_PERF_ON_BAT = lib.mkDefault 30;
+        CPU_MAX_PERF_ON_AC = lib.mkDefault 100;
+
+        CPU_SCALING_MIN_FREQ_ON_BAT = lib.mkDefault 0;
+        CPU_SCALING_MIN_FREQ_ON_AC = lib.mkDefault 0;
+
+        CPU_SCALING_MAX_FREQ_ON_BAT = lib.mkDefault 9999999;
+        CPU_SCALING_MAX_FREQ_ON_AC = lib.mkDefault 9999999;
       };
     };
 
@@ -194,6 +229,10 @@ in {
       mouse.accelProfile = lib.mkDefault "flat";
       touchpad.accelProfile = lib.mkDefault "flat";
     };
+    services.xserver = {
+      dpi = lib.mkDefault 96;
+      xkb.layout = lib.mkDefault "us";
+    };
 
     networking.networkmanager.wifi.macAddress = lib.mkDefault "random";
     networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;