commit 52ade86f6406261108e3179f4836140ad9671e38
parent 79eb22519c60d103bd1168727d563f50653f8d40
Author: Vincent Demeester <vincent@sbr.pm>
Date: Wed, 7 Oct 2020 13:52:44 +0200
systems/users: create a profile.desktop.gnome
… and refactor a bit the rest.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
11 files changed, 74 insertions(+), 174 deletions(-)
diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix
@@ -43,15 +43,11 @@ in
plymouth.enable = true;
};
- hardware.bluetooth.enable = true;
services.hardware.bolt.enable = true;
profiles = {
- syncthing.enable = true;
- home = true;
+ desktop.gnome.enable = true;
laptop.enable = true;
- desktop.enable = lib.mkForce false;
- avahi.enable = true;
- git.enable = true;
+ home = true;
ssh.enable = true;
dev.enable = true;
yubikey.enable = true;
@@ -61,61 +57,7 @@ in
};
environment.systemPackages = with pkgs; [ virtmanager ];
- networking.networkmanager = {
- enable = true;
- unmanaged = [
- "interface-name:br-*"
- "interface-name:ve-*"
- "interface-name:veth*"
- "interface-name:wg0"
- "interface-name:docker0"
- "interface-name:virbr*"
- ];
- packages = with pkgs; [ networkmanager-openvpn ];
- };
-
- services.xserver.enable = true;
- services.xserver.layout = "fr";
- services.xserver.xkbVariant = "bepo";
- services.xserver.xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps";
- services.xserver.displayManager.gdm.enable = true;
- services.xserver.desktopManager.gnome3.enable = true;
- services.gnome3.chrome-gnome-shell.enable = true;
- services.gnome3.core-shell.enable = true;
- services.gnome3.core-os-services.enable = true;
- services.gnome3.core-utilities.enable = true;
- virtualisation.podman.enable = true;
-
- fonts = {
- enableFontDir = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- corefonts
- dejavu_fonts
- emojione
- feh
- fira
- fira-code
- fira-code-symbols
- fira-mono
- hasklig
- inconsolata
- iosevka
- noto-fonts
- noto-fonts-cjk
- noto-fonts-emoji
- noto-fonts-extra
- overpass
- symbola
- source-code-pro
- twemoji-color-font
- ubuntu_font_family
- unifont
- ];
- };
-
services = {
- fprintd.enable = true;
# FIXME re-generate hokkaido key
/*
wireguard = {
@@ -128,6 +70,7 @@ in
*/
};
+ virtualisation.podman.enable = true;
virtualisation.containers = {
enable = true;
registries = {
diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix
@@ -10,6 +10,7 @@
./docker.nix
./gaming.nix
./git.nix
+ ./gnome.nix
./home.nix
./i18n.nix
./ipfs.nix
diff --git a/systems/modules/profiles/desktop.nix b/systems/modules/profiles/desktop.nix
@@ -18,11 +18,6 @@ in
description = "Enable pulseaudio with the desktop profile";
type = types.bool;
};
- flatpak = mkOption {
- default = true;
- description = "Enable flatpak with the desktop profile";
- type = types.bool;
- };
syncthing = mkOption {
default = true;
description = "Enable syncthing with the desktop profile";
@@ -43,11 +38,6 @@ in
description = "Enable networkmanager with the desktop profile";
type = types.bool;
};
- autoLogin = mkOption {
- default = false;
- description = "Enable auto login";
- type = types.bool;
- };
};
};
config = mkIf cfg.enable {
@@ -57,79 +47,37 @@ in
profiles.scanning.enable = cfg.scanning;
profiles.syncthing.enable = cfg.syncthing;
- boot = {
- tmpOnTmpfs = true;
- plymouth.enable = true;
- };
-
hardware.bluetooth.enable = true;
networking.networkmanager = {
enable = cfg.networkmanager;
unmanaged = [
+ "interface-name:br-*"
"interface-name:ve-*"
"interface-name:veth*"
"interface-name:wg0"
"interface-name:docker0"
"interface-name:virbr*"
- ];
+ ]; # FIXME: add unmanaged depending on profiles (wg0, docker0, …)
packages = with pkgs; [ networkmanager-openvpn ];
};
- programs.dconf.enable = true;
- xdg.portal.enable = cfg.flatpak;
-
services = {
- blueman.enable = true;
- flatpak.enable = cfg.flatpak;
- dbus.packages = [ pkgs.gnome3.dconf ];
xserver = {
enable = true;
enableTCP = false;
- windowManager.twm.enable = true;
libinput.enable = true;
synaptics.enable = false;
- layout = "fr(bepo),fr";
- xkbVariant = "oss";
+ layout = "fr";
+ xkbVariant = "bepo";
xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps";
- inputClassSections = [
- ''
- Identifier "TypeMatrix"
- MatchIsKeyboard "on"
- MatchVendor "TypeMatrix.com"
- MatchProduct "USB Keyboard"
- Driver "evdev"
- Option "XbkModel" "tm2030USB"
- Option "XkbLayout" "fr"
- Option "XkbVariant" "bepo"
- ''
- ''
- Identifier "ErgoDox"
- #MatchVendor "ErgoDox_EZ"
- #MatchProduct "ErgoDox_EZ"
- MatchIsKeyboard "on"
- MatchUSBID "feed:1307"
- Driver "evdev"
- Option "XkbLayout" "fr"
- Option "XkbVariant" "bepo"
- ''
- ];
- displayManager = {
- # defaultSession = "none+i3";
- lightdm = {
- enable = true;
- autoLogin = {
- enable = true;
- user = "vincent";
- };
- };
- };
};
};
fonts = {
enableFontDir = true;
enableGhostscriptFonts = true;
fonts = with pkgs; [
+ liberation_ttf
corefonts
dejavu_fonts
emojione
@@ -154,40 +102,6 @@ in
];
};
- # Polkit.
- security.polkit.extraConfig = ''
- polkit.addRule(function(action, subject) {
- if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
- action.id == "org.freedesktop.udisks2.encrypted-unlock-system"
- ) &&
- subject.local && subject.active && subject.isInGroup("users")) {
- return polkit.Result.YES;
- }
- var YES = polkit.Result.YES;
- var permission = {
- // required for udisks1:
- "org.freedesktop.udisks.filesystem-mount": YES,
- "org.freedesktop.udisks.luks-unlock": YES,
- "org.freedesktop.udisks.drive-eject": YES,
- "org.freedesktop.udisks.drive-detach": YES,
- // required for udisks2:
- "org.freedesktop.udisks2.filesystem-mount": YES,
- "org.freedesktop.udisks2.encrypted-unlock": YES,
- "org.freedesktop.udisks2.eject-media": YES,
- "org.freedesktop.udisks2.power-off-drive": YES,
- // required for udisks2 if using udiskie from another seat (e.g. systemd):
- "org.freedesktop.udisks2.filesystem-mount-other-seat": YES,
- "org.freedesktop.udisks2.filesystem-unmount-others": YES,
- "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES,
- "org.freedesktop.udisks2.eject-media-other-seat": YES,
- "org.freedesktop.udisks2.power-off-drive-other-seat": YES
- };
- if (subject.isInGroup("wheel")) {
- return permission[action.id];
- }
- });
- '';
-
environment.systemPackages = with pkgs; [
cryptsetup
xlibs.xmodmap
diff --git a/systems/modules/profiles/gnome.nix b/systems/modules/profiles/gnome.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.desktop.gnome;
+in
+{
+ options = {
+ profiles.desktop.gnome = {
+ enable = mkEnableOption "Enable Gnome desktop profile";
+ };
+ };
+ config = mkIf cfg.enable {
+ profiles = {
+ desktop.enable = true;
+ avahi.enable = true;
+ };
+ services = {
+ gnome3 = {
+ chrome-gnome-shell.enable = true;
+ core-shell.enable = true;
+ core-os-services.enable = true;
+ core-utilities.enable = true;
+ };
+ xserver = {
+ displayManager.gdm.enable = true;
+ desktopManager.gnome3.enable = true;
+ };
+ };
+ };
+}
diff --git a/systems/modules/profiles/laptop.nix b/systems/modules/profiles/laptop.nix
@@ -23,7 +23,6 @@ in
powertop
acpi
];
- profiles.desktop.enable = true;
systemd.services.nix-gc.unitConfig.ConditionACPower = true;
};
}
diff --git a/systems/modules/profiles/pulseaudio.nix b/systems/modules/profiles/pulseaudio.nix
@@ -53,7 +53,5 @@ in
pasystray # systray application
playerctl
];
- # We assume xserver runs when pulseaudio does
- services.xserver.displayManager.sessionCommands = "${pkgs.pasystray}/bin/pasystray &";
};
}
diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix
@@ -8,9 +8,17 @@ in
options = {
profiles.yubikey = {
enable = mkEnableOption "Enable yubikey profile";
+ withPam = {
+ default = true;
+ description = "Wether to enable auth with yubikeys through pam";
+ type = types.bool;
+ };
};
};
config = mkIf cfg.enable {
+ #security.pam.yubico = {
+ # enable = true;
+ #};
environment = {
systemPackages = with pkgs; [
yubico-piv-tool
diff --git a/tasks.org b/tasks.org
@@ -36,11 +36,18 @@
** TODO Yubikey login/lockout
+security.pam.yubico
+u2f keys
+
** TODO gnome3 modules
Create a module (like desktop) or part of desktop
-** TODO redhat specifics
+** DONE redhat specifics
+CLOSED: [2020-10-02 Fri 18:38]
+:LOGBOOK:
+- State "DONE" from "TODO" [2020-10-02 Fri 18:38]
+:END:
VPN
@@ -49,10 +56,16 @@
- =root=
- =home=
+** TODO Initial setup
+
+- luks
+- =nixos-install= to =make switch= …
+
** TODO Dry-install on old Dell
Things to test:
+- [ ] luks
- [ ] Erase your darlings setup ?
- [X] Gnome settings
- [ ] Yubikey
diff --git a/users/vincent/default.nix b/users/vincent/default.nix
@@ -50,7 +50,7 @@ in
]
++ optionals config.profiles.dev.enable [ (import ./dev) ]
++ optionals config.profiles.desktop.enable [ (import ./desktop) ]
- ++ optionals config.services.xserver.desktopManager.gnome3.enable [ (import ./desktop/gnome.nix) ]
+ ++ optionals config.profiles.desktop.gnome.enable [ (import ./desktop/gnome.nix) ]
++ optionals (config.networking.hostName == "wakasu") [
{
home.packages = with pkgs; [
diff --git a/users/vincent/desktop/default.nix b/users/vincent/desktop/default.nix
@@ -7,13 +7,13 @@
./firefox.nix
./next.nix
./gtk.nix
- ./i3.nix
+ # ./i3.nix
./keyboard.nix
./mpv.nix
- ./mpd.nix
- ./redshift.nix
+ # ./mpd.nix
+ # ./redshift.nix
./spotify.nix
- ./xsession.nix
+ #./xsession.nix
];
home.sessionVariables = { WEBKIT_DISABLE_COMPOSITING_MODE = 1; };
home.packages = with pkgs; [
@@ -24,25 +24,26 @@
hunspellDicts.en_US-large
hunspellDicts.en_GB-ize
hunspellDicts.fr-any
- wmctrl
- xclip
+ #wmctrl
+ #xclip
xdg-user-dirs
xdg_utils
xsel
# TODO make this an option
- slack
+ # slack
# FIXME move this elsewhere
keybase
- pass
+ # pass
profile-sync-daemon
];
home.file.".XCompose".source = ./xorg/XCompose;
- home.file.".Xmodmap".source = ./xorg/Xmodmap;
+ # home.file.".Xmodmap".source = ./xorg/Xmodmap;
xdg.configFile."xorg/emoji.compose".source = ./xorg/emoji.compose;
xdg.configFile."xorg/parens.compose".source = ./xorg/parens.compose;
xdg.configFile."xorg/modletters.compose".source = ./xorg/modletters.compose;
+ /*
xdg.configFile."nr/desktop" = {
text = builtins.toJSON [
{ cmd = "peek"; }
@@ -58,4 +59,5 @@
];
onChange = "${pkgs.my.nr}/bin/nr desktop";
};
+ */
}
diff --git a/users/vincent/desktop/gnome.nix b/users/vincent/desktop/gnome.nix
@@ -2,15 +2,6 @@
{
imports = [
- # autorandr
- ./finances.nix
- ./firefox.nix
- ./next.nix
- ./gtk.nix
- ./keyboard.nix
- ./mpv.nix
- ./redshift.nix
- ./spotify.nix
./dconf.nix
];
home.sessionVariables = { WEBKIT_DISABLE_COMPOSITING_MODE = 1; };