home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 52ade86f6406261108e3179f4836140ad9671e38
parent 79eb22519c60d103bd1168727d563f50653f8d40
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Wed,  7 Oct 2020 13:52:44 +0200

systems/users: create a profile.desktop.gnome

… and refactor a bit the rest.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/hokkaido.nix | 63+++------------------------------------------------------------
Msystems/modules/profiles/default.nix | 1+
Msystems/modules/profiles/desktop.nix | 96+++++--------------------------------------------------------------------------
Asystems/modules/profiles/gnome.nix | 31+++++++++++++++++++++++++++++++
Msystems/modules/profiles/laptop.nix | 1-
Msystems/modules/profiles/pulseaudio.nix | 2--
Msystems/modules/profiles/yubikey.nix | 8++++++++
Mtasks.org | 15++++++++++++++-
Musers/vincent/default.nix | 2+-
Musers/vincent/desktop/default.nix | 20+++++++++++---------
Musers/vincent/desktop/gnome.nix | 9---------
11 files changed, 74 insertions(+), 174 deletions(-)

diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix @@ -43,15 +43,11 @@ in plymouth.enable = true; }; - hardware.bluetooth.enable = true; services.hardware.bolt.enable = true; profiles = { - syncthing.enable = true; - home = true; + desktop.gnome.enable = true; laptop.enable = true; - desktop.enable = lib.mkForce false; - avahi.enable = true; - git.enable = true; + home = true; ssh.enable = true; dev.enable = true; yubikey.enable = true; @@ -61,61 +57,7 @@ in }; environment.systemPackages = with pkgs; [ virtmanager ]; - networking.networkmanager = { - enable = true; - unmanaged = [ - "interface-name:br-*" - "interface-name:ve-*" - "interface-name:veth*" - "interface-name:wg0" - "interface-name:docker0" - "interface-name:virbr*" - ]; - packages = with pkgs; [ networkmanager-openvpn ]; - }; - - services.xserver.enable = true; - services.xserver.layout = "fr"; - services.xserver.xkbVariant = "bepo"; - services.xserver.xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps"; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome3.enable = true; - services.gnome3.chrome-gnome-shell.enable = true; - services.gnome3.core-shell.enable = true; - services.gnome3.core-os-services.enable = true; - services.gnome3.core-utilities.enable = true; - virtualisation.podman.enable = true; - - fonts = { - enableFontDir = true; - enableGhostscriptFonts = true; - fonts = with pkgs; [ - corefonts - dejavu_fonts - emojione - feh - fira - fira-code - fira-code-symbols - fira-mono - hasklig - inconsolata - iosevka - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - noto-fonts-extra - overpass - symbola - source-code-pro - twemoji-color-font - ubuntu_font_family - unifont - ]; - }; - services = { - fprintd.enable = true; # FIXME re-generate hokkaido key /* wireguard = { @@ -128,6 +70,7 @@ in */ }; + virtualisation.podman.enable = true; virtualisation.containers = { enable = true; registries = { diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix @@ -10,6 +10,7 @@ ./docker.nix ./gaming.nix ./git.nix + ./gnome.nix ./home.nix ./i18n.nix ./ipfs.nix diff --git a/systems/modules/profiles/desktop.nix b/systems/modules/profiles/desktop.nix @@ -18,11 +18,6 @@ in description = "Enable pulseaudio with the desktop profile"; type = types.bool; }; - flatpak = mkOption { - default = true; - description = "Enable flatpak with the desktop profile"; - type = types.bool; - }; syncthing = mkOption { default = true; description = "Enable syncthing with the desktop profile"; @@ -43,11 +38,6 @@ in description = "Enable networkmanager with the desktop profile"; type = types.bool; }; - autoLogin = mkOption { - default = false; - description = "Enable auto login"; - type = types.bool; - }; }; }; config = mkIf cfg.enable { @@ -57,79 +47,37 @@ in profiles.scanning.enable = cfg.scanning; profiles.syncthing.enable = cfg.syncthing; - boot = { - tmpOnTmpfs = true; - plymouth.enable = true; - }; - hardware.bluetooth.enable = true; networking.networkmanager = { enable = cfg.networkmanager; unmanaged = [ + "interface-name:br-*" "interface-name:ve-*" "interface-name:veth*" "interface-name:wg0" "interface-name:docker0" "interface-name:virbr*" - ]; + ]; # FIXME: add unmanaged depending on profiles (wg0, docker0, …) packages = with pkgs; [ networkmanager-openvpn ]; }; - programs.dconf.enable = true; - xdg.portal.enable = cfg.flatpak; - services = { - blueman.enable = true; - flatpak.enable = cfg.flatpak; - dbus.packages = [ pkgs.gnome3.dconf ]; xserver = { enable = true; enableTCP = false; - windowManager.twm.enable = true; libinput.enable = true; synaptics.enable = false; - layout = "fr(bepo),fr"; - xkbVariant = "oss"; + layout = "fr"; + xkbVariant = "bepo"; xkbOptions = "grp:menu_toggle,grp_led:caps,compose:caps"; - inputClassSections = [ - '' - Identifier "TypeMatrix" - MatchIsKeyboard "on" - MatchVendor "TypeMatrix.com" - MatchProduct "USB Keyboard" - Driver "evdev" - Option "XbkModel" "tm2030USB" - Option "XkbLayout" "fr" - Option "XkbVariant" "bepo" - '' - '' - Identifier "ErgoDox" - #MatchVendor "ErgoDox_EZ" - #MatchProduct "ErgoDox_EZ" - MatchIsKeyboard "on" - MatchUSBID "feed:1307" - Driver "evdev" - Option "XkbLayout" "fr" - Option "XkbVariant" "bepo" - '' - ]; - displayManager = { - # defaultSession = "none+i3"; - lightdm = { - enable = true; - autoLogin = { - enable = true; - user = "vincent"; - }; - }; - }; }; }; fonts = { enableFontDir = true; enableGhostscriptFonts = true; fonts = with pkgs; [ + liberation_ttf corefonts dejavu_fonts emojione @@ -154,40 +102,6 @@ in ]; }; - # Polkit. - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if ((action.id == "org.freedesktop.udisks2.filesystem-mount-system" || - action.id == "org.freedesktop.udisks2.encrypted-unlock-system" - ) && - subject.local && subject.active && subject.isInGroup("users")) { - return polkit.Result.YES; - } - var YES = polkit.Result.YES; - var permission = { - // required for udisks1: - "org.freedesktop.udisks.filesystem-mount": YES, - "org.freedesktop.udisks.luks-unlock": YES, - "org.freedesktop.udisks.drive-eject": YES, - "org.freedesktop.udisks.drive-detach": YES, - // required for udisks2: - "org.freedesktop.udisks2.filesystem-mount": YES, - "org.freedesktop.udisks2.encrypted-unlock": YES, - "org.freedesktop.udisks2.eject-media": YES, - "org.freedesktop.udisks2.power-off-drive": YES, - // required for udisks2 if using udiskie from another seat (e.g. systemd): - "org.freedesktop.udisks2.filesystem-mount-other-seat": YES, - "org.freedesktop.udisks2.filesystem-unmount-others": YES, - "org.freedesktop.udisks2.encrypted-unlock-other-seat": YES, - "org.freedesktop.udisks2.eject-media-other-seat": YES, - "org.freedesktop.udisks2.power-off-drive-other-seat": YES - }; - if (subject.isInGroup("wheel")) { - return permission[action.id]; - } - }); - ''; - environment.systemPackages = with pkgs; [ cryptsetup xlibs.xmodmap diff --git a/systems/modules/profiles/gnome.nix b/systems/modules/profiles/gnome.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.profiles.desktop.gnome; +in +{ + options = { + profiles.desktop.gnome = { + enable = mkEnableOption "Enable Gnome desktop profile"; + }; + }; + config = mkIf cfg.enable { + profiles = { + desktop.enable = true; + avahi.enable = true; + }; + services = { + gnome3 = { + chrome-gnome-shell.enable = true; + core-shell.enable = true; + core-os-services.enable = true; + core-utilities.enable = true; + }; + xserver = { + displayManager.gdm.enable = true; + desktopManager.gnome3.enable = true; + }; + }; + }; +} diff --git a/systems/modules/profiles/laptop.nix b/systems/modules/profiles/laptop.nix @@ -23,7 +23,6 @@ in powertop acpi ]; - profiles.desktop.enable = true; systemd.services.nix-gc.unitConfig.ConditionACPower = true; }; } diff --git a/systems/modules/profiles/pulseaudio.nix b/systems/modules/profiles/pulseaudio.nix @@ -53,7 +53,5 @@ in pasystray # systray application playerctl ]; - # We assume xserver runs when pulseaudio does - services.xserver.displayManager.sessionCommands = "${pkgs.pasystray}/bin/pasystray &"; }; } diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix @@ -8,9 +8,17 @@ in options = { profiles.yubikey = { enable = mkEnableOption "Enable yubikey profile"; + withPam = { + default = true; + description = "Wether to enable auth with yubikeys through pam"; + type = types.bool; + }; }; }; config = mkIf cfg.enable { + #security.pam.yubico = { + # enable = true; + #}; environment = { systemPackages = with pkgs; [ yubico-piv-tool diff --git a/tasks.org b/tasks.org @@ -36,11 +36,18 @@ ** TODO Yubikey login/lockout +security.pam.yubico +u2f keys + ** TODO gnome3 modules Create a module (like desktop) or part of desktop -** TODO redhat specifics +** DONE redhat specifics +CLOSED: [2020-10-02 Fri 18:38] +:LOGBOOK: +- State "DONE" from "TODO" [2020-10-02 Fri 18:38] +:END: VPN @@ -49,10 +56,16 @@ - =root= - =home= +** TODO Initial setup + +- luks +- =nixos-install= to =make switch= … + ** TODO Dry-install on old Dell Things to test: +- [ ] luks - [ ] Erase your darlings setup ? - [X] Gnome settings - [ ] Yubikey diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -50,7 +50,7 @@ in ] ++ optionals config.profiles.dev.enable [ (import ./dev) ] ++ optionals config.profiles.desktop.enable [ (import ./desktop) ] - ++ optionals config.services.xserver.desktopManager.gnome3.enable [ (import ./desktop/gnome.nix) ] + ++ optionals config.profiles.desktop.gnome.enable [ (import ./desktop/gnome.nix) ] ++ optionals (config.networking.hostName == "wakasu") [ { home.packages = with pkgs; [ diff --git a/users/vincent/desktop/default.nix b/users/vincent/desktop/default.nix @@ -7,13 +7,13 @@ ./firefox.nix ./next.nix ./gtk.nix - ./i3.nix + # ./i3.nix ./keyboard.nix ./mpv.nix - ./mpd.nix - ./redshift.nix + # ./mpd.nix + # ./redshift.nix ./spotify.nix - ./xsession.nix + #./xsession.nix ]; home.sessionVariables = { WEBKIT_DISABLE_COMPOSITING_MODE = 1; }; home.packages = with pkgs; [ @@ -24,25 +24,26 @@ hunspellDicts.en_US-large hunspellDicts.en_GB-ize hunspellDicts.fr-any - wmctrl - xclip + #wmctrl + #xclip xdg-user-dirs xdg_utils xsel # TODO make this an option - slack + # slack # FIXME move this elsewhere keybase - pass + # pass profile-sync-daemon ]; home.file.".XCompose".source = ./xorg/XCompose; - home.file.".Xmodmap".source = ./xorg/Xmodmap; + # home.file.".Xmodmap".source = ./xorg/Xmodmap; xdg.configFile."xorg/emoji.compose".source = ./xorg/emoji.compose; xdg.configFile."xorg/parens.compose".source = ./xorg/parens.compose; xdg.configFile."xorg/modletters.compose".source = ./xorg/modletters.compose; + /* xdg.configFile."nr/desktop" = { text = builtins.toJSON [ { cmd = "peek"; } @@ -58,4 +59,5 @@ ]; onChange = "${pkgs.my.nr}/bin/nr desktop"; }; + */ } diff --git a/users/vincent/desktop/gnome.nix b/users/vincent/desktop/gnome.nix @@ -2,15 +2,6 @@ { imports = [ - # autorandr - ./finances.nix - ./firefox.nix - ./next.nix - ./gtk.nix - ./keyboard.nix - ./mpv.nix - ./redshift.nix - ./spotify.nix ./dconf.nix ]; home.sessionVariables = { WEBKIT_DISABLE_COMPOSITING_MODE = 1; };