diff options
Diffstat (limited to 'home')
33 files changed, 1172 insertions, 0 deletions
diff --git a/home/baseline/default.nix b/home/baseline/default.nix new file mode 100644 index 0000000..046a475 --- /dev/null +++ b/home/baseline/default.nix @@ -0,0 +1,67 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.baseline; +in { + imports = [ + ./git.nix + ./graphics.nix + ./nvim.nix + ./zsh.nix + ]; + + options.local = { + hostname = mkOption { + type = types.str; + }; + + uid = mkOption { + type = types.int; + }; + + gecos = mkOption { + type = types.str; + }; + + email = mkOption { + type = types.str; + }; + }; + + config = { + home = { + # This value determines the Home Manager release that your + # configuration is compatible with. This helps avoid breakage + # when a new Home Manager release introduces backwards + # incompatible changes. + # + # You can update Home Manager without changing this value. See + # the Home Manager release notes for a list of state version + # changes in each release. + stateVersion = "21.11"; + + homeDirectory = "/home/${config.home.username}"; + + packages = [ + pkgs.file + pkgs.killall + pkgs.man-pages + pkgs.man-pages-posix + pkgs.tree + pkgs.unzip + pkgs.wget + pkgs.zip + ]; + + sessionVariables = { + LESSHISTFILE = "/dev/null"; + }; + }; + + xdg.enable = true; + }; +} diff --git a/home/baseline/git.nix b/home/baseline/git.nix new file mode 100644 index 0000000..9707f44 --- /dev/null +++ b/home/baseline/git.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local; +in { + config = { + programs.git = { + enable = true; + userName = cfg.gecos; + userEmail = cfg.email; + }; + }; +} diff --git a/home/baseline/graphics.nix b/home/baseline/graphics.nix new file mode 100644 index 0000000..c31e18a --- /dev/null +++ b/home/baseline/graphics.nix @@ -0,0 +1,84 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; { + config = { + dconf.settings = { + "org/gtk/settings/file-chooser".startup-mode = "cwd"; + "org/gtk/gtk4/settings/file-chooser".startup-mode = "cwd"; + + "org/gnome/desktop/interface" = { + gtk-theme = config.gtk.theme.name; + color-scheme = "prefer-dark"; + }; + }; + + fonts.fontconfig.enable = true; + + gtk = { + enable = true; + + gtk2.extraConfig = '' + gtk-toolbar-style=GTK_TOOLBAR_BOTH_HORIZ + gtk-menu-images=1 + gtk-button-images=1 + ''; + + gtk3.extraConfig = { + gtk-recent-files-enabled = 0; + gtk-application-prefer-dark-theme = true; + }; + + gtk4.extraConfig = { + gtk-recent-files-enabled = 0; + }; + + font = { + package = pkgs.noto-fonts; + name = "Noto Sans Regular"; + #size = 14; <- caga layout de páginas + }; + + theme = { + package = pkgs.materia-theme; + name = "Materia-dark"; + }; + }; + + home = { + pointerCursor = { + enable = true; + + name = "Adwaita"; + size = 48; + + package = pkgs.adwaita-icon-theme; + + gtk.enable = true; + x11.enable = true; + sway.enable = true; + dotIcons.enable = true; + }; + + sessionVariables = { + GTK_THEME = config.gtk.theme.name; + + # Usar gtk en aplicaciones de jvm + _JAVA_OPTIONS = concatStringsSep " " [ + "-Dawt.useSystemAAFontSettings=on" + "-Dswing.aatext=true" + "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" + "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" + ]; + }; + }; + + qt = { + enable = true; + platformTheme.name = "gtk"; + }; + }; +} diff --git a/home/baseline/nvim.nix b/home/baseline/nvim.nix new file mode 100644 index 0000000..edcabe8 --- /dev/null +++ b/home/baseline/nvim.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.baseline; +in { + config = { + home.sessionVariables.EDITOR = "nvim"; + + programs.neovim = { + enable = true; + + viAlias = true; + vimAlias = true; + withRuby = false; + withPython3 = false; + + extraConfig = '' + set number " Enable line numbering + set relativenumber " Enable relative line numbering + set tabstop=4 " Set tap stop to 4 + set shiftwidth=4 " Set shift width to 4 (same as tabstop) + set viminfo= " No tracking + ''; + }; + }; +} diff --git a/home/baseline/zsh.nix b/home/baseline/zsh.nix new file mode 100644 index 0000000..2be24b7 --- /dev/null +++ b/home/baseline/zsh.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.baseline; +in { + config = { + programs.zsh = { + enable = true; + + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + + initContent = lib.mkAfter (import ./zshrc.nix pkgs); + }; + }; +} diff --git a/home/baseline/zshrc.nix b/home/baseline/zshrc.nix new file mode 100644 index 0000000..9181159 --- /dev/null +++ b/home/baseline/zshrc.nix @@ -0,0 +1,73 @@ +{ + grml-zsh-config, + local, + ... +}: '' + source ${grml-zsh-config}/etc/zsh/zshrc + + export PATH="$PATH:$HOME/.cargo/bin" + + alias gpicview='loupe' + alias reset='tput reset' + alias reload='exec zsh' + alias this-date='date +%b%d | sed "s/^\w/\U&/g"' + + function spawn() { + if [ ! -x "$(command -v $1)" ]; then + echo "spawn: no such command: $1" >&2 + return 1 + fi + + $@ >/dev/null 0>&1 2>&1 & + disown + } + + function xseli() { + T=$(mktemp) + $EDITOR -n $T + xsel -b <$T + rm $T + } + + autoload -Uz up-line-or-beginning-search + zle -N up-line-or-beginning-search + autoload -Uz down-line-or-beginning-search + zle -N down-line-or-beginning-search + bindkey '\eOA' up-line-or-beginning-search + bindkey '\e[A' up-line-or-beginning-search + bindkey '\eOB' down-line-or-beginning-search + bindkey '\e[B' down-line-or-beginning-search + + INSTALLABLES=() + while read -d: PATH_ITEM; do + if [[ "$PATH_ITEM" =~ "^(/nix/store/[a-z0-9]+-([a-zA-Z][a-zA-Z0-9_]*(-[a-zA-Z][a-zA-Z0-9_]*)*)(-[^/]+)?)/" ]]; then + INSTALLABLES+=("''${match[2]}") + fi + done <<<"$PATH" + + if [ "''${#INSTALLABLES[@]}" -gt 0 ]; then + _GRML_NIX_SHELL="{''${INSTALLABLES[@]}} " + fi + + unset INSTALLABLES PATH_ITEM + + function grml_nix_shell() { + REPLY="$_GRML_NIX_SHELL" + } + + grml_theme_add_token nix-shell -f grml_nix_shell '%F{red}' '%f' + + if [ -n "$SSH_CONNECTION" ]; then + USERATHOST=1 + fi + + zstyle ':prompt:grml:left:setup' items time $([ ''${USERATHOST:-0} -eq 0 ] || echo user at host) path nix-shell percent + zstyle ':prompt:grml:right:setup' items sad-smiley vcs $([ ''${BATTERY:-0} -eq 0 ] || echo battery) + zstyle ':prompt:grml:right:items:time' pre ' %F{yellow}' + + unsetopt sharehistory + setopt appendhistory + setopt extendedhistory + + source ${local.git-aliases} +'' diff --git a/home/default.nix b/home/default.nix new file mode 100644 index 0000000..67bc37b --- /dev/null +++ b/home/default.nix @@ -0,0 +1,13 @@ +{flakes, ...}: { + imports = [ + flakes.hm-isolation.homeManagerModule + flakes.impermanence.nixosModules.home-manager.impermanence + flakes.trivionomicon.homeManagerModules.default + ../pki + ./baseline + ./desktop + ./environ + ./isolation + ./pim + ]; +} diff --git a/home/desktop/athena.nix b/home/desktop/athena.nix new file mode 100644 index 0000000..6c1cbad --- /dev/null +++ b/home/desktop/athena.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.desktop; +in { + config = mkIf cfg.enable { + local.athena-bccr = { + enable = true; + gaudiHash = "sha256-EFVb3K/hQUD/u8/IftBAIYvSefwPqZDvcT8S9B860MM="; + }; + }; +} diff --git a/home/desktop/default.nix b/home/desktop/default.nix new file mode 100644 index 0000000..5f2d34e --- /dev/null +++ b/home/desktop/default.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.local.desktop; +in { + imports = [ + ./athena.nix + ./firefox.nix + ./sway.nix + ]; + + options.local.desktop = { + enable = lib.mkEnableOption "desktop"; + + portable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Device is a laptop"; + }; + }; +} diff --git a/home/desktop/firefox.nix b/home/desktop/firefox.nix new file mode 100644 index 0000000..f19b3ad --- /dev/null +++ b/home/desktop/firefox.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.desktop; +in { + config = mkIf cfg.enable { + programs.firefox = { + enable = true; + + package = pkgs.firefox.override { + nativeMessagingHosts = [pkgs.passff-host]; + }; + + profiles."main.profile" = { + id = 0; + name = "default"; + + extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ + decentraleyes + darkreader + old-reddit-redirect + passff + privacy-badger + ublock-origin + umatrix + ]; + }; + }; + }; +} diff --git a/home/desktop/sway.nix b/home/desktop/sway.nix new file mode 100644 index 0000000..40fd83a --- /dev/null +++ b/home/desktop/sway.nix @@ -0,0 +1,124 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.desktop; +in { + config = mkIf cfg.enable { + local = { + waybar = { + enable = true; + + battery = cfg.portable; + + fontSize = "24px"; + fontFamily = "Hack Nerd Font"; + }; + }; + + home.packages = [ + pkgs.wlr-randr + ]; + + programs = { + wofi.enable = true; + }; + + services = { + swayidle = { + enable = true; + + timeouts = [ + { + timeout = 600; + command = "${getExe pkgs.gtklock} -d"; + } + ]; + }; + }; + + systemd.user.services.wl-gammarelay-rs = { + Unit.After = ["sway-session.target"]; + Install.WantedBy = ["sway-session.target"]; + + Service.ExecStart = getExe pkgs.wl-gammarelay-rs; + }; + + wayland.windowManager.sway = { + enable = true; + + config = { + modifier = "Mod4"; + focus.followMouse = false; + + fonts = { + size = 11.0; + names = ["DejaVu Sans Mono"]; + style = "Bold Semi-Condensed"; + }; + + bars = singleton { + command = "waybar"; + position = "top"; + }; + + keybindings = let + mod = config.wayland.windowManager.sway.config.modifier; + wofi = config.programs.wofi.package; + + grimshot = getExe pkgs.sway-contrib.grimshot; + in + mkOptionDefault { + "${mod}+a" = "focus parent"; + "${mod}+c" = "focus child"; + "${mod}+d" = "exec --no-startup-id ${getExe wofi} -S run"; + "${mod}+i" = "exec busctl --user call rs.wl-gammarelay / rs.wl.gammarelay ToggleInverted"; + "${mod}+o" = "exec ${getExe pkgs.gtklock} -d"; + "${mod}+Return" = "exec ${getExe pkgs.local.st} -e ${getExe pkgs.local.tmux-lift} ${getExe pkgs.local.tmux-open}"; + "${mod}+Shift+e" = "input * xkb_layout latam"; + "${mod}+Shift+u" = "input * xkb_layout us"; + "${mod}+p" = "exec ${grimshot} copy active"; + "${mod}+Shift+p" = "exec ${grimshot} copy area"; + "${mod}+Ctrl+p" = "exec ${grimshot} copy window"; + }; + + startup = [ + #{ + # command = "${getExe pkgs.xautolock} -time 10 -locker '${pkgs.i3lock-color}/bin/i3lock-color -fe -c222222'"; + #} + ]; + + window.commands = [ + # (No) Title Bars + { + command = "border pixel 5"; + criteria.class = "^.*"; + } + + { + command = "floating enabled"; + criteria.class = "floating"; + } + ]; + }; + + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; + + swaynag.enable = true; + systemd.enable = true; + + xwayland = true; + }; + }; +} diff --git a/home/environ/default.nix b/home/environ/default.nix new file mode 100644 index 0000000..fcd4dd0 --- /dev/null +++ b/home/environ/default.nix @@ -0,0 +1,17 @@ +{lib, ...}: +with lib; { + imports = [ + ./gpg.nix + ./pass.nix + ./path.nix + ./source.nix + ./ssh.nix + ./tmux.nix + ./units.nix + ./vtmp.nix + ]; + + options.local.environ = { + enable = mkEnableOption "local environment"; + }; +} diff --git a/home/environ/gpg.nix b/home/environ/gpg.nix new file mode 100644 index 0000000..a8173b7 --- /dev/null +++ b/home/environ/gpg.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + programs.gpg = { + enable = true; + scdaemonSettings.disable-ccid = true; + }; + + services.gpg-agent = { + enable = true; + + enableBashIntegration = true; + enableZshIntegration = true; + + enableExtraSocket = true; + enableSshSupport = true; + + defaultCacheTtl = 3600 * 3; + defaultCacheTtlSsh = 3600 * 3; + + maxCacheTtl = 3600 * 6; + maxCacheTtlSsh = 3600 * 6; + + pinentry = { + package = pkgs.pinentry-gtk2; + program = "pinentry-gtk-2"; + }; + }; + }; +} diff --git a/home/environ/pass.nix b/home/environ/pass.nix new file mode 100644 index 0000000..ad071f3 --- /dev/null +++ b/home/environ/pass.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + programs.password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: + (with exts; [ + pass-audit + pass-genphrase + pass-import + pass-otp + pass-tomb + pass-update + ]) + ++ [ + pkgs.local.pass-bcr + pkgs.local.pass-tail + ]); + + settings = { + PASSWORD_STORE_DIR = "${config.home.homeDirectory}/pass"; + PASSWORD_STORE_TOMB_KEY = "${config.home.homeDirectory}/tomb/pass.key.gpg"; + PASSWORD_STORE_TOMB_FILE = "${config.home.homeDirectory}/tomb/pass.tomb"; + }; + }; + }; +} diff --git a/home/environ/path.nix b/home/environ/path.nix new file mode 100644 index 0000000..39c56ce --- /dev/null +++ b/home/environ/path.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; + + py = pkgs.python3Packages; +in { + config = mkIf cfg.enable { + home.packages = [ + pkgs.calc + pkgs.cloc + pkgs.diceware + pkgs.gcc + pkgs.gnome-screenshot + (pkgs.gajim.overrideAttrs (super: {buildInputs = super.buildInputs ++ [pkgs.gsound];})) + pkgs.gnucash + pkgs.gruvbox-dark-icons-gtk + pkgs.nerd-fonts.hack + pkgs.imagemagick + py.ipython + pkgs.jq + pkgs.libreoffice-fresh + pkgs.loupe # 'gpicview' has been removed due to lack of maintenance upstream + pkgs.lsof + pkgs.mosh + pkgs.mpv + pkgs.kdePackages.okular + pkgs.pavucontrol + pkgs.pciutils + py.python + pkgs.pv + pkgs.rustup + pkgs.local.scripts + pkgs.local.st + pkgs.telegram-desktop + pkgs.local.tmux-lift + pkgs.tomb + pkgs.units + pkgs.usbutils + pkgs.waypipe + pkgs.wl-clipboard + pkgs.xsel + pkgs.xournalpp + pkgs.yubikey-manager + pkgs.zoom-us + ]; + }; +} diff --git a/home/environ/source.nix b/home/environ/source.nix new file mode 100644 index 0000000..57b990e --- /dev/null +++ b/home/environ/source.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; + + py = pkgs.python3Packages; +in { + config = mkIf cfg.enable { + nix.registry."system".to = { + type = "path"; + path = "${config.home.homeDirectory}/nix"; + }; + + programs = { + git.signing.signByDefault = true; + home-manager.enable = true; + }; + + xdg.configFile."home-manager" = { + source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix"; + }; + }; +} diff --git a/home/environ/ssh-match.nix b/home/environ/ssh-match.nix new file mode 100644 index 0000000..1bb3788 --- /dev/null +++ b/home/environ/ssh-match.nix @@ -0,0 +1 @@ +# This file has been lustrated. diff --git a/home/environ/ssh.nix b/home/environ/ssh.nix new file mode 100644 index 0000000..d363baf --- /dev/null +++ b/home/environ/ssh.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + programs.ssh = { + enable = true; + + compression = true; + controlMaster = "auto"; + controlPath = "/run/user/%i/ssh/master-%r@%n:%p"; + + extraOptionOverrides.AddKeysToAgent = "true"; + + matchBlocks = import ./ssh-match.nix; + }; + + systemd.user.tmpfiles.rules = [ + "d %t/ssh 0700" + ]; + }; +} diff --git a/home/environ/tmux.nix b/home/environ/tmux.nix new file mode 100644 index 0000000..8d7b96f --- /dev/null +++ b/home/environ/tmux.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + options.local.environ.tmuxPass = { + enable = mkEnableOption "tmux-pass plugin"; + }; + + config = mkIf cfg.enable { + programs.tmux = { + enable = true; + aggressiveResize = true; + clock24 = true; + escapeTime = 10; + terminal = "xterm-256color"; + keyMode = "vi"; + + plugins = optional cfg.tmuxPass.enable { + plugin = pkgs.local.tmux-pass; + extraConfig = '' + set -g @pass-key BSpace + set -g @pass-copy-to-clipboard on + set -g @pass-window-size 15 + set -g @pass-hide-pw-from-preview 'on' + set -g @pass-hide-preview on + ''; + }; + + extraConfig = '' + set -g mouse on + set -ga update-environment " LIFT_PID" + set -g set-titles on + set -g renumber-windows on + set -sa terminal-overrides ',xterm-termite:RGB' + set -g status-right "#{?window_bigger,[#{window_offset_x}#,#{window_offset_y}] ,} %H:%M %d-%b-%y" + bind-key X set-window-option synchronize-panes\; display-message "synchronize-panes is now #{?pane_synchronized,on,off}" + ''; + }; + }; +} diff --git a/home/environ/units.nix b/home/environ/units.nix new file mode 100644 index 0000000..ae4e680 --- /dev/null +++ b/home/environ/units.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + systemd.user = { + timers = { + units-cur = { + Install.WantedBy = ["timers.target"]; + Timer.OnCalendar = "daily"; + Unit.Description = "Update currency information for 'units'"; + }; + }; + + services = { + units-cur = { + Unit.Description = "Update currency information for 'units'"; + + Service = { + Type = "exec"; + ExecStart = "${pkgs.units}/bin/units_cur .units"; + }; + }; + }; + }; + + home.file = { + #TODO: .calc_history + ".units_history".source = config.lib.file.mkOutOfStoreSymlink "/dev/null"; + }; + }; +} diff --git a/home/environ/vtmp.nix b/home/environ/vtmp.nix new file mode 100644 index 0000000..e15778d --- /dev/null +++ b/home/environ/vtmp.nix @@ -0,0 +1,99 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; + + vtmp-sync = pkgs.writeShellScript "vtmp-sync" '' + if [ $# -ne 3 ]; then + echo "usage: $0 <remote hostname> <local hostname> <boot id>" >&2 + exit 1 + fi + + local="$2" + remote="$1" + boot_id="$(echo "$3" | ${pkgs.coreutils}/bin/head -c8)" + + rsync="${lib.getExe pkgs.rsync}" + + cd "$HOME/vtmp" + mkdir -p "$remote" + + declare -a rsync_opts + rsync_opts+=("-glprtxz") + rsync_opts+=("--open-noatime") + rsync_opts+=("--preallocate") + rsync_opts+=("--max-size=1G") + rsync_opts+=("--rsh=${lib.getExe pkgs.openssh} -o BatchMode=yes") + rsync_opts+=("--log-file=$remote/.rsync.log") + rsync_opts+=("--filter=- /$local.$boot_id/") + rsync_opts+=("--filter=- /$remote/") + + # Push to $remote from $local + "$rsync" "''${rsync_opts[@]}" -- ./ "$remote:vtmp/$local.$boot_id/" + + # Pull from $remote to $local + "$rsync" "''${rsync_opts[@]}" -- "$remote:vtmp/" "./$remote/" + ''; +in { + options.local.environ = { + vtmpSyncHost = mkOption { + type = with lib.types; nullOr str; + default = null; + }; + }; + + config = mkMerge [ + (mkIf cfg.enable { + systemd.user.tmpfiles.rules = [ + "d %t/vtmp 0700" + ]; + + home.file = { + "vtmp".source = config.lib.file.mkOutOfStoreSymlink "/run/user/${toString config.local.uid}/vtmp"; + }; + + gtk.gtk3.bookmarks = [ + "file://${config.home.homeDirectory}/vtmp" + "file://${config.home.homeDirectory}/tmp" + ]; + }) + (mkIf (cfg.enable && cfg.vtmpSyncHost != null) { + programs.ssh = { + extraOptionOverrides.PermitLocalCommand = "yes"; + + matchBlocks.${cfg.vtmpSyncHost}.extraOptions.LocalCommand = + "systemctl --user import-environment SSH_AUTH_SOCK; " + + "systemctl --user start vtmp-sync.timer"; + }; + + systemd.user = { + targets.vtmp-sync-failure = { + Unit = { + Conflicts = ["vtmp-sync.timer"]; + }; + }; + + services.vtmp-sync = { + Unit = { + OnFailure = ["vtmp-sync-failure.target"]; + }; + + Service = { + ExecStart = "${vtmp-sync} ${cfg.vtmpSyncHost} %l %b"; + }; + }; + + timers.vtmp-sync = { + Timer = { + OnActiveSec = "15s"; + OnUnitInactiveSec = "1h"; + }; + }; + }; + }) + ]; +} diff --git a/home/isolation/default.nix b/home/isolation/default.nix new file mode 100644 index 0000000..aff006c --- /dev/null +++ b/home/isolation/default.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.shenvs; +in { + options.local.shenvs = { + enable = mkEnableOption "hm-isolation shenvs"; + }; + + config = mkIf cfg.enable { + home.isolation = { + enable = true; + btrfsSupport = true; + + defaults = { + static = false; + bindHome = "home"; + + persist = { + base = "shenvs"; + btrfs = true; + }; + }; + + modulesUnder = ../shenvs; + }; + + local = mkIf config.home.isolation.active { + desktop.enable = mkForce false; + environ.enable = mkForce false; + mail.enable = mkForce false; + }; + }; +} diff --git a/home/pim/.gitignore b/home/pim/.gitignore new file mode 100644 index 0000000..1d9a3a0 --- /dev/null +++ b/home/pim/.gitignore @@ -0,0 +1 @@ +*.svbin diff --git a/home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch b/home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch new file mode 100644 index 0000000..792a528 --- /dev/null +++ b/home/pim/0001-gnutls-add-support-for-client-key-URLs-separate-from.patch @@ -0,0 +1,48 @@ +From cdd4d80aecb29f98d325b5389bdcc0813a37abfd Mon Sep 17 00:00:00 2001 +From: Alejandro Soto <alejandro@34project.org> +Date: Sat, 28 Jun 2025 22:50:16 -0600 +Subject: [PATCH] gnutls: add support for client key URLs separate from client + certs + +--- + conn/config.c | 3 +++ + conn/gnutls.c | 8 ++++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/conn/config.c b/conn/config.c +index e45e81bd7..161e8e584 100644 +--- a/conn/config.c ++++ b/conn/config.c +@@ -74,6 +74,9 @@ static struct ConfigDef ConnVarsSsl[] = { + { "ssl_client_cert", DT_PATH|D_PATH_FILE, 0, 0, NULL, + "File containing client certificates" + }, ++ { "ssl_client_key", DT_PATH|D_PATH_FILE, 0, 0, NULL, ++ "File containing client certificate key" ++ }, + { "ssl_force_tls", DT_BOOL, true, 0, NULL, + "(ssl) Require TLS encryption for all connections" + }, +diff --git a/conn/gnutls.c b/conn/gnutls.c +index 536948e6e..379580871 100644 +--- a/conn/gnutls.c ++++ b/conn/gnutls.c +@@ -897,9 +897,13 @@ static int tls_negotiate(struct Connection *conn) + const char *const c_ssl_client_cert = cs_subset_path(NeoMutt->sub, "ssl_client_cert"); + if (c_ssl_client_cert) + { +- mutt_debug(LL_DEBUG2, "Using client certificate %s\n", c_ssl_client_cert); ++ const char *c_ssl_client_key = cs_subset_path(NeoMutt->sub, "ssl_client_key"); ++ if (!c_ssl_client_key) ++ c_ssl_client_key = c_ssl_client_cert; ++ ++ mutt_debug(LL_DEBUG2, "Using client certificate %s, key %s\n", c_ssl_client_cert, c_ssl_client_key); + gnutls_certificate_set_x509_key_file(data->xcred, c_ssl_client_cert, +- c_ssl_client_cert, GNUTLS_X509_FMT_PEM); ++ c_ssl_client_key, GNUTLS_X509_FMT_PEM); + } + + #ifdef HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS +-- +2.49.0 + diff --git a/home/pim/0002-gnutls-implement-token-insertion-and-PKCS-11-PIN-pro.patch b/home/pim/0002-gnutls-implement-token-insertion-and-PKCS-11-PIN-pro.patch new file mode 100644 index 0000000..2f13e68 --- /dev/null +++ b/home/pim/0002-gnutls-implement-token-insertion-and-PKCS-11-PIN-pro.patch @@ -0,0 +1,126 @@ +From 276cf337346e0ea111883a05bc00f764d201d6ab Mon Sep 17 00:00:00 2001 +From: Alejandro Soto <alejandro@34project.org> +Date: Sun, 29 Jun 2025 11:35:57 -0600 +Subject: [PATCH 2/2] gnutls: implement token insertion and PKCS#11 PIN prompts + +--- + conn/gnutls.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 71 insertions(+), 1 deletion(-) + +diff --git a/conn/gnutls.c b/conn/gnutls.c +index 379580871..32ad1ae85 100644 +--- a/conn/gnutls.c ++++ b/conn/gnutls.c +@@ -29,6 +29,7 @@ + + #include "config.h" + #include <gnutls/gnutls.h> ++#include <gnutls/pkcs11.h> + #include <gnutls/x509.h> + #include <stdbool.h> + #include <stdio.h> +@@ -39,10 +40,14 @@ + #include "mutt/lib.h" + #include "config/lib.h" + #include "core/lib.h" +-#include "lib.h" + #include "connaccount.h" + #include "connection.h" ++#include "editor/lib.h" + #include "globals.h" ++#include "gui/lib.h" ++#include "history/lib.h" ++#include "lib.h" ++#include "mutt.h" + #include "muttlib.h" + #include "ssl.h" + +@@ -84,6 +89,64 @@ struct TlsSockData + gnutls_certificate_credentials_t xcred; + }; + ++int tls_pkcs11_token_callback(void *userdata, const char *label, unsigned retry) ++{ ++ (void) userdata; ++ ++ if (OptNoCurses) { ++ mutt_error(_("Unable to prompt for PKCS#11 token insertion in batch mode")); ++ return GNUTLS_E_INVALID_REQUEST; ++ } ++ ++ char msg[256] = { 0 }; ++ ++ size_t len = 0; ++ if (retry > 0) ++ len += snprintf(msg, sizeof msg, _("[Not found - attempt %u] "), retry + 1); ++ ++ snprintf(msg + len, sizeof msg - len, _("Insert PKCS#11 token '%s' and press any key..."), label); ++ ++ mutt_any_key_to_continue(msg); ++ return 0; ++} ++ ++int tls_pin_callback(void *userdata, int attempt, const char *url, const char *label, ++ unsigned int flags, char *pin, size_t pin_max) ++{ ++ (void) url; ++ const intptr_t is_token = (intptr_t) userdata; ++ ++ if (OptNoCurses) { ++ mutt_error(_("Unable to prompt for pin in batch mode")); ++ return GNUTLS_E_INVALID_REQUEST; ++ } ++ ++ char prompt[256] = { 0 }; ++ ++ size_t len = 0; ++ if (attempt > 0) ++ len += snprintf(prompt, sizeof prompt, _("[Attempt %d] "), attempt + 1); ++ ++ if (flags & GNUTLS_PIN_FINAL_TRY) ++ len += mutt_str_copy(prompt + len, _("FINAL TRY - "), sizeof prompt - len); ++ ++ if (is_token) ++ snprintf(prompt + len, sizeof prompt - len, _("Pin for PKCS#11 token '%s': "), label); ++ else ++ snprintf(prompt + len, sizeof prompt - len, _("Password for certificate '%s': "), label); ++ ++ struct Buffer *buf = buf_pool_get(); ++ const int rc = mw_get_field(prompt, buf, MUTT_COMP_PASS | MUTT_COMP_UNBUFFERED, ++ HC_OTHER, NULL, NULL); ++ mutt_str_copy(pin, buf_string(buf), pin_max); ++ buf_pool_release(&buf); ++ ++ if (rc != 0) ++ return GNUTLS_E_APPLICATION_ERROR_MIN; ++ ++ return 0; ++} ++ + /** + * tls_init - Set up Gnu TLS + * @retval 0 Success +@@ -104,6 +167,10 @@ static int tls_init(void) + return -1; + } + ++ const intptr_t is_token = 1; ++ gnutls_pkcs11_set_pin_function(tls_pin_callback, (void *)is_token); ++ gnutls_pkcs11_set_token_function(tls_pkcs11_token_callback, NULL); ++ + init_complete = true; + return 0; + } +@@ -904,6 +971,9 @@ static int tls_negotiate(struct Connection *conn) + mutt_debug(LL_DEBUG2, "Using client certificate %s, key %s\n", c_ssl_client_cert, c_ssl_client_key); + gnutls_certificate_set_x509_key_file(data->xcred, c_ssl_client_cert, + c_ssl_client_key, GNUTLS_X509_FMT_PEM); ++ ++ const intptr_t is_token = 0; ++ gnutls_certificate_set_pin_function(data->xcred, tls_pin_callback, (void *)is_token); + } + + #ifdef HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS +-- +2.49.0 + diff --git a/home/pim/dav.nix b/home/pim/dav.nix new file mode 100644 index 0000000..a0759e2 --- /dev/null +++ b/home/pim/dav.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.dav; +in { + options.local.dav = with types; { + enable = mkEnableOption "Web/Card/CalDAV"; + }; + + config = mkIf cfg.enable { + systemd.user = { + services.xandikos = { + Unit = { + Description = "Xandikos CalDAV/CardDAV server"; + }; + + Service = { + ExecStart = escapeShellArgs [ + (getExe pkgs.xandikos) + "-d" + "${config.home.homeDirectory}/dav" + "--route-prefix" + "/${config.home.username}/dav" + "--current-user-principal" + "/user/" + # Hacerlo fallar si no agarra systemd socket activation por cualquier motivo + "-p" + "1" + ]; + + Type = "simple"; + }; + }; + + sockets.xandikos = { + Unit = { + Description = "Xandikos socket"; + }; + + Socket = { + ListenStream = "/run/host-www/ale/dav.sock"; + }; + + Install = { + WantedBy = ["sockets.target"]; + }; + }; + }; + }; +} diff --git a/home/pim/default.nix b/home/pim/default.nix new file mode 100644 index 0000000..b8afc81 --- /dev/null +++ b/home/pim/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./dav.nix + ./mail.nix + ./syncthing.nix + ]; +} diff --git a/home/pim/mail.nix b/home/pim/mail.nix new file mode 100644 index 0000000..1bb3788 --- /dev/null +++ b/home/pim/mail.nix @@ -0,0 +1 @@ +# This file has been lustrated. diff --git a/home/pim/sieve/mail.sieve b/home/pim/sieve/mail.sieve new file mode 100644 index 0000000..1bb3788 --- /dev/null +++ b/home/pim/sieve/mail.sieve @@ -0,0 +1 @@ +# This file has been lustrated. diff --git a/home/pim/syncthing.nix b/home/pim/syncthing.nix new file mode 100644 index 0000000..9ed1708 --- /dev/null +++ b/home/pim/syncthing.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.local.syncthing; +in { + options.local.syncthing = { + enable = mkEnableOption "syncthing"; + }; + + config = mkIf cfg.enable { + services.syncthing = { + enable = true; + }; + }; +} diff --git a/home/platform/README.md b/home/platform/README.md new file mode 100644 index 0000000..37073ba --- /dev/null +++ b/home/platform/README.md @@ -0,0 +1 @@ +# This directory has been lustrated. diff --git a/home/profiles/README.md b/home/profiles/README.md new file mode 100644 index 0000000..37073ba --- /dev/null +++ b/home/profiles/README.md @@ -0,0 +1 @@ +# This directory has been lustrated. diff --git a/home/shenvs/README.md b/home/shenvs/README.md new file mode 100644 index 0000000..37073ba --- /dev/null +++ b/home/shenvs/README.md @@ -0,0 +1 @@ +# This directory has been lustrated. |