diff options
Diffstat (limited to 'trivionomicon/modules')
26 files changed, 664 insertions, 0 deletions
diff --git a/trivionomicon/modules/athena-bccr/default.nix b/trivionomicon/modules/athena-bccr/default.nix new file mode 100644 index 0000000..93c5660 --- /dev/null +++ b/trivionomicon/modules/athena-bccr/default.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "athena-bccr"; + hm = ./hm.nix; + sys = ./sys.nix; + options = ./options.nix; +} diff --git a/trivionomicon/modules/athena-bccr/hm.nix b/trivionomicon/modules/athena-bccr/hm.nix new file mode 100644 index 0000000..0678e3c --- /dev/null +++ b/trivionomicon/modules/athena-bccr/hm.nix @@ -0,0 +1,14 @@ +{ + pkgs, + lib, + cfg, + doctrine, + ... +}: let + athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; +in { + home.packages = [ + athena.firmador + (athena.gaudi.override {inherit (cfg) gaudiHash;}) + ]; +} diff --git a/trivionomicon/modules/athena-bccr/options.nix b/trivionomicon/modules/athena-bccr/options.nix new file mode 100644 index 0000000..eb61cf5 --- /dev/null +++ b/trivionomicon/modules/athena-bccr/options.nix @@ -0,0 +1,30 @@ +{lib, ...}: +with lib.types; { + hm = { + gaudiHash = lib.mkOption { + type = nullOr str; + default = null; + description = "hash of the Gaudi client"; + }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; + }; + + sys = { + group = lib.mkOption { + type = str; + default = "users"; + description = "user group with full access to the smartcard reader"; + }; + + release = lib.mkOption { + type = str; + default = "latest"; + description = "pinned athena-bccr release tag"; + }; + }; +} diff --git a/trivionomicon/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix new file mode 100644 index 0000000..631185d --- /dev/null +++ b/trivionomicon/modules/athena-bccr/sys.nix @@ -0,0 +1,35 @@ +{ + pkgs, + lib, + cfg, + doctrine, + ... +}: let + athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release}; +in { + environment = { + etc = { + "Athena".source = "${athena.ase-pkcs11}/etc/Athena"; + + "pkcs11/modules/asep11".text = '' + module: ${athena.libasep11} + ''; + }; + + systemPackages = [athena.ase-pkcs11]; + }; + + #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA + security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + + services = { + pcscd.enable = true; + + udev.extraRules = '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess" + ''; + }; + + users.groups.${cfg.group} = {}; +} diff --git a/trivionomicon/modules/default.nix b/trivionomicon/modules/default.nix new file mode 100644 index 0000000..0c0fd4c --- /dev/null +++ b/trivionomicon/modules/default.nix @@ -0,0 +1,3 @@ +{doctrine, ...}: { + imports = builtins.attrValues (doctrine.lib.importAll {root = ./.;}); +} diff --git a/trivionomicon/modules/laptop/default.nix b/trivionomicon/modules/laptop/default.nix new file mode 100644 index 0000000..b908d47 --- /dev/null +++ b/trivionomicon/modules/laptop/default.nix @@ -0,0 +1,10 @@ +{ + config, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "laptop"; + sys = ./sys.nix; +} diff --git a/trivionomicon/modules/laptop/sys.nix b/trivionomicon/modules/laptop/sys.nix new file mode 100644 index 0000000..252f49c --- /dev/null +++ b/trivionomicon/modules/laptop/sys.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + pkgs, + ... +}: { + services = { + tlp.enable = lib.mkDefault true; + upower.enable = lib.mkDefault true; + }; +} diff --git a/trivionomicon/modules/nix-registry/default.nix b/trivionomicon/modules/nix-registry/default.nix new file mode 100644 index 0000000..8406d88 --- /dev/null +++ b/trivionomicon/modules/nix-registry/default.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + doctrine, + flakes, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "nix-registry"; + hm = ./hm.nix; + options = ./options.nix; + + passthru = {inherit flakes;}; +} diff --git a/trivionomicon/modules/nix-registry/hm.nix b/trivionomicon/modules/nix-registry/hm.nix new file mode 100644 index 0000000..1c57e95 --- /dev/null +++ b/trivionomicon/modules/nix-registry/hm.nix @@ -0,0 +1,23 @@ +{ + pkgs, + lib, + cfg, + flakes, + ... +}: let + registryName = name: + if name == "self" + then cfg.renameSelf + else name; + + registryFilter = { + nixpkgs = true; + unstable = true; + self = cfg.renameSelf != null; + }; +in { + nix.registry = + lib.mapAttrs' + (name: value: lib.nameValuePair (registryName name) {flake = value;}) + (lib.filterAttrs (name: _: registryFilter.${name} or cfg.allInputs) flakes); +} diff --git a/trivionomicon/modules/nix-registry/options.nix b/trivionomicon/modules/nix-registry/options.nix new file mode 100644 index 0000000..e8898ec --- /dev/null +++ b/trivionomicon/modules/nix-registry/options.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib.types; { + hm = { + allInputs = mkOption { + type = bool; + default = default; + description = '' + Include all flake inputs. If false, only 'nixpkgs' and 'unstable' + (if available) will be added to the flake registry by default. + ''; + }; + + renameSelf = mkOption { + type = nullOr str; + default = "self"; + description = "Registry name to use for the 'self' input"; + }; + }; +} diff --git a/trivionomicon/modules/soju/default.nix b/trivionomicon/modules/soju/default.nix new file mode 100644 index 0000000..2b302f0 --- /dev/null +++ b/trivionomicon/modules/soju/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "soju"; + sys = ./sys.nix; + options = ./options.nix; +} diff --git a/trivionomicon/modules/soju/options.nix b/trivionomicon/modules/soju/options.nix new file mode 100644 index 0000000..06c3381 --- /dev/null +++ b/trivionomicon/modules/soju/options.nix @@ -0,0 +1,16 @@ +{lib, ...}: +with lib.types; { + sys = { + fullyQualifiedDomain = lib.mkOption { + type = str; + example = "soju.trivionomicon.com"; + description = "fully qualified domain name to be used by soju"; + }; + + port = lib.mkOption { + type = port; + default = 6697; + description = "port to be used by soju"; + }; + }; +} diff --git a/trivionomicon/modules/soju/sys.nix b/trivionomicon/modules/soju/sys.nix new file mode 100644 index 0000000..83c3560 --- /dev/null +++ b/trivionomicon/modules/soju/sys.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + lib, + cfg, + doctrine, + ... +}: +with lib; { + security.acme.certs."${cfg.fullyQualifiedDomain}" = { + reloadServices = ["soju.service"]; + group = "soju"; + }; + + networking.firewall.allowedTCPPorts = [cfg.port]; + + services.soju = let + sojuCertDir = config.security.acme.certs."${cfg.fullyQualifiedDomain}".directory; + in { + enable = true; + hostName = "${cfg.fullyQualifiedDomain}"; + listen = ["ircs://[::]:${toString cfg.port}"]; + tlsCertificate = "${sojuCertDir}/fullchain.pem"; + tlsCertificateKey = "${sojuCertDir}/key.pem"; + }; + + systemd.services.soju = { + after = ["acme-${cfg.fullyQualifiedDomain}.service"]; + serviceConfig = { + DynamicUser = mkForce false; # fuck dynamic users + User = "soju"; + Group = "soju"; + ProtectSystem = "strict"; + ProtectHome = "read-only"; + PrivateTmp = true; + RemoveIPC = true; + }; + }; + + users = { + users.soju = { + isSystemUser = true; + group = "soju"; + }; + groups.soju = {}; + }; +} diff --git a/trivionomicon/modules/sway/default.nix b/trivionomicon/modules/sway/default.nix new file mode 100644 index 0000000..9f49e7c --- /dev/null +++ b/trivionomicon/modules/sway/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "sway"; + sys = ./sys.nix; + options = ./options.nix; +} diff --git a/trivionomicon/modules/sway/options.nix b/trivionomicon/modules/sway/options.nix new file mode 100644 index 0000000..e433039 --- /dev/null +++ b/trivionomicon/modules/sway/options.nix @@ -0,0 +1,3 @@ +{...}: { + sys = {}; +} diff --git a/trivionomicon/modules/sway/sys.nix b/trivionomicon/modules/sway/sys.nix new file mode 100644 index 0000000..9c8b664 --- /dev/null +++ b/trivionomicon/modules/sway/sys.nix @@ -0,0 +1,45 @@ +{ + pkgs, + lib, + ... +}: { + services.libinput.enable = true; + hardware.graphics.enable = true; + + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = with pkgs; [xdg-desktop-portal-gtk]; + xdgOpenUsePortal = true; + + # warning: xdg-desktop-portal 1.17 reworked how portal implementations are loaded, you + # should either set `xdg.portal.config` or `xdg.portal.configPackages` + # to specify which portal backend to use for the requested interface. + # + # https://github.com/flatpak/xdg-desktop-portal/blob/1.18.1/doc/portals.conf.rst.in + # + # If you simply want to keep the behaviour in < 1.17, which uses the first + # portal implementation found in lexicographical order, use the following: + # + # xdg.portal.config.common.default = "*"; + config.common.default = "*"; + }; + + environment = { + sessionVariables.NIXOS_OZONE_WL = "1"; + + systemPackages = with pkgs; [ + qt5.qtwayland + qt6.qtwayland + ]; + }; + + programs = { + gtklock = { + enable = lib.mkDefault true; + + config = {}; + modules = []; + }; + }; +} diff --git a/trivionomicon/modules/thinkpad/default.nix b/trivionomicon/modules/thinkpad/default.nix new file mode 100644 index 0000000..e210947 --- /dev/null +++ b/trivionomicon/modules/thinkpad/default.nix @@ -0,0 +1,11 @@ +{ + config, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "thinkpad"; + sys = ./sys.nix; + requires = ["laptop"]; +} diff --git a/trivionomicon/modules/thinkpad/sys.nix b/trivionomicon/modules/thinkpad/sys.nix new file mode 100644 index 0000000..bc96146 --- /dev/null +++ b/trivionomicon/modules/thinkpad/sys.nix @@ -0,0 +1,30 @@ +{ + config, + pkgs, + lib, + ... +}: { + # For suspending to RAM to work, set Config -> Power -> Sleep State to "Linux" in EFI. + # See https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Suspend_issues + # Fingerprint sensor requires a firmware-update to work. + + boot = { + extraModulePackages = with config.boot.kernelPackages; [acpi_call]; + extraModprobeConfig = "options iwlwifi 11n_disable=1 wd_disable=1"; + + # acpi_call makes tlp work for newer thinkpads + kernelModules = ["acpi_call"]; + + # Force use of the thinkpad_acpi driver for backlight control. + # This allows the backlight save/load systemd service to work. + kernelParams = ["acpi_backlight=native"]; + }; + + hardware.firmware = [pkgs.sof-firmware]; + + services = { + fprintd.enable = lib.mkDefault true; + thinkfan.enable = lib.mkDefault true; + tp-auto-kbbl.enable = lib.mkDefault true; + }; +} diff --git a/trivionomicon/modules/trivionomiconMotd/default.nix b/trivionomicon/modules/trivionomiconMotd/default.nix new file mode 100644 index 0000000..0844b5a --- /dev/null +++ b/trivionomicon/modules/trivionomiconMotd/default.nix @@ -0,0 +1,10 @@ +{ + config, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "trivionomiconMotd"; + sys = ./sys.nix; +} diff --git a/trivionomicon/modules/trivionomiconMotd/sys.nix b/trivionomicon/modules/trivionomiconMotd/sys.nix new file mode 100644 index 0000000..5b38e3d --- /dev/null +++ b/trivionomicon/modules/trivionomiconMotd/sys.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: { + users.motd = '' + _ _ _ _ + | | | | | | | | + _ __ _____ _____ _ __ ___ __| | | |__ _ _ | |_| |__ ___ + | '_ \ / _ \ \ /\ / / _ \ '__/ _ \/ _` | | '_ \| | | | | __| '_ \ / _ \ + | |_) | (_) \ V V / __/ | | __/ (_| | | |_) | |_| | | |_| | | | __/ + | .__/ \___/ \_/\_/ \___|_| \___|\__,_| |_.__/ \__, | \__|_| |_|\___| + | | __/ | + |_|_____ _____ _______ _______ ____ _ _|___/_ __ __ _____ _____ ____ _ _ + |__ __| __ \|_ _\ \ / /_ _/ __ \| \ | |/ __ \| \/ |_ _/ ____/ __ \| \ | | + | | | |__) | | | \ \ / / | || | | | \| | | | | \ / | | || | | | | | \| | + | | | _ / | | \ \/ / | || | | | . ` | | | | |\/| | | || | | | | | . ` | + | | | | \ \ _| |_ \ / _| || |__| | |\ | |__| | | | |_| || |___| |__| | |\ | + |_| |_| \_\_____| \/ |_____\____/|_| \_|\____/|_| |_|_____\_____\____/|_| \_| + ''; +} diff --git a/trivionomicon/modules/waybar/default.nix b/trivionomicon/modules/waybar/default.nix new file mode 100644 index 0000000..97cacf3 --- /dev/null +++ b/trivionomicon/modules/waybar/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "waybar"; + hm = ./hm.nix; + options = ./options.nix; +} diff --git a/trivionomicon/modules/waybar/hm.nix b/trivionomicon/modules/waybar/hm.nix new file mode 100644 index 0000000..1bfa3e2 --- /dev/null +++ b/trivionomicon/modules/waybar/hm.nix @@ -0,0 +1,207 @@ +{ + lib, + pkgs, + cfg, + doctrine, + ... +}: +with lib; { + programs.waybar = { + enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + height = 20; + spacing = 0; + + modules-left = [ + "sway/workspaces" + "sway/mode" + ]; + modules-center = [ + "clock" + ]; + + modules-right = + [ + "keyboard-state" + "privacy" + "idle_inhibitor" + "cpu" + "memory" + "disk" + "temperature" + "tray" + ] + ++ lists.optionals cfg.battery [ + "battery" + ]; + battery = mkIf cfg.battery { + format = "{capacity}% {icon}"; + format-plugged = "{capacity}% {icon}"; + format-icons = ["" "" "" "" "" "" "" "" "" "" ""]; + states = { + warning = 20; + critical = 10; + }; + }; + keyboard-state = { + capslock = true; + format.capslock = "{icon}"; + format-icons = { + locked = " "; + unlocked = ""; + }; + }; + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = " "; + deactivated = " "; + }; + }; + tray = { + icon-size = 13; + spacing = 8; + }; + clock = { + interval = 60; + format = "{:%A %B %d %Y %H:%M}"; + tooltip = false; + }; + cpu = { + format = " {usage}%"; + tooltip = false; + }; + memory = { + format = " {percentage}% "; + tooltip = true; + tooltip-format = "{used}/{total}"; + }; + disk = { + format = " {specific_used:0.0f}/{specific_total:0.0f}"; + unit = "GiB"; + tooltip = false; + }; + temperature = { + format = " {temperatureC}°C"; + }; + privacy = { + icon-size = 12; + }; + }; + }; + style = '' + * { + font-family: "${cfg.fontFamily}", monospace; + font-size: ${cfg.fontSize}; + font-weight: 500; + border: none; + box-shadow: none; + } + + /* Entire bar: fully transparent, no border */ + window#waybar { + background: transparent; + color: #eaeaea; + margin: 0; + padding: 0; + } + + /* Optional: small edge breathing room (comment out if you want edge-to-edge) */ + /* window#waybar { margin: 3px 6px 0 6px; } */ + + /* Module containers */ + .modules-left, .modules-center, .modules-right { + padding: 0; + margin: 0 6px; + } + + /* Subtle separators between modules (no boxes) */ + .modules-left > widget:not(:first-child), + .modules-center > widget:not(:first-child), + .modules-right > widget:not(:first-child) { + margin-left: 12px; + padding-left: 12px; + border-left: 1px solid rgba(255, 255, 255, 0.08); + } + + /* Tightest possible workspaces */ + #workspaces { padding: 0; margin: 0; } + #workspaces button { + margin: 0; + padding: 0 3px; + min-width: 0; + border-radius: 0; + background: transparent; + color: #cfcfcf; + } + #workspaces button:hover { + background: rgba(255, 255, 255, 0.06); + } + #workspaces button.active, + #workspaces button.focused { + background: rgba(255, 255, 255, 0.10); + color: #ffffff; + box-shadow: inset 0 -2px #ffffff; + } + #workspaces button.urgent { + background: rgba(255, 80, 80, 0.25); + box-shadow: inset 0 -2px #ff5050; + } + + /* Focused window title: single line, no glow */ + #window { + padding: 0 6px; + margin: 0; + color: #dedede; + } + + /* Sway mode indicator: visible only when active, no bloat */ + #mode { + padding: 0 6px; + margin: 0; + background: rgba(255, 255, 255, 0.10); + color: #ffffff; + box-shadow: inset 0 -2px #ffffff; + } + + /* Status modules — keep them flat and compact */ + #clock, #battery, #network, #pulseaudio, #backlight, #cpu, #memory, #temperature, #tray { + padding: 0 6px; + margin: 0; + background: transparent; + color: #eaeaea; + } + + /* States (battery, network, audio) */ + #battery.charging { color: #27f902; } + #battery.warning:not(.charging) { color: #fc8b02; } + #battery.critical:not(.charging) { color: #fc0000; } + + #network.disconnected { color: #ffb4b4; } + #pulseaudio.muted { color: #9aa0a6; } + + /* Tray: compress icons */ + #tray > .passive { opacity: 0.6; } + #tray > .needs-attention { opacity: 1; } + + /* Tooltips: clean and readable */ + tooltip { + background: rgba(30, 30, 30, 0.95); + border: 1px solid rgba(255, 255, 255, 0.08); + color: #eaeaea; + padding: 6px 8px; + } + + /* Remove any leftover borders around everything */ + #custom-*, #idle_inhibitor, #privacy, #bluetooth { + border: none; + background: transparent; + margin: 0; + padding: 0 6px; + } + ''; + }; +} diff --git a/trivionomicon/modules/waybar/options.nix b/trivionomicon/modules/waybar/options.nix new file mode 100644 index 0000000..b2daa33 --- /dev/null +++ b/trivionomicon/modules/waybar/options.nix @@ -0,0 +1,23 @@ +{lib, ...}: +with lib.types; { + hm = { + battery = lib.mkOption { + type = bool; + default = false; + description = '' + `true` to display battery info + ''; + }; + fontFamily = lib.mkOption { + type = str; + example = "JetBrainsMono Nerd Font"; + description = '' + needs to be a nerdfont + ''; + }; + fontSize = lib.mkOption { + type = str; + default = "12px"; + }; + }; +} diff --git a/trivionomicon/modules/yubico/default.nix b/trivionomicon/modules/yubico/default.nix new file mode 100644 index 0000000..71bed70 --- /dev/null +++ b/trivionomicon/modules/yubico/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "yubico"; + hm = ./hm.nix; + sys = ./sys.nix; +} diff --git a/trivionomicon/modules/yubico/hm.nix b/trivionomicon/modules/yubico/hm.nix new file mode 100644 index 0000000..8d06368 --- /dev/null +++ b/trivionomicon/modules/yubico/hm.nix @@ -0,0 +1,9 @@ +{ + pkgs, + lib, + ... +}: { + home.packages = [ + pkgs.yubikey-manager + ]; +} diff --git a/trivionomicon/modules/yubico/sys.nix b/trivionomicon/modules/yubico/sys.nix new file mode 100644 index 0000000..3cd009f --- /dev/null +++ b/trivionomicon/modules/yubico/sys.nix @@ -0,0 +1,14 @@ +{ + pkgs, + lib, + ... +}: { + environment.etc."pkcs11/modules/ykcs11".text = '' + module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so + ''; + + services = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + }; +} |