forked from pub-solar/os
77 lines
2.4 KiB
Nix
77 lines
2.4 KiB
Nix
|
{ config, home-manager, lib, pkgs, ... }:
|
||
|
with lib;
|
||
|
let
|
||
|
psCfg = config.pub-solar;
|
||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||
|
in
|
||
|
{
|
||
|
imports = [
|
||
|
./session-variables.nix
|
||
|
];
|
||
|
|
||
|
config = {
|
||
|
pub-solar.graphical.alacritty.settings.font.size = 12;
|
||
|
pub-solar.graphical.alacritty.settings.key_bindings = [
|
||
|
{ key = "V"; mods = "Control|Super"; action = "Paste"; }
|
||
|
{ key = "C"; mods = "Control|Super"; action = "Copy"; }
|
||
|
];
|
||
|
services.kbfs.enable = true;
|
||
|
services.keybase.enable = true;
|
||
|
services.yubikey-agent.enable = true;
|
||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||
|
xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; };
|
||
|
xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix { inherit config; inherit pkgs; };
|
||
|
xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix { inherit config; inherit pkgs; };
|
||
|
|
||
|
home.packages = with pkgs; [
|
||
|
AusweisApp2
|
||
|
consul
|
||
|
keybase-gui
|
||
|
nomad
|
||
|
thunderbird
|
||
|
vault
|
||
|
veracrypt
|
||
|
waypoint
|
||
|
];
|
||
|
|
||
|
|
||
|
systemd.user.services.yubikey-agent = {
|
||
|
Unit = {
|
||
|
Description = "Seamless ssh-agent for YubiKeys";
|
||
|
Documentation = [ "https://filippo.io/yubikey-agent" ];
|
||
|
};
|
||
|
|
||
|
Service = {
|
||
|
ExecStart = "${pkgs.yubikey-agent}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
|
||
|
ExecReload = "/bin/kill -HUP $MAINPID";
|
||
|
IPAddressDeny = "any";
|
||
|
RestrictAddressFamilies = "AF_UNIX";
|
||
|
RestrictNamespaces = "yes";
|
||
|
RestrictRealtime = "yes";
|
||
|
RestrictSUIDSGID = "yes";
|
||
|
LockPersonality = "yes";
|
||
|
SystemCallFilter = "@system-service ~@privileged @resources";
|
||
|
SystemCallErrorNumber = "EPERM";
|
||
|
SystemCallArchitectures = "native";
|
||
|
NoNewPrivileges = "yes";
|
||
|
KeyringMode = "private";
|
||
|
UMask = "0177";
|
||
|
RuntimeDirectory = "yubikey-agent";
|
||
|
};
|
||
|
|
||
|
Install = {
|
||
|
WantedBy = [ "sway-session.target" ];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
programs.zsh = {
|
||
|
initExtra = import ./zshrc.nix pkgs;
|
||
|
};
|
||
|
|
||
|
# xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
|
||
|
};
|
||
|
|
||
|
#services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ../../secrets/mopidy.conf);
|
||
|
};
|
||
|
}
|