Merge remote-tracking branch 'origin/nixos' into nixos-work

2023-12-14 08:56:20 +01:00 · 2023-12-14 08:56:20 +01:00 · ef6b7e9f86
commit ef6b7e9f86
parent 5f99e54ce4 e7fd307bfb
19 changed files with 508 additions and 202 deletions
--- a/modules/profiles/desktop.nix
+++ b/modules/profiles/desktop.nix
@ -16,7 +16,7 @@ in
      yubikey = {
        enable = mkDefault true;
        luksSupport = {
-          enable = mkDefault true;
+          enable = mkDefault false;
          devices = mkDefault [ "enc" ];
        };
      };
--- a/modules/profiles/impermanence.nix
+++ b/modules/profiles/impermanence.nix
@ -0,0 +1,95 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.my.profiles.impermanence;
+in
+{
+  options.my.profiles.impermanence.enable = mkEnableOption "impermanence";
+
+  config = mkIf cfg.enable {
+    age.secrets = {
+      root-password.file = ../../secrets/root-password.age;
+      moritz-password.file = ../../secrets/moritz-password.age;
+    };
+    users.users = {
+      root.hashedPasswordFile = config.age.secrets.root-password.path;
+      moritz.hashedPasswordFile = config.age.secrets.moritz-password.path;
+    };
+    users.mutableUsers = false;
+    environment.persistence."/persist" = {
+      hideMounts = true;
+      directories = [
+        "/etc/NetworkManager/system-connections"
+        "/var/db/dhcpcd/"
+        "/var/lib/NetworkManager/"
+        "/var/lib/bluetooth"
+        "/var/lib/nixos"
+        "/var/lib/systemd/coredump"
+        "/var/log"
+      ];
+      files = [
+        "/etc/machine-id"
+        "/etc/nix/id_rsa"
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+      ];
+      users.moritz = {
+        directories = [
+          ".SynologyDrive/data"
+          ".SynologyDrive/log"
+          ".cache/keepassxc"
+          ".cache/nvim/luac"
+          ".config/Nextcloud"
+          ".config/keepassxc"
+          ".local/share/direnv"
+          ".local/share/nvim"
+          ".local/share/zoxide"
+          ".local/share/JetBrains"
+          ".config/JetBrains"
+          ".local/state/nvim"
+          ".config/kdeconnect"
+          ".cat_installer" # eduroam
+          ".mozilla"
+          "Documents"
+          "Downloads"
+          "Music"
+          "Pictures"
+          "Videos"
+          { directory = ".gnupg"; mode = "0700"; }
+          { directory = ".local/share/keyrings"; mode = "0700"; }
+          { directory = ".ssh"; mode = "0700"; }
+        ];
+        files = [
+          ".local/share/fish/fish_history"
+          ".local/share/nix/trusted-settings.json"
+          ".parallel/will-cite"
+        ];
+      };
+      users.root = {
+        home = "/root";
+        directories = [
+          { directory = ".gnupg"; mode = "0700"; }
+          { directory = ".ssh"; mode = "0700"; }
+        ];
+        files = [
+          ".local/share/nix/trusted-settings.json"
+        ];
+      };
+    };
+
+    environment.systemPackages = [
+      (
+        pkgs.writeShellApplication {
+          name = "zfs-diff";
+          runtimeInputs = with pkgs; [ zfs coreutils parallel tree ];
+          text = ''
+            zfs diff -F zroot/encrypted/root@blank | awk '$2 == "F" && system("test -e /persist/"$3) != 0 { print $3 }' 2>/dev/null | tree --fromfile . "$@"
+          '';
+        }
+      )
+    ];
+  };
+}
--- a/modules/profiles/personal.nix
+++ b/modules/profiles/personal.nix
@ -30,8 +30,8 @@ in
              "browser.search.suggest.enabled" = true;
              "browser.urlbar.suggest.searches" = true;

-              # startup page
-              "browser.startup.page" = 0;
+              # Restore previous session on startup
+              "browser.startup.page" = 3;

              # drm
              "media.eme.enabled" = true;
@ -41,30 +41,6 @@ in

              # disable letterboxing
              "privacy.resistFingerprinting.letterboxing" = false;
-
-              ## OTHER
-              # Dont show warning when accessing about:config
-              "browser.aboutConfig.showWarning" = false;
-
-              # Hide bookmarks
-              "browser.toolbars.bookmarks.visibility" = "never";
-
-              # Smooth scrolling
-              "general.smoothScroll.lines.durationMaxMS" = 125;
-              "general.smoothScroll.lines.durationMinMS" = 125;
-              "general.smoothScroll.mouseWheel.durationMaxMS" = 200;
-              "general.smoothScroll.mouseWheel.durationMinMS" = 100;
-              "general.smoothScroll.msdPhysics.enabled" = true;
-              "general.smoothScroll.other.durationMaxMS" = 125;
-              "general.smoothScroll.other.durationMinMS" = 125;
-              "general.smoothScroll.pages.durationMaxMS" = 125;
-              "general.smoothScroll.pages.durationMinMS" = 125;
-              "mousewheel.min_line_scroll_amount" = 40;
-              "mousewheel.system_scroll_override_on_root_content.enabled" = true;
-              "mousewheel.system_scroll_override_on_root_content.horizontal.factor" = 175;
-              "mousewheel.system_scroll_override_on_root_content.vertical.factor" = 175;
-              "toolkit.scrollbox.horizontalScrollDistance" = 6;
-              "toolkit.scrollbox.verticalScrollDistance" = 2;
            };
          };
        };