Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Add encryption

Browse source
This commit is contained in:
DashieTM 2025-05-02 11:49:11 +02:00
parent 32f0512ef5
commit f395c61ee3
5 changed files with 292 additions and 257 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/src/README.md
View file

@ -5,7 +5,7 @@
</div> </div>
An opinionated flake to bootstrap NixOS systems with default configurations for various programs and services from both NixOS and HomeManger which can be enabled, disabled, configured or replaced at will. An opinionated flake to bootstrap NixOS systems with default configurations for various programs and services from both NixOS and HomeManager which can be enabled, disabled, configured or replaced at will.
# Usage # Usage
@ -116,7 +116,7 @@ Here is a minimal required configuration.nix (the TODOs mention a required chang
# ]; # ];
# or amd, whatever you have # or amd, whatever you have
gpu.nvidia.enable = true; gpu.nvidia.enable = true;
kde_connect.enable = true; kdeConnect.enable = true;
# login manager: # login manager:
# default is greetd # default is greetd
# greetd = { }; # greetd = { };

5
home/common.nix
View file

@ -25,11 +25,6 @@ in {
}; };
keyboard = null; keyboard = null;
#file.".local/share/flatpak/overrides/global".text = lib.mkForce ''
# [Context]
# filesystems=xdg-config/gtk-3.0;xdg-config/gtk-4.0
#'';
}; };
programs.nix-index = { programs.nix-index = {

11
modules/conf.nix
View file

@ -33,7 +33,16 @@
example = true; example = true;
description = '' description = ''
enables secure boot. enables secure boot.
Please don't forget to add your keys. Note: Secure boot is NOT reproducible
Here are the necessary steps:
+ create your keys with sbctl -> sudo sbctl create-keys
+ build with systemd once -> set this to false and build once
+ build with secureBoot true
+ verify that your keys are signed (note, only systemd and your generations should now be signed): sudo sbtcl verify
+ enroll your keys (microsoft is necessary for windows dualboot support, leave it there): sudo sbctl enroll-keys --microsoft
+ reboot with secureboot enabled
Note: Some motherboards have vendor specific keys for secure boot, this may not necessarily work with our self signed keys
You likely have to disable these vendor specific keys (example HP: sure boot)
''; '';
}; };

27
modules/programs/drives.nix
View file

@ -25,6 +25,18 @@
Use swap in drive. Use swap in drive.
''; '';
}; };
useEncryption = lib.mkOption {
default = false;
example = true;
type = lib.types.bool;
description = ''
Enables encryption.
!WARNING!
You need your root drive to be named root exactly!
Otherwise there will not be a root crypt!
!WARNING!
'';
};
homeAndRootFsTypes = lib.mkOption { homeAndRootFsTypes = lib.mkOption {
default = "ext4"; default = "ext4";
example = "btrfs"; example = "btrfs";
@ -149,6 +161,21 @@
config = ( config = (
lib.optionalAttrs (options ? fileSystems) { lib.optionalAttrs (options ? fileSystems) {
boot.initrd.luks.devices = lib.mkIf (config.mods.drives.variant == "manual" && config.mods.drives.useEncryption) (
builtins.listToAttrs (
map (
{
name,
drive,
}: {
cryptstorage.device = lib.mkIf (name != "root") drive?device;
cryptoroot.device = lib.mkIf (name == "root") drive?device;
}
)
config.mods.drives.extraDrives
)
);
fileSystems = lib.mkIf (config.mods.drives.variant == "manual" && !config.conf.wsl) ( fileSystems = lib.mkIf (config.mods.drives.variant == "manual" && !config.conf.wsl) (
builtins.listToAttrs ( builtins.listToAttrs (
map ( map (

502
modules/programs/hyprland/hyprland.nix
View file

@ -124,265 +124,269 @@ in {
settings = settings =
if config.mods.hyprland.useDefaultConfig if config.mods.hyprland.useDefaultConfig
then then
{ (
"$mod" = "SUPER"; lib.recursiveUpdate
{
"$mod" = "SUPER";
bindm = [ bindm = [
"$mod, mouse:272, movewindow" "$mod, mouse:272, movewindow"
"$mod, mouse:273, resizeactive" "$mod, mouse:273, resizeactive"
];
bind = [
# screenshots
''$mod SUPER,S,exec,grim -g "$(slurp)" - | wl-copy''
''$mod SUPERSHIFT,S,exec,grim -g "$(slurp)" - | satty -f -''
''$mod SUPERSHIFTALT,S,exec,grim -c -g "2560,0 3440x1440" - | wl-copy''
# regular programs
"$mod SUPER,F,exec,${browserName}"
(lib.mkIf (
browserName == "firefox" || browserName == "zen"
) "$mod SUPERSHIFT,F,exec,${browserName} -p special")
"$mod SUPER,T,exec,kitty -1"
"$mod SUPER,E,exec,nautilus -w"
"$mod SUPER,N,exec,neovide"
"$mod SUPER,M,exec,oxidash"
"$mod SUPER,R,exec,oxirun"
"$mod SUPER,G,exec,oxicalc"
"$mod SUPER,D,exec,oxishut"
"$mod SUPER,A,exec,oxipaste-iced"
"$mod SUPERSHIFT,P,exec,hyprdock --gui"
"$mod SUPERSHIFT,L,exec, playerctl -a pause & hyprlock & systemctl suspend"
"$mod SUPERSHIFT,K,exec, playerctl -a pause & hyprlock & systemctl hibernate"
# media keys
(lib.mkIf config.mods.scripts.audioControl ",XF86AudioMute,exec, audioControl mute")
(lib.mkIf config.mods.scripts.audioControl ",XF86AudioLowerVolume,exec, audioControl sink -5%")
(lib.mkIf config.mods.scripts.audioControl ",XF86AudioRaiseVolume,exec, audioControl sink +5%")
",XF86AudioPlay,exec, playerctl play-pause"
",XF86AudioNext,exec, playerctl next"
",XF86AudioPrev,exec, playerctl previous"
(lib.mkIf config.mods.scripts.changeBrightness ",XF86MonBrightnessDown,exec, changeBrightness brightness 10%-")
(lib.mkIf config.mods.scripts.changeBrightness ",XF86MonBrightnessUp,exec, changeBrightness brightness +10%")
# hyprland keybinds
# misc
"$mod SUPER,V,togglefloating,"
"$mod SUPER,B,fullscreen,"
"$mod SUPER,C,togglesplit"
"$mod SUPER,Q,killactive,"
"$mod SUPERSHIFTALT,M,exit,"
"$mod SUPERSHIFT,W,togglespecialworkspace"
# move
"$mod SUPER,left,movewindow,l"
"$mod SUPER,right,movewindow,r"
"$mod SUPER,up,movewindow,u"
"$mod SUPER,down,movewindow,d"
# workspaces
"$mod SUPER,1,workspace,1"
"$mod SUPER,2,workspace,2"
"$mod SUPER,3,workspace,3"
"$mod SUPER,4,workspace,4"
"$mod SUPER,5,workspace,5"
"$mod SUPER,6,workspace,6"
"$mod SUPER,7,workspace,7"
"$mod SUPER,8,workspace,8"
"$mod SUPER,9,workspace,9"
"$mod SUPER,0,workspace,10"
# move to workspace
"$mod SUPERSHIFT,1,movetoworkspace,1"
"$mod SUPERSHIFT,2,movetoworkspace,2"
"$mod SUPERSHIFT,3,movetoworkspace,3"
"$mod SUPERSHIFT,4,movetoworkspace,4"
"$mod SUPERSHIFT,5,movetoworkspace,5"
"$mod SUPERSHIFT,6,movetoworkspace,6"
"$mod SUPERSHIFT,7,movetoworkspace,7"
"$mod SUPERSHIFT,8,movetoworkspace,8"
"$mod SUPERSHIFT,9,movetoworkspace,9"
"$mod SUPERSHIFT,0,movetoworkspace,10"
# move to workspace silent
"$mod SUPERSHIFTALT,1,movetoworkspacesilent,1"
"$mod SUPERSHIFTALT,2,movetoworkspacesilent,2"
"$mod SUPERSHIFTALT,3,movetoworkspacesilent,3"
"$mod SUPERSHIFTALT,4,movetoworkspacesilent,4"
"$mod SUPERSHIFTALT,5,movetoworkspacesilent,5"
"$mod SUPERSHIFTALT,6,movetoworkspacesilent,6"
"$mod SUPERSHIFTALT,7,movetoworkspacesilent,7"
"$mod SUPERSHIFTALT,8,movetoworkspacesilent,8"
"$mod SUPERSHIFTALT,9,movetoworkspacesilent,9"
"$mod SUPERSHIFTALT,0,movetoworkspacesilent,10"
# preselection
"$mod SUPERALT,j,layoutmsg,preselect l"
"$mod SUPERALT,k,layoutmsg,preselect d"
"$mod SUPERALT,l,layoutmsg,preselect u"
"$mod SUPERALT,semicolon,layoutmsg,preselect r"
"$mod SUPERALT,h,layoutmsg,preselect n"
];
binde = [
# hyprland keybinds
# focus
"$mod SUPER,J,movefocus,l"
"$mod SUPER,semicolon,movefocus,r"
"$mod SUPER,L,movefocus,u"
"$mod SUPER,K,movefocus,d"
# resize
"$mod SUPER,U,resizeactive,-20 0"
"$mod SUPER,P,resizeactive,20 0"
"$mod SUPER,O,resizeactive,0 -20"
"$mod SUPER,I,resizeactive,0 20"
];
general = {
gaps_out = "3,5,5,5";
border_size = 3;
"col.active_border" = lib.mkOverride 51 "0xFFFF0000 0xFF00FF00 0xFF0000FF 45deg";
# "col.inactive_border" = "0x66333333";
allow_tearing = lib.mkIf config.mods.hyprland.noAtomic true;
};
decoration = {
rounding = 4;
};
animations = {
bezier = "penguin,0.05,0.9,0.1,1.0";
animation = [
"windowsMove,1,4,default"
"windows,1,7,default,popin 70%"
"windowsOut,1,7,default,popin 70%"
"border,1,10,default"
"fade,1,7,default"
"workspaces,1,6,default"
"layers,1,3,default,popin"
]; ];
};
dwindle = { bind = [
preserve_split = true; # screenshots
pseudotile = 0; ''$mod SUPER,S,exec,grim -g "$(slurp)" - | wl-copy''
permanent_direction_override = false; ''$mod SUPERSHIFT,S,exec,grim -g "$(slurp)" - | satty -f -''
}; ''$mod SUPERSHIFTALT,S,exec,grim -c -g "2560,0 3440x1440" - | wl-copy''
input = { # regular programs
kb_layout = "${config.mods.xkb.layout}"; "$mod SUPER,F,exec,${browserName}"
kb_variant = "${config.mods.xkb.variant}"; (lib.mkIf (
repeat_delay = 200; browserName == "firefox" || browserName == "zen"
force_no_accel = true; ) "$mod SUPERSHIFT,F,exec,${browserName} -p special")
touchpad = { "$mod SUPER,T,exec,kitty -1"
natural_scroll = true; "$mod SUPER,E,exec,nautilus -w"
tap-to-click = true; "$mod SUPER,N,exec,neovide"
tap-and-drag = true; "$mod SUPER,M,exec,oxidash"
"$mod SUPER,R,exec,anyrun"
"$mod SUPER,G,exec,oxicalc"
"$mod SUPER,D,exec,oxishut"
"$mod SUPER,A,exec,oxipaste-iced"
"$mod SUPERSHIFT,P,exec,hyprdock --gui"
"$mod SUPERSHIFT,L,exec, playerctl -a pause & hyprlock & systemctl suspend"
"$mod SUPERSHIFT,K,exec, playerctl -a pause & hyprlock & systemctl hibernate"
# media keys
(lib.mkIf config.mods.scripts.audioControl ",XF86AudioMute,exec, audioControl mute")
(lib.mkIf config.mods.scripts.audioControl ",XF86AudioLowerVolume,exec, audioControl sink -5%")
(lib.mkIf config.mods.scripts.audioControl ",XF86AudioRaiseVolume,exec, audioControl sink +5%")
",XF86AudioPlay,exec, playerctl play-pause"
",XF86AudioNext,exec, playerctl next"
",XF86AudioPrev,exec, playerctl previous"
(lib.mkIf config.mods.scripts.changeBrightness ",XF86MonBrightnessDown,exec, changeBrightness brightness 10%-")
(lib.mkIf config.mods.scripts.changeBrightness ",XF86MonBrightnessUp,exec, changeBrightness brightness +10%")
# hyprland keybinds
# misc
"$mod SUPER,V,togglefloating,"
"$mod SUPER,B,fullscreen,"
"$mod SUPER,C,togglesplit"
"$mod SUPER,Q,killactive,"
"$mod SUPERSHIFTALT,M,exit,"
"$mod SUPERSHIFT,W,togglespecialworkspace"
# move
"$mod SUPER,left,movewindow,l"
"$mod SUPER,right,movewindow,r"
"$mod SUPER,up,movewindow,u"
"$mod SUPER,down,movewindow,d"
# workspaces
"$mod SUPER,1,workspace,1"
"$mod SUPER,2,workspace,2"
"$mod SUPER,3,workspace,3"
"$mod SUPER,4,workspace,4"
"$mod SUPER,5,workspace,5"
"$mod SUPER,6,workspace,6"
"$mod SUPER,7,workspace,7"
"$mod SUPER,8,workspace,8"
"$mod SUPER,9,workspace,9"
"$mod SUPER,0,workspace,10"
# move to workspace
"$mod SUPERSHIFT,1,movetoworkspace,1"
"$mod SUPERSHIFT,2,movetoworkspace,2"
"$mod SUPERSHIFT,3,movetoworkspace,3"
"$mod SUPERSHIFT,4,movetoworkspace,4"
"$mod SUPERSHIFT,5,movetoworkspace,5"
"$mod SUPERSHIFT,6,movetoworkspace,6"
"$mod SUPERSHIFT,7,movetoworkspace,7"
"$mod SUPERSHIFT,8,movetoworkspace,8"
"$mod SUPERSHIFT,9,movetoworkspace,9"
"$mod SUPERSHIFT,0,movetoworkspace,10"
# move to workspace silent
"$mod SUPERSHIFTALT,1,movetoworkspacesilent,1"
"$mod SUPERSHIFTALT,2,movetoworkspacesilent,2"
"$mod SUPERSHIFTALT,3,movetoworkspacesilent,3"
"$mod SUPERSHIFTALT,4,movetoworkspacesilent,4"
"$mod SUPERSHIFTALT,5,movetoworkspacesilent,5"
"$mod SUPERSHIFTALT,6,movetoworkspacesilent,6"
"$mod SUPERSHIFTALT,7,movetoworkspacesilent,7"
"$mod SUPERSHIFTALT,8,movetoworkspacesilent,8"
"$mod SUPERSHIFTALT,9,movetoworkspacesilent,9"
"$mod SUPERSHIFTALT,0,movetoworkspacesilent,10"
# preselection
"$mod SUPERALT,j,layoutmsg,preselect l"
"$mod SUPERALT,k,layoutmsg,preselect d"
"$mod SUPERALT,l,layoutmsg,preselect u"
"$mod SUPERALT,semicolon,layoutmsg,preselect r"
"$mod SUPERALT,h,layoutmsg,preselect n"
];
binde = [
# hyprland keybinds
# focus
"$mod SUPER,J,movefocus,l"
"$mod SUPER,semicolon,movefocus,r"
"$mod SUPER,L,movefocus,u"
"$mod SUPER,K,movefocus,d"
# resize
"$mod SUPER,U,resizeactive,-20 0"
"$mod SUPER,P,resizeactive,20 0"
"$mod SUPER,O,resizeactive,0 -20"
"$mod SUPER,I,resizeactive,0 20"
];
general = {
gaps_out = "3,5,5,5";
border_size = 3;
"col.active_border" = lib.mkOverride 51 "0xFFFF0000 0xFF00FF00 0xFF0000FF 45deg";
# "col.inactive_border" = "0x66333333";
allow_tearing = lib.mkIf config.mods.hyprland.noAtomic true;
}; };
};
misc = { decoration = {
animate_manual_resizes = 1; rounding = 4;
enable_swallow = true; };
disable_splash_rendering = true;
disable_hyprland_logo = true;
swallow_regex = "^(.*)(kitty)(.*)$";
initial_workspace_tracking = 1;
# just doesn't work
enable_anr_dialog = false;
};
cursor = { animations = {
enable_hyprcursor = true; bezier = "penguin,0.05,0.9,0.1,1.0";
no_hardware_cursors = lib.mkIf config.mods.gpu.nvidia.enable true; animation = [
# done with nix, this would break the current setup otherwise "windowsMove,1,4,default"
sync_gsettings_theme = false; "windows,1,7,default,popin 70%"
}; "windowsOut,1,7,default,popin 70%"
"border,1,10,default"
"fade,1,7,default"
"workspaces,1,6,default"
"layers,1,3,default,popin"
];
};
gestures = { dwindle = {
workspace_swipe = true; preserve_split = true;
}; pseudotile = 0;
permanent_direction_override = false;
};
monitor = config.mods.hyprland.monitor; input = {
workspace = config.mods.hyprland.workspace; kb_layout = "${config.mods.xkb.layout}";
kb_variant = "${config.mods.xkb.variant}";
env = [ repeat_delay = 200;
"GTK_CSD,0" force_no_accel = true;
''TERM,"kitty /bin/fish"'' touchpad = {
"XDG_CURRENT_DESKTOP=Hyprland" natural_scroll = true;
"XDG_SESSION_TYPE=wayland" tap-to-click = true;
"XDG_SESSION_DESKTOP=Hyprland" tap-and-drag = true;
"HYPRCURSOR_THEME,${config.mods.stylix.cursor.name}"
"HYPRCURSOR_SIZE,${toString config.mods.stylix.cursor.size}"
"XCURSOR_THEME,${config.mods.stylix.cursor.name}"
"XCURSOR_SIZE,${toString config.mods.stylix.cursor.size}"
"QT_QPA_PLATFORM,wayland"
"QT_QPA_PLATFORMTHEME,qt5ct"
"QT_WAYLAND_FORCE_DPI,96"
"QT_AUTO_SCREEN_SCALE_FACTOR,0"
"QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
"QT_SCALE_FACTOR,1"
''EDITOR,"neovide --novsync --nofork"''
(lib.mkIf config.mods.hyprland.noAtomic "WLR_DRM_NO_ATOMIC,1")
"GTK_USE_PORTAL, 1"
(lib.mkIf config.mods.gpu.nvidia.enable "LIBVA_DRIVER_NAME,nvidia")
(lib.mkIf config.mods.gpu.nvidia.enable "XDG_SESSION_TYPE,wayland")
(lib.mkIf config.mods.gpu.nvidia.enable "GBM_BACKEND,nvidia-drm")
(lib.mkIf config.mods.gpu.nvidia.enable "__GLX_VENDOR_LIBRARY_NAME,nvidia")
];
layerrule = [
# layer rules
# mainly to disable animations within slurp and grim
"noanim, selection"
];
windowrule = [
# window rules
"float,class:^(.*)(OxiCalc)(.*)$"
"float,class:^(.*)(winecfg.exe)(.*)$"
"float,class:^(.*)(copyq)(.*)$"
"center,class:^(.*)(swappy)(.*)$"
"float,title:^(.*)(reset)(.*)$"
"workspace 10 silent,class:^(.*)(steam)(.*)$"
"workspace 9 silent,class:^(.*)(dota)(.*)$"
"workspace 9 silent,class:^(.*)(battlebits)(.*)$"
"workspace 9 silent,class:^(.*)(aoe)(.*)$"
"suppressevent fullscreen maximize,class:^(.*)(neovide)(.*)$"
"immediate,class:^(.*)(Pal)$"
"immediate,class:^(.*)(dota2)$"
"immediate,class:^(.*)(needforspeedheat.exe)$"
];
exec-once =
[
# environment
"systemctl --user import-environment"
"dbus-update-activation-environment --systemd --all"
"hyprctl setcursor Bibata-Modern-Classic 24"
# other programs
"hyprpaper"
"ironbar"
"${browserName}"
"oxipaste_daemon"
"oxinoti"
]
++ config.mods.hyprland.extraAutostart;
plugin =
{
hyprspace = lib.mkIf config.mods.hyprland.hyprspaceEnable {
bind = [
"SUPER, W, overview:toggle, toggle"
];
}; };
} };
// config.mods.hyprland.pluginConfig;
} misc = {
// config.mods.hyprland.customConfig animate_manual_resizes = 1;
enable_swallow = true;
disable_splash_rendering = true;
disable_hyprland_logo = true;
swallow_regex = "^(.*)(kitty)(.*)$";
initial_workspace_tracking = 1;
# just doesn't work
enable_anr_dialog = false;
};
cursor = {
enable_hyprcursor = true;
no_hardware_cursors = lib.mkIf config.mods.gpu.nvidia.enable true;
# done with nix, this would break the current setup otherwise
sync_gsettings_theme = false;
};
gestures = {
workspace_swipe = true;
};
monitor = config.mods.hyprland.monitor;
workspace = config.mods.hyprland.workspace;
env = [
"GTK_CSD,0"
''TERM,"kitty /bin/fish"''
"XDG_CURRENT_DESKTOP=Hyprland"
"XDG_SESSION_TYPE=wayland"
"XDG_SESSION_DESKTOP=Hyprland"
"HYPRCURSOR_THEME,${config.mods.stylix.cursor.name}"
"HYPRCURSOR_SIZE,${toString config.mods.stylix.cursor.size}"
"XCURSOR_THEME,${config.mods.stylix.cursor.name}"
"XCURSOR_SIZE,${toString config.mods.stylix.cursor.size}"
"QT_QPA_PLATFORM,wayland"
"QT_QPA_PLATFORMTHEME,qt5ct"
"QT_WAYLAND_FORCE_DPI,96"
"QT_AUTO_SCREEN_SCALE_FACTOR,0"
"QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
"QT_SCALE_FACTOR,1"
''EDITOR,"neovide --novsync --nofork"''
(lib.mkIf config.mods.hyprland.noAtomic "WLR_DRM_NO_ATOMIC,1")
"GTK_USE_PORTAL, 1"
(lib.mkIf config.mods.gpu.nvidia.enable "LIBVA_DRIVER_NAME,nvidia")
(lib.mkIf config.mods.gpu.nvidia.enable "XDG_SESSION_TYPE,wayland")
(lib.mkIf config.mods.gpu.nvidia.enable "GBM_BACKEND,nvidia-drm")
(lib.mkIf config.mods.gpu.nvidia.enable "__GLX_VENDOR_LIBRARY_NAME,nvidia")
];
layerrule = [
# layer rules
# mainly to disable animations within slurp and grim
"noanim, selection"
];
windowrule = [
# window rules
"float,class:^(.*)(OxiCalc)(.*)$"
"float,class:^(.*)(winecfg.exe)(.*)$"
"float,class:^(.*)(copyq)(.*)$"
"center,class:^(.*)(swappy)(.*)$"
"float,title:^(.*)(reset)(.*)$"
"workspace 10 silent,class:^(.*)(steam)(.*)$"
"workspace 9 silent,class:^(.*)(dota)(.*)$"
"workspace 9 silent,class:^(.*)(battlebits)(.*)$"
"workspace 9 silent,class:^(.*)(aoe)(.*)$"
"suppressevent fullscreen maximize,class:^(.*)(neovide)(.*)$"
"immediate,class:^(.*)(Pal)$"
"immediate,class:^(.*)(dota2)$"
"immediate,class:^(.*)(needforspeedheat.exe)$"
];
exec-once =
[
# environment
"systemctl --user import-environment"
"dbus-update-activation-environment --systemd --all"
"hyprctl setcursor Bibata-Modern-Classic 24"
# other programs
"hyprpaper"
"ironbar"
"${browserName}"
"oxipaste_daemon"
"oxinoti"
]
++ config.mods.hyprland.extraAutostart;
plugin =
lib.recursiveUpdate
{
hyprspace = lib.mkIf config.mods.hyprland.hyprspaceEnable {
bind = [
"SUPER, W, overview:toggle, toggle"
];
};
}
config.mods.hyprland.pluginConfig;
}
config.mods.hyprland.customConfig
)
else lib.mkForce config.mods.hyprland.customConfig; else lib.mkForce config.mods.hyprland.customConfig;
plugins = plugins =
[ [