diff --git a/modules/actual.nix b/modules/actual.nix index a805513..6421f60 100644 --- a/modules/actual.nix +++ b/modules/actual.nix @@ -6,79 +6,149 @@ }: let inherit (lib) - types + getExe mkEnableOption - mkPackageOption + mkIf mkOption + mkPackageOption + types ; cfg = config.services.actual; configFile = formatType.generate "config.json" cfg.settings; + dataDir = "/var/lib/actual"; formatType = pkgs.formats.json { }; in { options.services.actual = { enable = mkEnableOption "actual, a privacy focused app for managing your finances"; - package = mkPackageOption pkgs "actual" { }; + package = mkPackageOption pkgs "actual-server" { }; + + user = mkOption { + type = types.str; + default = "actual"; + description = '' + User to run actual as. + + ::: {.note} + If left as the default value this user will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the user exists. + ::: + ''; + }; + + group = mkOption { + type = types.str; + default = "actual"; + description = '' + Group under which to run. + + ::: {.note} + If left as the default value this group will automatically be created + on system activation, otherwise the sysadmin is responsible for + ensuring the user exists. + ::: + ''; + }; + + openFirewall = mkOption { + default = false; + type = types.bool; + description = "Whether to open the firewall for the specified port."; + }; + settings = mkOption { default = { }; + description = "Server settings, refer to (the documentation)[https://actualbudget.org/docs/config/] for available options."; type = types.submodule { freeformType = formatType.type; + + options = { + hostname = mkOption { + type = types.str; + description = "The address to listen on"; + default = "::"; + }; + + port = mkOption { + type = types.port; + description = "The port to listen on"; + default = 3000; + }; + }; + config = { - serverFiles = "/var/lib/actual/server-files"; - userFiles = "/var/lib/actual/user-files"; - dataDir = "/var/lib/actual"; + serverFiles = "${dataDir}/server-files"; + userFiles = "${dataDir}/user-files"; + inherit dataDir; }; }; }; }; - config.systemd.services.actual = { - after = [ "network.target" ]; - environment.ACTUAL_CONFIG_PATH = configFile; - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/ln -sf ${cfg.package}/migrations /var/lib/actual/"; - ExecStart = lib.getExe cfg.package; - User = "actual"; - Group = "actual"; - DynamicUser = true; - StateDirectory = "actual"; - WorkingDirectory = "/var/lib/actual"; - LimitNOFILE = "1048576"; - PrivateTmp = true; - PrivateDevices = true; - StateDirectoryMode = "0700"; - Restart = "always"; - # Hardening - CapabilityBoundingSet = ""; - LockPersonality = true; - #MemoryDenyWriteExecute = true; # Leads to coredump because V8 does JIT - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProcSubset = "pid"; - ProtectSystem = "strict"; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_NETLINK" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "@pkey" - ]; - UMask = "0077"; + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.port ]; + + users.groups = mkIf (cfg.group == "actual") { + ${cfg.group} = { }; + }; + + users.users = mkIf (cfg.user == "actual") { + ${cfg.user} = { + isSystemUser = true; + inherit (cfg) group; + home = dataDir; + }; + }; + + systemd.services.actual = { + description = "Actual server, a local-first personal finance app"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment.ACTUAL_CONFIG_PATH = configFile; + serviceConfig = { + ExecStart = getExe cfg.package; + User = cfg.user; + Group = cfg.group; + StateDirectory = "actual"; + WorkingDirectory = dataDir; + LimitNOFILE = "1048576"; + PrivateTmp = true; + PrivateDevices = true; + StateDirectoryMode = "0700"; + Restart = "always"; + + # Hardening + CapabilityBoundingSet = ""; + LockPersonality = true; + #MemoryDenyWriteExecute = true; # Leads to coredump because V8 does JIT + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectSystem = "strict"; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "@pkey" + ]; + UMask = "0077"; + }; }; - wantedBy = [ "multi-user.target" ]; }; } diff --git a/users/common/graphical/wayland/hyprland.nix b/users/common/graphical/wayland/hyprland.nix index 5110b30..16e44ea 100644 --- a/users/common/graphical/wayland/hyprland.nix +++ b/users/common/graphical/wayland/hyprland.nix @@ -1,6 +1,18 @@ -{ pkgs, lib, nixosConfig, ... }: +{ + pkgs, + lib, + nixosConfig, + ... +}: let - inherit (lib) mkMerge optionals elem mkIf flip concatMap; + inherit (lib) + mkMerge + optionals + elem + mkIf + flip + concatMap + ; #from https://github.com/hyprwm/Hyprland/issues/3835 float_script = pkgs.writeShellScript "hyprland-bitwarden-float" '' handle() { @@ -34,7 +46,8 @@ let # Listen to the Hyprland socket for events and process each line with the handle function ${pkgs.socat}/bin/socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done ''; -in { +in +{ wayland.windowManager.hyprland = { enable = true; settings = mkMerge [ @@ -53,100 +66,110 @@ in { touchpad = { natural_scroll = true; disable_while_typing = true; - clickfinger_behavior = true; scroll_factor = 0.7; }; }; - gestures = { workspace_swipe = true; }; + gestures = { + workspace_swipe = true; + }; general = { gaps_in = 0; gaps_out = 0; allow_tearing = true; }; + render = { + explicit_sync = 0; + direct_scanout = false; + }; binds = { focus_preferred_method = 1; workspace_center_on = 1; }; - bind = let - monitor_binds = { - "1" = "j"; - "2" = "d"; - "3" = "u"; - "4" = "a"; - "5" = "x"; - "6" = "F1"; - "7" = "F2"; - "8" = "F3"; - "9" = "F4"; - }; - in [ - "SUPER,q,killactive," - "SUPER,return,fullscreen," - "SUPER,f,togglefloating" - "SUPER,g,togglegroup" - "SUPER,tab,cyclenext," - "ALT,tab,cyclenext," - "SUPER+CTRL,r,submap,resize" + bind = + let + monitor_binds = { + "1" = "j"; + "2" = "d"; + "3" = "u"; + "4" = "a"; + "5" = "x"; + "6" = "F1"; + "7" = "F2"; + "8" = "F3"; + "9" = "F4"; + }; + in + [ + "SUPER,q,killactive," + "SUPER,return,fullscreen," + "SUPER + SHIFT,return,fullscreenstate,2,0," + "SUPER,f,togglefloating" + "SUPER,g,togglegroup" + "SUPER,tab,cyclenext," + "ALT,tab,cyclenext," + "SUPER+CTRL,r,submap,resize" - "SUPER,left,movefocus,l" - "SUPER,right,movefocus,r" - "SUPER,up,movefocus,u" - "SUPER,down,movefocus,d" + "SUPER,left,movefocus,l" + "SUPER,right,movefocus,r" + "SUPER,up,movefocus,u" + "SUPER,down,movefocus,d" - "SUPER,n,movefocus,l" - "SUPER,s,movefocus,r" - "SUPER,l,movefocus,u" - "SUPER,r,movefocus,d" + "SUPER,n,movefocus,l" + "SUPER,s,movefocus,r" + "SUPER,l,movefocus,u" + "SUPER,r,movefocus,d" - "SUPER,h,changegroupactive,b" - "SUPER,m,changegroupactive,f" + "SUPER,h,changegroupactive,b" + "SUPER,m,changegroupactive,f" - "SUPER + SHIFT,left,movewindoworgroup,l" - "SUPER + SHIFT,right,movewindoworgroup,r" - "SUPER + SHIFT,up,movewindoworgroup,u" - "SUPER + SHIFT,down,movewindoworgroup,d" + "SUPER + SHIFT,left,movewindoworgroup,l" + "SUPER + SHIFT,right,movewindoworgroup,r" + "SUPER + SHIFT,up,movewindoworgroup,u" + "SUPER + SHIFT,down,movewindoworgroup,d" - "SUPER + SHIFT,n,movewindoworgroup,l" - "SUPER + SHIFT,s,movewindoworgroup,r" - "SUPER + SHIFT,l,movewindoworgroup,u" - "SUPER + SHIFT,r,movewindoworgroup,d" + "SUPER + SHIFT,n,movewindoworgroup,l" + "SUPER + SHIFT,s,movewindoworgroup,r" + "SUPER + SHIFT,l,movewindoworgroup,u" + "SUPER + SHIFT,r,movewindoworgroup,d" - "SUPER,comma,workspace,-1" - "SUPER,period,workspace,+1" - "SUPER + SHIFT,comma,movetoworkspace,-1" - "SUPER + SHIFT,period,movetoworkspace,+1" + "SUPER,comma,workspace,-1" + "SUPER,period,workspace,+1" + "SUPER + SHIFT,comma,movetoworkspace,-1" + "SUPER + SHIFT,period,movetoworkspace,+1" - "SUPER,b,exec,firefox" - "SUPER,t,exec,kitty" - ",Menu,exec,fuzzel" - "SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}" + "SUPER,b,exec,firefox" + "SUPER,t,exec,kitty" + ",Menu,exec,fuzzel" + "SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}" - "CTRL,F7,pass,class:^(discord)$" - "CTRL,F8,pass,class:^(discord)$" - "CTRL,F7,pass,class:^(TeamSpeak 3)$" - "CTRL,F8,pass,class:^(TeamSpeak 3)$" - "CTRL,F9,exec,systemctl --user start swww-update-wallpaper" + "CTRL,F7,pass,class:^(discord)$" + "CTRL,F8,pass,class:^(discord)$" + "CTRL,F7,pass,class:^(TeamSpeak 3)$" + "CTRL,F8,pass,class:^(TeamSpeak 3)$" + "CTRL,F9,exec,systemctl --user start swww-update-wallpaper" - "SUPER + SHIFT,q,exit" - ] ++ flip concatMap (map toString (lib.lists.range 1 9)) (x: [ - "SUPER,${monitor_binds."${x}"},workspace,${x}" - "SUPER + SHIFT,${monitor_binds."${x}"},movetoworkspacesilent,${x}" - ]); + "SUPER + SHIFT,q,exit" + ] + ++ flip concatMap (map toString (lib.lists.range 1 9)) (x: [ + "SUPER,${monitor_binds."${x}"},workspace,${x}" + "SUPER + SHIFT,${monitor_binds."${x}"},movetoworkspacesilent,${x}" + ]); cursor.no_warps = true; debug.disable_logs = false; - env = [ - "NIXOS_OZONE_WL,1" - "MOZ_ENABLE_WAYLAND,1" - "_JAVA_AWT_WM_NONREPARENTING,1" - "QT_WAYLAND_DISABLE_WINDOWDECORATION,1" - "QT_QPA_PLATFORM,wayland" - "GDK_BACKEND,wayland" - "WLR_DRM_NO_ATOMIC,1" # retest on newest nvidia driver - "XDG_SESSION_TYPE,wayland" - ] ++ optionals - (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [ + env = + [ + "NIXOS_OZONE_WL,1" + "MOZ_ENABLE_WAYLAND,1" + "_JAVA_AWT_WM_NONREPARENTING,1" + "QT_WAYLAND_DISABLE_WINDOWDECORATION,1" + "QT_QPA_PLATFORM,wayland" + "GDK_BACKEND,wayland" + "WLR_DRM_NO_ATOMIC,1" # retest on newest nvidia driver + "XDG_SESSION_TYPE,wayland" + ] + ++ optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [ # See https://wiki.hyprland.org/Nvidia/ "LIBVA_DRIVER_NAME,nvidia" "GBM_BACKEND,nvidia-drm" @@ -191,6 +214,7 @@ in { #baldur "immediate, class:^(steam_app_1086940)$" "float, class:^(steam)$, title:^(Friends List)" + "float, class:^(steam)$, title:(Chat)" "workspace 2,class:^(firefox)$" "workspace 3,class:^(thunderbird)$" "workspace 4,class:^(bottles)$" @@ -205,9 +229,9 @@ in { } (mkIf (nixosConfig.node.name == "desktopnix") { monitor = [ - "DVI-D-1,preferred,0x-1080,1" - "HDMI-A-1,preferred,0x0,1" - "DP-3,2560x1440@144.00Hz,1920x-540,1" + "DVI-D-1,preferred,0x0,1" + "HDMI-A-1,preferred,0x1080,1" + "DP-3,2560x1440@144.00Hz,1920x540,1" # Thank you NVIDIA for this generous, free-of-charge, extra monitor that # doesn't exist and crashes yoru session sometimes when moving a window to it. "Unknown-1, disable" @@ -223,7 +247,7 @@ in { "8, monitor:HDMI-A-1, default: true" "9, monitor:HDMI-A-1" ]; - env = [ "HYPRLAND_FLOAT_LOCATION,3800 -400" ]; + env = [ "HYPRLAND_FLOAT_LOCATION,3800 680" ]; }) (mkIf (nixosConfig.node.name == "patricknix") { monitor = [ diff --git a/users/common/programs/nvim/nixvim/plugins.nix b/users/common/programs/nvim/nixvim/plugins.nix index 037e2bb..c0cfbc3 100644 --- a/users/common/programs/nvim/nixvim/plugins.nix +++ b/users/common/programs/nvim/nixvim/plugins.nix @@ -6,46 +6,49 @@ ./plugins/neo-tree.nix ]; programs.nixvim.plugins = { + web-devicons.enable = true; lualine = { enable = true; - extensions = [ - "fzf" - "nvim-dap-ui" - "symbols-outline" - "trouble" - "neo-tree" - "quickfix" - "fugitive" - ]; - componentSeparators.left = ""; - componentSeparators.right = ""; - sectionSeparators.left = ""; - sectionSeparators.right = ""; - sections = { - lualine_a = [ "mode" ]; - lualine_b = [ - "branch" - "filename" + settings = { + extensions = [ + "fzf" + "nvim-dap-ui" + "symbols-outline" + "trouble" + "neo-tree" + "quickfix" + "fugitive" ]; - lualine_c = [ - "diff" - "diagnostics" - ]; - lualine_x = [ - "encoding" - "fileformat" - "filetype" - ]; - lualine_y = [ "progress" ]; - lualine_z = [ "location" ]; - }; - inactiveSections = { - lualine_a = [ "filename" ]; - lualine_b = [ ]; - lualine_c = [ "diagnostics" ]; - lualine_x = [ ]; - lualine_y = [ ]; - lualine_z = [ "location" ]; + component_separators.left = ""; + component_separators.right = ""; + section_separators.left = ""; + section_separators.right = ""; + sections = { + lualine_a = [ "mode" ]; + lualine_b = [ + "branch" + "filename" + ]; + lualine_c = [ + "diff" + "diagnostics" + ]; + lualine_x = [ + "encoding" + "fileformat" + "filetype" + ]; + lualine_y = [ "progress" ]; + lualine_z = [ "location" ]; + }; + inactiveSections = { + lualine_a = [ "filename" ]; + lualine_b = [ ]; + lualine_c = [ "diagnostics" ]; + lualine_x = [ ]; + lualine_y = [ ]; + lualine_z = [ "location" ]; + }; }; }; fugitive.enable = true; @@ -54,7 +57,7 @@ rainbow-delimiters.enable = true; rustaceanvim = { enable = true; - settings.server.settings.files.excludeDirs = [ ".direnv" ]; + settings.server.default_settings.files.excludeDirs = [ ".direnv" ]; }; indent-blankline = { enable = true; @@ -76,7 +79,7 @@ diffview.enable = true; treesitter = { enable = true; - indent = true; + settings.indent.enable = true; nixvimInjections = true; }; #treesitter-context.enable = true; diff --git a/users/common/programs/nvim/nixvim/plugins/cmp.nix b/users/common/programs/nvim/nixvim/plugins/cmp.nix index 315d497..d9b651f 100644 --- a/users/common/programs/nvim/nixvim/plugins/cmp.nix +++ b/users/common/programs/nvim/nixvim/plugins/cmp.nix @@ -2,7 +2,7 @@ programs.nixvim.plugins = { luasnip = { enable = true; - extraConfig = { + settings = { history = true; # Update dynamic snippets while typing updateevents = "TextChanged,TextChangedI"; diff --git a/users/common/programs/nvim/nixvim/plugins/lsp.nix b/users/common/programs/nvim/nixvim/plugins/lsp.nix index f1644dd..47e515b 100644 --- a/users/common/programs/nvim/nixvim/plugins/lsp.nix +++ b/users/common/programs/nvim/nixvim/plugins/lsp.nix @@ -49,8 +49,8 @@ pyright.enable = true; texlab.enable = true; ocamllsp.enable = true; - java-language-server.enable = true; - nil-ls = { + java_language_server.enable = true; + nil_ls = { enable = true; settings = { formatting.command = [ diff --git a/users/patrick/impermanence.nix b/users/patrick/impermanence.nix index ab429e5..27ed936 100644 --- a/users/patrick/impermanence.nix +++ b/users/patrick/impermanence.nix @@ -22,6 +22,8 @@ ".config/google-chrome" ".cache/google-chrome" + ".config/Mullvad VPN" + # For nextcloud client install "Nextcloud" ".config/Nextcloud" diff --git a/users/patrick/patrick.nix b/users/patrick/patrick.nix index 443e5ef..f9ef700 100644 --- a/users/patrick/patrick.nix +++ b/users/patrick/patrick.nix @@ -32,6 +32,8 @@ yt-dlp + hyperfine + figlet cowsay cmatrix