bump

configuration.nix

@@ -20,7 +20,12 @@
     enable = true;
     device = "nodev";
     efiSupport = true;
-    theme = "/home/lgm/minegrub/minegrub-theme/minegrub/";
+    theme = "${pkgs.fetchFromGitHub {
+      owner = "catppuccin";
+      repo = "grub";
+      rev = "803c5df0e83aba61668777bb96d90ab8f6847106";
+      hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0=";
+    }}/src/catppuccin-macchiato-grub-theme/";
     efiInstallAsRemovable = false;
     # useOSProber = true;
     extraEntries =
@@ -64,13 +69,25 @@
 
   boot.kernel.sysctl."kernel.sysrq" = 244;
 
+  boot.plymouth = {
+    enable = true;
+    themePackages = [ (pkgs.catppuccin-plymouth.override { variant = "macchiato"; }) ];
+    theme = "catppuccin-macchiato";
+  };
+
+  boot.initrd.systemd.enable = true;
+
   # ==[SECURITY]==
   # LUKS options
+  # boot.initrd.luks.fido2Support = true;
   boot.initrd.luks.devices = with secrets.drive-ids.luks; {
     crypted = {
       inherit device;
       inherit header;
       preLVM = true;
+      crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ];
+      # fido2.credential = "";
+      # fido2.passwordLess = true;
     };
   };
 
@@ -131,6 +148,7 @@
   programs.gamemode.enable = true;
 
   # VirtualBox
+  virtualisation.docker.enable = true;
   virtualisation.virtualbox.host.enable = true;
   virtualisation.virtualbox.host.enableExtensionPack = true;
   users.extraGroups.vboxusers.members = [ "lgm" ];
@@ -175,9 +193,22 @@
 
   # Enable the Plasma 5 Desktop Environment.
   services.xserver.displayManager.sddm.enable = true;
+
+  # Didn't like, the theme is a bit buggy
+  # services.xserver.displayManager.sddm.theme = "${pkgs.fetchFromGitHub {
+  #     owner = "catppuccin";
+  #     repo = "sddm";
+  #     rev = "7fc67d1027cdb7f4d833c5d23a8c34a0029b0661";
+  #     hash = "sha256-SjYwyUvvx/ageqVH5MmYmHNRKNvvnF3DYMJ/f2/L+Go=";
+  #   }}/src/catppuccin-latte/";
+
   services.xserver.desktopManager.plasma5.enable = true;
   services.xserver.displayManager.defaultSession = "plasmawayland";
 
+  # programs.command-not-found.enable = false;
+  # programs.nix-index.enable = true;
+  
+
   # fish
   programs.fish = {
     enable = true;
@@ -228,13 +259,14 @@
   users.users.lgm = {
     isNormalUser = true;
     description = "lgm";
-    extraGroups = [ "networkmanager" "wheel" "adbusers"];
+    extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"];
     shell = pkgs.fish;
   };
 
   nixpkgs.config.allowUnfree = true;
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # nix.nixPath = []
 
   # OnlyKey
   hardware.onlykey.enable = true;
@@ -248,12 +280,15 @@
     curl
     python3
     # more stuff
+    gnome-network-displays
+    miraclecast
     parted
     exfatprogs
     gparted
     tmux
-    graalvm17-ce
+    # graalvm17-ce
     jetbrains.jdk
+    distrobox
 
     (let base = pkgs.appimageTools.defaultFhsEnvArgs; in
       pkgs.buildFHSUserEnv (base // {
@@ -277,17 +312,20 @@
   # programs.mtr.enable = true;
   programs.gnupg.agent = {
     enable = true;
-    enableSSHSupport = true;
+    # enableSSHSupport = true;
   };
+  programs.ssh.startAgent = true;
 
   # List services that you want to enable:
+  # services.peroxide.enable = true;
 
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;
 
   # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
+  networking.firewall.trustedInterfaces = [ "p2p-wl+" ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedTCPPorts = [ 5900 5905 7236 7250 ];
+  networking.firewall.allowedUDPPorts = [ 5900 5905 7236 5353 ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
 

flake.lock

@@ -7,27 +7,27 @@
         ]
       },
       "locked": {
-        "lastModified": 1693208669,
+        "lastModified": 1698250431,
-        "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=",
+        "narHash": "sha256-qs2gTeH4wpnWPO6Oi6sOhp2IhG0i0DzcnrJxIY3/CP8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c",
+        "rev": "09587fbbc6a669f7725613e044c2577dc5d43ab5",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "master",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1693377291,
+        "lastModified": 1698134075,
-        "narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=",
+        "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e7f38be3775bab9659575f192ece011c033655f0",
+        "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1693341273,
+        "lastModified": 1698288402,
-        "narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=",
+        "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1",
+        "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344",
         "type": "github"
       },
       "original": {
@@ -53,11 +53,28 @@
         "type": "github"
       }
     },
+    "nixpkgs-vesktop": {
+      "locked": {
+        "lastModified": 1698418864,
+        "narHash": "sha256-LAWBE8au4ajSPPksF9rr3ddYCMctzx1FA75r2TCGbXc=",
+        "owner": "pluiedev",
+        "repo": "nixpkgs",
+        "rev": "a659490545d4825fe27a1d32ec83f30258673731",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pluiedev",
+        "ref": "patch-1",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-stable": "nixpkgs-stable"
+        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-vesktop": "nixpkgs-vesktop"
       }
     }
   },

flake.nix

@@ -8,10 +8,16 @@
 
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
+    # nix-index-database.url = "github:nix-community/nix-index-database";
+    # nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
+    # nur = {
+    #   url = "github:nix-community/NUR";
+    # };
+    nixpkgs-vesktop.url = "github:pluiedev/nixpkgs/patch-1";
     # nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     # home-manager, used for managing user configuration
     home-manager = {
-      url = "github:nix-community/home-manager/release-23.05";
+      url = "github:nix-community/home-manager/master";
       # The `follows` keyword in inputs is used for inheritance.
       # Here, `inputs.nixpkgs` of home-manager is kept consistent with
       # the `inputs.nixpkgs` of the current flake,
@@ -23,6 +29,8 @@
   outputs = inputs@{
     nixpkgs,
     nixpkgs-stable,
+    # nix-index-database,
+    # nur,
     home-manager,
     ...
   }: {
@@ -36,7 +44,9 @@
         secrets = import ./secrets {};
       };
       modules = [
+        # nur.nixosModules.nur
         ./configuration.nix
+        # nix-index-database.nixosModules.nix-index
         ./mounts.nix
 
         # make home-manager as a module of nixos
@@ -50,6 +60,7 @@
 
           home-manager.extraSpecialArgs = with specialArgs; {
             inherit pkgs-stable;
+            inherit secrets;
           };
         }
       ];

home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, pkgs-stable, ... }:
+{ config, osConfig, secrets, pkgs, pkgs-stable, ... }:
 
 {
   home.username = "lgm";
@@ -8,9 +8,38 @@
 
   # Packages that should be installed to the user profile.
   home.packages = with pkgs; [
+    # my scripts
+    ((import ./scripts/rebuild.nix) {inherit pkgs;})
     wineWowPackages.waylandFull
+    openconnect
+    ani-cli
+    # file editing
+    onlyoffice-bin
+    # theming
+    libsForQt5.qtstyleplugin-kvantum
+    # osConfig.nur.repos.baduhai.koi
+    (catppuccin-gtk.override {
+      variant = "latte";
+      accents = [ "yellow" ];
+    })
+    (catppuccin-kde.override {
+      flavour = [ "macchiato" "latte" ];
+      accents = [ "yellow" ];
+    })
+    (catppuccin-kvantum.override {
+      variant = "Latte";
+      accent = "Yellow";
+    })
+    (catppuccin-kvantum.override {
+      variant = "Macchiato";
+      accent = "Yellow";
+    })
+
+
     # web
     firefox
+    protonvpn-gui
+    protonvpn-cli
     # security
     keepassxc
     onlykey
@@ -40,6 +69,8 @@
     # games
     prismlauncher
     xonotic
+    superTux
+    superTuxKart
     lutris
     # dev
     jetbrains.idea-community
@@ -54,6 +85,7 @@
 #     p7zip
 
     # utils
+    git-crypt
     appimage-run
     kate
     ncdu
@@ -63,7 +95,7 @@
 
     ripgrep # recursively searches directories for a regex pattern
     jq # A lightweight and flexible command-line JSON processor
-    exa # A modern replacement for ‘ls’
+    eza
 
     # networking tools
     dnsutils  # `dig` + `nslookup`
@@ -75,7 +107,6 @@
     # etc
     vlc
     qbittorrent
-    libsForQt5.qtstyleplugin-kvantum
     # misc
     cowsay
 #     file
@@ -112,6 +143,18 @@
     monero-gui
   ];
 
+  # Email stuff
+
+  programs.thunderbird = {
+    enable = true;
+    package = pkgs.thunderbird;
+    profiles = secrets.email-stuff.thunderbirdProfiles;
+  };
+
+  accounts.email.accounts = secrets.email-stuff.emailAccounts;
+
+  # ---------
+
   services.nextcloud-client = {
     enable = true;
   };
@@ -132,12 +175,6 @@
     };
   };
 
-  programs.thunderbird = {
-    enable = true;
-    package = pkgs.thunderbird;
-    profiles.lgmrszd.isDefault = true;
-  };
-
   programs.pazi = {
     enable = true;
     enableFishIntegration = true;

scripts/rebuild.nix

@@ -0,0 +1,58 @@
+{ pkgs }:
+
+pkgs.writeShellScriptBin "my-rebuild" ''
+BOOT=/boot
+ATTEMPTS=5
+is_mounted(){
+  ${pkgs.util-linux}/bin/findmnt --mountpoint $BOOT
+  return $?
+}
+
+mount_boot(){
+  echo "mounting $BOOT..."
+  mount $BOOT 2> /dev/null
+  return $?
+}
+
+umount_boot(){
+  echo "umounting $BOOT..."
+  umount $BOOT
+  return $?
+}
+
+try_mount(){
+  attempt=0
+
+  while [[ attempt -ne 5 ]]
+  do
+    mount_boot
+    res1=$?
+    is_mounted
+    res2=$?
+    if [[ $res1 -eq 0 && $res2 -eq 0 ]]; then
+      echo "Mounted $BOOT!"
+      return 0
+    fi
+    echo "Failed to mount $BOOT, waiting..."
+    attempt=$(($attempt+1))
+    sleep 2
+  done
+  return 1
+}
+
+if [[ $EUID -ne 0 ]]; then
+  echo "Must be a superuser!"
+  exit 1
+fi
+
+try_mount
+if [[ $? -ne 0 ]]; then
+  echo "Failed to mount $BOOT!"
+  exit 1
+fi
+echo "Rebuilding..."
+nixos-rebuild $@
+sleep 2
+echo "Done rebuild!"
+umount_boot
+''

secrets/default.nix

@@ -1,4 +1,5 @@
 { ... }:
 {
   drive-ids = import ./drive-ids.nix;
+  email-stuff = import ./email-stuff.nix;
 }