need to finish up user setup with passwords and whatnot

2026-01-11 17:54:08 -05:00 · 2025-06-09 14:25:56 -04:00 · 2025-06-09 14:25:56 -04:00 · 15d77dc57c
commit 15d77dc57c
parent 2141de8cb1
16 changed files with 245 additions and 132 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747742835,
-        "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=",
+        "lastModified": 1749436314,
+        "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62",
+        "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a",
        "type": "github"
      },
      "original": {
@ -63,11 +63,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1749479111,
-        "narHash": "sha256-0cn4NGnYR3n0m8FPrt+pW817Cedi4vwOw3SgJaTcdcg=",
+        "lastModified": 1749483884,
+        "narHash": "sha256-HdyfdVx0NbgrVtLY4lXdX9X/YE3PZjGZFnSyoAy1GJc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "35e1f5a7c29f2b05e8f53177f6b5c71108c5f4c3",
+        "rev": "74d196c9943a67908d1883f61154e594d03863e5",
        "type": "github"
      },
      "original": {
@ -126,11 +126,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747521943,
-        "narHash": "sha256-GMAJcB8oB9cC+TbYTE7QDfw9fwHZyloxUWnUpHnQRko=",
+        "lastModified": 1749194393,
+        "narHash": "sha256-vt6hM9DNywnXXuW1qPDLzECmbDcmxhh58wpb0EEQjAo=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "b9b927dd1f24094b271e8ec5277a672dc4fc860d",
+        "rev": "19346808c445f23b08652971be198b9df6c33edc",
        "type": "github"
      },
      "original": {
@ -141,32 +141,32 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1747485343,
-        "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=",
+        "lastModified": 1749237914,
+        "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762",
+        "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-darwin": {
      "locked": {
-        "lastModified": 1747514354,
-        "narHash": "sha256-ohO4Uox8WzonwEtxNvr1SsDbvnZLilxrqco1u0bEWHU=",
+        "lastModified": 1749359652,
+        "narHash": "sha256-oCKsfYIw2FHXcznCRTyuhXP6qd8LQL11CKKDPxG3Evs=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a3552bafe05e3c2f24e6bc6482135837984f7073",
+        "rev": "5ac14523b6ae564923fb952ca3a0a88f4bfa0322",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixpkgs-24.11-darwin",
+        "ref": "nixpkgs-25.05-darwin",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -188,27 +188,27 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1747485343,
-        "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=",
+        "lastModified": 1749237914,
+        "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762",
+        "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1747542820,
-        "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
+        "lastModified": 1749285348,
+        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
+        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -79,11 +79,11 @@

  inputs = {
    # Official inputs
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
-    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";

-    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.11-darwin";
+    nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.05-darwin";
    nix-darwin = {
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs-darwin";
--- a/home/crow/bulwark.nix
+++ b/home/crow/bulwark.nix
@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    common/core
+  ];
+}
--- a/home/crow/common/core/default.nix
+++ b/home/crow/common/core/default.nix
@ -13,10 +13,14 @@ in {
  imports = lib.flatten [
    (map lib.custom.relativeToRoot [
      "modules/common/host-spec.nix"
-      "modules/home"
+      #"modules/home"
    ])
-    ./${platform.nix}
+    #./${platform.nix}
    ./xdg.nix
+    ./direnv.nix
+    ./firefox.nix
+    ./tmux.nix
+    ./git.nix
  ];

  inherit hostSpec;
--- a/home/crow/common/core/direnv.nix
+++ b/home/crow/common/core/direnv.nix
@ -0,0 +1,8 @@
+{
+  programs = {
+    direnv = {
+      enable = true;
+      nix-direnv.enable = true;
+    };
+  };
+}
--- a/home/crow/common/core/firefox.nix
+++ b/home/crow/common/core/firefox.nix
@ -0,0 +1,58 @@
+{
+  programs.firefox = {
+    enable = true;
+    policies = {
+      BlockAboutConfig = true;
+      DisableFirefoxStudies = true;
+      DisableFormHistory = true;
+      DisablePasswordReveal = true;
+      DisablePocket = true;
+      DisableProfileImport = true;
+      DontCheckDefaultBrowser = true;
+      EnableTrackingProtection = {
+        Value = true;
+        Locked = true;
+        Cryptomining = true;
+        Fingerprinting = true;
+      };
+      Homepage = {
+        URL = "https://home.wanderingcrow.net";
+        StartPage = "homepage";
+      };
+      OfferToSaveLogins = false;
+      PasswordManagerEnabled = false;
+      ExtensionSettings = {
+        "*".installation_mode = "blocked";
+        "*".blocked_install_message = "Please manage extensions through your NixOS config";
+        # Bitwarden
+        "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
+          installation_mode = "force_installed";
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/{446900e4-71c2-419f-a6a7-df9c091e268b}/latest.xpl";
+          default_area = "navbar";
+        };
+        "uBlock0@raymondhill.net" = {
+          installation_mode = "force_installed";
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/uBlock0@raymondhill.net/latest.xpl";
+          default_area = "menupanel";
+        };
+        # Vimium
+        "{d7742d87-e61d-4b78-b8a1-b469842139fa}" = {
+          installation_mode = "force_installed";
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/{d7742d87-e61d-4b78-b8a1-b469842139fa}/latest.xpl";
+          default_area = "menupanel";
+        };
+        # Cookie CURL Dumper
+        "{12cf650b-1822-40aa-bff0-996df6948878}" = {
+          installation_mode = "force_installed";
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/{12cf650b-1822-40aa-bff0-996df6948878}/latest.xpl";
+          default_area = "menupanel";
+        };
+        "sponsorBlocker@ajay.app" = {
+          installation_mode = "force_installed";
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorBlocker@ajay.app/latest.xpl";
+          default_area = "menupanel";
+        };
+      };
+    };
+  };
+}
--- a/home/crow/common/core/git.nix
+++ b/home/crow/common/core/git.nix
@ -0,0 +1,16 @@
+{
+  programs.git = {
+    enable = true;
+    userName = "TheWanderingCrow";
+    userEmail = "contact@wanderingcrow.net";
+    extraConfig = {
+      init = {
+        defaultBranch = "main";
+      };
+    };
+    lfs = {
+      enable = true;
+      skipSmudge = true;
+    };
+  };
+}
--- a/home/crow/common/core/tmux.nix
+++ b/home/crow/common/core/tmux.nix
@ -0,0 +1,17 @@
+{
+  programs.tmux = {
+    enable = true;
+    keyMode = "vi";
+    extraConfig = ''
+      bind | split-window -h
+      bind - split-window -v
+      unbind '"'
+      unbind %
+
+      bind -n M-Left select-pane -L
+      bind -n M-Right select-pane -R
+      bind -n M-Up select-pane -U
+      bind -n M-Down select-pane -D
+    '';
+  };
+}
--- a/home/crow/common/core/xdg.nix
+++ b/home/crow/common/core/xdg.nix
@ -6,19 +6,19 @@
 }: {
  home = {
    preferXdgDirectories = true;
-    xdg = {
-      enable = true;
-      userDirs = {
-        enable = true;
-        createDirectories = true;
-        desktop = "${config.home.homeDirectory}/.desktop";
-        documents = "${config.home.homeDirectory}/Documents";
-        download = "${config.home.homeDirectory}/Downloads";
-        music = "${config.home.homeDirectory}/media/audio";
-        pictures = "${config.home.homeDirectory}/media/images";
-        videos = "${config.home.homeDirectory}/media/video";
-      };
+  };

+  xdg = {
+    enable = true;
+    userDirs = {
+      enable = true;
+      createDirectories = true;
+      desktop = "${config.home.homeDirectory}/.desktop";
+      documents = "${config.home.homeDirectory}/Documents";
+      download = "${config.home.homeDirectory}/Downloads";
+      music = "${config.home.homeDirectory}/media/audio";
+      pictures = "${config.home.homeDirectory}/media/images";
+      videos = "${config.home.homeDirectory}/media/video";
      extraConfig = {
        XDG_PUBLICSHARE_DIR = "/var/empty";
        XDG_TEMPLATES_DIR = "/var/empty";
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -13,6 +13,8 @@
    else "nixos";
  platformModules = "${platform}Modules";
 in {
+  system.stateVersion = "24.05";
+
  imports = lib.flatten [
    inputs.home-manager.${platformModules}.home-manager
    inputs.sops-nix.${platformModules}.sops
@ -22,6 +24,9 @@ in {
      "hosts/common/core/shell.nix"
      "hosts/common/core/sops.nix"
      "hosts/common/core/ssh.nix"
+      "hosts/common/users/primary"
+      "hosts/common/users/primary/${platform}.nix"
+      "modules/common"
    ])
  ];

@ -43,7 +48,7 @@ in {
    };
  };

-  nix = {
+  nix.settings = {
    connect-timeout = 5;
    log-lines = 25;
    min-free = 128000000;
--- a/hosts/common/core/shell.nix
+++ b/hosts/common/core/shell.nix
@ -4,84 +4,82 @@
  pkgs,
  ...
 }: {
-  config = lib.mkIf config.software.usershell.enable {
-    programs.zsh = {
+  programs.zsh = {
+    enable = true;
+    autosuggestions = {
      enable = true;
-      autosuggestions = {
-        enable = true;
-        async = true;
-      };
-      syntaxHighlighting = {
-        enable = true;
-      };
-      shellAliases = {
-        lah = "ls -lah";
-        set-nixpkgs-upstream = "git remote add upstream https://github.com/NixOS/nixpkgs.git";
-        nup = "sudo nixos-rebuild switch --flake .";
-      };
+      async = true;
    };
-
-    programs.starship = let
-      raisin_black = "#262932";
-      blood_red = "#710000";
-      rich_lemon = "#FDF500";
-      keppel = "#1AC5B0";
-      electric_blue = "#36EBF3";
-      blushing_purple = "#9370DB";
-      frostbite = "#E455AE";
-      steel_pink = "#CB1DCD";
-      pale_silver = "#D1C5C0";
-    in {
+    syntaxHighlighting = {
      enable = true;
-      settings = {
-        format = "[ ](${rich_lemon})[ CrOS](bg:${rich_lemon} fg:${raisin_black})$username$hostname[ ](fg:${rich_lemon} bg:${blushing_purple})$directory[ ](fg:${blushing_purple} bg:${frostbite})$git_branch$git_status[ ](fg:${frostbite} bg:${steel_pink})$nix_shell[ ](${steel_pink})";
-        right_format = "[ ](${rich_lemon})$time[ ](${rich_lemon})";
+    };
+    shellAliases = {
+      lah = "ls -lah";
+      set-nixpkgs-upstream = "git remote add upstream https://github.com/NixOS/nixpkgs.git";
+      nup = "sudo nixos-rebuild switch --flake .";
+    };
+  };

-        # Left Modules
-        username = {
-          disabled = false;
-          format = "[  $user]($style)";
-          style_user = "fg:${keppel} bg:${rich_lemon}";
-          style_root = "fg:${blood_red} bg:${rich_lemon}";
-        };
-        hostname = {
-          disabled = false;
-          format = "[@$hostname ]($style)";
-          style = "fg:${keppel} bg:${rich_lemon}";
-          ssh_only = false;
-          ssh_symbol = "";
-        };
-        directory = {
-          disabled = false;
-          format = "[ $path ]($style)";
-          style = "bg:${blushing_purple} fg:${raisin_black}";
-          truncation_length = 3;
-          truncation_symbol = "…/";
-        };
-        git_branch = {
-          disabled = false;
-          format = "[ $symbol $branch ]($style)";
-          symbol = "";
-          style = "fg:${raisin_black} bg:${frostbite}";
-        };
-        git_status = {
-          disabled = false;
-          format = "[$all_status$ahead_behind]($style)";
-          style = "fg:${raisin_black} bg:${frostbite}";
-        };
-        nix_shell = {
-          disabled = false;
-          format = "[$symbol $name]($style)";
-          style = "bg:${steel_pink} fg:${electric_blue}";
-          symbol = "";
-        };
+  programs.starship = let
+    raisin_black = "#262932";
+    blood_red = "#710000";
+    rich_lemon = "#FDF500";
+    keppel = "#1AC5B0";
+    electric_blue = "#36EBF3";
+    blushing_purple = "#9370DB";
+    frostbite = "#E455AE";
+    steel_pink = "#CB1DCD";
+    pale_silver = "#D1C5C0";
+  in {
+    enable = true;
+    settings = {
+      format = "[ ](${rich_lemon})[ CrOS](bg:${rich_lemon} fg:${raisin_black})$username$hostname[ ](fg:${rich_lemon} bg:${blushing_purple})$directory[ ](fg:${blushing_purple} bg:${frostbite})$git_branch$git_status[ ](fg:${frostbite} bg:${steel_pink})$nix_shell[ ](${steel_pink})";
+      right_format = "[ ](${rich_lemon})$time[ ](${rich_lemon})";

-        # Right Modules
-        time = {
-          disabled = false;
-          format = "[$time]($style)";
-          style = "fg:${raisin_black} bg:${rich_lemon}";
-        };
+      # Left Modules
+      username = {
+        disabled = false;
+        format = "[  $user]($style)";
+        style_user = "fg:${keppel} bg:${rich_lemon}";
+        style_root = "fg:${blood_red} bg:${rich_lemon}";
+      };
+      hostname = {
+        disabled = false;
+        format = "[@$hostname ]($style)";
+        style = "fg:${keppel} bg:${rich_lemon}";
+        ssh_only = false;
+        ssh_symbol = "";
+      };
+      directory = {
+        disabled = false;
+        format = "[ $path ]($style)";
+        style = "bg:${blushing_purple} fg:${raisin_black}";
+        truncation_length = 3;
+        truncation_symbol = "…/";
+      };
+      git_branch = {
+        disabled = false;
+        format = "[ $symbol $branch ]($style)";
+        symbol = "";
+        style = "fg:${raisin_black} bg:${frostbite}";
+      };
+      git_status = {
+        disabled = false;
+        format = "[$all_status$ahead_behind]($style)";
+        style = "fg:${raisin_black} bg:${frostbite}";
+      };
+      nix_shell = {
+        disabled = false;
+        format = "[$symbol $name]($style)";
+        style = "bg:${steel_pink} fg:${electric_blue}";
+        symbol = "";
+      };
+
+      # Right Modules
+      time = {
+        disabled = false;
+        format = "[$time]($style)";
+        style = "fg:${raisin_black} bg:${rich_lemon}";
      };
    };
  };
--- a/hosts/common/users/primary/default.nix
+++ b/hosts/common/users/primary/default.nix
@ -14,22 +14,21 @@ in
      shell = pkgs.zsh;

      openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
-
-      # Create ssh sockets directory for controlpaths when homemanager not loaded (i.e. isMinimal)
-      systemd.tmpfiles.rules = let
-        user = config.users.users.${hostSpec.username}.name;
-        group = config.users.users.${hostSpec.username}.group;
-      in [
-        "d /home/${hostSpec.username}/.ssh 0750 ${user} ${group} -"
-        "d /home/${hostSpec.username}/.ssh/sockets 0750 ${user} ${group} -"
-      ];
-
-      programs.zsh.enable = true;
-      environment.systemPackages = [
-        pkgs.git
-        pkgs.vim
-      ];
    };
+    # Create ssh sockets directory for controlpaths when homemanager not loaded (i.e. isMinimal)
+    systemd.tmpfiles.rules = let
+      user = config.users.users.${hostSpec.username}.name;
+      group = config.users.users.${hostSpec.username}.group;
+    in [
+      "d /home/${hostSpec.username}/.ssh 0750 ${user} ${group} -"
+      "d /home/${hostSpec.username}/.ssh/sockets 0750 ${user} ${group} -"
+    ];
+
+    programs.zsh.enable = true;
+    environment.systemPackages = [
+      pkgs.git
+      pkgs.vim
+    ];
  }
  // lib.optionalAttrs (inputs ? "home-manager") {
    home-manager = {
--- a/hosts/common/users/primary/keys/default.nix
+++ b/hosts/common/users/primary/keys/default.nix
--- a/hosts/nixos/Bulwark/default.nix
+++ b/hosts/nixos/Bulwark/default.nix
@ -21,7 +21,6 @@
    }

    # Misc
-    # inputs.stylix.nixosModules.stylix

    (map lib.custom.relativeToRoot [
      # Required configs
@ -35,6 +34,8 @@
    hostName = "bulwark";
  };

+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
  networking = {
    networkmanager.enable = true;
    enableIPv6 = false;
--- a/hosts/nixos/Incarceron/default.nix
+++ b/hosts/nixos/Incarceron/default.nix
@ -18,7 +18,6 @@
    inputs.disko.nixosModules.disko

    # Misc
-    # inputs.stylix.nixosModules.stylix

    (map lib.custom.relativeToRoot [
      # Required configs
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -0,0 +1,3 @@
+{lib, ...}: {
+  imports = lib.custom.scanPaths ./.;
+}