1 files changed, 38 insertions, 114 deletions

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 6b710f2b..6214569a 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -12,7 +12,7 @@ let
 in {
   imports = with flake.nixosModules.systemProfiles; [
     ./hw.nix
-    ./mail ./libvirt
+    ./email ./libvirt ./greetd
     tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
     flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
     flakeInputs.impermanence.nixosModules.impermanence
@@ -26,9 +26,6 @@ in {
         allowUnfree = true;
         pulseaudio = true;
       };
-      extraOverlays = [
-        flakeInputs.niri-flake.overlays.niri
-      ];
     };
 
     time.timeZone = null;
@@ -55,6 +52,7 @@ in {
         systemd-boot = {
           enable = true;
           configurationLimit = 15;
+          netbootxyz.enable = true;
         };
         efi.canTouchEfiVariables = true;
         timeout = null;
@@ -128,40 +126,16 @@ in {
         rulesetFile = ./ruleset.nft;
       };
 
-      # firewall = {
-      #   enable = true;
-      #   allowedTCPPorts = [ 22 # ssh
-      #                       8000 # quickserve
-      #                     ];
-      # };
-
-      # wlanInterfaces = {
-      #   wlan0 = {
-      #     device = "wlp82s0";
-      #   };
-      # };
-
-      # bonds = {
-      #   "lan" = {
-      #     interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
-      #     driverOptions = {
-      #       miimon = "1000";
-      #       mode = "active-backup";
-      #       primary_reselect = "always";
-      #     };
-      #   };
-      # };
-
       useDHCP = false;
       useNetworkd = true;
-
-      # interfaces."tinc.yggdrasil" = {
-      #   virtual = true;
-      #   virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
-      #   macAddress = "5c:93:21:c3:61:39";
-      # };
     };
 
+    environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = {
+      text = ''
+        conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf
+        dnssec
+      '';
+    };
     environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
       text = ''
         except-interface=virbr0
@@ -404,19 +378,6 @@ in {
     ];
 
     services = {
-      uucp = {
-        enable = true;
-        nodeName = "sif";
-        remoteNodes = {
-          "ymir" = {
-            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
-            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
-          };
-        };
-
-        defaultCommands = lib.mkForce [];
-      };
-
       avahi.enable = true;
 
       fwupd.enable = true;
@@ -435,8 +396,8 @@ in {
 
       logind = {
         lidSwitch = "suspend";
-        lidSwitchDocked = "lock";
-        lidSwitchExternalPower = "lock";
+        lidSwitchDocked = "ignore";
+        lidSwitchExternalPower = "ignore";
       };
 
       atd = {
@@ -471,47 +432,18 @@ in {
       };
       libinput.enable = true;
 
-      greetd = {
-        enable = true;
-      #   settings.default_session.command = let
-      #     cfg = config.programs.regreet;
-      #   in pkgs.writeShellScript "greeter" ''
-      #       modprobe -r nvidia_drm
+      envfs.enable = false;
 
-      #       exec ${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} ${lib.escapeShellArgs cfg.cageArgs} -- ${lib.getExe cfg.package}
-      #     '';
-      };
-    };
-
-    programs.regreet = {
-      enable = true;
-      theme = {
-        package = pkgs.equilux-theme;
-        name = "Equilux-compact";
-      };
-      iconTheme = {
-        package = pkgs.paper-icon-theme;
-        name = "Paper-Mono-Dark";
-      };
-      font = {
-        package = pkgs.fira;
-        name = "Fira Sans";
-        # size = 6;
-      };
-      cageArgs = [ "-s" "-m" "last" ];
-      settings = {
-        GTK.application_prefer_dark_theme = true;
-      };
+      displayManager.defaultSession = "Niri";
     };
-    programs.niri.enable = true;
 
     systemd.tmpfiles.settings = {
       "10-localtime"."/etc/localtime".L.argument = "/.bcachefs/etc/localtime";
 
-      "10-regreet"."/var/cache/regreet/cache.toml".C.argument = toString ((pkgs.formats.toml {}).generate "cache.toml" {
-        last_user = "gkleen";
-        user_to_last_sess.gkleen = "Niri";
-      });
+      # "10-regreet"."/var/cache/regreet/cache.toml".C.argument = toString ((pkgs.formats.toml {}).generate "cache.toml" {
+      #   last_user = "gkleen";
+      #   user_to_last_sess.gkleen = "Niri";
+      # });
     };
 
     users = {
@@ -620,15 +552,15 @@ in {
       };
 
       nvidia = {
-        open = true;
+        open = false;
         modesetting.enable = true;
-        powerManagement.enable = false;
-        prime = {
-          nvidiaBusId = "PCI:1:0:0";
-          intelBusId = "PCI:0:2:0";
-          reverseSync.enable = true;
-          offload.enableOffloadCmd = true;
-        };
+        powerManagement.enable = true;
+        # prime = {
+        #   nvidiaBusId = "PCI:1:0:0";
+        #   intelBusId = "PCI:0:2:0";
+        #   reverseSync.enable = true;
+        #   offload.enableOffloadCmd = true;
+        # };
       };
 
       graphics = {
@@ -671,25 +603,6 @@ in {
 
     environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
 
-    systemd.services."ac-plugged" = {
-      description = "Inhibit handling of lid-switch and sleep";
-
-      path = with pkgs; [ systemd coreutils ];
-
-      script = ''
-        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
-      '';
-
-      serviceConfig = {
-        Type = "simple";
-      };
-    };
-
-    services.udev.extraRules = with pkgs; lib.mkAfter ''
-      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
-      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
-    '';
-
     systemd.services."nix-daemon".serviceConfig = {
       MemoryAccounting = true;
       MemoryHigh = "50%";
@@ -702,6 +615,7 @@ in {
 
     services.dbus.packages = with pkgs;
       [ dbus dconf
+        xdg-desktop-portal-gtk
       ];
 
     services.udisks2.enable = true;
@@ -710,6 +624,8 @@ in {
       light.enable = true;
       wireshark.enable = true;
       dconf.enable = true;
+      niri.enable = true;
+      fuse.userAllowOther = true;
     };
 
     services.pcscd.enable = true;
@@ -729,6 +645,16 @@ in {
     environment.sessionVariables."GTK_USE_PORTAL" = "1";
     xdg.portal = {
       enable = true;
+      extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
+      config.niri = {
+        default = ["gnome" "gtk"];
+        "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
+        "org.freedesktop.impl.portal.OpenFile" = ["gtk"];
+        "org.freedesktop.impl.portal.Access" = ["gtk"];
+        "org.freedesktop.impl.portal.Notification" = ["gtk"];
+        "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
+        "org.freedesktop.impl.portal.Inhibit" = ["none"];
+      };
     };
 
     environment.persistence."/.bcachefs" = {
@@ -736,19 +662,17 @@ in {
       directories = [
         "/nix"
         "/root"
+        "/home"
         "/var/log"
         "/var/lib/sops-nix"
         "/var/lib/nixos"
         "/var/lib/systemd"
-        "/home"
         "/var/lib/chrony"
         "/var/lib/fprint"
         "/var/lib/bluetooth"
         "/var/lib/upower"
         "/var/lib/postfix"
         "/etc/NetworkManager/system-connections"
-        { directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; }
-        { directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; }
       ];
       files = [
       ];