chore(home-manager/gpg-agent): template agent configuration from upstream dotfiles

2024-12-03 20:22:55 +01:00
15 changed files with 36 additions and 228 deletions
--- a/flake.lock
+++ b/flake.lock
@ -5,79 +5,48 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1749154018,
-        "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
+        "lastModified": 1732466619,
+        "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
+        "rev": "f3111f62a23451114433888902a55cf0692b408d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-24.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
-    "nixos-hardware": {
-      "locked": {
-        "lastModified": 1750431636,
-        "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=",
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixos-hardware",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1749024892,
-        "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
+        "lastModified": 1731755305,
+        "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
+        "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1751271578,
-        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1750259320,
-        "narHash": "sha256-H8J4H2XCIMEJ5g6fZ179QfQvsc2dUqhqfBjC8RAHNRY=",
+        "lastModified": 1732350895,
+        "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9ba04bda9249d5d5e5238303c9755de5a49a79c5",
+        "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -85,9 +54,7 @@
    "root": {
      "inputs": {
        "home-manager": "home-manager",
-        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "nixpkgs": "nixpkgs_2"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,12 +1,10 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
-    home-manager.url = "github:nix-community/home-manager/release-25.05";
-    nixos-hardware.url = "github:NixOS/nixos-hardware";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
  };

-  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }: {
+  outputs = inputs @ { self, nixpkgs, ... }: {
    nixosConfigurations.affogato = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
@ -14,10 +12,5 @@
      ];
      specialArgs = { inherit inputs; };
    };
-    nixosConfigurations.nixos-unstable = nixpkgs-unstable.lib.nixosSystem {
-      modules = [
-        ./hosts/nixos-unstable
-      ];
-    };
  };
 }
--- a/hosts/affogato/default.nix
+++ b/hosts/affogato/default.nix
@ -1,6 +1,5 @@
-{ inputs, pkgs, ... }: {
+{ pkgs, ... }: {
  imports = [
-    inputs.nixos-hardware.nixosModules.chuwi-minibook-x
    ./hardware-configuration.nix
    ./n100.nix
    ../../profiles/base
@ -11,19 +10,16 @@
    ../../users/leona
  ];

-  # add nixpkgs overlay
-  nixpkgs.overlays = [
-    (import ../../pkgs)
-  ];
-
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

-  boot.kernelPackages = pkgs.linuxPackages_6_13;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  #boot.kernelPackages = pkgs.linuxPackages_6_6;
  boot.kernelParams = [
+    "fbcon=rotate:1"
   # disable panel self refresh for i915
-   #"i915.enable_psr=0"
+   "i915.enable_psr=0"
   # set max cstate to 2 (suspend?)
   # "intel_idle.max_cstate=2"
    "nvme.noacpi=1"
@ -39,26 +35,18 @@
      "cloud.finallycoffee.eu"
    ];
  };
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [ 8883 ];
-    allowedUDPPorts = [ 2021 ];
-  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Network
  networking.networkmanager.enable = true;
-  networking.networkmanager.unmanaged = [ "p2p-dev-wlp0s20f3" ];
  systemd.services.ModemManager.enable = true;
-  systemd.services.NetworkManager-wait-online.enable = false;
  services.printing.enable = true;

  services.avahi.enable = true;
  services.tailscale.enable = true;
  services.blueman.enable = true;
-  services.power-profiles-daemon.enable = true;

  # TODO: delete this later
  system.stateVersion = "23.05"; # Did you read the comment?
--- a/hosts/affogato/hardware-configuration.nix
+++ b/hosts/affogato/hardware-configuration.nix
@ -36,6 +36,7 @@
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s20f0u1u3.useDHCP = lib.mkDefault true;

+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  hardware.bluetooth.enable = true;
--- a/hosts/nixos-unstable/configuration.nix
+++ b/hosts/nixos-unstable/configuration.nix
@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # Use latest kernel.
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  networking.hostName = "nixos-unstable"; # Define your hostname.
-
-  # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkb.options in tty.
-  # };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.mutableUsers = false;
-  users.users.root.hashedPassword = "$y$j9T$i4Yx7PqpLH9bPaNb4SVLm/$dv2gVHCHiRZv.Y00rbNx4QeIExunnfHp57WEnh8qLF1";
-  users.users.alice = {
-    isNormalUser = true;
-    hashedPassword = "";
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
-      tree
-    ];
-  };
-
-  environment.systemPackages = with pkgs; [
-  ];
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  system.stateVersion = "25.05"; # Did you read the comment?
-
-}
--- a/hosts/nixos-unstable/default.nix
+++ b/hosts/nixos-unstable/default.nix
@ -1,7 +0,0 @@
-{ inputs, pkgs, ...}: {
-  imports = [
-    ./hardware-configuration.nix
-    ./configuration.nix
-    ../../profiles/base
-  ];
-}
--- a/hosts/nixos-unstable/hardware-configuration.nix
+++ b/hosts/nixos-unstable/hardware-configuration.nix
@ -1,35 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.initrd.systemd.enable = true;
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/d696e6e0-64f1-4cb5-9ac6-57a3fd4634cc";
-      fsType = "btrfs";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/FA31-9186";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -1,5 +0,0 @@
-final: prev: {
-  cpupower = prev.cpupower.overrideAttrs (oldAttrs: {
-    nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ prev.which ];
-  });
-}
--- a/profiles/base/default.nix
+++ b/profiles/base/default.nix
@ -1,7 +1,7 @@
 { inputs, pkgs, ...}: {
  nixpkgs.config.allowUnfree = true;
-  nixpkgs.flake.setFlakeRegistry = true;
  nix.settings.trusted-users = [ "root" "@wheel" ];
+  nix.registry.nixpkgs.flake = inputs.nixpkgs;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
@ -20,7 +20,8 @@
    };
  };
  environment.shellAliases = {
-    "lah" = "ls --color=auto -lah";
+    "nixos-switch" = "sudo nixos-rebuild switch --impure --flake .#";
+    "nom-affogato" = "nom build .#nixosConfigurations.affogato.config.system.build.toplevel --impure";
  };
  environment.variables = {
    EDITOR = "vim";
@ -37,9 +38,9 @@
    bind.dnsutils
    openssl
    curl
-    wget
    htop
-    usbutils
-    pciutils
+    pinentry
+    gnupg
+    sequoia
  ];
 }
--- a/profiles/graphical/default.nix
+++ b/profiles/graphical/default.nix
@ -6,13 +6,10 @@
    pulse.enable = true;
  };

-  services.usbmuxd.enable = true;
-
  environment.systemPackages = with pkgs; [
    firefox
    thunderbird
    vlc
-    orca-slicer
    usbutils
    pciutils
    pinentry-qt
@ -21,9 +18,8 @@
    usb-modeswitch-data
    modemmanager
    xdg-desktop-portal
-    kdePackages.xdg-desktop-portal-kde
+    xdg-desktop-portal-kde
    grim
    wireguard-tools
-    libimobiledevice
  ];
 }
--- a/profiles/kde/default.nix
+++ b/profiles/kde/default.nix
@ -2,10 +2,10 @@
  # Plasma
  services.xserver.enable = true;
  services.displayManager.sddm.enable = true;
-  services.desktopManager.plasma6.enable = true;
+  services.xserver.desktopManager.plasma5.enable = true;

  environment.systemPackages = with pkgs; [
    xdg-desktop-portal
-    kdePackages.xdg-desktop-portal-kde
+    xdg-desktop-portal-kde
  ];
 }
--- a/users/transcaffeine/default.nix
+++ b/users/transcaffeine/default.nix
@ -1,8 +1,4 @@
 { pkgs, ... }: {
-  environment.shellAliases = {
-    "nixos-switch" = "sudo nixos-rebuild switch --impure --flake .#";
-    "nom-affogato" = "nom build .#nixosConfigurations.affogato.config.system.build.toplevel --impure";
-  };
  users.users.transcaffeine = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
@ -10,9 +6,6 @@
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnjrKWYc0bcIsTkdpyC+yAsxSeY9M1WxVDNm3I/R3BYqyvfFuzJMQyh5APhM52yKGMN9UOuJPNPz0C4P6EY3iC3ZqUHFJ6ILrZZxdLZBVxdy2F19Xv6XcZkZxLpRKWapVFECF5z/Bi0rg1uzNRyrHjfZWcHfHIvlqxUYiitvvTbbSMQKqEV8wlnshSzBoYzaKtV1+crwlgz6wCnXq8HIupEeWfUc9kc+zunpYnuHnU5Z3HhzQGBuIiPoVritDjOo7qYREftV4qQ15xFWdezsMZlR15edwZeyNdAEx044QgaGddC8uEMoi5cp4APIqH1cEkIvSU6Y+esdgZ4CHU6M5G5ub5PTT2TaKoUMLLFtpW6QImjVApixFTHWR7tUhqInplWWLqvviS4MoI1ppxgcDUg/bgPdeDBsoRkbESr2uT8ResNi9DlPlN2rlUjlb28awzHm7agFhwfPQZ1afnFSUh0tTFz1WeR7xIGhxR1xXc8sapJhgLnYYWpR2NaJzbYYdk7CWW/3rgEsJem7Kvll6HevnFgRP/uVhEyGZl9hw+tECzvwB/LEmQ/4raDMxqOB9XO9kusJX/jTnQIObrFubfKn3ToXlYbQxZX9+QobANvQ8huILz1bBeH8aKjf9RXu+j4VNyoCKhzU/v0MIdRCsgVWgjuYXMGRo0MFMFyMqQiw== transcaffeine-openpgp:0x353A3E5B"
    ];
    packages = with pkgs; [
-      pinentry
-      gnupg
-      sequoia
      pass
      spotify
      gimp-with-plugins
@ -27,7 +20,6 @@
      wget
      nix-output-monitor
      nix-diff
-      jetbrains.idea-community
    ];
  };
  home-manager.users.transcaffeine = import ./home-manager/default.nix;
--- a/users/transcaffeine/home-manager/default.nix
+++ b/users/transcaffeine/home-manager/default.nix
@ -15,5 +15,4 @@
  };

  home.preferXdgDirectories = true;
-  programs.firefox = import ./firefox.nix { inherit lib; };
 }
--- a/users/transcaffeine/home-manager/firefox.nix
+++ b/users/transcaffeine/home-manager/firefox.nix
@ -1,32 +0,0 @@
-{ lib, ... }:
-
-{
-  profiles.default = {
-    id = 42;
-    isDefault = true;
-    name = "default";
-    containers = {
-      personal = {
-        id = 1;
-        color = "blue";
-        icon = "fingerprint";
-        name = "transcaffeine.me";
-      };
-      finallycoffee = {
-        id = 2;
-        color = "purple";
-        icon = "fingerprint";
-        name = "finally.coffee";
-      };
-    };
-    extensions = [
-      "uBlock0@raymondhill.net"
-      "uMatrix@raymondhill.net"
-      "{c607c8df-14a7-4f28-894f-29e8722976af}"
-      "default-theme@mozilla.org"
-      "addon@darkreader.org"
-      "@testpilot-containers"
-      "protoots@trans.rights"
-    ];
-  };
-}
--- a/users/transcaffeine/home-manager/gnupg.nix
+++ b/users/transcaffeine/home-manager/gnupg.nix
@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ lib, ... }:

 let
  repo = (builtins.fetchGit {
@ -44,16 +44,13 @@ in {
  in {
    enable = true;
    enableSshSupport = gpg_agent_config."enable-ssh-support";
-    defaultCacheTtl = gpg_agent_config."default-cache-ttl" or 300;
-    maxCacheTtl = gpg_agent_config."max-cache-ttl" or 900;
-    defaultCacheTtlSsh = gpg_agent_config."default-cache-ttl-ssh" or 300;
-    maxCacheTtlSsh = gpg_agent_config."max-cache-ttl-ssh" or 900;
+    defaultCacheTtl = gpg_agent_config."default-cache-ttl";
+    maxCacheTtl = gpg_agent_config."max-cache-ttl";
+    defaultCacheTtlSsh = gpg_agent_config."default-cache-ttl-ssh";
+    maxCacheTtlSsh = gpg_agent_config."max-cache-ttl-ssh";
    extraConfig = utils.attrsToConfig {
      "ignore-cache-for-signing" = gpg_agent_config."ignore-cache-for-signing";
      "no-allow-external-cache" = gpg_agent_config."no-allow-external-cache";
    };
  };
-
-  home.file."${config.programs.gpg.homedir}/gpg.conf".enable = false;
-  home.file."${config.programs.gpg.homedir}/gpg-agent.conf".enable = false;
 }