From abe0ef7ad83a4807709203eb3208e92297fa4a69 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Wed, 5 Jan 2022 16:51:44 +0100 Subject: [PATCH] Refactorings and cleanups --- .../fhauser/applications/android-studio.nix | 9 +- .../fhauser/applications/default.nix | 13 +++ .../fhauser/{ => applications}/sway.nix | 8 -- .../fhauser/applications/waybar.nix | 10 +- .../user-configuration/fhauser/default.nix | 11 +-- defaults/user-configuration/fhauser/i3.nix | 18 ---- .../fhauser/work/.gitignore | 1 + .../fhauser/work/android-studio.nix | 4 - .../fhauser/work/default.nix | 4 +- .../fhauser/work/openvpn.nix | 91 ------------------- 10 files changed, 28 insertions(+), 141 deletions(-) rename defaults/user-configuration/fhauser/{ => applications}/sway.nix (95%) delete mode 100644 defaults/user-configuration/fhauser/i3.nix create mode 100644 defaults/user-configuration/fhauser/work/.gitignore delete mode 100644 defaults/user-configuration/fhauser/work/android-studio.nix delete mode 100644 defaults/user-configuration/fhauser/work/openvpn.nix diff --git a/defaults/user-configuration/fhauser/applications/android-studio.nix b/defaults/user-configuration/fhauser/applications/android-studio.nix index d1d1aa4..472af5f 100644 --- a/defaults/user-configuration/fhauser/applications/android-studio.nix +++ b/defaults/user-configuration/fhauser/applications/android-studio.nix @@ -1,7 +1,4 @@ -{ pkgs, ... }: -{ - #home-manager.users.fhauser = { - # home.packages = with pkgs; [ androidStudioPackages.beta ]; - # pam.sessionVariables.STUDIO_JDK = "${pkgs.jdk14}/lib/openjdk"; - #}; # TODO: This was extracted into a shell.nix +{ pkgs, ... }: { + programs.adb.enable = true; + users.users.fhauser.extraGroups = [ "adbusers" ]; } diff --git a/defaults/user-configuration/fhauser/applications/default.nix b/defaults/user-configuration/fhauser/applications/default.nix index 8108b7b..c879d3a 100644 --- a/defaults/user-configuration/fhauser/applications/default.nix +++ b/defaults/user-configuration/fhauser/applications/default.nix @@ -19,8 +19,21 @@ ./shell.nix ./swaylock.nix ./kanshi.nix + ./sway.nix + ./android-studio.nix ]; home-manager.users.fhauser = { config, pkgs, ... }: { + services = { + network-manager-applet.enable = true; + nextcloud-client = { + enable = true; + startInBackground = true; + }; + owncloud-client.enable = true; + pasystray.enable = true; + blueman-applet.enable = true; + }; + home = { packages = with pkgs; [ # Networking diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/applications/sway.nix similarity index 95% rename from defaults/user-configuration/fhauser/sway.nix rename to defaults/user-configuration/fhauser/applications/sway.nix index 7d5df35..9f48933 100644 --- a/defaults/user-configuration/fhauser/sway.nix +++ b/defaults/user-configuration/fhauser/applications/sway.nix @@ -135,19 +135,11 @@ ''; }; - # TODO: Move these services elsewhere - services.network-manager-applet.enable = true; - services.nextcloud-client.enable = true; - services.owncloud-client.enable = true; - services.pasystray.enable = true; - systemd.user.services.network-manager-applet = adhereTheSwayTarget; systemd.user.services.nextcloud-client = adhereTheSwayTarget // { # For trayicon to work: Unit.After = [ "waybar.service" ]; Service = { - ExecStart = - lib.mkForce "${pkgs.nextcloud-client}/bin/nextcloud --background"; ExecStartPre = "${pkgs.coreutils}/bin/sleep 3"; Environment = lib.mkForce "PATH=${homeManagerConfig.home.profileDirectory}/bin XDG_CURRENT_DESKTOP=Unity"; diff --git a/defaults/user-configuration/fhauser/applications/waybar.nix b/defaults/user-configuration/fhauser/applications/waybar.nix index 2669acf..9c72ad5 100644 --- a/defaults/user-configuration/fhauser/applications/waybar.nix +++ b/defaults/user-configuration/fhauser/applications/waybar.nix @@ -374,9 +374,13 @@ } ''; }; - systemd.user.services.waybar.Unit = { - Requisite = lib.mkForce [ ]; - After = lib.mkForce [ ]; + systemd.user.services.waybar = with lib; { + # Install.WantedBy = mkForce [ "sway-session.target" ]; # TODO: Set as systemd.target with 22.05 + Unit = { + Requisite = mkForce [ ]; + After = mkForce [ ]; + PartOf = [ "tray.target" ]; + }; }; }; } diff --git a/defaults/user-configuration/fhauser/default.nix b/defaults/user-configuration/fhauser/default.nix index 2ed1b0d..9ece35c 100644 --- a/defaults/user-configuration/fhauser/default.nix +++ b/defaults/user-configuration/fhauser/default.nix @@ -1,12 +1,5 @@ { config, pkgs, lib, ... }: { - imports = [ - ./sway.nix - ./multimedia.nix - ./security.nix - ./applications - ./work - ./i3.nix - ./mimetypes.nix - ]; + imports = + [ ./multimedia.nix ./security.nix ./applications ./work ./mimetypes.nix ]; home-manager.users.fhauser.home.stateVersion = config.system.stateVersion; } diff --git a/defaults/user-configuration/fhauser/i3.nix b/defaults/user-configuration/fhauser/i3.nix deleted file mode 100644 index 5c9fbf4..0000000 --- a/defaults/user-configuration/fhauser/i3.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, lib, config, ... }: { - - home-manager.users.fhauser = let - adhereTheSwayTarget = { - Install.WantedBy = lib.mkForce [ "sway-session.target" ]; - Unit.PartOf = lib.mkForce [ "sway-session.target" ]; - }; - in rec { - programs.i3status = { - enable = true; - enableDefault = true; - }; - xsession.windowManager.i3 = { - enable = true; - - }; - }; -} diff --git a/defaults/user-configuration/fhauser/work/.gitignore b/defaults/user-configuration/fhauser/work/.gitignore new file mode 100644 index 0000000..d03ae53 --- /dev/null +++ b/defaults/user-configuration/fhauser/work/.gitignore @@ -0,0 +1 @@ +openvpn.nix diff --git a/defaults/user-configuration/fhauser/work/android-studio.nix b/defaults/user-configuration/fhauser/work/android-studio.nix deleted file mode 100644 index 472af5f..0000000 --- a/defaults/user-configuration/fhauser/work/android-studio.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: { - programs.adb.enable = true; - users.users.fhauser.extraGroups = [ "adbusers" ]; -} diff --git a/defaults/user-configuration/fhauser/work/default.nix b/defaults/user-configuration/fhauser/work/default.nix index 96043b9..327d020 100644 --- a/defaults/user-configuration/fhauser/work/default.nix +++ b/defaults/user-configuration/fhauser/work/default.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { - - imports = [ ./android-studio.nix ./openvpn.nix ]; + # Note: Some of these files might not be provided by this repository. + imports = [ ./openvpn.nix ]; } diff --git a/defaults/user-configuration/fhauser/work/openvpn.nix b/defaults/user-configuration/fhauser/work/openvpn.nix deleted file mode 100644 index 25841b8..0000000 --- a/defaults/user-configuration/fhauser/work/openvpn.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ pkgs, lib, config, ... }: { - services.openvpn.servers.threema = let - cafile = pkgs.writeTextFile { - name = "threema-vpn-ca.crt"; - text = '' - -----BEGIN CERTIFICATE----- - MIIDMjCCAhqgAwIBAgIJANmI9BYPseTxMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV - BAMMCk9wZW5WUE4gQ0EwHhcNMTkwNTE1MTQzOTM0WhcNMjkwNTEyMTQzOTM0WjAV - MRMwEQYDVQQDDApPcGVuVlBOIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB - CgKCAQEA7NaiObgz2L5wmGIgOWUe1n6Q1g6Y5CYsrMQI8yhIDqKSx0fTL9eT2hvn - zThnltxKJRVTn0qGPf/7QF6WzjIXfKSJH5Cb+OKgYmqfRI2TW+ncqyJCaa3Fl9lI - VgU4knro6Cp9dhNhrNmRoRFvZ/17noB4+WPds7EgRObDi2ERuwAbONgz56J2Rea6 - RHVL6HMFY7v8Zp8B/MnzSba/OSJC7RXCuCs6qNOgJOoHnp5PnsB3V40mszy4h/0Q - jVbBdZ3K4rEjNiawhCOetXhgHSaVGH4MP5oWrAN4UiI+IIfz6Ywz5mc7F6yBZa/e - aCG+r2bMUIepVPE25AUfuZ6O8+0+iwIDAQABo4GEMIGBMB0GA1UdDgQWBBQDHenu - 05GGgcztJ1FCUWQlbYxGLjBFBgNVHSMEPjA8gBQDHenu05GGgcztJ1FCUWQlbYxG - LqEZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANmI9BYPseTxMAwGA1UdEwQF - MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQDTQtMeER20/3r/ - Zn+IRpIEJh/ITxEE6kKCKo59wwVEFA0Ba+7d+BslFTCPhADM2p0AzPt5OSEo0A2N - nWGL3hhBPcnrBTFUma58gGz++v5Oy8GpfaCoXjCqfANjAbApY0JCCSWb1BJWkhXt - vDMlVXv6UzfF4HCeEQCof4QcW8ca4csrOceW76S7Cc3Or4iyTXKQrZ5PKy081CfV - sTLgGMQX4kZT9MBg13wDj0WkdJaWxQ2C73/me/YypcctN7t1wy7pUx33rEE1xh/o - 9fsKcFs0qqYKRUY8AnghhuimBrkHoqUcdrG/6WO7+hbipxIDStm4Qbnptde3fhJT - rGUhGexA - -----END CERTIFICATE----- - ''; - }; - dhcpIps = [ "185.88.236.100" "212.103.68.20" ]; - dhcpOptions = with builtins; - concatStringsSep "\n" (map (ip: "dhcp-option DNS ${ip}") dhcpIps); - in { - autoStart = false; - config = '' - remote vpn.threema.ch 38417 tcp-client - remote 5.148.189.116 38417 tcp-client - remote 178.209.63.8 38417 tcp-client - - nobind - dev tun - persist-tun - persist-key - pull - auth-user-pass - tls-client - ca ${cafile} - remote-cert-tls server - - route 10.83.0.0 255.255.0.0 default default - route 10.90.0.0 255.255.0.0 default default - route 192.168.11.0 255.255.255.0 default default - route 192.168.13.0 255.255.255.0 default default - route 136.243.104.147 255.255.255.255 default default - route 188.126.81.131 255.255.255.255 default default - route 95.211.228.137 255.255.255.255 default default - route 185.88.236.64 255.255.255.192 default default - route 212.103.68.0 255.255.255.192 default default - route 194.56.189.145 255.255.255.255 default default - route 54.38.37.213 255.255.255.255 default default - # VPN exclusions: Jitsi and TURN - route 185.88.236.76 255.255.255.255 net_gateway default - route 185.88.236.77 255.255.255.255 net_gateway default - route 185.88.236.98 255.255.255.255 net_gateway default - route 185.88.236.113 255.255.255.255 net_gateway default - route 185.88.236.114 255.255.255.255 net_gateway default - route 212.103.68.7 255.255.255.255 net_gateway default - route 212.103.68.8 255.255.255.255 net_gateway default - route 212.103.68.40 255.255.255.255 net_gateway default - route 212.103.68.41 255.255.255.255 net_gateway default - - ${dhcpOptions} - #dhcp-option DOMAIN-ROUTE threema.ch - - reneg-bytes 0 - auth-nocache - tls-cipher DEFAULT - reneg-sec 0 - cipher AES-128-CBC - data-ciphers AES-128-CBC - data-ciphers-fallback AES-128-CBC - remap-usr1 SIGTERM - #script-security 2 - #up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved - #up-restart - #down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved - #down-pre - ''; - updateResolvConf = true; - }; - - systemd.services.openvpn-threema.serviceConfig.Restart = lib.mkForce "no"; -}