cookiez/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cookiez:c6862c78db51c1031db61e3220355c5bb6ebd1a3
Branches Tags
cookiez:main
...
compare: cookiez:main
Branches Tags
cookiez:main

14 Commits
c6862c78db ... main

Author SHA1 Message Date
Cookiez
7ed6185b1d Changed url of pam-fprint-grosshack input 2026-04-08 11:49:51 +02:00
Cookiez
3d751291ab Hardened firefox and set default search engine to self hosted searxng 2026-04-08 11:34:14 +02:00
Cookiez
594e078929 Added lossless cut 2026-04-08 09:49:36 +02:00
Cookiez
dc4ff6d8d2 Changed grub timeout to 5 sec and disabled ollama service 2026-04-08 09:23:09 +02:00
Cookiez
b341ca2c87 Renamed 'firefox-home' module to only 'home' 2026-03-26 10:24:02 +01:00
Cookiez
762bab2c0b Moved Firefox config to its own folder in modules 
Added youtube shorts blocker extension to firefox
 2026-03-26 10:20:28 +01:00
Cookiez
0f1d51c246 Removed Zen Browser 2026-03-26 10:07:36 +01:00
Cookiez
b953cdb4be Fixed SDDM fingerprint not working. 
- Added a new custom flake input of pam_fprintd_grosshack so it accepts either password or fingerprint
 2026-03-25 11:16:30 +01:00
Cookiez
cf1470cb63 Added Neovim Plugins: 
- Remenber where you exited file
- Limited treesitter header context
- Added autocompletion
 2026-03-24 09:30:30 +01:00
Cookiez
4962c1bb03 Plasma manager now longer overrides everything. New aliases for searching plasma settings differences 2026-03-24 09:22:18 +01:00
Cookiez
ce797e1a65 Added alejandra formatter to neovim 2026-03-12 10:09:55 +01:00
Cookiez
93bc7644f5 Added edge barrier setting to plasma manager 2026-03-12 10:09:29 +01:00
Cookiez
c986ac4bf7 Updated Flake packages 2026-03-12 09:40:09 +01:00
Cookiez
b25430abc9 Modifed ncli update to ask which packages to update so it is possible to only update wanted packages 2026-03-12 09:39:52 +01:00
18 changed files with 431 additions and 295 deletions
Expand all files Collapse all files

131
flake.lock generated
View File

@ -247,11 +247,11 @@
]
},
"locked": {
"lastModified": 1772633327,
"narHash": "sha256-jl+DJB2DUx7EbWLRng+6HNWW/1/VQOnf0NsQB4PlA7I=",
"lastModified": 1773286336,
"narHash": "sha256-+yFtmhOHterllxWmV6YbdevTXpJdGS0mS0UmJ0k9fh0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5a75730e6f21ee624cbf86f4915c6e7489c74acc",
"rev": "7d06e0cefe6e4a1e85b2b3274dcb0b3da242a557",
"type": "github"
},
"original": {
@ -261,27 +261,6 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"zen-browser",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772330611,
"narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"niri": {
"inputs": {
"niri-stable": "niri-stable",
@ -294,11 +273,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1772698812,
"narHash": "sha256-7+K/VaZ7TXUeUGSYshg8wC3UsRZHB+M4x6r38Q1B79c=",
"lastModified": 1773303738,
"narHash": "sha256-qrl74wNFMTUzA8z6nSEWNjQcJI/MQEWdWu2Wn+u4Ctg=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "5641625ef950f024e3e0e3f38bb91f876290c0be",
"rev": "329df7671b7859abd1cbca5d5af296ed6dc22b46",
"type": "github"
},
"original": {
@ -327,11 +306,11 @@
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1772207631,
"narHash": "sha256-Jkkg+KqshFO3CbTszVVpkKN2AOObYz+wMsM3ONo1z5g=",
"lastModified": 1773130184,
"narHash": "sha256-3bwx4WqCB06yfQIGB+OgIckOkEDyKxiTD5pOo4Xz2rI=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "e708f546153f74acf33eb183b3b2992587a701e5",
"rev": "b07bde3ee82dd73115e6b949e4f3f63695da35ea",
"type": "github"
},
"original": {
@ -357,11 +336,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1771969195,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
"lastModified": 1772972630,
"narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
"rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
"type": "github"
},
"original": {
@ -372,11 +351,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1772721746,
"narHash": "sha256-GBuNOTwrTEDkkCxZIt31/4vOOrk6EN9WJRX5Iw6rSgo=",
"lastModified": 1773304180,
"narHash": "sha256-e/ctVWU2EYXBOsJHU76lN6vqugD8u1Xl20MJ+A+bPuE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "954e9a9127b88c528b232c48142345c8d845951a",
"rev": "d5eb8dca28f5be580c26f8fcb2ec4ec4215e9102",
"type": "github"
},
"original": {
@ -388,11 +367,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1772598333,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
"lastModified": 1773068389,
"narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
"rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
"type": "github"
},
"original": {
@ -404,11 +383,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"lastModified": 1773122722,
"narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
"type": "github"
},
"original": {
@ -465,6 +444,43 @@
"type": "github"
}
},
"pam-fprint-grosshack": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"pam-fprint-src": "pam-fprint-src"
},
"locked": {
"lastModified": 1774432303,
"narHash": "sha256-IdsKBu1HV1mYJMVuAL0GJiWeEkMrdW691aW8D6Zr15I=",
"ref": "refs/heads/main",
"rev": "7ad351f85a92fee40806cb81777430c33499be41",
"revCount": 1,
"type": "git",
"url": "https://gitea.cookiee.org/cookiez/nix-fprint-grosshack-flake.git"
},
"original": {
"type": "git",
"url": "https://gitea.cookiee.org/cookiez/nix-fprint-grosshack-flake.git"
}
},
"pam-fprint-src": {
"flake": false,
"locked": {
"lastModified": 1658952526,
"narHash": "sha256-obczZbf/oH4xGaVvp3y3ZyDdYhZnxlCWvL0irgEYIi0=",
"owner": "mishakmak",
"repo": "pam-fprint-grosshack",
"rev": "45b42524fb5783e1e555067743d7e0f70d27888a",
"type": "gitlab"
},
"original": {
"owner": "mishakmak",
"repo": "pam-fprint-grosshack",
"type": "gitlab"
}
},
"plasma-manager": {
"inputs": {
"home-manager": [
@ -495,11 +511,11 @@
]
},
"locked": {
"lastModified": 1772695593,
"narHash": "sha256-kS8IgyBauCuOIgUcX4ajko6Szn4FPLCfwcEGfTv7RDc=",
"lastModified": 1773291133,
"narHash": "sha256-9Odn+7x5l90HnXRY7MwVYcX+8CYAo+ldJ+GOVs7e2T8=",
"owner": "outfoxxed",
"repo": "quickshell",
"rev": "5721955686a474b814c27bc0ec743f86e473ac4f",
"rev": "9a9c60525014bcdf83aace03db4b53c19168edcc",
"type": "github"
},
"original": {
@ -518,10 +534,10 @@
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixvim": "nixvim",
"pam-fprint-grosshack": "pam-fprint-grosshack",
"plasma-manager": "plasma-manager",
"quickshell": "quickshell",
"stylix": "stylix",
"zen-browser": "zen-browser"
"stylix": "stylix"
}
},
"rust-analyzer-src": {
@ -719,27 +735,6 @@
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": "home-manager_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1772638901,
"narHash": "sha256-kzAyU054Mzpnzgx475MgmcjYJXxXWQWBG7LLsYtHXKw=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "75de12ddd50616a3628499ec18b648bceb88eb0d",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
}
},
"root": "root",

11
flake.nix
View File

@ -15,9 +15,6 @@
inputs.home-manager.follows = "home-manager";
};
zen-browser.url = "github:0xc000022070/zen-browser-flake";
zen-browser.inputs.nixpkgs.follows = "nixpkgs";
#stylix.url = "github:nix-community/stylix/";
stylix.url = "github:nix-community/stylix/master"; #Had to use branch or it would not build corrently
stylix.inputs.nixpkgs.follows = "nixpkgs";
@ -42,6 +39,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
pam-fprint-grosshack = {
url = "git+https://gitea.cookiee.org/cookiez/nix-fprint-grosshack-flake.git";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-flatpak.url = "github:gmodena/nix-flatpak";
grub2-themes.url = "github:vinceliuice/grub2-themes";
@ -50,12 +52,12 @@
outputs = inputs @ {
nixpkgs,
alejandra,
pam-fprint-grosshack,
home-manager,
plasma-manager,
nixos-hardware,
stylix,
niri,
zen-browser,
grub2-themes,
nix-flatpak,
...
@ -81,6 +83,7 @@
inherit system;
inherit project;
inherit alejandra;
pam-fprint-grosshack-pkg = pam-fprint-grosshack.packages.${system}.default;
host = hostname;
};
modules =

25
modules/configuration.nix
View File

@ -13,6 +13,7 @@
host,
version,
system,
pam-fprint-grosshack-pkg,
...
}: {
#Assign Swap to the PC
@ -27,7 +28,7 @@
inputs.nix-flatpak.nixosModules.nix-flatpak
./hardware-configuration.nix
./firefox.nix
./firefox
./boot-splash.nix
./zsh.nix
./neovim
@ -61,7 +62,7 @@
footer = true;
};
timeout = 10;
timeout = 5;
};
};
@ -123,7 +124,7 @@
# List services that you want to enable:
services = {
ollama = {
enable = true;
enable = false;
# Optional: load models on startup
#loadModels = [ ... ];
};
@ -313,14 +314,28 @@
sudo.wheelNeedsPassword = false;
pam.services = {
sddm.fprintAuth = false; #Because of the bug with 30 seconds on sddm login
sddm-autologin.fprintAuth = false; #Same as above
login.fprintAuth = false;
sudo.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
kscreenlocker.fprintAuth = true;
polkit-1.fprintAuth = false; #Disabled because of security risk: https://nvd.nist.gov/vuln/detail/cve-2024-37408
kde.fprintAuth = false;
hyprlock = {};
sddm = {
fprintAuth = false; # prevent NixOS from adding its own pam_fprintd block
text = lib.mkForce ''
auth sufficient ${pam-fprint-grosshack-pkg}/lib/security/pam_fprintd_grosshack.so
auth sufficient pam_unix.so try_first_pass nullok
auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
account required pam_unix.so
password required pam_deny.so
session required pam_unix.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
'';
};
};
};

17
modules/firefox-home.nix
View File

@ -1,17 +0,0 @@
{username, ...}: {
programs.firefox = {
enable = true;
profiles = {
"${username}" = {
extensions.force = true;
};
};
};
systemd.user.services."firefox-autostart" = {
serviceConfig = {
ExecStart = "";
ExecStop = "";
};
};
}

112
modules/firefox.nix
View File

@ -1,112 +0,0 @@
{
config,
pkgs,
...
}: let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in {
home-manager.sharedModules = [
./firefox-home.nix
];
programs = {
firefox = {
enable = true;
languagePacks = ["de" "en-US"];
/*
---- POLICIES ----
*/
# Check about:policies#documentation for options.
policies = {
PasswordManagerEnabled = false;
DisableTelemetry = true;
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
DisablePocket = true;
#DisableFirefoxAccounts = true;
#DisableAccounts = true;
#DisableFirefoxScreenshots = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab"
DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on"
SearchBar = "unified"; # alternative: "separate"
/*
---- EXTENSIONS ----
*/
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
# How to: https://discourse.nixos.org/t/declare-firefox-extensions-and-settings/36265
ExtensionSettings = with builtins; let
extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "normal_installed";
};
};
in
listToAttrs [
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
#(extension "2fas-two-factor-authentication" "admin@2fas.com")
(extension "sponsorblock" "sponsorBlocker@ajay.app")
#(extension "dearrow" "deArrow@ajay.app")
#(extension "enhancer-for-youtube" "enhancerforyoutube@maximerf.addons.mozilla.org")
#(extension "tabliss" "extension@tabliss.io")
#(extension "don-t-fuck-with-paste" "DontFuckWithPaste@raim.ist")
#(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
#(extension "react-devtools" "@react-devtools")
(extension "keepa" "amptra@keepa.com")
(extension "redditUntranslate" "reddit-url-redirector@kichkoupi.com")
(extension "darkreader" "addon@darkreader.org")
];
/*
---- PREFERENCES ----
*/
# Check about:config for options.
Preferences = {
"browser.contentblocking.category" = {
Value = "strict";
Status = "locked";
};
"extensions.pocket.enabled" = lock-false;
"extensions.screenshots.disabled" = lock-true;
"browser.topsites.contile.enabled" = lock-false;
#"browser.formfill.enable" = lock-false;
#"browser.search.suggest.enabled" = lock-false;
#"browser.search.suggest.enabled.private" = lock-false;
#"browser.urlbar.suggest.searches" = lock-false;
"browser.urlbar.showSearchSuggestionsFirst" = lock-false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false;
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
};
};
};
};
}

171
modules/firefox/default.nix Normal file
View File

@ -0,0 +1,171 @@
{
config,
pkgs,
...
}: let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in {
home-manager.sharedModules = [
./home.nix
];
programs = {
firefox = {
enable = true;
languagePacks = ["de" "en-US"];
/*
---- POLICIES ----
*/
# Check about:policies#documentation for options.
policies = {
PasswordManagerEnabled = false;
DisableTelemetry = true;
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
DisablePocket = true;
#DisableFirefoxAccounts = true;
#DisableAccounts = true;
#DisableFirefoxScreenshots = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab"
DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on"
SearchBar = "unified"; # alternative: "separate"
/*
---- EXTENSIONS ----
*/
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
# How to: https://discourse.nixos.org/t/declare-firefox-extensions-and-settings/36265
ExtensionSettings = with builtins; let
extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
};
};
in
listToAttrs [
#(extension "{name in url}" "{about:support Add-ons on }")
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
(extension "sponsorblock" "sponsorBlocker@ajay.app")
(extension "keepa" "amptra@keepa.com")
(extension "redditUntranslate" "reddit-url-redirector@kichkoupi.com")
(extension "darkreader" "addon@darkreader.org")
(extension "youtube-shorts-block" "{34daeb50-c2d2-4f14-886a-7160b24d66a4}")
(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
];
/*
---- PREFERENCES ----
*/
# Check about:config for options.
Preferences = {
"browser.contentblocking.category" = {
Value = "strict"; # strictest tracker/ad blocking mode
Status = "locked";
};
"extensions.pocket.enabled" = lock-false; # disables Pocket integration
"extensions.screenshots.disabled" = lock-true; # disables Firefox Screenshots
"browser.topsites.contile.enabled" = lock-false; # disables sponsored tiles on newtab
"browser.formfill.enable" = lock-false; # disables form autofill (prevents local data leakage)
"browser.search.suggest.enabled" = lock-false; # disables search suggestions in normal mode
"browser.search.suggest.enabled.private" = lock-false; # disables search suggestions in private mode
"browser.urlbar.suggest.searches" = lock-false; # disables search suggestions in address bar dropdown
"browser.urlbar.showSearchSuggestionsFirst" = lock-false; # hides search suggestions in address bar
"browser.newtabpage.activity-stream.feeds.section.topstories" = lock-false; # disables sponsored stories on newtab
"browser.newtabpage.activity-stream.feeds.snippets" = lock-false; # disables news snippets on newtab
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false; # removes Pocket from highlights
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = lock-false; # removes bookmarks from highlights
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = lock-false; # removes downloads from highlights
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = lock-false; # removes visited sites from highlights
"browser.newtabpage.activity-stream.showSponsored" = lock-false; # disables all sponsored content
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false; # disables system-level sponsored content
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; # disables sponsored top sites
"privacy.resistFingerprinting" = lock-true; # spoofs/normalizes fingerprinting signals (screen, timezone, fonts)
"privacy.firstparty.isolate" = lock-true; # isolates cookies/storage per top-level domain (breaks cross-site tracking)
"network.dns.disablePrefetch" = lock-true; # stops speculative DNS lookups for unclicked links
"network.predictor.enabled" = lock-false; # disables ML-based prefetch predictions
"network.prefetch-next" = lock-false; # disables link-hover prefetching
"toolkit.telemetry.enabled" = lock-false; # disables core telemetry reporting
"toolkit.telemetry.unified" = lock-false; # disables unified telemetry pipeline
"datareporting.healthreport.uploadEnabled" = lock-false; # disables Firefox Health Report uploads
"dom.battery.enabled" = lock-false; # blocks Battery Status API fingerprinting
"dom.gamepad.enabled" = lock-false; # blocks Gamepad API fingerprinting
"browser.startup.homepage" = {
Value = "about:blank";
Status = "locked";
};
"browser.startup.page" = {
Value = 0;
Status = "locked";
}; # 0=blank, 3=homepage
"browser.startup.homepage_override.mstone" = {
Value = "ignore";
Status = "locked";
};
# HTTPSonly / mixedcontent
"dom.security.https_only_mode" = {
Value = true;
Status = "locked";
};
"dom.security.https_only_mode_ever_enabled" = {
Value = true;
Status = "locked";
};
# Referrer / headers tightening
"network.http.referer.XOriginPolicy" = {
Value = 2;
Status = "locked";
}; # strict crossorigin
"network.http.referer.XOriginTrimmingPolicy" = {
Value = 2;
Status = "locked";
};
# DNSoverHTTPS (if you want enforced DoH)
"network.trr.mode" = {
Value = 2;
Status = "locked";
}; # 2=prefer TRR
"network.trr.custom_uri" = {
Value = "https://dns.quad9.net/dns-query";
Status = "locked";
};
# Disable various Web APIs that can leak or be abused
"dom.webnotifications.enabled" = lock-false; # disable desktop notifications
"media.navigator.enabled" = lock-false; # disable getUserMedia permission prompts
"media.webrtc.legacy_global_callback" = lock-false;
# Disable geolocation / sensors
"geo.enabled" = lock-false;
"device.sensors.enabled" = lock-false;
};
};
};
};
}

44
modules/firefox/home.nix Normal file
View File

@ -0,0 +1,44 @@
{username, ...}: {
programs.firefox = {
enable = true;
profiles = {
"${username}" = {
extensions.force = true;
#Create multiple containers, like "work" "social media" ..., for cookies to reside in so they dont cross leak
#containers.force = true;
search = {
force = true;
default = "SearXNG";
order = ["SearXNG"];
engines = {
"SearXNG" = {
name = "SearXNG";
urls = [
{
template = "https://searxng.cookiee.org/search";
params = [
{
name = "q";
value = "{searchTerms}";
}
];
}
];
iconMapObj."16" = "https://searxng.cookiee.org/favicon.ico";
definedAliases = ["@sx"];
};
};
};
};
};
};
systemd.user.services."firefox-autostart" = {
serviceConfig = {
ExecStart = "";
ExecStop = "";
};
};
}

70
modules/home.nix
View File

@ -28,9 +28,6 @@
];
imports = [
inputs.zen-browser.homeModules.beta
# or inputs.zen-browser.homeModules.twilight
# or inputs.zen-browser.homeModules.twilight-official
#./neovim-home.nix
./desktop-entries.nix
];
@ -78,72 +75,5 @@
};
};
};
zen-browser = {
enable = false;
#package = inputs.zen-browser.packages.${pkgs.system}.default;
profiles = {
${username} = {
id = 0;
name = username;
# profileAvatarPath = "chrome://browser/content/zen-avatars/avatar-57.svg";
path = "${username}.default";
isDefault = true;
settings = {
};
};
};
policies = {
AutofillAddressEnabled = false;
AutofillCreditCardEnabled = false;
PasswordManagerEnabled = false;
NoDefaultBookmarks = true;
DisableAppUpdate = true;
DisableFirefoxStudies = true;
DontCheckDefaultBrowser = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
OfferToSaveLogins = false;
DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab"
ExtensionSettings = with builtins; let
extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "force_installed";
};
};
in
listToAttrs [
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
#(extension "2fas-two-factor-authentication" "admin@2fas.com")
(extension "sponsorblock" "sponsorBlocker@ajay.app")
#(extension "dearrow" "deArrow@ajay.app")
#(extension "enhancer-for-youtube" "enhancerforyoutube@maximerf.addons.mozilla.org")
#(extension "tabliss" "extension@tabliss.io")
#(extension "don-t-fuck-with-paste" "DontFuckWithPaste@raim.ist")
#(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
#(extension "react-devtools" "@react-devtools")
(extension "keepa" "amptra@keepa.com")
(extension "redditUntranslate" "reddit-url-redirector@kichkoupi.com")
];
# To add additional extensions, find it on addons.mozilla.org, find
# the short ID in the url (like https=//addons.mozilla.org/en-US/firefox/addon/!SHORT_ID!/)
# Then, download the XPI by filling it in to the install_url template, unzip it,
# run `jq .browser_specific_settings.gecko.id manifest.json` or
# `jq .applications.gecko.id manifest.json` to get the UUID
Preferences = {
#"browser.contentblocking.category" = { Value = "strict"; Status = "locked"; };
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.sessionstore.resume_session_once" = false;
};
};
};
}; #End of programs = {};
}

65
modules/ncli.nix
View File

@ -161,13 +161,64 @@ in
echo -e "Updating flake and rebuilding system for current host: $HOST on generation: $YELLOW$geno$NOCOLOR"
cd "$HOME/$PROJECT" || { echo "Error: Could not change to $HOME/$PROJECT"; exit 1; }
echo "Updating flake..."
if nix flake update; then
echo " Flake updated successfully"
else
echo " Flake update failed" >&2
exit 1
fi
# --- Selective flake update ---
read -rp "Update [a]ll inputs or [s]elect manually? (a/s): " choice
case "$choice" in
a|A)
echo "Updating all inputs..."
if nix flake update --flake .; then
echo " Flake updated successfully"
else
echo " Flake update failed" >&2
exit 1
fi
;;
s|S)
echo "Fetching available updates (this may take a moment)..."
TEMP_LOCK=$(mktemp)
trap 'rm -f "$TEMP_LOCK"' EXIT
nix flake update --output-lock-file "$TEMP_LOCK" --flake . 2>/dev/null
outdated=$(jq -r --slurpfile new "$TEMP_LOCK" '
.nodes as $old |
$new[0].nodes as $newn |
($old | keys[]) |
select(. != "root") |
select(
($old[.].locked.lastModified // 0) !=
($newn[.].locked.lastModified // 0)
)
' flake.lock)
if [[ -z "$outdated" ]]; then
echo " All inputs are already up to date, skipping flake update."
else
echo
echo "Updates available for:"
printf '%s\n' "$outdated"
echo
echo "Tab to select, Enter to update, Esc to cancel."
selected=$(printf '%s\n' "$outdated" | fzf --multi) || {
echo "No inputs selected, skipping flake update."
selected=""
}
if [[ -n "$selected" ]]; then
if nix flake update --flake . $selected; then
echo " Flake updated successfully"
else
echo " Flake update failed" >&2
exit 1
fi
fi
fi
;;
*)
echo "Invalid choice, skipping flake update."
;;
esac
# --- End selective flake update ---
current=""

53
modules/neovim/home.nix
View File

@ -65,6 +65,8 @@
];
plugins = {
# Remeber where you left the file last time
lastplace.enable = true;
# Statusline at the bottom of the screen
lualine.enable = true;
# Tab bar at the top of the screen
@ -84,7 +86,40 @@
};
};
# Shows the current function/class context pinned at the top of the buffer
treesitter-context.enable = true;
treesitter-context = {
enable = true;
settings = {
# Cap the context header
max_lines = 4;
# When over the limit, drop outermost context
trim_scope = "outer";
# Only show context in tall-enough windows
min_window_height = 20;
};
};
# Provides autocompletion suggestions
blink-cmp = {
enable = true;
settings = {
keymap.preset = "default"; # Tab/S-Tab to navigate, Enter to confirm
sources.default = ["lsp" "path" "snippets" "buffer"];
completion = {
documentation.auto_show = true;
ghost_text.enabled = true; # inline preview of the top suggestion
};
};
};
lsp = {
enable = true;
servers = {
nixd.enable = true; # Nix
ts_ls.enable = true; # TypeScript/JavaScript
# ... add more as needed
};
};
# Text objects based on treesitter nodes (e.g. select a function body)
treesitter-textobjects.enable = true;
# Auto-closes and renames HTML/JSX tags using treesitter
@ -113,6 +148,22 @@
check_ts = true; # Use treesitter to avoid pairing inside strings/comments
};
};
conform-nvim = {
enable = true;
settings = {
formatters_by_ft = {
nix = ["alejandra"];
};
format_on_save = {
lsp_format = "fallback";
timeout_ms = 500;
};
};
# Pin the exact binary path so Nix guarantees it's available
settings.formatters = {
alejandra.command = "${pkgs.alejandra}/bin/alejandra";
};
};
};
extraPlugins = with pkgs.vimPlugins; [

1
modules/packages/desktop.nix
View File

@ -40,6 +40,7 @@
wineWow64Packages.stagingFull
winetricks
wasistlos #Whatsapp
losslesscut-bin #Lossless cut for quckly cutting videos
#obs-studio #Screen Recorder
gparted #Disk partition Manager
#rustdesk #Remote Desktop Client

2
modules/packages/essentials.nix
View File

@ -45,6 +45,8 @@
rocmPackages.rocm-runtime #AMD ROCm runtime
ripgrep #Alternative to grep search for text in files
pipewire #Multimedia handling
fzf #Needed for nix-selective update tool
jq #Needed for nix-selective update tool
distrobox
dbus
cifs-utils

1
modules/stylix/home.nix
View File

@ -21,7 +21,6 @@
qt.enable = true;
qt.platform = "kde";
#kde.enable = false;
zen-browser.profileNames = ["${username}"];
};
};
}

3
other/aliases
View File

@ -26,7 +26,8 @@ alias nix-clear="sudo nix-store --gc"
#KDE Plasma Specific
#-----
alias kde-theme-apply="source $HOME/NixOS/plasma/konsave.sh"
alias plasma-snap="cp ~/.config/plasma-org.kde.plasma.desktop-appletsrc ~/appletsrc.snap"
alias plasma-diff="diff ~/appletsrc.snap ~/.config/plasma-org.kde.plasma.desktop-appletsrc"
#LaTeX Commands
alias makepdf="makeglossaries main && pdflatex main.tex"

3
plasma/settings/common.nix
View File

@ -9,7 +9,7 @@
programs = {
plasma = {
enable = true;
overrideConfig = true;
overrideConfig = false;
input.mice = [
{
@ -404,6 +404,7 @@
kwinrc = {
# "Activities/LastVirtualDesktop"."0f8d8349-5b1b-4b77-bfa5-22829bfaf459" = "4a2f44cc-dfe7-45dc-8439-fe34a6866d37";
# "Activities/LastVirtualDesktop".e85f493f-046d-4dca-9e07-987ecd4ca4bc = "4a2f44cc-dfe7-45dc-8439-fe34a6866d37";
"EdgeBarrier"."EdgeBarrier" = 15;
Desktops = {
# Id_1 = "4a2f44cc-dfe7-45dc-8439-fe34a6866d37";
# Id_2 = "fc5cf4ff-2e08-4059-ac1f-7c5540efa4fc";

9
plasma/settings/desktop.nix
View File

@ -8,10 +8,9 @@
}: {
programs = {
plasma = {
overrideConfig = true;
panels = [
{
screen = "all";
height = 44;
location = "bottom";
alignment = "center";
@ -111,7 +110,8 @@
theme = "Win10OS-cursors";
size = 24;
};
wallpaper = /home/${username}/${project}/other/wallpaper1.png;
# Do not use wallpaper option here as it causes issues! Use it in configFile
# wallpaper = /home/${username}/${project}/other/wallpaper1.png;
soundTheme = "ocean";
iconTheme = "We10X";
splashScreen = {
@ -122,6 +122,9 @@
theme = "__aurorae__svg__Win11OS-dark";
};
};
configFile = {
plasmarc.Wallpapers.usersWallpapers = "/home/cookiez/NixOS/other/wallpaper1.png";
};
};
};
}

6
plasma/settings/laptop.nix
View File

@ -8,10 +8,9 @@
}: {
programs = {
plasma = {
overrideConfig = true;
panels = [
{
screen = "all";
height = 44;
location = "top";
alignment = "center";
@ -134,7 +133,8 @@
theme = "Breeze_Light";
size = 24;
};
wallpaper = /home/${username}/${project}/other/wallpaper3.png;
# Do not use wallpaper option here as it causes issues! Use it in configFile
# wallpaper = /home/${username}/${project}/other/wallpaper3.png;
soundTheme = "freedesktop";
iconTheme = "Breeze-LaCapitaine-apps";
splashScreen = {

2
plasma/settings/powerProfile.nix
View File

@ -23,8 +23,6 @@
in {
programs = {
plasma = {
overrideConfig = true;
powerdevil = {
AC = {
powerProfile = selectedProfile.AC.powerProfile;