Cursed refactor.

config/profiles/gui/home.nix

@@ -0,0 +1,7 @@
+{ lib, ... }:
+
+{
+  imports = [ ./home ];
+
+  options = { deploy.profile.gui = lib.mkEnableOption "graphical system"; };
+}

config/profiles/gui/home/default.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  imports = [
+    ./firefox
+    ./kitty.nix
+    ./packages.nix
+    ./nextcloud.nix
+    ./gpg.nix
+    ./gtk.nix
+  ];
+}

config/profiles/gui/home/firefox/default.nix

@@ -0,0 +1,73 @@
+{ config, lib, pkgs, sources, superConfig, ... }:
+
+let
+  commonSettings = {
+    "app.update.auto" = false;
+    "identity.fxaccounts.account.device.name" = superConfig.networking.hostName;
+    "signon.rememberSignons" = false;
+    "browser.urlbar.placeholderName" = "DuckDuckGo";
+    "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
+    "identity.sync.tokenserver.uri" =
+      "https://sync.kittywit.ch/token/1.0/sync/1.5";
+  };
+in {
+  config = lib.mkIf config.deploy.profile.gui {
+    programs.fish.shellAliases = {
+      ff-pm = "firefox --ProfileManager";
+      ff-main = "firefox -P main";
+      ff-work = "firefox -P work";
+      ff-lewd = "firefox -P lewd";
+    };
+
+    programs.firefox = {
+      enable = true;
+      extensions = with pkgs.nur.repos.rycee.firefox-addons; [
+        auto-tab-discard
+        bitwarden
+        darkreader
+        decentraleyes
+        foxyproxy-standard
+        google-search-link-fix
+        https-everywhere
+        #old-reddit-redirect # made unnecessary due to tridactylrc
+        privacy-badger
+        reddit-enhancement-suite
+        refined-github
+        stylus
+        terms-of-service-didnt-read
+        tabcenter-reborn
+        tridactyl
+        ublock-origin
+        violentmonkey
+      ];
+      profiles = {
+        main = {
+          id = 0;
+          isDefault = true;
+          settings = commonSettings // {
+
+          };
+          userChrome = import ./userChrome.css.nix { profile = "main"; };
+        };
+        work = {
+          id = 1;
+          settings = commonSettings // {
+
+          };
+          userChrome = import ./userChrome.css.nix { profile = "work"; };
+        };
+        lewd = {
+          id = 2;
+          settings = commonSettings // {
+
+          };
+          userChrome = import ./userChrome.css.nix { profile = "lewd"; };
+        };
+      };
+      package =
+        pkgs.wrapFirefox pkgs.firefox-unwrapped { forceWayland = true; };
+    };
+
+    home.file.".config/tridactyl/tridactylrc".source = ./tridactylrc;
+  };
+}

config/profiles/gui/home/firefox/tridactylrc

@@ -0,0 +1,157 @@
+" bovine3dom's dogfood
+
+" WARNING: This file defines and runs a command called fixamo_quiet. If you
+" also have a malicious addon that operates on `<all_urls>` installed this
+" will allow it to steal your firefox account credentials!
+"
+" With those credentials, an attacker can read anything in your sync account,
+" publish addons to the AMO, etc, etc.
+"
+" Without this command a malicious addon can steal credentials from any site
+" that you visit that is not in the restrictedDomains list.
+"
+" You should comment out the fixamo lines unless you are entirely sure that
+" they are what you want.
+"
+" The advantage of running the command is that you can use the tridactyl
+" interface on addons.mozilla.org and other restricted sites.
+
+" Provided only as an example.
+" Do not install/run without reading through as you may be surprised by some
+" of the settings.
+
+" May require the latest beta builds.
+
+" Move this to $XDG_CONFIG_DIR/tridactyl/tridactylrc (that's
+" ~/.config/tridactyl/tridactylrc to mere mortals) or ~/.tridactylrc and
+" install the native messenger (:installnative in Tridactyl). Run :source to
+" get it in the browser, or just restart.
+
+
+"
+" Binds
+"
+
+bind / fillcmdline find
+bind ? fillcmdline find -?
+bind n findnext 1
+bind N findnext -1
+bind ,<Space> nohlsearc
+
+" Comment toggler for Reddit, Hacker News and Lobste.rs
+bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
+
+" GitHub pull request checkout command to clipboard (only works if you're a collaborator or above)
+bind yp composite js document.getElementById("clone-help-step-1").textContent.replace("git checkout -b", "git checkout -B").replace("git pull ", "git fetch ") + "git reset --hard " + document.getElementById("clone-help-step-1").textContent.split(" ")[3].replace("-","/") | yank
+
+" Git{Hub,Lab} git clone via SSH yank
+bind yg composite js "git clone " + document.location.href.replace(/https?:\/\//,"git@").replace("/",":").replace(/$/,".git") | clipboard yank
+
+" As above but execute it and open terminal in folder
+bind ,g js let uri = document.location.href.replace(/https?:\/\//,"git@").replace("/",":").replace(/$/,".git"); tri.native.run("cd ~/projects; git clone " + uri + "; cd \"$(basename \"" + uri + "\" .git)\"; st")
+
+
+" make d take you to the tab you were just on (I find it much less confusing)
+bind d composite tab #; tabclose #
+bind D tabclose
+
+" I like wikiwand but I don't like the way it changes URLs
+bindurl wikiwand.com yy composite js document.location.href.replace("wikiwand.com/en","wikipedia.org/wiki") | clipboard yank
+
+" Make gu take you back to subreddit from comments
+bindurl reddit.com gu urlparent 4
+
+" Only hint search results on Google and DDG
+bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
+bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
+
+
+bindurl ^https://duckduckgo.com f hint -Jc [class=result__a]
+bindurl ^https://duckduckgo.com F hint -Jbc [class=result__a]
+
+" Allow Ctrl-a to select all in the commandline
+unbind --mode=ex <C-a>
+
+" Allow Ctrl-c to copy in the commandline
+unbind --mode=ex <C-c>
+
+" Handy multiwindow/multitasking binds
+bind gd tabdetach
+bind gD composite tabduplicate; tabdetach
+
+" Make yy use canonical / short links on the 5 websites that support them
+bind yy clipboard yankcanon
+
+" Stupid workaround to let hint -; be used with composite which steals semi-colons
+command hint_focus hint -;
+
+" Open right click menu on links
+bind ;C composite hint_focus; !s xdotool key Menu
+
+"
+" Misc settings
+"
+
+" set editorcmd to suckless terminal, or use the defaults on other platforms
+js tri.browserBg.runtime.getPlatformInfo().then(os=>{const editorcmd = os.os=="linux" ? "st vim" : "auto"; tri.config.set("editorcmd", editorcmd)})
+
+" set profile dir on Windows
+jsb browser.runtime.getPlatformInfo().then(os=>{const profiledir = os.os=="win" ? "C:\\Users\\olie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gwm76nmk.default" : "auto"; tri.config.set("profiledir", profiledir)})
+
+" Sane hinting mode
+set hintfiltermode vimperator-reflow
+set hintnames numeric
+
+" Defaults to 300ms but I'm a 'move fast and close the wrong tabs' kinda chap
+set hintdelay 100
+
+" Add helper commands that Mozillians think make Firefox irredeemably
+" insecure. For details, read the comment at the top of this file.
+command fixamo_quiet jsb tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""'))
+command fixamo js tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddonManager", "true").then(tri.excmds.setpref("extensions.webextensions.restrictedDomains", '""').then(tri.excmds.fillcmdline_tmp(3000, "Permissions added to user.js. Please restart Firefox to make them take affect.")))
+
+" Make Tridactyl work on more sites at the expense of some security. For
+" details, read the comment at the top of this file.
+fixamo_quiet
+
+" Equivalent to `set csp clobber` before it was removed. This weakens your
+" defences against cross-site-scripting attacks and other types of
+" code-injection by reducing the strictness of Content Security Policy on
+" every site in a couple of ways.
+"
+" You may not wish to run this. Mozilla strongly feels that you shouldn't.
+"
+" It allows Tridactyl to function on more pages, e.g. raw GitHub pages.
+" 
+" We remove the sandbox directive
+" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
+" which allows our iframe to run (and anyone else's) on any website.
+"
+" We weaken the style-src directive
+" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
+" to allow us to theme our elements. This exposes you to 'cross site styling'
+" attacks.
+"
+" Read https://wiki.mozilla.org/Security/CSP#Goals for more information.
+jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:["<all_urls>"],types:["main_frame"]},["blocking","responseHeaders"])
+
+" Make quickmarks for the sane Tridactyl issue view
+quickmark t https://github.com/tridactyl/tridactyl/issues?utf8=%E2%9C%93&q=sort%3Aupdated-desc+
+
+" Inject Google Translate
+" This (clearly) is remotely hosted code. Google will be sent the whole
+" contents of the page you are on if you run `:translate`
+" From https://github.com/jeremiahlee/page-translator
+command translate js let googleTranslateCallback = document.createElement('script'); googleTranslateCallback.innerHTML = "function googleTranslateElementInit(){ new google.translate.TranslateElement(); }"; document.body.insertBefore(googleTranslateCallback, document.body.firstChild); let googleTranslateScript = document.createElement('script'); googleTranslateScript.charset="UTF-8"; googleTranslateScript.src = "https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit&tl=&sl=&hl="; document.body.insertBefore(googleTranslateScript, document.body.firstChild);
+
+"
+" URL redirects
+"
+
+" New reddit is bad
+autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
+" Mosquito nets won't make themselves
+autocmd DocStart ^http(s?)://www.amazon.co.uk js tri.excmds.urlmodify("-t", "www", "smile")
+
+" For syntax highlighting see https://github.com/tridactyl/vim-tridactyl
+" vim: set filetype=tridactyl

config/profiles/gui/home/firefox/userChrome.css.nix

@@ -0,0 +1,15 @@
+{ profile }:
+
+''
+  #main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar > .toolbar-items {
+    opacity: 0;
+    pointer-events: none;
+  }
+  #main-window:not([tabsintitlebar="true"]) #TabsToolbar {
+      visibility: collapse !important;
+  }
+
+  #sidebar-box[sidebarcommand="tabcenter-reborn_ariasuni-sidebar-action"] #sidebar-header {
+    visibility: collapse;
+  }
+''

config/profiles/gui/home/gpg.nix

@@ -0,0 +1,10 @@
+{ config, lib, pkgs, sources, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    home.file.".gnupg/gpg-agent.conf".text = ''
+      enable-ssh-support
+      pinentry-program ${pkgs.pinentry.gtk2}/bin/pinentry
+    '';
+  };
+}

config/profiles/gui/home/gtk.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    gtk = {
+      enable = true;
+      iconTheme = {
+        name = "Numix-Square";
+        package = pkgs.numix-icon-theme-square;
+      };
+      theme = {
+        name = "Arc-Dark";
+        package = pkgs.arc-theme;
+      };
+    };
+  };
+}

config/profiles/gui/home/kitty.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, witch, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    home.sessionVariables.TERMINFO_DIRS =
+      "${pkgs.kitty.terminfo.outPath}/share/terminfo";
+    programs.kitty = {
+      enable = true;
+      font.name = witch.style.font.name;
+      settings = {
+        font_size = witch.style.font.size;
+        background = witch.style.base16.color0;
+        background_opacity = "0.7";
+        foreground = witch.style.base16.color7;
+        selection_background = witch.style.base16.color7;
+        selection_foreground = witch.style.base16.color0;
+        url_color = witch.style.base16.color3;
+        cursor = witch.style.base16.color7;
+        active_border_color = "#75715e";
+        active_tab_background = "#9900ff";
+        active_tab_foreground = witch.style.base16.color7;
+        inactive_tab_background = "#3a3a3a";
+        inactive_tab_foreground = "#665577";
+      } // witch.style.base16;
+    };
+  };
+}

config/profiles/gui/home/nextcloud.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    services.nextcloud-client.enable = true;
+  };
+}

config/profiles/gui/home/packages.nix

@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    home.packages = with pkgs; [
+      _1password
+      bitwarden
+      mpv
+      element-desktop
+      mumble
+      obs-studio
+      xfce.ristretto
+      audacity
+      avidemux
+      vlc
+      ffmpeg-full
+      thunderbird
+      unstable.syncplay
+      unstable.youtube-dl
+      unstable.google-chrome
+      v4l-utils
+      transmission-gtk
+      lm_sensors
+      baresip
+      psmisc
+      unstable.discord
+      tdesktop
+      yubikey-manager
+      pinentry.gtk2
+      dino
+      libnotify
+      nextcloud-client
+      vegur
+      nitrogen
+      terminator
+      pavucontrol
+      gparted
+      scrot
+      gimp-with-plugins
+      vscode
+      cryptsetup
+      pcmanfm
+      neofetch
+      htop
+    ];
+  };
+}

config/profiles/gui/nixos.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ ./nixos ];
+
+  options = { deploy.profile.gui = lib.mkEnableOption "graphical system"; };
+}

config/profiles/gui/nixos/default.nix

@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  imports = [
+    ./fonts.nix
+    ./gpg.nix
+    ./firefox.nix
+    ./dns.nix
+    ./nixpkgs.nix
+    ./mingetty.nix
+    ./sound.nix
+  ];
+}

config/profiles/gui/nixos/dns.nix

@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }: {
+  config = lib.mkIf config.deploy.profile.gui {
+    networking = {
+      networkmanager.enable = true;
+      resolvconf.useLocalResolver = true;
+      networkmanager.dns = "none";
+    };
+
+    services.dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        ipv6_servers = true;
+        require_dnssec = true;
+
+        sources.public-resolvers = {
+          urls = [
+            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
+            "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
+          ];
+          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+          minisign_key =
+            "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+        };
+
+        # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
+        server_names = [
+          "acsacsar-ams-ipv4"
+          "acsacsar-ams-ipv6"
+          "dnscrypt.eu-dk"
+          "dnscrypt.eu-dk-ipv6"
+          "dnscrypt.eu-nl"
+          "dnscrypt.eu-nl-ipv6"
+          "meganerd"
+          "meganerd-ipv6"
+        ];
+      };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy2";
+    };
+  };
+}

config/profiles/gui/nixos/firefox.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, lib, witch, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    xdg = {
+      portal = {
+        enable = true;
+        extraPortals = with pkgs; [
+          xdg-desktop-portal-wlr
+          xdg-desktop-portal-gtk
+        ];
+        gtkUsePortal = true;
+      };
+    };
+  };
+}

config/profiles/gui/nixos/fonts.nix

@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    fonts.fontconfig.enable = true;
+    fonts.fonts = with pkgs; [
+      font-awesome
+      nerdfonts
+      iosevka
+      emacs-all-the-icons-fonts
+    ];
+  };
+}

config/profiles/gui/nixos/gpg.nix

@@ -0,0 +1,8 @@
+{ config, pkgs, lib, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    services.pcscd.enable = true;
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+  };
+}

config/profiles/gui/nixos/mingetty.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+let
+  c1 = "\\e[22;34m";
+  c2 = "\\e[1;35m";
+  nixos_logo = [
+    " ${c1}          ::::.    ${c2}':::::     ::::'          "
+    " ${c1}          ':::::    ${c2}':::::.  ::::'           "
+    " ${c1}            :::::     ${c2}'::::.:::::            "
+    " ${c1}      .......:::::..... ${c2}::::::::             "
+    " ${c1}     ::::::::::::::::::. ${c2}::::::    ${c1}::::.     "
+    " ${c1}    ::::::::::::::::::::: ${c2}:::::.  ${c1}.::::'     "
+    " ${c2}           .....           ::::' ${c1}:::::'      "
+    " ${c2}          :::::            '::' ${c1}:::::'       "
+    " ${c2} ........:::::               ' ${c1}:::::::::::.  "
+    " ${c2}:::::::::::::                 ${c1}:::::::::::::  "
+    " ${c2} ::::::::::: ${c1}..              ${c1}:::::           "
+    " ${c2}     .::::: ${c1}.:::            ${c1}:::::            "
+    " ${c2}    .:::::  ${c1}:::::          ${c1}'''''    ${c2}.....    "
+    " ${c2}    :::::   ${c1}':::::.  ${c2}......:::::::::::::'    "
+    " ${c2}     :::     ${c1}::::::. ${c2}':::::::::::::::::'     "
+    " ${c1}            .:::::::: ${c2}'::::::::::            "
+    " ${c1}           .::::''::::.     ${c2}'::::.           "
+    " ${c1}          .::::'   ::::.     ${c2}'::::.          "
+    " ${c1}         .::::      ::::      ${c2}'::::.         "
+  ];
+in {
+  config = lib.mkIf config.deploy.profile.gui {
+    services.mingetty = {
+      greetingLine = ''
+        \e[H\e[2J
+        \e[9;10]'' + lib.concatStringsSep "\n" nixos_logo + "\n\n"
+        + "\\e[1;32m>>> NixOS ${config.system.nixos.label} (Linux \\r) - \\l\\e[0m";
+      helpLine = lib.mkForce "";
+    };
+  };
+}

config/profiles/gui/nixos/nixpkgs.nix

@@ -0,0 +1,9 @@
+{ pkgs, config, lib, ... }:
+
+{
+  nixpkgs.config = {
+    allowUnfree = true;
+    mumble.speechdSupport = true;
+    pulseaudio = true;
+  };
+}

config/profiles/gui/nixos/sound.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.deploy.profile.gui {
+    sound = {
+      enable = true;
+      extraConfig = ''
+        defaults.pcm.rate_converter "speexrate_best"
+      '';
+    };
+    hardware.pulseaudio = {
+      enable = true;
+      daemon.config = {
+        default-sample-format = "s24le";
+        default-sample-rate = 96000;
+        resample-method = "soxr-vhq";
+      };
+    };
+  };
+}