diff --git a/common/desktop_environment/sway/default.nix b/common/desktop_environment/sway/default.nix index 71a46c1..3afa420 100644 --- a/common/desktop_environment/sway/default.nix +++ b/common/desktop_environment/sway/default.nix @@ -115,14 +115,10 @@ with lib; # Ensure graphics/OpenGL are enabled so Sway uses GPU-backed rendering hardware.graphics = { - enable = true; - # Keep defaults; Sway runs fine with mesa in system - }; - - hardware.opengl = { enable = true; # extraPackages can be used to force vendor-specific mesa/drivers if needed - extraPackages = with pkgs; []; + # Keep defaults; Sway runs fine with mesa in system + # extraPackages = with pkgs; []; }; # Environment variables diff --git a/common/desktop_environment/sway/home_manager/sway.nix b/common/desktop_environment/sway/home_manager/sway.nix index d14f573..49a95f4 100644 --- a/common/desktop_environment/sway/home_manager/sway.nix +++ b/common/desktop_environment/sway/home_manager/sway.nix @@ -18,6 +18,8 @@ in enable = true; xwayland = true; + systemd.enable = true; + config = lib.mkMerge [ rec { modifier = "Mod4"; # SUPER @@ -181,7 +183,8 @@ in { command = "exec sh -c 'sleep 0.01; swaymsg workspace number 7 ; sleep 0.01; swaymsg workspace number 1'"; } - { command = "pgrep waybar >/dev/null || waybar"; } + # Waybar is managed by Home Manager systemd unit + # { command = "pgrep waybar >/dev/null || waybar"; } ]; } cfg.extraOptions diff --git a/common/general/default.nix b/common/general/default.nix index 49e8900..9212944 100644 --- a/common/general/default.nix +++ b/common/general/default.nix @@ -65,10 +65,24 @@ in networking = { hostName = top_cfg.systemName; nftables.enable = true; + # Clears firewall rules on reboot, only ones set in config will be remade nftables.flushRuleset = true; firewall.enable = true; }; + # services.opensnitch = { + # enable = true; + # settings = { + # Firewall = if config.networking.nftables.enable then "nftables" else "iptables"; + # InterceptUknown = true; + # ProcMonitorMethod = "ebpf"; + # DefaultAction = "deny"; + # }; + # rules = { + # + # }; + # }; + # Enable flakes nix.settings.experimental-features = lib.mkIf cfg.flakeOptions [ "nix-command" diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 44cf53f..00f1791 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1755946532, - "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=", + "lastModified": 1759499898, + "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada", + "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798", "type": "github" }, "original": { @@ -67,22 +67,17 @@ "home-manager": "home-manager", "hyprland": "hyprland", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_3", "ragenix": "ragenix" }, "locked": { - "lastModified": 1760053007, - "narHash": "sha256-0csJRXdWM+ybfB41g6Ptndi0WRU33onQRH0SdNKZmio=", - "ref": "refs/heads/master", - "rev": "8e5e514b169b62833457d6d851bb1437fb8a8257", - "revCount": 711, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -273,11 +268,11 @@ ] }, "locked": { - "lastModified": 1758192433, - "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=", + "lastModified": 1759490292, + "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7", + "rev": "9431db625cd9bb66ac55525479dce694101d6d7a", "type": "github" }, "original": { @@ -302,11 +297,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1759094452, - "narHash": "sha256-j7IOTFnQRDjX4PzYb2p6CPviAc8cDrcorzGpM8J89uM=", + "lastModified": 1759988134, + "narHash": "sha256-uVaAXjJgo2/uGJz6lD+Bn5nBBmW5AAr2n8lW7v7h0PI=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "f854b5bffbdd13cfe7edad0ee157d6947ff99619", + "rev": "b965fb2a40b132209b58f511e2604a2939461818", "type": "github" }, "original": { @@ -404,11 +399,11 @@ ] }, "locked": { - "lastModified": 1757694755, - "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=", + "lastModified": 1759080228, + "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c", + "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7", "type": "github" }, "original": { @@ -436,11 +431,11 @@ ] }, "locked": { - "lastModified": 1756810301, - "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=", + "lastModified": 1758927902, + "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931", + "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da", "type": "github" }, "original": { @@ -463,11 +458,11 @@ ] }, "locked": { - "lastModified": 1756117388, - "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=", + "lastModified": 1759619523, + "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0", + "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef", "type": "github" }, "original": { @@ -537,11 +532,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -553,11 +548,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758198701, - "narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=", + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { @@ -568,22 +563,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -599,13 +578,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1759143472, - "narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=", + "lastModified": 1760423683, + "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23", + "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", "type": "github" }, "original": { @@ -615,7 +594,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1759772810, "narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=", @@ -1539,7 +1518,7 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -1559,14 +1538,14 @@ "root": { "inputs": { "common": "common", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-unstable": "nixpkgs-unstable", "ros_neovim": "ros_neovim" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1625,11 +1604,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1759884037, - "narHash": "sha256-b7NRujkErYwxiTIYBLFHO07plS0caVR5CQZbcitBIgE=", + "lastModified": 1760630879, + "narHash": "sha256-H1ZHzlSpu2dxnM69OYCB6qJVZfVIbR3hBu3LcVW2eKw=", "ref": "refs/heads/master", - "rev": "468195ab00baa215392dbef52018e180579498b5", - "revCount": 309, + "rev": "d1172c40fd221200a1c7f924d0e43b395f3338ad", + "revCount": 310, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 74da5a6..fff7388 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -81,6 +81,7 @@ trilium-desktop dig traceroute + # opensnitch-ui ]; # Also allow this key to work for root user, this will let us use this as a remote builder easier users.users.root.openssh.authorizedKeys.keys = [ @@ -168,6 +169,8 @@ zoxide zsh ]; + + # services.opensnitch-ui.enable = true; }; }; };