diff --git a/README.md b/README.md index 4af723c..2061594 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ And many other useful utilities. The full list can be found in the system config Failure to configure USBGuard appropriately may result in the inability to connect any USB devices to your machine. If needed, you can also disable USBGuard altogether by setting `services.usbguard.enable` to `false` in the configuration:`services.usbguard.enable = false;`. This step ensures that USBGuard is not actively blocking any USB devices. - 🚨 Also important: If you use disk encryption with LUKS and want to use encrypted swap, you need to enable swap on LUKS. This is usually auto-generated in `/etc/nixos/configuration.nix` under commented sections titled `# Setup keyfile` and `# Enable swap on luks` if you set it up during the NixOS installation process. You can simply copy this snippet to either `nixos/swap.nix`, `nixos/hardware-configuration.nix`, or `nixos/configuration.nix` (Personally, I prefer to copy it to `hardware-configuration.nix`). + 🚨 Also, important: If you use disk encryption with LUKS and want to use encrypted swap, you need to enable swap on LUKS. This is usually auto-generated in `/etc/nixos/configuration.nix` as the `boot.initrd.luks.devices."luks-...".device = "/dev/disk/by-uuid/...";` code block, if you set this option up during the NixOS installation process. You can simply copy this snippet to either `nixos/swap.nix`, `nixos/hardware-configuration.nix`, or `nixos/configuration.nix` (Personally, I prefer to copy it to `hardware-configuration.nix`). Alternatively, you can set it up manually or use [swap encryption with a random key](https://nixos.wiki/wiki/Swap#Encrypt_swap_with_random_key). @@ -123,7 +123,7 @@ And many other useful utilities. The full list can be found in the system config 5. Enable `flake` support (more [here](https://nixos.wiki/wiki/Flakes#Enable_flakes_temporarily)) on your current system. Don't forget to run `sudo nixos-rebuild switch` after enabling `flake` in your `/etc/configuration.nix`. 6. Copy or move all files (with replacements) from the `home` directory to your `$HOME` directory in Linux. 7. Copy or move all files (with replacements and **sudo** permissions) from the `nixos` directory to `/etc/nixos/`. 🚨 Ensure that `system.stateVersion = "your_version";` is correctly set to the release version of the initial installation of your system in the `configuration.nix` file. 🚨 Also, for security reasons, ensure all files in the `/etc/nixos` directory are owned by **root**. If not, change ownership using the command: `sudo chown -R root:root /etc/nixos`. -8. Run the command `sudo nixos-rebuild switch --flake /etc/nixos#your-hostname`. Replace `your-hostname` with your hostname before running the command; by default, it is set to `isitreal-laptop`. +8. Run the command `sudo nixos-rebuild switch --flake /etc/nixos#your-hostname` or `nswitchu`. If you chose first command, replace `your-hostname` with your hostname before running the command; by default, hostname is set to `isitreal-laptop`. 9. Post-installation configuration: - Import GNOME settings along with the theme by executing the following command: `dconf load / < home/.config/gnome_settings_backup.dconf`. Additionally, you can use tools like **gnome-tweaks** or **themechanger** to fine-tune specific theme preferences to your liking. diff --git a/home/.config/fish/config.fish b/home/.config/fish/config.fish index 3510955..4da0f95 100644 --- a/home/.config/fish/config.fish +++ b/home/.config/fish/config.fish @@ -9,10 +9,12 @@ alias conf="z ~/.config" alias nixos="z /etc/nixos" alias store="z /nix/store" alias nswitch="sudo nixos-rebuild switch --flake /etc/nixos" -alias nswitchu="sudo nixos-rebuild switch --flake /etc/nixos --update-input nixpkgs --update-input rust-overlay --commit-lock-file --upgrade" +alias nswitchu="sudo nixos-rebuild switch --flake /etc/nixos#isitreal-laptop --update-input nixpkgs --update-input rust-overlay --commit-lock-file --upgrade" alias nau="sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos" alias nsgc="sudo nix-store --gc" alias ngc="sudo nix-collect-garbage -d" +alias ngc7="sudo nix-collect-garbage --delete-older-than 7d" +alias ngc14="sudo nix-collect-garbage --delete-older-than 14d" # if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" -eq 1 ] # exec Hyprland diff --git a/home/.config/mimeapps.list b/home/.config/mimeapps.list index d7e2a40..a07cc80 100644 --- a/home/.config/mimeapps.list +++ b/home/.config/mimeapps.list @@ -17,12 +17,12 @@ image/x-tga=imv-folder.desktop image/x-xbitmap=imv-folder.desktop application/pdf=org.pwmt.zathura-pdf-mupdf.desktop image/svg+xml=imv-folder.desktop -x-scheme-handler/tg=userapp-Telegram Desktop-ULF1Y1.desktop +x-scheme-handler/tg=org.telegram.desktop.desktop text/plain=Helix.desktop [Added Associations] image/bmp=imv-folder.desktop; -image/gif=imv.desktop;imv-folder.desktop; +image/gif=mpv.desktop;imv.desktop;imv-folder.desktop; image/jpg=imv-folder.desktop; image/pjpeg=imv-folder.desktop; image/png=imv.desktop;imv-folder.desktop; @@ -38,7 +38,7 @@ image/x-tga=imv-folder.desktop; image/x-xbitmap=imv-folder.desktop; application/pdf=org.pwmt.zathura-pdf-mupdf.desktop; image/svg+xml=code.desktop;imv-folder.desktop; -x-scheme-handler/tg=userapp-Telegram Desktop-ULF1Y1.desktop; +x-scheme-handler/tg=userapp-Telegram Desktop-ULF1Y1.desktop;org.telegram.desktop.desktop; text/plain=Helix.desktop; image/jpeg=imv.desktop; video/mp4=umpv.desktop; diff --git a/home/.config/wezterm/wezterm.lua b/home/.config/wezterm/wezterm.lua index c355909..bedbffc 100644 --- a/home/.config/wezterm/wezterm.lua +++ b/home/.config/wezterm/wezterm.lua @@ -2,6 +2,7 @@ local wezterm = require 'wezterm' local act = wezterm.action return { + enable_wayland = true; color_scheme = 'Catppuccin Macchiato', enable_tab_bar = false, inactive_pane_hsb = { @@ -153,4 +154,4 @@ return { action = act.ClearSelection }, }, -} \ No newline at end of file +} diff --git a/nixos/clamav-scanner.nix b/nixos/clamav-scanner.nix new file mode 100644 index 0000000..b6668cd --- /dev/null +++ b/nixos/clamav-scanner.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + services.clamav.scanner = { + enable = true; + interval = "Sat *-*-* 04:00:00"; + }; +} diff --git a/nixos/flake.nix b/nixos/flake.nix index 36b7599..a1b31bd 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -17,6 +17,7 @@ # ./disable-nvidia.nix ./opengl.nix # ./fingerprint-scanner.nix + # ./clamav-scanner.nix ./yubikey.nix ./sound.nix ./usb.nix diff --git a/nixos/security-services.nix b/nixos/security-services.nix index eca417b..3d6e233 100644 --- a/nixos/security-services.nix +++ b/nixos/security-services.nix @@ -29,6 +29,8 @@ programs.browserpass.enable = true; services.clamav = { daemon.enable = true; + fangfrisch.enable = true; + fangfrisch.interval = "daily"; updater.enable = true; updater.interval = "daily"; #man systemd.time updater.frequency = 12; @@ -50,6 +52,31 @@ }; discord = { executable = "${lib.getBin pkgs.discord}/bin/discord"; + profile = "${pkgs.firejail}/etc/firejail/discord.profile"; + }; + slack = { + executable = "${lib.getBin pkgs.slack}/bin/slack"; + profile = "${pkgs.firejail}/etc/firejail/slack.profile"; + }; + telegram-desktop = { + executable = "${lib.getBin pkgs.tdesktop}/bin/telegram-desktop"; + profile = "${pkgs.firejail}/etc/firejail/telegram-desktop.profile"; + }; + brave = { + executable = "${lib.getBin pkgs.brave}/bin/brave"; + profile = "${pkgs.firejail}/etc/firejail/brave.profile"; + }; + qutebrowser = { + executable = "${lib.getBin pkgs.qutebrowser}/bin/qutebrowser"; + profile = "${pkgs.firejail}/etc/firejail/qutebrowser.profile"; + }; + thunar = { + executable = "${lib.getBin pkgs.xfce.thunar}/bin/thunar"; + profile = "${pkgs.firejail}/etc/firejail/thunar.profile"; + }; + vscodium = { + executable = "${lib.getBin pkgs.vscodium}/bin/vscodium"; + profile = "${pkgs.firejail}/etc/firejail/vscodium.profile"; }; }; }; diff --git a/nixos/users.nix b/nixos/users.nix index 95e68e1..b21951c 100644 --- a/nixos/users.nix +++ b/nixos/users.nix @@ -12,7 +12,7 @@ youtube-music discord tdesktop - vscode + vscodium brave ]; };