diff --git a/dotfiles/config/gtk-3.0/settings.ini.hm-backup b/dotfiles/config/gtk-3.0/settings.ini.hm-backup new file mode 100644 index 00000000..29381baf --- /dev/null +++ b/dotfiles/config/gtk-3.0/settings.ini.hm-backup @@ -0,0 +1,24 @@ +[Settings] +gtk-application-prefer-dark-theme=true +gtk-button-images=1 +gtk-cursor-theme-name=breeze_cursors +gtk-cursor-theme-size=24 +gtk-decoration-layout=icon:minimize,maximize,close +gtk-enable-animations=true +gtk-enable-event-sounds=1 +gtk-enable-input-feedback-sounds=1 +gtk-fallback-icon-theme=gnome +gtk-font-name=Noto Sans 11 +gtk-icon-theme-name=Numix-Circle +gtk-key-theme-name=Emacs +gtk-menu-images=1 +gtk-modules=colorreload-gtk-module +gtk-primary-button-warps-slider=false +gtk-theme-name=Arc +gtk-toolbar-icon-size=GTK_ICON_SIZE_LARGE_TOOLBAR +gtk-toolbar-style=GTK_TOOLBAR_BOTH_HORIZ +gtk-xft-antialias=1 +gtk-xft-dpi=107520 +gtk-xft-hinting=1 +gtk-xft-hintstyle=hintslight +gtk-xft-rgba=rgb diff --git a/dotfiles/lib/bin/syncthing-private-vault b/dotfiles/lib/bin/syncthing-private-vault new file mode 100755 index 00000000..46f08690 --- /dev/null +++ b/dotfiles/lib/bin/syncthing-private-vault @@ -0,0 +1,118 @@ +#!/usr/bin/env bash + +set -euo pipefail + +PASS_ENTRY="syncthing/private-vault" +CIPHER_DIR="/var/lib/syncthing/sync/Private.encrypted" +MOUNT_POINT="${HOME}/Private" + +usage() { + cat <<'EOF' +Usage: syncthing-private-vault + +Commands: + init Initialize the encrypted backing directory + mount Mount the decrypted view at ~/Private + unmount Unmount ~/Private + status Show current configuration and mount status +EOF +} + +require_commands() { + local command_name + for command_name in gocryptfs pass mountpoint fusermount3 head mktemp mkdir; do + command -v "$command_name" >/dev/null 2>&1 || { + echo "Missing required command: $command_name" >&2 + exit 1 + } + done +} + +write_password_file() { + PASSWORD_FILE="$(mktemp)" + chmod 600 "$PASSWORD_FILE" + trap 'rm -f "$PASSWORD_FILE"' EXIT + pass show "$PASS_ENTRY" | head -n1 > "$PASSWORD_FILE" +} + +ensure_directories() { + mkdir -p "$CIPHER_DIR" "$MOUNT_POINT" +} + +init_vault() { + if [ -e "$CIPHER_DIR/gocryptfs.conf" ]; then + echo "Vault already initialized at $CIPHER_DIR" >&2 + return 1 + fi + + write_password_file + gocryptfs -q -init -passfile "$PASSWORD_FILE" "$CIPHER_DIR" +} + +mount_vault() { + if mountpoint -q "$MOUNT_POINT"; then + echo "Vault already mounted at $MOUNT_POINT" + return 0 + fi + + if [ ! -e "$CIPHER_DIR/gocryptfs.conf" ]; then + echo "Vault has not been initialized yet: $CIPHER_DIR/gocryptfs.conf is missing" >&2 + return 1 + fi + + write_password_file + exec gocryptfs -q -passfile "$PASSWORD_FILE" "$CIPHER_DIR" "$MOUNT_POINT" +} + +unmount_vault() { + if ! mountpoint -q "$MOUNT_POINT"; then + echo "Vault is not mounted at $MOUNT_POINT" + return 0 + fi + + fusermount3 -u "$MOUNT_POINT" +} + +status_vault() { + echo "pass entry: $PASS_ENTRY" + echo "cipher dir: $CIPHER_DIR" + echo "mount point: $MOUNT_POINT" + + if [ -e "$CIPHER_DIR/gocryptfs.conf" ]; then + echo "initialized: yes" + else + echo "initialized: no" + fi + + if mountpoint -q "$MOUNT_POINT"; then + echo "mounted: yes" + else + echo "mounted: no" + fi +} + +main() { + require_commands + ensure_directories + + case "${1:-}" in + init) + init_vault + ;; + mount) + mount_vault + ;; + unmount) + unmount_vault + ;; + status) + status_vault + ;; + *) + usage >&2 + exit 1 + ;; + esac +} + +main "$@" diff --git a/nixos/action-cache-dir/actions-checkout@v3 b/nixos/action-cache-dir/actions-checkout@v3 new file mode 160000 index 00000000..f43a0e5f --- /dev/null +++ b/nixos/action-cache-dir/actions-checkout@v3 @@ -0,0 +1 @@ +Subproject commit f43a0e5ff2bd294095638e18286ca9a3d1956744 diff --git a/nixos/action-cache-dir/actions-upload-artifact@v3 b/nixos/action-cache-dir/actions-upload-artifact@v3 new file mode 160000 index 00000000..a8a3f3ad --- /dev/null +++ b/nixos/action-cache-dir/actions-upload-artifact@v3 @@ -0,0 +1 @@ +Subproject commit a8a3f3ad30e3422c9c7b888a15615d19a852ae32 diff --git a/nixos/action-cache-dir/jtmullen-submodule-branch-check-action@v1 b/nixos/action-cache-dir/jtmullen-submodule-branch-check-action@v1 new file mode 160000 index 00000000..ab0d3a69 --- /dev/null +++ b/nixos/action-cache-dir/jtmullen-submodule-branch-check-action@v1 @@ -0,0 +1 @@ +Subproject commit ab0d3a69278e3fa0a2d4f3be3199d2514b676e13 diff --git a/nixos/action-cache-dir/shimataro-ssh-key-action@v2 b/nixos/action-cache-dir/shimataro-ssh-key-action@v2 new file mode 160000 index 00000000..d4fffb50 --- /dev/null +++ b/nixos/action-cache-dir/shimataro-ssh-key-action@v2 @@ -0,0 +1 @@ +Subproject commit d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 37ee0fc2..14a9ed0c 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -39,6 +39,7 @@ ./ssh.nix ./sni.nix ./syncthing.nix + ./syncthing-private-vault.nix ./taffybar.nix ./tailscale.nix ./tts.nix diff --git a/nixos/home-manager.nix b/nixos/home-manager.nix index 8c586548..6084d583 100644 --- a/nixos/home-manager.nix +++ b/nixos/home-manager.nix @@ -30,8 +30,7 @@ in { xdg.mimeApps = lib.mkIf nixos.config.myModules.desktop.enable ( let browser = "google-chrome.desktop"; - imageViewer = "org.gnome.Loupe.desktop"; - fallbackImageViewer = "okularApplication_kimgio.desktop"; + imageViewer = "org.kde.gwenview.desktop"; pdfViewer = "okularApplication_pdf.desktop"; comicViewer = "okularApplication_comicbook.desktop"; djvuViewer = "okularApplication_djvu.desktop"; @@ -51,6 +50,7 @@ in { "image/bmp" "image/gif" "image/heic" + "image/heif" "image/jpeg" "image/jxl" "image/png" @@ -60,9 +60,6 @@ in { "image/vnd.microsoft.icon" "image/webp" ]) - // (mimeMap fallbackImageViewer [ - "image/heif" - ]) // (mimeMap pdfViewer [ "application/pdf" "application/x-bzpdf" @@ -169,6 +166,28 @@ in { } ); + home.activation.refreshChromeDesktopMimeCache = lib.hm.dag.entryAfter ["writeBoundary"] '' + applications_dir="$HOME/.local/share/applications" + + if [ -d "$applications_dir" ]; then + for desktop_file in \ + "$applications_dir/google-chrome.desktop" \ + "$applications_dir/com.google.Chrome.desktop" + do + if [ -f "$desktop_file" ]; then + ${pkgs.gnused}/bin/sed -i \ + -e 's,image/gif;,,g' \ + -e 's,image/jpeg;,,g' \ + -e 's,image/png;,,g' \ + -e 's,image/webp;,,g' \ + "$desktop_file" + fi + done + + ${pkgs.desktop-file-utils}/bin/update-desktop-database "$applications_dir" >/dev/null 2>&1 || true + fi + ''; + xsession = { enable = true; preferStatusNotifierItems = true; diff --git a/nixos/overlay.nix b/nixos/overlay.nix index 0d4d8bc7..21c51038 100644 --- a/nixos/overlay.nix +++ b/nixos/overlay.nix @@ -59,6 +59,11 @@ in cp "${prev.google-chrome}/share/applications/$desktopName" "$desktopFile" substituteInPlace "$desktopFile" \ --replace-fail "${prev.google-chrome}/bin/google-chrome-stable" "$out/bin/google-chrome-stable" + substituteInPlace "$desktopFile" \ + --replace-fail "image/gif;" "" \ + --replace-fail "image/jpeg;" "" \ + --replace-fail "image/png;" "" \ + --replace-fail "image/webp;" "" fi done ''; diff --git a/nixos/result b/nixos/result new file mode 120000 index 00000000..785c3aa3 --- /dev/null +++ b/nixos/result @@ -0,0 +1 @@ +/nix/store/hyqw547cingjqmviy6qj76aa1p084jwn-nixos-system-ryzen-shine-26.05pre-git \ No newline at end of file diff --git a/nixos/syncthing-private-vault.nix b/nixos/syncthing-private-vault.nix new file mode 100644 index 00000000..ed98e10c --- /dev/null +++ b/nixos/syncthing-private-vault.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: let + cipherDir = "/var/lib/syncthing/sync/Private.encrypted"; + mountPoint = "/home/imalison/Private"; +in + lib.mkIf config.myModules.syncthing.enable { + system.activationScripts.syncthingPrivateVault = { + text = '' + install -d -o syncthing -g syncthing -m 2770 ${lib.escapeShellArg cipherDir} + ''; + }; + + home-manager.users.imalison = {lib, ...}: { + home.packages = [pkgs.gocryptfs]; + + home.activation.ensureSyncthingPrivateVaultMountpoint = lib.hm.dag.entryAfter ["writeBoundary"] '' + mkdir -p ${lib.escapeShellArg mountPoint} + ''; + }; + }