7 files changed, 40 insertions, 93 deletions

diff --git a/system/battery.nix b/system/battery.nix
index 42ee269..a904051 100644
--- a/system/battery.nix
+++ b/system/battery.nix
@@ -9,7 +9,7 @@ in {
   config = mkIf config.battery {
     # power monterting
     services.upower = {
-      enable = !config.minimal;
+      enable = true;
       percentageLow = 20;
       percentageCritical = 10;
       percentageAction = 4;
@@ -17,21 +17,8 @@ in {
     };
 
     # power profiles
-    services.tlp = {
-      enable = !config.minimal;
-      settings = {
-        CPU_SCALING_GOVERNOR_ON_AC = "performance";
-        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-
-        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
-        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
-
-        CPU_MIN_PERF_ON_AC = 0;
-        CPU_MAX_PERF_ON_AC = 100;
-        CPU_MIN_PERF_ON_BAT = 0;
-        CPU_MAX_PERF_ON_BAT = 20;
-      };
-    };
+    services.power-profiles-daemon.enable = true;
+    #services.tlp.enable = true;
 
     # packages
     environment.systemPackages = with pkgs; [
diff --git a/system/default.nix b/system/default.nix
index be64ff0..aba8c11 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -15,7 +15,6 @@
     ./bluetooth.nix
     ./desktop.nix
     ./fingerprint.nix
-    ./hardened.nix
     ./hardware.nix
     ./networking.nix
     ./sshd.nix
@@ -23,8 +22,18 @@
   ];
 
   # allow flakes
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  nix.settings.use-xdg-base-directories = true;
+  nix = {
+    channel.enable = false;
+    extraOptions = ''
+      warn-dirty = false
+    '';
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = ["nix-command" "flakes"];
+      use-xdg-base-directories = true;
+      trusted-users = ["root" "@wheel"];
+    };
+  };
 
   # allow defined unfree packages
   nixpkgs.config.allowUnfreePredicate = pkg:
@@ -39,6 +48,8 @@
     tmpfsSize = "50%";
   };
 
+  services.seatd.enable = true;
+
   # use system packages in home manager
   home-manager.useGlobalPkgs = true;
 
@@ -114,8 +125,11 @@
 
   # docs
   documentation = {
-    info.enable = false;
+    enable = true;
+    doc.enable = false;
+    man.enable = true;
     dev.enable = false;
+    info.enable = false;
     nixos.enable = false;
   };
 
diff --git a/system/desktop.nix b/system/desktop.nix
index 9c87d85..853296b 100644
--- a/system/desktop.nix
+++ b/system/desktop.nix
@@ -8,10 +8,6 @@
 }: let
   inherit (lib) mkIf;
 in {
-  imports = [
-    inputs.preload-ng.nixosModules.default
-  ];
-
   config = mkIf config.desktops.enable {
     # nix-ld
     programs.nix-ld.enable = true;
@@ -28,6 +24,9 @@ in {
     # services
     services.libinput.enable = true;
 
+    # gtk portal?
+    programs.dconf.enable = true;
+
     # audio / video
     services.pipewire = {
       enable = true;
@@ -47,8 +46,7 @@ in {
       enable = true;
       drivers = with pkgs; [
         brlaser
-        # FIXME: failes to compile
-        # cnijfilter2
+        cnijfilter2
         gutenprint
       ];
     };
@@ -59,12 +57,6 @@ in {
     };
     users.groups.lp.members = [config.user];
 
-    # preload-ng
-    services.preload-ng = {
-      enable = true;
-      package = inputs.preload-ng.packages.${system}.preload-ng-src;
-    };
-
     # secrets
     services.gnome.gnome-keyring.enable = true;
 
diff --git a/system/desktops/hyprland.nix b/system/desktops/hyprland.nix
index 26fa283..b0281a3 100644
--- a/system/desktops/hyprland.nix
+++ b/system/desktops/hyprland.nix
@@ -16,14 +16,18 @@ in {
         inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland
       ];
       config.hyprland = {
-        default = ["hyprland" "gtk"];
+        default = lib.mkForce ["gtk"];
+        "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
         "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
         "org.freedesktop.impl.portal.OpenURI" = ["gtk"];
+        "org.freedesktop.impl.portal.Screencast" = ["hyprland"];
+        "org.freedesktop.impl.portal.Screenshot" = ["hyprland"];
       };
     };
 
     programs.hyprland = {
       enable = true;
+      withUWSM = true;
       package = inputs.hyprland.packages.${system}.hyprland;
       portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland;
     };
diff --git a/system/desktops/sway.nix b/system/desktops/sway.nix
index 501ee41..6c36c12 100644
--- a/system/desktops/sway.nix
+++ b/system/desktops/sway.nix
@@ -17,7 +17,10 @@ in {
         xdg-desktop-portal-wlr
       ];
       config.sway = {
-        default = lib.mkForce ["gtk" "wlr"];
+        default = lib.mkForce ["gtk"];
+        "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
+        "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
+        "org.freedesktop.impl.portal.OpenURI" = ["gtk"];
         "org.freedesktop.impl.portal.Screenshot" = ["wlr"];
         "org.freedesktop.impl.portal.ScreenCast" = ["wlr"];
       };
@@ -30,6 +33,7 @@ in {
         base = false;
         gtk = false;
       };
+      extraPackages = [];
     };
   };
 }
diff --git a/system/desktops/wayland.nix b/system/desktops/wayland.nix
index e11eca8..2f43fb3 100644
--- a/system/desktops/wayland.nix
+++ b/system/desktops/wayland.nix
@@ -10,12 +10,16 @@ in {
   config = mkIf cfg.enable {
     xdg.portal = {
       enable = true;
+      xdgOpenUsePortal = true;
       extraPortals = with pkgs; [
+        xdg-desktop-portal
         xdg-desktop-portal-gtk
       ];
       config.common = {
-        default = ["gtk"];
+        default = lib.mkForce ["gtk"];
         "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
+        "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
+        "org.freedesktop.impl.portal.OpenURI" = ["gtk"];
       };
     };
 
diff --git a/system/hardened.nix b/system/hardened.nix
deleted file mode 100644
index 223b358..0000000
--- a/system/hardened.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  lib,
-  config,
-  inputs,
-  ...
-}: let
-  inherit (lib) mkIf;
-in {
-  imports = [
-    inputs.nix-mineral.nixosModules.nix-mineral
-  ];
-
-  config = mkIf config.hardened {
-    nix-mineral = {
-      enable = true;
-      settings = {
-        debug = {
-          coredump = true;
-          zram = false;
-        };
-        network = {
-          icmp = {
-            cast = true;
-            ignore-all = false;
-          };
-        };
-        kernel = {
-          cpu-mitigations = "smt-on";
-          io-uring = true;
-          lockdown = true;
-          only-signed-modules = true;
-          pti = true;
-          sysrq = "none";
-        };
-        system = {
-          yama = "relaxed";
-        };
-      };
-      extras = {
-        kernel = {
-          intelme-kmodules = false;
-        };
-        system = {
-          secure-chrony = true;
-          unprivileged-userns = false;
-        };
-      };
-      filesystems = {
-        normal = {
-          # let me run shell scripts
-          # please and thank you
-          "/home".options.noexec = lib.mkForce false;
-          "/etc".options.noexec = lib.mkForce true;
-        };
-      };
-    };
-  };
-}