13 files changed, 84 insertions, 47 deletions

diff --git a/system/battery.nix b/system/battery.nix
index 42ee269..a904051 100644
--- a/system/battery.nix
+++ b/system/battery.nix
@@ -9,7 +9,7 @@ in {
   config = mkIf config.battery {
     # power monterting
     services.upower = {
-      enable = !config.minimal;
+      enable = true;
       percentageLow = 20;
       percentageCritical = 10;
       percentageAction = 4;
@@ -17,21 +17,8 @@ in {
     };
 
     # power profiles
-    services.tlp = {
-      enable = !config.minimal;
-      settings = {
-        CPU_SCALING_GOVERNOR_ON_AC = "performance";
-        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-
-        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
-        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
-
-        CPU_MIN_PERF_ON_AC = 0;
-        CPU_MAX_PERF_ON_AC = 100;
-        CPU_MIN_PERF_ON_BAT = 0;
-        CPU_MAX_PERF_ON_BAT = 20;
-      };
-    };
+    services.power-profiles-daemon.enable = true;
+    #services.tlp.enable = true;
 
     # packages
     environment.systemPackages = with pkgs; [
diff --git a/system/default.nix b/system/default.nix
index f6a6fa3..e912856 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -22,16 +22,41 @@
   ];
 
   # allow flakes
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  nix.settings.use-xdg-base-directories = true;
+  nix = {
+    channel.enable = false;
+    extraOptions = ''
+      warn-dirty = false
+    '';
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = ["nix-command" "flakes"];
+      use-xdg-base-directories = true;
+      trusted-users = ["root" "@wheel"];
+      max-jobs = config.cores / 4;
+      cores = (config.cores - 2) / config.nix.settings.max-jobs;
+    };
+  };
 
   # allow defined unfree packages
   nixpkgs.config.allowUnfreePredicate = pkg:
     builtins.elem (lib.getName pkg) config.unfreePackages;
 
+  # load overlays
+  nixpkgs.overlays = [
+    (final: _: import ../pkgs {pkgs = final;})
+  ];
+
   # set state version
   system.stateVersion = config.stateVersion;
 
+  # use tmpfs on /tmp
+  boot.tmp = {
+    useTmpfs = true;
+    tmpfsSize = "50%";
+  };
+
+  services.seatd.enable = true;
+
   # use system packages in home manager
   home-manager.useGlobalPkgs = true;
 
@@ -83,6 +108,7 @@
     wget
   ];
 
+  environment.defaultPackages = lib.mkForce [];
   environment.systemPackages = config.extraPackages;
 
   # system shell
@@ -93,6 +119,7 @@
   };
 
   # use the latest kernel
+
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
   # sysrq
@@ -106,8 +133,11 @@
 
   # docs
   documentation = {
-    info.enable = false;
+    enable = true;
+    doc.enable = false;
+    man.enable = true;
     dev.enable = false;
+    info.enable = false;
     nixos.enable = false;
   };
 
@@ -125,4 +155,11 @@
 
   # certs
   security.pki.certificateFiles = inputs.self.lib.certs;
+
+  # sudo
+  security.sudo.enable = false;
+  security.sudo-rs = {
+    enable = true;
+    execWheelOnly = true;
+  };
 }
diff --git a/system/desktop.nix b/system/desktop.nix
index d22a475..853296b 100644
--- a/system/desktop.nix
+++ b/system/desktop.nix
@@ -6,12 +6,8 @@
   system,
   ...
 }: let
-  inherit (lib) mkIf optionals;
+  inherit (lib) mkIf;
 in {
-  imports = [
-    inputs.preload-ng.nixosModules.default
-  ];
-
   config = mkIf config.desktops.enable {
     # nix-ld
     programs.nix-ld.enable = true;
@@ -28,6 +24,9 @@ in {
     # services
     services.libinput.enable = true;
 
+    # gtk portal?
+    programs.dconf.enable = true;
+
     # audio / video
     services.pipewire = {
       enable = true;
@@ -43,7 +42,14 @@ in {
     security.rtkit.enable = true;
 
     # printing
-    services.printing.enable = true;
+    services.printing = {
+      enable = true;
+      drivers = with pkgs; [
+        brlaser
+        cnijfilter2
+        gutenprint
+      ];
+    };
     services.avahi = {
       enable = true;
       nssmdns4 = true;
@@ -51,11 +57,8 @@ in {
     };
     users.groups.lp.members = [config.user];
 
-    # preload-ng
-    services.preload-ng = {
-      enable = true;
-      package = inputs.preload-ng.packages.${system}.preload-ng-src;
-    };
+    # secrets
+    services.gnome.gnome-keyring.enable = true;
 
     # system fonts
     fonts.packages = with pkgs; [
@@ -66,6 +69,7 @@ in {
     unfreePackages = [
       "corefonts"
       "vista-fonts"
+      "cnijfilter2"
     ];
   };
 }
diff --git a/system/desktops/default.nix b/system/desktops/default.nix
index 8f9270f..476dd72 100644
--- a/system/desktops/default.nix
+++ b/system/desktops/default.nix
@@ -1,4 +1,4 @@
-{...}: {
+_: {
   imports = [
     ./hyprland.nix
     ./ly.nix
diff --git a/system/desktops/hyprland.nix b/system/desktops/hyprland.nix
index 42a45be..b0281a3 100644
--- a/system/desktops/hyprland.nix
+++ b/system/desktops/hyprland.nix
@@ -1,12 +1,11 @@
 {
   inputs,
   config,
-  pkgs,
   lib,
   system,
   ...
 }: let
-  inherit (lib) mkIf mkDefault;
+  inherit (lib) mkIf;
   cfg = config.desktops.hyprland;
 in {
   config = mkIf cfg.enable {
@@ -17,14 +16,18 @@ in {
         inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland
       ];
       config.hyprland = {
-        default = ["hyprland" "gtk"];
+        default = lib.mkForce ["gtk"];
+        "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
         "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
         "org.freedesktop.impl.portal.OpenURI" = ["gtk"];
+        "org.freedesktop.impl.portal.Screencast" = ["hyprland"];
+        "org.freedesktop.impl.portal.Screenshot" = ["hyprland"];
       };
     };
 
     programs.hyprland = {
       enable = true;
+      withUWSM = true;
       package = inputs.hyprland.packages.${system}.hyprland;
       portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland;
     };
diff --git a/system/desktops/ly.nix b/system/desktops/ly.nix
index 49469b2..298fc4c 100644
--- a/system/desktops/ly.nix
+++ b/system/desktops/ly.nix
@@ -1,9 +1,6 @@
 {
   lib,
   config,
-  pkgs,
-  inputs,
-  system,
   ...
 }: let
   inherit (lib) mkIf;
diff --git a/system/desktops/sway.nix b/system/desktops/sway.nix
index d0838a4..6c36c12 100644
--- a/system/desktops/sway.nix
+++ b/system/desktops/sway.nix
@@ -4,7 +4,7 @@
   pkgs,
   ...
 }: let
-  inherit (lib) mkIf mkDefault;
+  inherit (lib) mkIf;
   cfg = config.desktops.sway;
 in {
   config = mkIf cfg.enable {
@@ -17,7 +17,10 @@ in {
         xdg-desktop-portal-wlr
       ];
       config.sway = {
-        default = lib.mkForce ["gtk" "wlr"];
+        default = lib.mkForce ["gtk"];
+        "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
+        "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
+        "org.freedesktop.impl.portal.OpenURI" = ["gtk"];
         "org.freedesktop.impl.portal.Screenshot" = ["wlr"];
         "org.freedesktop.impl.portal.ScreenCast" = ["wlr"];
       };
@@ -30,6 +33,7 @@ in {
         base = false;
         gtk = false;
       };
+      extraPackages = [];
     };
   };
 }
diff --git a/system/desktops/wayland.nix b/system/desktops/wayland.nix
index e11eca8..2f43fb3 100644
--- a/system/desktops/wayland.nix
+++ b/system/desktops/wayland.nix
@@ -10,12 +10,16 @@ in {
   config = mkIf cfg.enable {
     xdg.portal = {
       enable = true;
+      xdgOpenUsePortal = true;
       extraPortals = with pkgs; [
+        xdg-desktop-portal
         xdg-desktop-portal-gtk
       ];
       config.common = {
-        default = ["gtk"];
+        default = lib.mkForce ["gtk"];
         "org.freedesktop.impl.portal.Secret" = ["gnome-keyring"];
+        "org.freedesktop.impl.portal.FileChooser" = ["gtk"];
+        "org.freedesktop.impl.portal.OpenURI" = ["gtk"];
       };
     };
 
diff --git a/system/fingerprint.nix b/system/fingerprint.nix
index 1fe0560..35737f5 100644
--- a/system/fingerprint.nix
+++ b/system/fingerprint.nix
@@ -1,9 +1,7 @@
 {
   lib,
-  pkgs,
   config,
-  inputs,
-  system,
+  pkgs,
   ...
 }: let
   inherit (lib) mkIf;
@@ -12,7 +10,7 @@ in {
     services.fprintd = {
       enable = true;
       tod.enable = true;
-      tod.driver = inputs.self.packages.${system}.libfprint-2-tod1-vfs0090;
+      tod.driver = pkgs.libfprint-2-tod1-vfs0090;
     };
   };
 }
diff --git a/system/gaming/default.nix b/system/gaming/default.nix
index acb0a1f..734ece0 100644
--- a/system/gaming/default.nix
+++ b/system/gaming/default.nix
@@ -1,4 +1,4 @@
-{...}: {
+_: {
   imports = [
     ./steam.nix
   ];
diff --git a/system/virt/default.nix b/system/virt/default.nix
index d37b637..3b422be 100644
--- a/system/virt/default.nix
+++ b/system/virt/default.nix
@@ -1,4 +1,4 @@
-{...}: {
+_: {
   imports = [
     ./docker.nix
     ./qemu.nix
diff --git a/system/virt/docker.nix b/system/virt/docker.nix
index 97c57ad..9dcb7e2 100644
--- a/system/virt/docker.nix
+++ b/system/virt/docker.nix
@@ -1,7 +1,6 @@
 {
   lib,
   config,
-  pkgs,
   ...
 }: let
   inherit (lib) mkIf;
diff --git a/system/virt/qemu.nix b/system/virt/qemu.nix
index 6c068e4..64ad8c6 100644
--- a/system/virt/qemu.nix
+++ b/system/virt/qemu.nix
@@ -17,5 +17,9 @@ in {
     environment.systemPackages = with pkgs; [
       qemu
     ];
+
+    networking.firewall.trustedInterfaces = [
+      "virbr0"
+    ];
   };
 }