home/neovim: misc plugin changes

flake.nix

@@ -1,10 +1,11 @@
 {
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.05";
-    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
+    # nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -87,7 +88,7 @@
         android_sdk.accept_license = true;
         segger-jlink.acceptLicense = true;
         permittedInsecurePackages = [
-          "segger-jlink-qt4-794l"
+          "segger-jlink-qt4-796s"
         ];
       };
 
@@ -97,32 +98,16 @@
           config.allowUnfree = true;
           config.segger-jlink.acceptLicense = true;
           config.permittedInsecurePackages = [
-            "segger-jlink-qt4-794s"
+            "segger-jlink-qt4-796s"
           ];
         };
       in [
         (self: super: {
           inherit (nonrecursive-unstable-pkgs)
-            atuin
-            wstunnel
-            nrf-udev
-            nrfutil
-            gpclient
-            gpauth
+              calibre
+              fcitx5-mozc
             ;
         })
-
-        # https://github.com/NixOS/nixpkgs/pull/251706
-        (self: super: {
-          mozc = self.qt6Packages.callPackage ./package-overrides/mozc.nix { };
-          fcitx5-mozc = self.callPackage ./package-overrides/fcitx5-mozc.nix { };
-        })
-
-        (self: super: {
-          mpv-unwrapped = super.mpv-unwrapped.override {
-            ffmpeg = super.ffmpeg_6-full;
-          };
-        })
       ];
     };
 

home/home.nix

@@ -25,7 +25,7 @@ in {
     ./programs/ssh
     ./programs/tealdeer
     ./programs/thunderbird.nix
-    ./programs/tmux.nix
+    ./programs/tmux
     ./programs/zsh
 
     ./services/nix-channel-update.nix

home/packages.nix

@@ -91,8 +91,8 @@
       geogebra
       ghidra
       gimp
-      gnome.gnome-font-viewer
-      gnome.seahorse
+      gnome-font-viewer
+      seahorse
       google-chrome
       imhex
       inkscape

home/programs/alacritty.nix

@@ -43,9 +43,9 @@
         duration = 20;
       };
 
-      live_config_reload = true;
+      general.live_config_reload = true;
 
-      shell = {
+      terminal.shell = {
         program = "${pkgs.zsh}/bin/zsh";
         args = [ "--login" ];
       };

home/programs/neovim/default.nix

@@ -66,25 +66,59 @@
       }
       limelight-vim
       vim-tmux-navigator
-      vim-polyglot
+      # vim-polyglot
       lightline-vim
+      vim-better-whitespace
       {
-        plugin = rainbow;
+        plugin = nvim-treesitter.withAllGrammars;
         config = ''
-          let g:rainbow_active = 1
+        packadd! nvim-treesitter
+        lua << EOF
+          require'nvim-treesitter.configs'.setup {
+            highlight = {
+              enable = true,
+            },
+          }
+        EOF
+        '';
+      }
+      {
+        plugin = rainbow-delimiters-nvim;
+        config = ''
+        lua << EOF
+          local rainbow_delimiters = require 'rainbow-delimiters'
+          vim.g.rainbow_delimiters = {
+            ["highlight"] = {
+              'RainbowDelimiterRed',
+              'RainbowDelimiterYellow',
+              'RainbowDelimiterBlue',
+              'RainbowDelimiterGreen',
+              'RainbowDelimiterViolet',
+              'RainbowDelimiterCyan',
+            },
+          }
+        EOF
         '';
       }
       {
         plugin = vim-monokai;
         config = ''
           colorscheme monokai
-          autocmd ColorScheme * highlight Normal ctermbg=0
-          autocmd ColorScheme * highlight LineNr ctermbg=0
-          autocmd ColorScheme * highlight CursorLineNR ctermbg=0 ctermfg=208
-          autocmd ColorScheme * highlight SignColumn ctermbg=0
-          autocmd ColorScheme * highlight GitGutterAdd ctermbg=0
-          autocmd ColorScheme * highlight GitGutterChange ctermbg=0
-          autocmd ColorScheme * highlight GitGutterDelete ctermbg=0
+
+          autocmd ColorScheme monokai highlight Normal ctermbg=0
+          autocmd ColorScheme monokai highlight LineNr ctermbg=0
+          autocmd ColorScheme monokai highlight CursorLineNR ctermbg=0 ctermfg=208
+          autocmd ColorScheme monokai highlight SignColumn ctermbg=0
+          autocmd ColorScheme monokai highlight GitGutterAdd ctermbg=0
+          autocmd ColorScheme monokai highlight GitGutterChange ctermbg=0
+          autocmd ColorScheme monokai highlight GitGutterDelete ctermbg=0
+
+          autocmd ColorScheme monokai highlight RainbowDelimiterRed    { fg = g:terminal_color_9 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterYellow { fg = g:terminal_color_11 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterBlue   { fg = g:terminal_color_12 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterGreen  { fg = g:terminal_color_10 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterViolet { fg = g:terminal_color_13 }
+          autocmd ColorScheme monokai highlight RainbowDelimiterCyan   { fg = g:terminal_color_14 }
         '';
       }
     ];

home/programs/tmux/default.nix

@@ -1,4 +1,4 @@
-{pkgs, ...}:
+{ pkgs, lib, ... }:
 {
   programs.tmux = {
     enable = true;
@@ -19,7 +19,25 @@
       tmux-fzf
       urlview
     ];
-    extraConfig = ''
+    extraConfig = let
+      fileContentsWithoutShebang = script: lib.pipe script [
+        lib.fileContents
+        (lib.splitString "\n")
+        (lib.drop 3) # remove shebang
+        (lib.concatStringsSep "\n")
+      ];
+
+      fcitx5-status = (pkgs.writeShellApplication {
+        name = "tmux-fcitx5-status";
+        runtimeInputs = with pkgs; [ dbus ];
+        text = fileContentsWithoutShebang ./scripts/fcitx5-status.sh;
+      });
+      mpd-status = (pkgs.writeShellApplication {
+        name = "tmux-mpd-status";
+        runtimeInputs = with pkgs; [ mpc-cli gawk gnugrep ];
+        text = fileContentsWithoutShebang ./scripts/mpd-status.sh;
+      });
+    in ''
       # Don't rename windows automatically after rename with ','
       set-option -g allow-rename off
 
@@ -91,8 +109,8 @@
       ### DESIGN CHANGES ###
       ######################
 
-      set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default]  #[fg=green]#(~/.scripts/tmux/fcitx)  #[fg=red]%H:%M   '
-      set-option -g status-right '#[fg=red]#(~/.scripts/tmux/mpd)'
+      set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default]  #[fg=green]#(${lib.getExe fcitx5-status})  #[fg=red]%H:%M   '
+      set-option -g status-right '#[fg=red]#(${lib.getExe mpd-status})'
       set-window-option -g window-status-current-style fg=magenta
       set-option -g status-style 'bg=black fg=default'
       set-option -g default-shell '${pkgs.zsh}/bin/zsh'

home/programs/tmux/scripts/fcitx5-status.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p dbus
+
+printState() {
+  STATUS=$(dbus-send --session --print-reply=literal --dest='org.fcitx.Fcitx5' '/controller' 'org.fcitx.Fcitx.Controller1.CurrentInputMethod' | tr -d '[:space:]')
+
+  case $STATUS in
+    keyboard-us)
+      echo 'US'
+    ;;
+    keyboard-no)
+      echo 'NO'
+    ;;
+    mozc)
+      echo '日本語'
+    ;;
+    *)
+      echo "$STATUS?"
+    ;;
+  esac
+}
+
+while :; do
+  printState
+  sleep 1
+done

home/programs/tmux/scripts/mpd-status.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i sh -p mpc-cli gawk gnugrep
+
+while true; do
+  MPC_OUTPUT=$(mpc --format '[[%artist% - ]%title%]|[%file%]')
+
+  TITLE=$(head -n 1 <<<"$MPC_OUTPUT")
+
+  if [ ${#TITLE} -gt 60 ]; then
+    TITLE=$(awk '{print substr($0,0,57) "..."}' <<<"$TITLE")
+  fi
+
+  LINE2=$(head -n 2 <<<"$MPC_OUTPUT" | tail -n 1)
+
+  PLAY_STATUS_RAW=$(awk '{print $1}' <<<"$LINE2")
+
+  if [ "$PLAY_STATUS_RAW" == "[playing]" ]; then
+    PLAY_STATUS="▶"
+  elif [ "$PLAY_STATUS_RAW" == "[paused]" ]; then
+    PLAY_STATUS="⏸"
+  else
+    PLAY_STATUS="??"
+  fi
+
+  TIME=$(awk '{print $3}' <<<"$LINE2")
+
+  echo -e "$PLAY_STATUS $TITLE | [$TIME]"
+  sleep 1
+done

home/services/dunst.nix

@@ -3,7 +3,7 @@
   services.dunst = {
     enable = true;
     iconTheme = {
-      package = pkgs.gnome.adwaita-icon-theme;
+      package = pkgs.adwaita-icon-theme;
       name = "Adwaita";
       size = "32x32";
     };

home/services/sxhkd.nix

@@ -22,11 +22,11 @@ in
 
       # Volume
 
-      "super + {@F7,@F8}" = "${pkgs.alsaUtils}/bin/amixer set Master 2%{-,+}";
+      "super + {@F7,@F8}" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%{-,+}";
 
-      "{XF86AudioLowerVolume,XF86AudioRaiseVolume}" = "${pkgs.alsaUtils}/bin/amixer set Master 2%{-,+}";
+      "{XF86AudioLowerVolume,XF86AudioRaiseVolume}" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%{-,+}";
 
-      "XF86AudioMute" = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
+      "XF86AudioMute" = "${pkgs.wireplumber}/bin/wpctl set-mute toggle";
 
       # Music
 

hosts/common/default.nix

@@ -12,9 +12,7 @@ in {
     ./programs/ssh.nix
     ./programs/usbtop.nix
 
-    ./services/cups.nix
     ./services/dbus.nix
-    ./services/logrotate.nix
     ./services/openssh.nix
     ./services/pcscd.nix
     ./services/pipewire.nix
@@ -25,6 +23,8 @@ in {
     ./services/xserver.nix
   ];
 
+  systemd.enableStrictShellChecks = true;
+
   sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
 
   time.timeZone = "Europe/Oslo";

hosts/common/services/cups.nix

@@ -1,71 +0,0 @@
-{ config, lib, ... }:
-{
-  systemd.services = lib.mkIf config.services.printing.enable {
-    cups.serviceConfig = {
-      PrivateTmp = true;
-      ProtectSystem = "strict";
-      ProtectHome = true;
-      ProtectClock= true;
-      ProtectControlGroups = true;
-      ProtectHostname = true; 
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      PrivateDevices = true;
-      NoNewPrivileges = true;
-      # User =
-      AmbientCapabilities = [ "" ];
-      CapabilityBoundingSet = [ "" ];
-      DevicePolicy = "closed";
-      KeyringMode = "private";
-      LockPersonality = true;
-      MemoryDenyWriteExecute = true;
-      PrivateUsers = true;
-      RemoveIPC = true;
-      # RestrictAddressFamilies = [ "" ];
-      RestrictNamespaces=true;
-      RestrictRealtime=true;
-      RestrictSUIDSGID=true;
-      SystemCallArchitectures = "native";
-      SystemCallFilter = [
-        "@system-service"
-        "~@privileged"
-      ];
-      UMask = "0077";
-    };
-    cups-browsed.serviceConfig = {
-      PrivateTmp = true;
-      ProtectSystem = "strict";
-      ProtectHome = true;
-      ProtectClock= true;
-      ProtectControlGroups = true;
-      ProtectHostname = true;
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      PrivateDevices = true;
-      NoNewPrivileges = true;
-      # User =
-      AmbientCapabilities = [ "" ];
-      CapabilityBoundingSet = [ "" ];
-      DevicePolicy = "closed";
-      KeyringMode = "private";
-      LockPersonality = true;
-      MemoryDenyWriteExecute = true;
-      PrivateUsers = true;
-      RemoveIPC = true;
-      # RestrictAddressFamilies = [ "" ];
-      RestrictNamespaces=true;
-      RestrictRealtime=true;
-      RestrictSUIDSGID=true;
-      SystemCallArchitectures = "native";
-      SystemCallFilter = [
-        "@system-service"
-        "~@privileged"
-      ];
-      UMask = "0077";
-    };
-  };
-}

hosts/common/services/logrotate.nix

@@ -1,42 +0,0 @@
-{ ... }:
-{
-  # source: https://github.com/logrotate/logrotate/blob/main/examples/logrotate.service
-  systemd.services.logrotate = {
-    documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ];
-    unitConfig.RequiresMountsFor = "/var/log";
-    serviceConfig = {
-      Nice = 19;
-      IOSchedulingClass = "best-effort";
-      IOSchedulingPriority = 7;
-
-      ReadWritePaths = [ "/var/log" ];
-
-      AmbientCapabilities = [ "" ];
-      CapabilityBoundingSet = [ "" ];
-      DeviceAllow = [ "" ];
-      LockPersonality = true;
-      MemoryDenyWriteExecute = true;
-      NoNewPrivileges = true; # disable for third party rotate scripts
-      PrivateDevices = true;
-      PrivateNetwork = true; # disable for mail delivery
-      PrivateTmp = true;
-      ProtectClock = true;
-      ProtectControlGroups = true;
-      ProtectHome = true; # disable for userdir logs
-      ProtectHostname = true;
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      ProtectSystem = "full";
-      RestrictNamespaces = true;
-      RestrictRealtime = true;
-      RestrictSUIDSGID = true; # disable for creating setgid directories
-      SocketBindDeny = [ "any" ];
-      SystemCallArchitectures = "native";
-      SystemCallFilter = [
-        "@system-service"
-      ];
-    };
-  };
-}

hosts/common/services/printing.nix

@@ -1,4 +1,77 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  cfg = config.services.printing;
+in
 {
-  services.printing.enable = !config.machineVars.headless;
+  # services.printing.enable = !config.machineVars.headless;
+  services.printing.enable = false;
+
+  systemd.services = lib.mkIf cfg.enable {
+    cups.serviceConfig = {
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectClock= true;
+      ProtectControlGroups = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      PrivateDevices = true;
+      NoNewPrivileges = true;
+      # User =
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DevicePolicy = "closed";
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      RemoveIPC = true;
+      # RestrictAddressFamilies = [ "" ];
+      RestrictNamespaces=true;
+      RestrictRealtime=true;
+      RestrictSUIDSGID=true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+      ];
+      UMask = "0077";
+    };
+    cups-browsed.serviceConfig = lib.mkIf cfg.enable {
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectClock= true;
+      ProtectControlGroups = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      PrivateDevices = true;
+      NoNewPrivileges = true;
+      # User =
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DevicePolicy = "closed";
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      RemoveIPC = true;
+      # RestrictAddressFamilies = [ "" ];
+      RestrictNamespaces=true;
+      RestrictRealtime=true;
+      RestrictSUIDSGID=true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+      ];
+      UMask = "0077";
+    };
+  };
 }

hosts/dosei/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
   imports = [
     ./hardware-configuration.nix
@@ -77,14 +77,11 @@
     fstrim.enable = true;
   };
 
+  nix.buildMachines = lib.mkForce [ ];
+
   hardware = {
     bluetooth.enable = true;
     enableRedistributableFirmware = true;
     keyboard.zsa.enable = true;
-    opengl = {
-      enable = true;
-      driSupport = true;
-      driSupport32Bit = true;
-    };
   };
 }