diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index eb15537e..2f579174 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -19,11 +19,14 @@ # Modules modules = { desktop = { + browser = { + chrome.enable = true; + firefox.enable = true; + }; gnome = { enable = true; wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/bulwark.png}"; }; - browser.enable = true; }; devel = { notes.enable = true; @@ -40,7 +43,6 @@ samba-client.enable = true; }; system = { - nipr.enable = true; ssh.enable = true; terminal.enable = true; }; diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index b1f1754f..57f9f5d1 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -35,11 +35,14 @@ # Modules modules = { desktop = { + browser = { + chrome.enable = true; + firefox.enable = true; + }; gnome = { enable = true; wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/kestrel.png}"; }; - browser.enable = true; }; devel = { engineering.enable = true; @@ -63,7 +66,6 @@ }; system = { backup.enable = true; - nipr.enable = true; ssh.enable = true; terminal.enable = true; wireguard-client = { diff --git a/provision/hosts/shivan/configuration.nix b/provision/hosts/shivan/configuration.nix index 624875df..8c7d8a93 100644 --- a/provision/hosts/shivan/configuration.nix +++ b/provision/hosts/shivan/configuration.nix @@ -22,12 +22,15 @@ # Modules modules = { desktop = { + browser = { + chrome.enable = true; + firefox.enable = true; + }; gnome = { enable = true; # TODO: Add Shivan wallpaper wallpaper = "file://${../../../resources/img/wallpapers/gruvbox/bulwark.png}"; }; - browser.enable = true; }; devel = { engineering.enable = true; @@ -45,7 +48,6 @@ virt-manager.enable = false; }; system = { - nipr = true; ssh.enable = true; terminal.enable = true; }; diff --git a/provision/modules/desktop/browser.nix b/provision/modules/desktop/browser.nix deleted file mode 100644 index 76c0be8a..00000000 --- a/provision/modules/desktop/browser.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, lib, pkgs, user, ... }: - -let cfg = config.modules.desktop.browser; - -in { - options.modules.desktop.browser.enable = lib.mkEnableOption "browser"; - config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - google-chrome # Web browser developed by Google. - ]; - programs.chromium = { - enable = true; - extraOpts = { - - # Disable all manner of account-related things. - "BrowserSignin" = 0; # disable - "BrowserAddPersonEnabled" = false; - "BrowserGuestModeEnabled" = false; - "UserDisplayName" = "PolicyUser"; - "UserFeedbackAllowed" = false; - "BackgroundModeEnabled" = false; - "MetricsReportingEnabled" = false; - "BlockExternalExtensions" = true; - "AutofillAddressEnabled" = false; - "AutofillCreditCardEnabled" = false; - "PasswordManagerEnabled" = false; - "PromptForDownloadLocation" = true; - "SyncDisabled" = true; - "SpellcheckEnabled" = true; - "SpellcheckLanguage" = [ "en-US" ]; - "CloudPrintSubmitEnabled" = false; - "EnableMediaRouter" = false; - "ShowCastIconInToolbar" = false; - - # Install extensions - "ExtensionInstallForcelist" = [ - "ihennfdbghdiflogeancnalflhgmanop" # Gruvbox theme - "fkeaekngjflipcockcnpobkpbbfbhmdn" # Copy as Markdown - "pcmpcfapbekmbjjkdalcgopdkipoggdi" # MarkDownload - "nngceckbapebfimnlniiiahkandclblb" # Bitwarden - "icpgjfneehieebagbmdbhnlpiopdcmna" # New Tab Redirect - "oahiolknhkbpcolgnpljehalnhblolkm" # Shorts Blocker - "hkgfoiooedgoejojocmhlaklaeopbecg" # Picture-in-Picture (by Google) - "dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium - ]; - - # Setup bookmarks - "BookmarkBarEnabled" = true; - "ShowAppsShortcutInBookmarkBar" = false; - "ManagedBookmarks" = [ - { "toplevel_name" = "Bookmarks"; } - { "name" = "Daily"; "children" = [ - { "url" = "https://lc.tstarr.us"; name = "Chisme Mattermost"; } - { "url" = "https://rss.tstarr.us"; name = "Miniflux"; } - { "url" = "https://cloud.tstarr.us"; name = "Nextcloud"; } - { "url" = "https://git.tstarr.us"; name = "Gitea"; } - { "url" = "https://media.tstarr.us/web/index.html#!/home.html"; name = "Jellyfin"; } - { "url" = "https://home.tstarr.us"; name = "Home Assistant"; } - { "url" = "https://www.youtube.com/feed/subscriptions"; name = "Youtube"; } - { "url" = "https://gmail.com/"; name = "Mail"; } - { "url" = "https://github.com/"; name = "GitHub"; } - { "url" = "https://www.google.com/"; name = "Google"; } - { "url" = "https://www.icloud.com/"; name = "iCloud"; } - ]; } - { "name" = "Games"; "children" = [ - { "url" = "https://www.protondb.com/"; name = "ProtonDB"; } - { "url" = "https://vimm.net/"; name = "Vimm's Lair: Preserving the Classics"; } - { "url" = "https://www.dotabuff.com/"; name = "DOTABUFF"; } - ]; } - { "name" = "Homelab"; "children" = [ - { "url" = "http://localhost:8384"; name = "Syncthing"; } - { "url" = "https://github.com/starr-dusT/dotfiles"; name = "Dotfiles"; } - { "url" = "https://rssbridge.tstarr.us"; name = "RSSBridge"; } - ]; } - { "name" = "Nix"; "children" = [ - { "url" = "https://nixos.org/nix/manual/"; name = "nix-manual"; } - { "url" = "https://nixos.org/nixpkgs/manual/"; name = "nixpkgs-manual"; } - { "url" = "https://nixos.org/nixos/manual/"; name = "nixos-manual"; } - { "url" = "https://nixos.org/nixos/options.html"; name = "nixos-options"; } - { "url" = "https://discourse.nixos.org/"; name = "nixos-discourse"; } - { "url" = "https://old.reddit.com/r/nixos/"; name = "nixos-reddit"; } - { "url" = "https://nixos.wiki/"; name = "nixos-wiki"; } - ]; } - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ 8080 ]; - services.static-web-server = { - enable = true; - listen = "[::]:8080"; - root = ../../../resources/blank; - }; - }; -} diff --git a/provision/modules/desktop/browser/chrome-bookmarks.nix b/provision/modules/desktop/browser/chrome-bookmarks.nix new file mode 100644 index 00000000..172298f9 --- /dev/null +++ b/provision/modules/desktop/browser/chrome-bookmarks.nix @@ -0,0 +1,37 @@ +# Chrome bookmarks + +[ + { "toplevel_name" = "Bookmarks"; } + { "name" = "Daily"; "children" = [ + { "url" = "https://lc.tstarr.us"; name = "Chisme Mattermost"; } + { "url" = "https://rss.tstarr.us"; name = "Miniflux"; } + { "url" = "https://cloud.tstarr.us"; name = "Nextcloud"; } + { "url" = "https://git.tstarr.us"; name = "Gitea"; } + { "url" = "https://media.tstarr.us/web/index.html#!/home.html"; name = "Jellyfin"; } + { "url" = "https://home.tstarr.us"; name = "Home Assistant"; } + { "url" = "https://www.youtube.com/feed/subscriptions"; name = "Youtube"; } + { "url" = "https://gmail.com/"; name = "Mail"; } + { "url" = "https://github.com/"; name = "GitHub"; } + { "url" = "https://www.google.com/"; name = "Google"; } + { "url" = "https://www.icloud.com/"; name = "iCloud"; } + ]; } + { "name" = "Games"; "children" = [ + { "url" = "https://www.protondb.com/"; name = "ProtonDB"; } + { "url" = "https://vimm.net/"; name = "Vimm's Lair: Preserving the Classics"; } + { "url" = "https://www.dotabuff.com/"; name = "DOTABUFF"; } + ]; } + { "name" = "Homelab"; "children" = [ + { "url" = "http://localhost:8384"; name = "Syncthing"; } + { "url" = "https://github.com/starr-dusT/dotfiles"; name = "Dotfiles"; } + { "url" = "https://rssbridge.tstarr.us"; name = "RSSBridge"; } + ]; } + { "name" = "Nix"; "children" = [ + { "url" = "https://nixos.org/nix/manual/"; name = "nix-manual"; } + { "url" = "https://nixos.org/nixpkgs/manual/"; name = "nixpkgs-manual"; } + { "url" = "https://nixos.org/nixos/manual/"; name = "nixos-manual"; } + { "url" = "https://nixos.org/nixos/options.html"; name = "nixos-options"; } + { "url" = "https://discourse.nixos.org/"; name = "nixos-discourse"; } + { "url" = "https://old.reddit.com/r/nixos/"; name = "nixos-reddit"; } + { "url" = "https://nixos.wiki/"; name = "nixos-wiki"; } + ]; } +] diff --git a/provision/modules/desktop/browser/chrome.nix b/provision/modules/desktop/browser/chrome.nix new file mode 100644 index 00000000..38bb6156 --- /dev/null +++ b/provision/modules/desktop/browser/chrome.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, user, ... }: + +let cfg = config.modules.desktop.browser.chrome; +in { + options.modules.desktop.browser.chrome.enable = lib.mkEnableOption "chrome"; + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + google-chrome # Web browser developed by Google. + ]; + programs.chromium = { + enable = true; + extraOpts = { + + # Disable all manner of account-related things. + "BrowserSignin" = 0; # disable + "BrowserAddPersonEnabled" = false; + "BrowserGuestModeEnabled" = false; + "UserDisplayName" = "PolicyUser"; + "UserFeedbackAllowed" = false; + "BackgroundModeEnabled" = false; + "MetricsReportingEnabled" = false; + "BlockExternalExtensions" = true; + "AutofillAddressEnabled" = false; + "AutofillCreditCardEnabled" = false; + "PasswordManagerEnabled" = false; + "PromptForDownloadLocation" = true; + "SyncDisabled" = true; + "SpellcheckEnabled" = true; + "SpellcheckLanguage" = [ "en-US" ]; + "CloudPrintSubmitEnabled" = false; + "EnableMediaRouter" = false; + "ShowCastIconInToolbar" = false; + + # Install extensions + "ExtensionInstallForcelist" = [ + "ihennfdbghdiflogeancnalflhgmanop" # Gruvbox theme + "fkeaekngjflipcockcnpobkpbbfbhmdn" # Copy as Markdown + "pcmpcfapbekmbjjkdalcgopdkipoggdi" # MarkDownload + "nngceckbapebfimnlniiiahkandclblb" # Bitwarden + "icpgjfneehieebagbmdbhnlpiopdcmna" # New Tab Redirect + "oahiolknhkbpcolgnpljehalnhblolkm" # Shorts Blocker + "hkgfoiooedgoejojocmhlaklaeopbecg" # Picture-in-Picture (by Google) + "dbepggeogbaibhgnhhndojpepiihcmeb" # Vimium + ]; + + # Setup bookmarks + "BookmarkBarEnabled" = true; + "ShowAppsShortcutInBookmarkBar" = false; + "ManagedBookmarks" = import ./chrome-bookmarks.nix; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8080 ]; + services.static-web-server = { + enable = true; + listen = "[::]:8080"; + root = ../../../../resources/blank; + }; + }; +} diff --git a/provision/modules/desktop/browser/default.nix b/provision/modules/desktop/browser/default.nix new file mode 100644 index 00000000..65c680d7 --- /dev/null +++ b/provision/modules/desktop/browser/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + imports = [ ./chrome.nix ./firefox.nix ]; +} diff --git a/provision/modules/desktop/browser/firefox-bookmarks.nix b/provision/modules/desktop/browser/firefox-bookmarks.nix new file mode 100644 index 00000000..75c3820f --- /dev/null +++ b/provision/modules/desktop/browser/firefox-bookmarks.nix @@ -0,0 +1,11 @@ +# Firefox bookmarks + +[ + { name = "Managed Bookmarks"; toolbar = true; bookmarks = [ + { name = "Bookmarks"; bookmarks = [ + { url = "https://webmail.apps.mil/owa"; name = "WebMail";} + { url = "https://dod.teams.microsoft.us/"; name = "Teams";} + { url = "https://usaf-my.dps.mil/"; name = "OneDrive";} + ]; } + ]; } +] diff --git a/provision/modules/desktop/browser/firefox.nix b/provision/modules/desktop/browser/firefox.nix new file mode 100644 index 00000000..ac22cbc5 --- /dev/null +++ b/provision/modules/desktop/browser/firefox.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, user, ... }: + +let cfg = config.modules.desktop.browser.firefox; +in { + options.modules.desktop.browser.firefox.enable = lib.mkEnableOption "firefox"; + config = lib.mkIf cfg.enable { + # Install applications for CAC + environment.systemPackages = with pkgs; [ + opensc + pcsc-tools + pkcs11helper + ]; + + home-manager.users.${user} = { + programs.firefox = { + enable = true; + profiles.default = { + bookmarks = import ./firefox-bookmarks.nix; + isDefault = true; + name = "default"; + settings = { + "browser.bookmarks.addedImportButton" = false; + "browser.toolbars.bookmarks.visibility" = "always"; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.pinned" = []; + "browser.tabs.drawInTitlebar" = true; + "browser.tabs.inTitlebar" = 1; + }; + }; + }; + }; + }; +} diff --git a/provision/modules/desktop/default.nix b/provision/modules/desktop/default.nix index 752dbd1f..ec77af88 100644 --- a/provision/modules/desktop/default.nix +++ b/provision/modules/desktop/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, user, inputs, ... }: { - imports = [ ./keyd.nix ./browser.nix ./gnome.nix ]; + imports = [ ./browser ./keyd.nix ./gnome.nix ]; environment.systemPackages = with pkgs; [ bc # Arbitrary-precision arithmetic language. diff --git a/provision/modules/system/default.nix b/provision/modules/system/default.nix index 8f6e9248..462c0f4d 100644 --- a/provision/modules/system/default.nix +++ b/provision/modules/system/default.nix @@ -1,4 +1,4 @@ { ... }: { - imports = [ ./backup.nix ./nipr.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ]; + imports = [ ./backup.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ]; } diff --git a/provision/modules/system/nipr.nix b/provision/modules/system/nipr.nix deleted file mode 100644 index 5416ba8b..00000000 --- a/provision/modules/system/nipr.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, user, ... }: - -let cfg = config.modules.system.nipr; -in { - options.modules.system.nipr.enable = lib.mkEnableOption "nipr"; - config = lib.mkIf cfg.enable { - - environment.systemPackages = with pkgs; [ - opensc - pcsc-tools - pkcs11helper - firefox - ]; - }; -}