Add 'trivionomicon/' from commit '0ae8676d50'

git-subtree-dir: trivionomicon
git-subtree-mainline: 00d3799f90
git-subtree-split: 0ae8676d50

trivionomicon/modules/athena-bccr/default.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  pkgs,
+  doctrine,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "athena-bccr";
+  hm = ./hm.nix;
+  sys = ./sys.nix;
+  options = ./options.nix;
+}

trivionomicon/modules/athena-bccr/hm.nix

@@ -0,0 +1,14 @@
+{
+  pkgs,
+  lib,
+  cfg,
+  doctrine,
+  ...
+}: let
+  athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
+in {
+  home.packages = [
+    athena.firmador
+    (athena.gaudi.override {inherit (cfg) gaudiHash;})
+  ];
+}

trivionomicon/modules/athena-bccr/options.nix

@@ -0,0 +1,30 @@
+{lib, ...}:
+with lib.types; {
+  hm = {
+    gaudiHash = lib.mkOption {
+      type = nullOr str;
+      default = null;
+      description = "hash of the Gaudi client";
+    };
+
+    release = lib.mkOption {
+      type = str;
+      default = "latest";
+      description = "pinned athena-bccr release tag";
+    };
+  };
+
+  sys = {
+    group = lib.mkOption {
+      type = str;
+      default = "users";
+      description = "user group with full access to the smartcard reader";
+    };
+
+    release = lib.mkOption {
+      type = str;
+      default = "latest";
+      description = "pinned athena-bccr release tag";
+    };
+  };
+}

trivionomicon/modules/athena-bccr/sys.nix

@@ -0,0 +1,35 @@
+{
+  pkgs,
+  lib,
+  cfg,
+  doctrine,
+  ...
+}: let
+  athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
+in {
+  environment = {
+    etc = {
+      "Athena".source = "${athena.ase-pkcs11}/etc/Athena";
+
+      "pkcs11/modules/asep11".text = ''
+        module: ${athena.libasep11}
+      '';
+    };
+
+    systemPackages = [athena.ase-pkcs11];
+  };
+
+  #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
+  security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
+
+  services = {
+    pcscd.enable = true;
+
+    udev.extraRules = ''
+      # Athena Smartcard Solutions, Inc. ASEDrive V3CR
+      ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess"
+    '';
+  };
+
+  users.groups.${cfg.group} = {};
+}

trivionomicon/modules/default.nix

@@ -0,0 +1,3 @@
+{doctrine, ...}: {
+  imports = builtins.attrValues (doctrine.lib.importAll {root = ./.;});
+}

trivionomicon/modules/laptop/default.nix

@@ -0,0 +1,10 @@
+{
+  config,
+  doctrine,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "laptop";
+  sys = ./sys.nix;
+}

trivionomicon/modules/laptop/sys.nix

@@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  services = {
+    tlp.enable = lib.mkDefault true;
+    upower.enable = lib.mkDefault true;
+  };
+}

trivionomicon/modules/nix-registry/default.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  lib,
+  pkgs,
+  doctrine,
+  flakes,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "nix-registry";
+  hm = ./hm.nix;
+  options = ./options.nix;
+
+  passthru = {inherit flakes;};
+}

trivionomicon/modules/nix-registry/hm.nix

@@ -0,0 +1,23 @@
+{
+  pkgs,
+  lib,
+  cfg,
+  flakes,
+  ...
+}: let
+  registryName = name:
+    if name == "self"
+    then cfg.renameSelf
+    else name;
+
+  registryFilter = {
+    nixpkgs = true;
+    unstable = true;
+    self = cfg.renameSelf != null;
+  };
+in {
+  nix.registry =
+    lib.mapAttrs'
+    (name: value: lib.nameValuePair (registryName name) {flake = value;})
+    (lib.filterAttrs (name: _: registryFilter.${name} or cfg.allInputs) flakes);
+}

trivionomicon/modules/nix-registry/options.nix

@@ -0,0 +1,19 @@
+{lib, ...}:
+with lib.types; {
+  hm = {
+    allInputs = mkOption {
+      type = bool;
+      default = default;
+      description = ''
+        Include all flake inputs. If false, only 'nixpkgs' and 'unstable'
+        (if available) will be added to the flake registry by default.
+      '';
+    };
+
+    renameSelf = mkOption {
+      type = nullOr str;
+      default = "self";
+      description = "Registry name to use for the 'self' input";
+    };
+  };
+}

trivionomicon/modules/sway/default.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  pkgs,
+  doctrine,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "sway";
+  sys = ./sys.nix;
+  options = ./options.nix;
+}

trivionomicon/modules/sway/options.nix

@@ -0,0 +1,3 @@
+{...}: {
+  sys = {};
+}

trivionomicon/modules/sway/sys.nix

@@ -0,0 +1,45 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  services.libinput.enable = true;
+  hardware.graphics.enable = true;
+
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = with pkgs; [xdg-desktop-portal-gtk];
+    xdgOpenUsePortal = true;
+
+    # warning: xdg-desktop-portal 1.17 reworked how portal implementations are loaded, you
+    # should either set `xdg.portal.config` or `xdg.portal.configPackages`
+    # to specify which portal backend to use for the requested interface.
+    #
+    # https://github.com/flatpak/xdg-desktop-portal/blob/1.18.1/doc/portals.conf.rst.in
+    #
+    # If you simply want to keep the behaviour in < 1.17, which uses the first
+    # portal implementation found in lexicographical order, use the following:
+    #
+    # xdg.portal.config.common.default = "*";
+    config.common.default = "*";
+  };
+
+  environment = {
+    sessionVariables.NIXOS_OZONE_WL = "1";
+
+    systemPackages = with pkgs; [
+      qt5.qtwayland
+      qt6.qtwayland
+    ];
+  };
+
+  programs = {
+    gtklock = {
+      enable = lib.mkDefault true;
+
+      config = {};
+      modules = [];
+    };
+  };
+}

trivionomicon/modules/thinkpad/default.nix

@@ -0,0 +1,11 @@
+{
+  config,
+  doctrine,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "thinkpad";
+  sys = ./sys.nix;
+  requires = ["laptop"];
+}

trivionomicon/modules/thinkpad/sys.nix

@@ -0,0 +1,30 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  # For suspending to RAM to work, set Config -> Power -> Sleep State to "Linux" in EFI.
+  # See https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)#Suspend_issues
+  # Fingerprint sensor requires a firmware-update to work.
+
+  boot = {
+    extraModulePackages = with config.boot.kernelPackages; [acpi_call];
+    extraModprobeConfig = "options iwlwifi 11n_disable=1 wd_disable=1";
+
+    # acpi_call makes tlp work for newer thinkpads
+    kernelModules = ["acpi_call"];
+
+    # Force use of the thinkpad_acpi driver for backlight control.
+    # This allows the backlight save/load systemd service to work.
+    kernelParams = ["acpi_backlight=native"];
+  };
+
+  hardware.firmware = [pkgs.sof-firmware];
+
+  services = {
+    fprintd.enable = lib.mkDefault true;
+    thinkfan.enable = lib.mkDefault true;
+    tp-auto-kbbl.enable = lib.mkDefault true;
+  };
+}

trivionomicon/modules/yubico/default.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  pkgs,
+  doctrine,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "yubico";
+  hm = ./hm.nix;
+  sys = ./sys.nix;
+}

trivionomicon/modules/yubico/hm.nix

@@ -0,0 +1,9 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  home.packages = [
+    pkgs.yubikey-manager
+  ];
+}

trivionomicon/modules/yubico/sys.nix

@@ -0,0 +1,14 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.etc."pkcs11/modules/ykcs11".text = ''
+    module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so
+  '';
+
+  services = {
+    pcscd.enable = true;
+    udev.packages = [pkgs.yubikey-personalization];
+  };
+}