Establish baseline

2026-04-20 04:21:11 +02:00
commit 8df205457a
26 changed files with 678 additions and 0 deletions
--- a/desktop-environment/application-browser.nix
+++ b/desktop-environment/application-browser.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+}
--- a/desktop-environment/browser.nix
+++ b/desktop-environment/browser.nix
@@ -0,0 +1,113 @@
+{ config, pkgs, ... }:
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+
+    programs.firefox = {
+        enable = true;
+        policies = {
+            AppAutoUpdate = false;
+            AllowFileSelectionDialogs = true;
+            AutofillAddressEnabled = true;
+            AutofillCreditCardEnabled = false;
+            CaptivePortal = true;
+            DisableFirefoxAccounts = true;
+            DisableSecurityBypass = {
+                InvalidCertificate = false;
+                SafeBrowsing = false;
+            };
+            DisableSetDesktopBackground = true;
+            DisableTelemetry = true;
+            ExtensionUpdate = true;
+            FirefoxHome = {
+                Search = true;
+                TopSites = true;
+                SponsoredTopSites = false;
+                Highlights = true;
+                Pocket = false;
+                Stories = false;
+                SponsoredPocket = false;
+                SponsoredStories = false;
+                Snippets = true;
+                Locked = true;
+            };
+            PictureInPicture = {
+                Enabled = true;
+                Locked = false;
+                };
+            ExtensionSettings = {
+                "nextcloud-passwords@nextcloud.com" = {
+                    installation_mode = "force_installed";
+                    install_url = "https://addons.mozilla.org/firefox/downloads/latest/nextcloud-passwords/latest.xpi";
+                };
+
+                "instapaper@instapaper.com" = {
+                    installation_mode = "force_installed";
+                    install_url = "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi";
+                };
+
+                "weh@mozilla.org" = {
+                    installation_mode = "force_installed";
+                    install_url = "https://addons.mozilla.org/firefox/downloads/latest/video-downloadhelper/latest.xpi";
+                };
+            };
+            Preferences = {
+              # Tracking Protection
+              "browser.contentblocking.category" = "strict";
+              "privacy.trackingprotection.enabled" = true;
+              "privacy.trackingprotection.socialtracking.enabled" = true;
+
+              # Cookies
+              "network.cookie.cookieBehavior" = 1; # block third-party cookies
+
+              # Fingerprinting Protection
+              "privacy.resistFingerprinting" = true;
+              "privacy.resistFingerprinting.block_mozAddonManager" = true;
+
+              # WebRTC IP Leak verhindern
+              "media.peerconnection.enabled" = false;
+
+              # Telemetrie vollständig deaktivieren
+              "toolkit.telemetry.enabled" = false;
+              "toolkit.telemetry.unified" = false;
+              "toolkit.telemetry.archive.enabled" = false;
+              "datareporting.healthreport.uploadEnabled" = false;
+              "app.shield.optoutstudies.enabled" = false;
+
+              # SafeBrowsing (lokal behalten, aber keine unnötige Kommunikation)
+              "browser.safebrowsing.downloads.remote.enabled" = false;
+
+              # HTTPS-Only Mode
+              "dom.security.https_only_mode" = true;
+
+              # DNS over HTTPS Fallback deaktivieren
+              "network.trr.mode" = 3;
+              "network.trr.uri" = "https://dns.quad9.net/dns-query";
+
+              # Referrer reduzieren
+              "network.http.referer.XOriginPolicy" = 2;
+
+              # Clipboard API nur bei User Interaction
+              "dom.events.asyncClipboard.readText" = false;
+
+              # WebGL einschränken
+              "webgl.disabled" = true;
+            };
+            SearchEngines = {
+              Default = "Ecosia";
+
+              Add = [
+                {
+                  Name = "Ecosia";
+                  URLTemplate = "https://www.ecosia.org/search?q={searchTerms}";
+                  Method = "GET";
+                }
+              ];
+
+              Remove = [ "Google" "Bing" "Amazon.com" "eBay" ];
+            };
+
+        };
+    };
+    }
--- a/desktop-environment/config.nix
+++ b/desktop-environment/config.nix
@@ -0,0 +1,42 @@
+{ pkgs, ... }:
+let
+    profile = import ../profile.nix;
+in
+{
+
+    imports  = [
+        ./browser.nix
+        #./planner.nix
+        ./window-manager.nix
+        ../applications/matrix.nix
+    ];
+
+    home.packages = with pkgs; [
+        kitty
+        pamixer
+        nemo-with-extensions
+    ];
+
+    #services.dbus.enable = true;
+    #programs.dconf.enable = true;
+
+    services.greetd = {
+      enable = true;
+      settings = {
+        default_session = {
+          command = "Hyprland";
+          user = profile.username;
+        };
+      };
+    };
+
+    xdg.portal = {
+        enable = true;
+        extraPortals = [ pkgs.xdg-desktop-portal-hyprland ];
+    };
+
+    systemd.targets.sleep.enable = false;
+    systemd.targets.suspend.enable = false;
+    systemd.targets.hibernate.enable = false;
+    systemd.targets.hybrid-sleep.enable = false;
+}
--- a/desktop-environment/file-browser.nix
+++ b/desktop-environment/file-browser.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+}
--- a/desktop-environment/planner.nix
+++ b/desktop-environment/planner.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, lib, ... }:
+let
+  tbProfile = pkgs.stdenv.mkDerivation {
+    name = "thunderbird-profile";
+    src = ./thunderbird-profile;
+
+    installPhase = ''
+      mkdir -p $out
+      cp -r . $out/
+    '';
+  };
+in
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+
+    programs.thunderbird = {
+        enable = true;
+        package = pkgs.thunderbird;
+
+        policies = {
+            DisableTelemetry = true;
+            DisableAppUpdate = true;
+
+            Preferences = {
+                "mail.provider.enabled" = false;
+                "mail.openpgp.allow_external_gnupg" = true;
+                "calendar.timezone.local" = "Europe/Berlin";
+            };
+
+            Certificates = {
+                ImportEnterpriseRoots = true;
+            };
+
+            PasswordManagerEnabled = true;
+            Cookies = {
+                "Default" = false;
+                "AcceptThirdParty" = "never";
+                "Locked" = true;
+            };
+
+            DefaultDownloadDirectory = "/tmp";
+            DisableBuiltinPDFViewer = true;
+            DisablePasswordReveal = true;
+        };
+    };
+}
--- a/desktop-environment/status-bar.nix
+++ b/desktop-environment/status-bar.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+}
--- a/desktop-environment/terminal-emulator.nix
+++ b/desktop-environment/terminal-emulator.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+}
--- a/desktop-environment/window-manager.nix
+++ b/desktop-environment/window-manager.nix
@@ -0,0 +1,9 @@
+{ pkgs, lib, ... }:
+let
+    profile = import ../profile.nix;
+in
+{
+    imports = [
+        #./window-manager/${profile.interface}.nix
+    ];
+}
--- a/desktop-environment/window-manager/hyprland.nix
+++ b/desktop-environment/window-manager/hyprland.nix
@@ -0,0 +1,59 @@
+{ pkgs, lib, ... }:
+let
+    dotfiles_hypr = pkgs.fetchgit {
+        url = "https://git.nichkara.eu/dotfiles/hypr";
+        rev = "83da92f0d64620c6503b8b2d9fa27bd79816e025";
+        sha256 = "sha256-kEKJiH0oK0PuciJZ6ucinTKX5eMWxPPZXYNS1+HIcRA=";
+    };
+
+    dotfiles_waybar = pkgs.fetchgit {
+        url = "https://git.nichkara.eu/dotfiles/waybar";
+        rev = "cd3d5d8a97f9fbc1cc8a69fc9e570dfcf669dce7";
+        sha256 = "sha256-FTpGumhxY6ChUXqnykO+aSJiFD4A80W0eqx7hXS9Iwc=";
+    };
+
+    profile = import ../../profile.nix;
+in
+{
+
+    home.packages = with pkgs; [
+        wofi
+        grim
+        swaynotificationcenter
+        swaylock
+        hyprpaper
+        lxsession
+        hyprshot
+        wayvnc
+        pamixer
+        pavucontrol
+        brightnessctl
+        python313Packages.requests
+        networkmanagerapplet
+    ];
+
+    #fonts.packages = with pkgs; [
+    #        nerd-fonts.space-mono
+    #    ];
+
+    programs.hyprland = {
+        enable = true;
+        withUWSM = true;
+        xwayland.enable = true;
+    };
+
+    programs.waybar = {
+        enable = true;
+    };
+
+    home.file.".config/hypr" = {
+        source = dotfiles_hypr;
+        recursive = true;
+    };
+
+    home.file.".config/waybar" = {
+        source = dotfiles_waybar;
+        recursive = true;
+    };
+
+}
--- a/desktop-environment/workspace-manager.nix
+++ b/desktop-environment/workspace-manager.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+    home.packages = with pkgs; [
+        # New system packages
+    ];
+}