feat: yet another huge commit

home/cli/zsh/aliases.nix

@@ -32,6 +32,7 @@ with pkgs; {
   agpl = "curl https://www.gnu.org/licenses/agpl-3.0.txt -o LICENSE";
   webcam = "ffplay /dev/video0";
   deploy = "nixos-rebuild --target-host root@192.168.21.69 --flake .#iapetus switch";
+  rebuild = "sudo nixos-rebuild switch --flake .#";
   g = "git";
   n = "nix";
   mnt = "udisksctl mount -b";

home/misc/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./media.nix
     ./vencord
+    ./khal.nix
     ./schizofox.nix
     ./rnnoise.nix
     ./swayidle.nix

home/misc/khal.nix

@@ -0,0 +1,41 @@
+{...}: {
+  programs.vdirsyncer.enable = true;
+  programs.khal = {
+    enable = true;
+
+    locale = {
+      timeformat = "%H:%M";
+      dateformat = "%d.%m";
+      longdateformat = "%d.%m.%Y";
+      datetimeformat = "%d.%m %H:%M";
+      longdatetimeformat = "%d.%m.%Y %H:%M";
+    };
+  };
+
+  accounts.calendar.basePath = "Calendars";
+  accounts.calendar.accounts.main = {
+    primary = true;
+    primaryCollection = "Grafik";
+    khal = {
+      enable = true;
+      color = "dark red";
+      type = "discover";
+      glob = "*";
+    };
+    local = {
+      type = "filesystem";
+      fileExt = ".ics";
+    };
+    remote = {
+      type = "caldav";
+      url = "http://192.168.21.69:5232/sioodmy/cba1abfe-7388-5310-02a3-9dd7a4e21e39/";
+      userName = "sioodmy";
+      passwordCommand = ["cat" "/run/agenix/radicale-pass"];
+    };
+    vdirsyncer = {
+      enable = true;
+      collections = ["Grafik"];
+      conflictResolution = "remote wins";
+    };
+  };
+}

home/misc/schizofox.nix

@@ -1,7 +1,10 @@
 {...}: {
   programs.schizofox = {
     enable = true;
-    security.sandbox = false;
+    security = {
+      wrapWithProxychains = false;
+      sandbox = false;
+    };
     theme = {
       colors = {
         background-darker = "181825";
@@ -18,9 +21,20 @@
         "webextension@metamask.io".install_url = "https://addons.mozilla.org/firefox/downloads/latest/ether-metamask/latest.xpi";
       };
     };
-    search = {
-      searxUrl = "search.notashelf.dev";
+    search = rec {
       defaultSearchEngine = "Searx";
+      # removeEngines = ["Bing" "Amazon.com" "eBay" "Twitter" "Wikipedia" "LibRedirect" "DuckDuckGo"];
+      searxUrl = "https://search.notashelf.dev";
+      searxQuery = "${searxUrl}/search?q={searchTerms}&categories=general";
+      # addEngines = [
+      #   {
+      #     Name = "Searxng";
+      #     Description = "Decentralized search engine";
+      #     Alias = "sx";
+      #     Method = "GET";
+      #     URLTemplate = "${searxQuery}";
+      #   }
+      # ];
     };
   };
 }

home/packages.nix

@@ -3,6 +3,7 @@
   home.packages = with pkgs; [
     ledger-live-desktop
     ledger_agent
+    calcurse
     caprine-bin
     pulseaudio
     signal-desktop

hosts/iapetus/default.nix

@@ -5,6 +5,7 @@
 }: {
   networking = {
     hostName = "iapetus";
+    defaultGateway = "192.168.21.1";
     interfaces.eth0.ipv4.addresses = [
       {
         address = "192.168.21.69";

secrets/radicale-pass.age

@@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-ed25519 naeoPA yP6blwsHEEamvoOiUL3aQB74L1qGxj3pjCRYlhW4kwM
+MfqmmFzXG0CuY7PcjsGl1jw2rrtYkIIFTQyh7zRZK1M
+-> ssh-ed25519 mUdfUg J8eRngBraeP3FHgJLK+36l0cHQ2id8SG8dxAdW02FRg
+rsUIVUCXJUdgyX115J88GLKZqOqnTvecfPtIg1yROyw
+-> ssh-ed25519 G6wImw Hpq7ZY8eH+pMd0vDQiTKwxI2hiRBTSv0ihuAW7w8Dxc
+W4M1kelpMWorzgQBzin1TnvskYMJhC+nwCLZFeuGlFM
+-> ssh-rsa 29b9iQ
+oxWYvXRI4Bbc+YN44NJDa2VpwE3AKjD6Kt+RVBXEFsMZ4xdAG9zjTHYj1i+RS97s
+QrmyeNEopvp6BEciXx1aHAaJerRqUonS0ulYCyClYsdOym1ocmuwoltMVhNgxD44
+iaBkfMsgXYi/pr1MLuTF+t6zCXXgUGyqfkI4uk3/FA3qYdllbrUQZwfNp1gbtw3t
+bfcwylyDjwsOUEBiEcffSvntDYXrMPphZSg46n/QjkNn31oxbYYha50oV6V2sMKK
+IxGFb0x/8ImB92IKT+edJNPnPxOV/epF6T3SdTV52e1vAzywJVKMYy3FoWvQobHA
+1vrfO8mOjOkVxxPrcL2A9ADtNoQWn9xp3e1T/ZUtVGgwpp6YLTKrSsTvCHWWq2QJ
+z2EkAcyt6YwWpDWQhIXrpiZO5lyf/uOVblUh7oLK3pNdBzID5AbRzWm0gLKmq1tV
+5TkcSONAXITrKA3Mnl0SvL7PgjjubPZi2IJchxmPi+ONR3Hm2dyBEPKUT7eCcsos
+UaqBUzNtqmR17bPkCcoQXxPhpQAs7RGSflQg3IMy3DfE7YB986ErEjY1pGINgrkp
+0AEjisruQ3YmWHQoc2Nz7ys0cN5/3xEo7bDGU80iGcKX55xGB836RimFeBA/dVJc
++ZakUIEl6qKiu5Pay/x2gRU6+9U+392ZV1GFFewfJXc
+--- JjYN3dlyr0490nJoZH406CEokam0+LG0w9o2heKdhJ0
+�R���*>D�fY�;��U�>u�&�2q�]fZs��;V

secrets/secrets.nix

@@ -6,8 +6,12 @@ let
 
   calypso-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhD+J2Iivt9mTVV2I79iGlqN+YQFb4PPkqle0brUKy4 root@calypso";
 
+  iapetus-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6SEc5n1jdc9u9TLrpmZZ/3MqCrAxI/8enfkC2m/L4f root@iapetus";
+
   anthe = [anthe-user anthe-host];
   calypso = [calypso-user calypso-host];
+
+  iapetus = [anthe-user calypso-user iapetus-host];
 in {
   age.identityPaths = "/persist/home/sioodmy/.ssh/id_ed25519";
   "spotify.age".publicKeys = anthe;
@@ -16,4 +20,7 @@ in {
 
   "syncthing-calypso-key.age".publicKeys = calypso;
   "syncthing-calypso-cert.age".publicKeys = calypso;
+
+  "radicale.age".publicKeys = iapetus;
+  "radicale-pass.age".publicKeys = calypso ++ anthe;
 }

system/core/bootloader.nix

@@ -16,34 +16,6 @@ in {
       useTmpfs = false;
     };
     # some kernel parameters, i dont remember what half of this shit does but who cares
-    kernelParams = [
-      # increase security of heap
-      "slab_nomerge"
-      # mitigate use-after-free vulnerabilities and erase sensitive information in memory
-      "init_on_alloc=1"
-      "init_on_free=1"
-      # make page allocations less predictable
-      "page_alloc.shuffle=1"
-      # prevent meltdown
-      "pti=on"
-      # CVE-2019-18683
-      "randomize_kstack_offset=on"
-      # disable obsolete vsyscalls
-      "vsyscall=none"
-
-      "vga=current"
-      "rd.systemd.show_status=false"
-      "rd.udev.log_level=3"
-      "udev.log_priority=3"
-      # security
-      "lsm=landlock,lockdown,yama,apparmor,bpf"
-      # disable noisy audit log
-      "audit=0"
-      # i dont use it
-      "ipv6.disable=1"
-      # passthrough
-      "iommu=pt"
-    ];
     consoleLogLevel = mkDefault 0;
     initrd.verbose = false;
     # switch from old ass lts kernel