start refactoring shared code into modules, update the lock, do some other minor fixes

modules/nixos/shared-packages/desktop-settings/default.nix

@@ -0,0 +1,144 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  imports = [
+    ./firefox
+  ];
+  services.udev.extraRules =  ''
+    KERNEL=="hidraw*", ATTRS{idVendor}=="057e", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", ATTRS{idProduct}=="6012", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*2DC8:6012*", MODE="0660", TAG+="uaccess"
+  '';
+
+  fonts.packages =  [pkgs.ttf-ms-win10];
+
+  programs = {
+    # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
+    command-not-found.enable = lib.mkForce false;
+    # nix-index.enable = true;
+    nix-index-database.comma.enable = true;
+
+    direnv = {
+      enable = true;
+    };
+
+    # steam = {
+    #   enable = true;
+    #   remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    #   dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+    #   extest.enable = true;
+    # };
+    kdeconnect.enable = true;
+
+    noisetorch = {
+      enable = true;
+    };
+  };
+
+  xdg.portal.enable = true;
+
+  # Enable networking
+  networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+  services = {
+    # Enable the X11 windowing system.
+    xserver.enable = true;
+
+    # Enable the KDE Plasma Desktop Environment.
+    # displayManager.sddm = {
+    #   enable = true;
+    #   wayland.enable = true;
+    # };
+    displayManager.defaultSession = lib.mkDefault "plasma";
+    desktopManager.plasma6.enable = true;
+    desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;
+
+    # Enable flatpak support
+    flatpak.enable = true;
+    packagekit.enable = true;
+
+    # Configure keymap in X11
+    xserver.xkb = {
+      layout = "us";
+      variant = "";
+      options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
+    };
+
+    # Enable CUPS to print documents.
+    printing.enable = true;
+
+    # Enable fwupd daemon and user space client
+    fwupd.enable = true;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+      wireplumber.enable = true;
+    };
+
+    avahi = {
+      nssmdns4 = true;
+      enable = true;
+      ipv4 = true;
+      ipv6 = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        workstation = true;
+      };
+    };
+  };
+  hardware = {
+    graphics.enable32Bit = true;
+
+    # Enable bluetooth hardware
+    bluetooth.enable = true;
+  };
+  security.rtkit.enable = true;
+
+  services.pulseaudio.enable = false;
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+  };
+  security.tpm2 = {
+    enable = true;
+    pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+    tctiEnvironment.enable = true;
+  }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+  users.users.lillian.extraGroups = ["tss"];
+  boot = {
+    # tss group has access to TPM devices
+    bootspec.enable = true;
+    binfmt.emulatedSystems = ["aarch64-linux"];
+    #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+    #boot.supportedFilesystems = ["bcachefs"];
+    extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
+    kernelModules = [
+      # Virtual Camera
+      "v4l2loopback"
+      # Virtual Microphone, built-in
+      "snd-aloop"
+    ];
+
+    # Set initial kernel module settings
+    extraModprobeConfig = ''
+      # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
+      # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
+      # https://github.com/umlaeute/v4l2loopback
+      options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
+    '';
+    loader.systemd-boot.configurationLimit = 3;
+    loader.efi.canTouchEfiVariables = true;
+};
+}

modules/nixos/shared-packages/desktop-settings/firefox/default.nix

@@ -0,0 +1,182 @@
+{pkgs, ...}: {
+  programs.firefox = {
+    enable = true;
+    package = pkgs.librewolf;
+    policies = {
+      DisableTelemetry = true;
+      DisableFirefoxStudies = true;
+      DisablePocket = true;
+      DisableFirefoxAccounts = true;
+      DisableAccounts = true;
+      DisableProfileImport = true;
+      OverrideFirstRunPage = "";
+      OverridePostUpdatePage = "";
+      DontCheckDefaultBrowser = true;
+      DisplayBookmarksToolbar = "newtab";
+      ManualAppUpdateOnly = true;
+      OfferToSaveLogins = false;
+      PasswordManagerEnabled = false;
+      DownloadDirectory = "\${home}/Downloads";
+      EnableTrackingProtection = {
+        Value = true;
+        Cryptomining = true;
+        Fingerprinting = true;
+      };
+      ExtensionSettings = {
+        # "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
+        # Catppuccin Macchiato - Mauve theme:
+        "{55750c61-e5f3-4d9a-898d-0643b3093678}" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/catppuccin-macchiato-mauve/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Sideberry:
+        #"{3c078156-979c-498b-8990-85f7987dd929}" = {
+        #  install_url = "https://addons.mozilla.org/firefox/downloads/latest/sidebery/latest.xpi";
+        #  installation_mode = "force_installed";
+        #};
+        # Privacy Badger:
+        "jid1-MnnxcxisBPnSXQ@jetpack" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Bitwarden:
+        "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Libredirect:
+        "7esoorv3@alefvanoon.anonaddy.me" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/libredirect/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # DarkReader:
+        "addon@darkreader.org" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # SimpleLogin:
+        "addon@simplelogin" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/simplelogin/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Cookie Auto Delete:
+        "CookieAutoDelete@kennydo.com" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/cookie-autodelete/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Don't fuck with paste:
+        "DontFuckWithPaste@raim.ist" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/don-t-fuck-with-paste/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Firefox pwas:
+        "firefoxpwa@filips.si" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/pwas-for-firefox/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Consent o matic:
+        "gdpr@cavi.au.dk" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Mailvelope:
+        "jid1-AQqSMBYb0a8ADg@jetpack" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/mailvelope/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # KDE connect:
+        "kde-connect@0xc0dedbad.com" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/kde-connect/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Plasma browser integration:
+        "plasma-browser-integration@kde.org" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Shinigami eyes:
+        "shinigamieyes@shinigamieyes" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/shinigami-eyes/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # uBlock Origin:
+        "uBlock0@raymondhill.net" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # uBlock Scope:
+        "uBO-Scope@raymondhill.net" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/ubo-scope/latest.xpi";
+          installation_mode = "force_installed";
+        };
+        # Wayback machine:
+        "wayback_machine@mozilla.org" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/file/4047136/wayback_machine_new-3.2.xpi";
+          installation_mode = "force_installed";
+        };
+        # Tree Style Tabs
+        # "treestyletab@piro.sakura.ne.jp" = {
+        #   install_url = "https://addons.mozilla.org/firefox/downloads/latest/tree-style-tab/latest.xpi";
+        #   installation_mode = "force_installed";
+        # };
+        # Adaptive Tab Bar Colour
+        "ATBC@EasonWong" = {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/Adaptive-Tab-Bar-Colour/latest.xpi";
+          installation_mode = "force_installed";
+        };
+      };
+      FirefoxHome = {
+        Search = true;
+        TopSites = false;
+        SponsoredTopSites = false;
+        Highlights = false;
+        Pocket = false;
+        SponsoredPocket = false;
+        Snippets = false;
+      };
+      FirefoxSuggest = {
+        WebSuggestions = false;
+        SponsoredSuggestions = false;
+        ImproveSuggest = false;
+      };
+      Preferences = {
+        "browser.compactmode.show" = true;
+        "browser.uidensity" = 0;
+        # "browser.newtabpage.activity-stream.feeds.topsites" = false;
+        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
+        "browser.newtabpage.activity-stream.showSponsored" = false;
+        "browser.newtabpage.activity-stream.system.showSponsored" = false;
+        "font.name.serif.x-western" = "Crimson";
+        "font.name.sans-serif.x-western" = "Atkinson Hyperlegible";
+        "font.name.monospace.x-western" = "FiraCode Nerd Font";
+        "font.size.variable.x-western" = 14;
+        "floorp.browser.sidebar.useIconProvider" = "duckduckgo";
+        "floorp.browser.tabbar.settings" = 2;
+        "floorp.browser.tabs.verticaltab" = true;
+        "floorp.tabbar.style" = 2;
+        "floorp.browser.user.interface" = 8;
+        "signon.rememberSignons" = true;
+        "browser.ml.chat.enabled" = false;
+        "browser.ml.chat.shortcuts" = false;
+      };
+      # TODO: switch to ManagedBookmarks as this will be dropped at some point https://mozilla.github.io/policy-templates/#managedbookmarks
+      # Bookmarks = [
+      #   {
+      #     Title = "NixOS wiki";
+      #     Placement = "toolbar";
+      #     URL = "https://nixos.wiki/";
+      #   }
+      #   {
+      #     Title = "NixOS options";
+      #     Placement = "toolbar";
+      #     URL = "https://nixos.org/manual/nixos/stable/options";
+      #   }
+      #   {
+      #     Title = "NixOS home-manager options";
+      #     Placement = "toolbar";
+      #     URL = "https://nix-community.github.io/home-manager/options.xhtml";
+      #   }
+      # ];
+    };
+  };
+}