initial commit

packages.nix

@@ -0,0 +1,210 @@
+{ pkgs, lib, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    bat
+    black
+    blade-formatter
+    cmake
+    cifs-utils
+    coreutils
+    bluetuith
+    bluez
+    bluez-tools
+    cargo
+    claude-code
+    clevis
+    cliphist
+    dunst
+    eza
+    fd
+    ffmpeg
+    fira-code-symbols
+    fish
+    freetube
+    fuzzel
+    fzf
+    git
+    gh
+    ghostty
+    gopass
+    gopass-jsonapi
+    gopls
+    hyprpicker
+    htmx-lsp
+    imagemagick
+    inkscape
+    pavucontrol
+    pciutils
+    poppler
+    jetbrains.datagrip
+    jq
+    lazygit
+    lf
+    libreoffice
+    libvirt
+    linux-firmware
+    lua-language-server
+    luarocks
+    lutris
+    mpv
+    nerd-fonts.monaspace
+    neovim
+    niri
+    nixd
+    nixfmt-rfc-style
+    (wrapOBS {
+      plugins = with obs-studio-plugins; [
+        wlrobs
+        obs-pipewire-audio-capture
+      ];
+    })
+    php
+    php84Packages.composer
+    php84Packages.php-cs-fixer
+    phpactor
+    podman-compose
+    podman-tui
+    prettierd
+    playerctl
+    qemu_full
+    qmk
+    resvg
+    ripgrep
+    rust-analyzer
+    sshfs
+    starship
+    stow
+    stylua
+    sops
+    superhtml
+    swayimg
+    texlab
+    texlive.combined.scheme-full
+    tmux
+    thunderbird
+    tor-browser
+    unzip
+    virt-manager
+    virt-viewer
+    vscode-langservers-extracted
+    wineWow64Packages.waylandFull
+    winetricks
+    wl-clipboard
+    xdg-user-dirs
+    xwayland-satellite
+    yazi
+    zathura
+    zig_0_15
+    zls_0_15
+    zoxide
+  ];
+
+  hardware.keyboard.qmk.enable = true;
+
+  programs = {
+    fish.enable = true;
+    virt-manager.enable = true;
+    direnv.enable = true;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    nix-ld.enable = true;
+    niri.enable = true;
+    dconf.enable = true;
+  };
+
+  virtualisation.containers.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings.dns_enabled = true;
+  };
+
+  virtualisation.spiceUSBRedirection.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    extraConfig = ''
+      user="user"
+    '';
+    onBoot = "ignore";
+    onShutdown = "shutdown";
+    qemu = {
+      package = pkgs.qemu_full;
+      verbatimConfig = ''
+        cgroup_device_acl = [
+        "/dev/null", "/dev/full", "/dev/zero",
+        "/dev/random", "/dev/urandom", "/dev/ptmx",
+        "/dev/kvm", "/dev/kvmfr0"
+        ]
+      '';
+      runAsRoot = false;
+    };
+  };
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+    localNetworkGameTransfers.openFirewall = true;
+  };
+
+  programs.firejail = {
+    enable = true;
+    wrappedBinaries = {
+      chromium = {
+        executable = "${pkgs.chromium}/bin/chromium";
+        profile = "${pkgs.firejail}/etc/firejail/chromium.profile";
+        extraArgs = [
+          "--env=GTK_THEME=Adwaita:dark"
+          "--netns=wg0ns"
+          "--dns=1.1.1.1"
+        ];
+      };
+      mpv = {
+        executable = "${lib.getBin pkgs.mpv}/bin/mpv";
+        profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
+      };
+      claude = {
+        executable = "${pkgs.claude-code}/bin/claude";
+        # profile = "${pkgs.firejail}/etc/firejail/nodejs-common.profile";
+        extraArgs = [
+          "--netns=wg0ns"
+          "--dns=1.1.1.1"
+          "--whitelist=~/.cargo"
+          "--whitelist=$${HOME}/.claude"
+          "--whitelist=$${HOME}/.config/claude-code"
+          "--whitelist=$${HOME}/dev"
+          "--whitelist=$${HOME}/work"
+          "--whitelist=/tmp"
+          "--read-only=/nix"
+          "--caps.drop=all"
+          "--ipc-namespace"
+          "--seccomp"
+          "--seccomp.block-secondary"
+          "--nodvd"
+          "--nogroups"
+          "--notv"
+          "--nou2f"
+          "--protocol=unix,inet,inet6,netlink"
+        ];
+      };
+      tor-browser = {
+        executable = "${pkgs.tor-browser}/bin/tor-browser";
+        profile = "${pkgs.firejail}/etc/firejail/tor-browser-en-us.profile";
+        extraArgs = [
+          "--netns=wg0ns"
+          "--dns=1.1.1.1"
+        ];
+      };
+      freetube = {
+        executable = "${pkgs.freetube}/bin/freetube";
+        profile = "${pkgs.firejail}/etc/firejail/freetube.profile";
+        extraArgs = [
+          "--netns=wg0ns"
+          "--dns=1.1.1.1"
+        ];
+      };
+    };
+  };
+}