Add options for aliases

So they can be added from extensions

hm/common.nix

@@ -19,6 +19,8 @@ let
 in
 {
 
+  nixpkgs.config.allowUnfree = true;
+
   programs =
     let
       commonRc = lib.strings.concatLines ([
@@ -102,13 +104,6 @@ in
         # ll = "ls -l"; # Disabled because would overwrite the colored one
         # la = "ls -la"; # Eh maybe it's not that bad, but for now let's keep compatibility
         s = "sudo -s -E";
-        # n = "$HOME/.config/i3/terminal & disown"; # Not used anymore since alacritty daemon mode doesn't preserve environment variables
-        x = "startx ${config.xdg.configHome}/xinitrc; logout";
-        nx = "nvidia-xrun ${config.xdg.configHome}/xinitrc; sudo systemctl start nvidia-xrun-pm; logout";
-        # TODO Put in display.nix
-        # Was also thinking of not storing the config in .config and use nix-store instead,
-        # but maybe it's a bad idea as home-manager switch doesn't replace aliases in running shells
-        # FIXME Is it still relevant with NixOS?
 
 
         # Give additional config to those programs, and not have them in my path
@@ -139,11 +134,6 @@ in
         newestFile = ''${pkgs.findutils}/bin/find -type f -printf '%T+ %p\n' | sort | tail'';
         oldestFile = ''${pkgs.findutils}/bin/find -type f -printf '%T+ %p\n' | sort | head'';
         tracefiles = ''${pkgs.strace}/bin/strace -f -t -e trace=file'';
-      } // lib.optionalAttrs config.frogeye.desktop.xorg {
-        noise = ''${pkgs.sox}/bin/play -c 2 -n synth $'' + ''{1}noise'';
-        beep = ''${pkgs.sox}/bin/play -n synth sine E5 sine A4 remix 1-2 fade 0.5 1.2 0.5 2> /dev/null'';
-        # FIXME ALSA lib dlmisc.c:337:(snd_dlobj_cache_get0) Cannot open shared library libasound_module_pcm_pulse.so (/nix/store/9b06fxbvm07iy9f9dvi5vk2iy9pk8hyz-alsa-lib-1.2.8/lib/alsa-lib/libasound_module_pcm_pulse.so: cannot open shared object file: No such file or directory)
-
       } // lib.attrsets.mergeAttrsList (map (p: { "${p}" = "HOME=${config.xdg.cacheHome}/junkhome ${p}"; }) treatsHomeAsJunk);
       # TODO Maybe make nixpkg wrapper instead? So it also works from dmenu
       # Could also accept my fate... Home-manager doesn't necessarily make it easy to put things out of the home directory
@@ -151,6 +141,7 @@ in
       historyFile = "${config.xdg.cacheHome}/shell_history";
     in
     {
+
       home-manager.enable = true;
       bash = {
         enable = true;
@@ -166,7 +157,7 @@ in
         historyFile = historyFile;
         historyFileSize = historySize;
         historyControl = [ "erasedups" "ignoredups" "ignorespace" ];
-        shellAliases = commonShellAliases;
+        shellAliases = commonShellAliases // config.frogeye.shellAliases;
       };
       zsh = {
         enable = true;
@@ -186,7 +177,7 @@ in
           expireDuplicatesFirst = true;
         };
         sessionVariables = commonSessionVariables;
-        shellAliases = commonShellAliases;
+        shellAliases = commonShellAliases // config.frogeye.shellAliases;
       };
       dircolors = {
         enable = true;
@@ -272,12 +263,8 @@ in
           ".mypy_cache"
         ];
         lfs.enable = true;
-        signing = {
-          key = "0x8312C8CAC1BAC289"; # FIXME Only in extension
-          # TODO signByDefault?
-        };
-        userEmail = "geoffrey@frogeye.fr";
-        userName = "Geoffrey “Frogeye” Preud'homme";
+        userEmail = lib.mkDefault "geoffrey@frogeye.fr";
+        userName = lib.mkDefault "Geoffrey Frogeye";
         extraConfig = {
           core = {
             editor = "nvim";
@@ -353,13 +340,10 @@ in
     };
   services = {
     gpg-agent = {
-      enable = true;
+      enable = true; # TODO Consider not enabling it when not having any private key
       enableBashIntegration = true;
       enableZshIntegration = true;
-      enableSshSupport = true;
       pinentryFlavor = "gtk2"; # Falls back to curses when needed
-      sshKeys = [ "72A5F2913026776593947CF00DFF330E820E731D" ]; # TODO This seems to prevent other keys from being added?
-      # FIXME For g extension, as base is not supposed to have private keys
     };
   };
   xdg = {
@@ -502,7 +486,7 @@ in
     sessionPath = [
       "${config.home.homeDirectory}/.local/bin"
       "${config.home.sessionVariables.GOPATH}"
-      "${config.frogeye.dotfiles.path}/scripts"
+      (builtins.toString ./scripts)
     ];
     file = {
       ".face" = {

hm/default.nix

@@ -6,6 +6,7 @@
     ./desktop.nix
     ./dev.nix
     ./extra.nix
+    ./ssh.nix
     ./style.nix
     ./vim.nix
   ];

hm/desktop.nix

@@ -1,6 +1,18 @@
 { pkgs, config, lib, ... }:
 {
   config = lib.mkIf config.frogeye.desktop.xorg {
+    frogeye.shellAliases = {
+      noise = ''${pkgs.sox}/bin/play -c 2 -n synth $'' + ''{1}noise'';
+      beep = ''${pkgs.sox}/bin/play -n synth sine E5 sine A4 remix 1-2 fade 0.5 1.2 0.5 2> /dev/null'';
+      # FIXME ALSA lib dlmisc.c:337:(snd_dlobj_cache_get0) Cannot open shared library libasound_module_pcm_pulse.so (/nix/store/9b06fxbvm07iy9f9dvi5vk2iy9pk8hyz-alsa-lib-1.2.8/lib/alsa-lib/libasound_module_pcm_pulse.so: cannot open shared object file: No such file or directory)
+
+      # n = "$HOME/.config/i3/terminal & disown"; # Not used anymore since alacritty daemon mode doesn't preserve environment variables
+      x = "startx ${config.xdg.configHome}/xinitrc; logout";
+      nx = "nvidia-xrun ${config.xdg.configHome}/xinitrc; sudo systemctl start nvidia-xrun-pm; logout";
+      # Was also thinking of not storing the config in .config and use nix-store instead,
+      # but maybe it's a bad idea as home-manager switch doesn't replace aliases in running shells
+      # FIXME Is it still relevant with NixOS?
+    };
     xsession = {
       enable = true;
       windowManager = {
@@ -348,17 +360,28 @@
             # TODO Unbind d and T (?)
           };
         };
-        loadAutoconfig = true; # FIXME Salvage stuff from autoconfig.yml
+        loadAutoconfig = true;
         searchEngines = rec {
           DEFAULT = ecosia;
+          alpinep = "https://pkgs.alpinelinux.org/packages?name={}&branch=edge";
           ampwhat = "http://www.amp-what.com/unicode/search/{}";
+          arch = "https://wiki.archlinux.org/?search={}";
+          archp = "https://www.archlinux.org/packages/?q={}";
+          aur = "https://aur.archlinux.org/packages/?K={}";
           aw = ampwhat;
           ddg = duckduckgo;
+          dockerhub = "https://hub.docker.com/search/?isAutomated=0&isOfficial=0&page=1&pullCount=0&q={}&starCount=0";
           duckduckgo = "https://duckduckgo.com/?q={}&ia=web";
           ecosia = "https://www.ecosia.org/search?q={}";
+          gfr = "https://www.google.fr/search?hl=fr&q={}";
+          g = google;
+          gh = github;
+          gi = "http://images.google.com/search?q={}";
+          giphy = "https://giphy.com/search/{}";
           github = "https://github.com/search?q={}";
           google = "https://www.google.fr/search?q={}";
-          g = google;
+          invidious = "https://invidious.frogeye.fr/search?q={}";
+          inv = invidious;
           npm = "https://www.npmjs.com/search?q={}";
           q = qwant;
           qwant = "https://www.qwant.com/?t=web&q={}";
@@ -372,16 +395,23 @@
             show = "never";
             tabs_are_windows = true;
           };
-          url = {
+          url = rec {
             open_base_url = true;
-            start_pages = "https://geoffrey.frogeye.fr/blank.html";
+            start_pages = lib.mkDefault "https://geoffrey.frogeye.fr/blank.html";
+            default_page = start_pages;
           };
           content = {
             # I had this setting below, not sure if it did something special
             # config.set("content.cookies.accept", "no-3rdparty", "chrome://*/*")
             cookies.accept = "no-3rdparty";
             prefers_reduced_motion = true;
+            headers.accept_language = "fr-FR, fr;q=0.9, en-GB;q=0.8, en-US;q=0.7, en;q=0.6";
+            tls.certificate_errors = "ask-block-thirdparty";
           };
+          editor.command = [ "${pkgs.neovide}/bin/neovide" "--" "-f" "{file}" "-c" "normal {line}G{column0}l" ];
+          # TODO Doesn't work on Arch. Does it even load the right profile on Nix?
+          # TODO spellcheck.languages = ["fr-FR" "en-GB" "en-US"];
+
         };
       };
 
@@ -446,6 +476,8 @@
         };
       };
       rofi = {
+        # TODO This theme template, that was used for Arch, looks much better:
+        # https://gitlab.com/jordiorlando/base16-rofi/-/blob/master/templates/default.mustache
         enable = true;
         pass.enable = true;
         extraConfig = {
@@ -631,7 +663,6 @@
         zathura
         meld
         python3Packages.magic
-        yubikey-touch-detector
 
         # x11-exclusive
         numlockx

hm/extra.nix

@@ -3,14 +3,23 @@
   config = lib.mkIf config.frogeye.extra {
     programs = {
       pandoc.enable = true;
+      yt-dlp = {
+        enable = true;
+        settings = {
+          format = "bestvideo[height<=${builtins.toString config.frogeye.desktop.maxVideoHeight}]+bestaudio/best";
+          sponsorblock-mark = "all";
+          sponsorblock-remove = "intro,outro,sponsor,selfpromo,preview,interaction,music_offtopic";
+          sub-langs = "en,fr";
+          write-auto-subs = true;
+          write-subs = true;
+        };
+      };
     };
     home.packages = with pkgs;  ([
       # android tools
       android-tools
 
       # downloading
-      yt-dlp
-      megatools
       # transmission TODO Collision if both transmissions are active?
 
       # Multimedia toolbox

hm/ssh.nix

@@ -0,0 +1,24 @@
+{ ... }:
+{
+  config = {
+    programs.ssh = {
+      enable = true;
+      controlMaster = "auto";
+      controlPersist = "60s"; # TODO Default is 10minutes... makes more sense no?
+      # Ping the server frequently enough so it doesn't think we left (non-spoofable)
+      serverAliveInterval = 30;
+      matchBlocks."*" = {
+        # Do not forward the agent (-A) to a machine by default,
+        # as it is kinda a security concern
+        forwardAgent = false;
+        # Restrict terminal features (servers don't necessarily have the terminfo for my cutting edge terminal)
+        sendEnv = [ "!TERM" ];
+        # TODO Why not TERM=xterm-256color?
+        extraOptions = {
+          # Check SSHFP records
+          VerifyHostKeyDNS = "yes";
+        };
+      };
+    };
+  };
+}

options.nix

@@ -5,6 +5,11 @@
     desktop = {
       xorg = lib.mkEnableOption "Enable X11 support";
       nixGLIntel = lib.mkEnableOption "Enable nixGLIntel/nixVulkanIntel for windows manager";
+      maxVideoHeight = lib.mkOption {
+        type = lib.types.int;
+        description = "Maximum video height in pixel the machine can reasonably watch";
+        default = 1080;
+      };
     };
     dev = {
       ansible = lib.mkEnableOption "Ansible dev stuff";
@@ -13,13 +18,19 @@
       fpga = lib.mkEnableOption "FPGA dev stuff";
       python = lib.mkEnableOption "Python dev stuff";
     };
-    dotfiles = {
-      path = lib.mkOption {
-        type = lib.types.str;
-        # default = "${config.home.homeDirectory}/.config/dotfiles";
-        # FIXME Above doesn't work outside home-manager context
-        default = "/home/geoffrey/.config/dotfiles";
-      };
+    shellAliases = lib.mkOption {
+      default = { };
+      example = lib.literalExpression ''
+        {
+          ll = "ls -l";
+          ".." = "cd ..";
+        }
+      '';
+      description = ''
+        An attribute set that maps aliases (the top level attribute names in
+        this option) to command strings or directly to build outputs.
+      '';
+      type = lib.types.attrsOf lib.types.str;
     };
   };