Mostly security changes, add nouveau as a boot option, simplify settings and prepare for home-manager options

modules/home/default.nix

@@ -2,11 +2,12 @@
 {
   imports = [
     ./files
+    ./options
     ./programs
     ./services
     ./settings
     ./wms
-    ./users
+    ./user
     ../extras
 
     # Imports

modules/home/options/default.nix

@@ -0,0 +1,8 @@
+{ lib, ... }:
+with lib; {
+  options.home.desktop.enable = mkOption {
+    type = types.bool;
+    default = true;
+    description = "Enable desktop apps and services, but home-manager";
+  };
+}

modules/home/programs/gui/default.nix

@@ -7,7 +7,9 @@
     ./mako
     ./mangohud
     ./mpv
-    ./pcmanfm-qt
+    ./pcmanfm
     ./rofi
+    ./swappy
+    ./thunderbird
   ];
 }

modules/home/programs/gui/librewolf/default.nix

@@ -112,6 +112,24 @@ in {
         };
       };
     };
+    commonBookmarks = [
+      {
+        name = "Jimbo";
+        url = "https://jimbosfiles.com";
+      }
+      {
+        name = "Corn";
+        url = "https://freecorn1854.win";
+      }
+      {
+        name = "Luna";
+        url = "https://www.lunamoonlight.xyz";
+      }
+      {
+        name = "Kernel";
+        url = "https://www.kernel.org";
+      }
+    ];
     commonSettings = {
       "general.autoScroll" = true;
 
@@ -123,18 +141,28 @@ in {
 
       "browser.uidensity" = 1;
       "browser.compactmode.show" = true;
-      "browser.toolbars.bookmarks.visibility" = "never";
+      "browser.toolbars.bookmarks.visibility" = "newtab";
       "browser.contentblocking.category" = "strict";
       "browser.helperApps.deleteTempFileOnExit" = true;
       "browser.search.separatePrivateDefault" = false;
       "browser.download.useDownloadDir" = true;
+      "browser.aboutConfig.showWarning" = false;
       "browser.startup.page" = 3;
       "browser.newtabpage.enabled" = false;
       "browser.tabs.inTitlebar" = 0;
+      "browser.theme.content-theme" = 0;
+      "browser.theme.toolbar-theme" = 0;
+      "browser.safebrowsing.downloads.enabled" = false;
+      "browser.safebrowsing.downloads.remote.enabled" = false;
+      "browser.safebrowsing.downloads.remote.block_uncommon" = false;
+      "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
+      "browser.safebrowsing.malware.enabled" = false;
+      "browser.safebrowsing.phishing.enabled" = false;
 
       "extensions.pocket.enabled" = false;
       "extensions.autoDisableScopes" = 0;
       "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
+      "extensions.formautofill.addresses.enabled" = false;
 
       "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
       "toolkit.tabbox.switchByScrolling" = true;
@@ -168,6 +196,7 @@ in {
       "clipboard.autocopy" = false;
       "middlemouse.paste" = false;
 
+      "datareporting.healthreport.uploadEnabled" = false;
       "svg.context-properties.content.enabled" = true;
       "device.sensors.motion.enabled" = false;
       "gnomeTheme.hideSingleTab" = true;
@@ -179,8 +208,10 @@ in {
     profiles = {
       Main = {
         id = 0;
+	isDefault = true;
         extensions = commonExtensions;
         search = commonSearch;
+	bookmarks = commonBookmarks;
         settings = commonSettings;
         userChrome = ''
           ${themeJim}
@@ -192,6 +223,7 @@ in {
         id = 1;
         extensions = commonExtensions;
         search = commonSearch;
+	bookmarks = commonBookmarks;
         settings = commonSettings;
         userChrome = ''
           ${themeAlt}
@@ -203,8 +235,8 @@ in {
         id = 2;
         extensions = commonExtensions;
         search = commonSearch;
+	bookmarks = commonBookmarks;
         settings = commonSettings;
-        containersForce = true;
       };
     };
   };

modules/home/programs/gui/thunderbird/default.nix

@@ -0,0 +1,69 @@
+{ ... }:
+{
+  programs.thunderbird = {
+    enable = true;
+    profiles = {
+      Main = {
+        isDefault = true;
+        userContent = ''
+          *{scrollbar-width:none !important}
+        '';
+        settings = {
+          "general.autoScroll" = true;
+
+          "signon.rememberSignons" = false;
+          "signon.autofillForms" = false;
+
+          "security.password_lifetime" = 0;
+          "security.password.useMasterPassword" = false;
+          "security.mixed_content.block_active_content" = true;
+          "security.mixed_content.block_display_content" = true;
+
+          "extensions.enabled" = false;
+          "extensions.autoDisableScopes" = 0;
+          "extensions.allow-non-mpc-extensions" = false;
+          "extensions.installDistroAddons" = false;
+          "extensions.getAddons.cache.enabled" = false;
+          "extensions.blocklist.enabled" = true;
+          "extensions.webextensions.userSelection" = false;
+          "extensions.checkCompatibility" = false;
+          "extensions.allowRemoteAddons" = false;
+          "extensions.ui.enabled" = false;
+          "extensions.ui.useSystemTheme" = true;
+	  "extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org";
+
+          "privacy.clearOnShutdown.cookies" = true;
+          "privacy.clearOnShutdown.cache" = true;
+          "privacy.clearOnShutdown.formdata" = true;
+          "privacy.clearOnShutdown.passwords" = true;
+          "privacy.clearOnShutdown.siteSettings" = true;
+          "privacy.trackingprotection.enabled" = true;
+          "privacy.firstparty.isolate" = true;
+          "privacy.donottrackheader.enabled" = true;
+          "privacy.resistFingerprinting" = true;
+
+          "browser.history.enabled" = false;
+          "browser.sessionstore.privacy_level" = 2;
+          "browser.tabs.warnOnClose" = false;
+          "browser.shell.checkDefaultBrowser" = false;
+          "browser.urlbar.suggest.openpage" = false;
+          "browser.urlbar.suggest.bookmark" = false;
+          "browser.urlbar.suggest.history" = false;
+          "browser.urlbar.suggest.searches" = false;
+          "browser.urlbar.suggest.topsites" = false;
+          "browser.download.promptForDownload" = true;
+
+          "network.cookie.cookieBehavior" = 1;
+          "network.dns.dnsOverHttps.enabled" = true;
+          "network.http.speculative-parallel-limit" = 0;
+          "network.http.pipelining" = false;
+          "network.predictor.enabled" = false;
+          "network.cookie.lifetimePolicy" = 2;
+
+          "dom.storage.enabled" = false;
+          "dom.indexedDB.enabled" = false;
+	};
+      };
+    };
+  };
+}

modules/home/programs/gui/thunderbird/policies.json

@@ -0,0 +1,28 @@
+{
+  "policies": {
+    "OfferToSaveLogins": false,
+    "PasswordManagerEnabled": false,
+    "DisablePasswordReveal": true,
+    "DisableMasterPasswordCreation": true,
+    "Extensions": {
+      "install": false
+    },
+    "ExtensionSettings": {},
+    "BlockAboutAddons": true,
+    "BlockAboutConfig": true,
+    "BlockAboutProfiles": true,
+    "BlockAboutSupport": true,
+    "DisableTelemetry": true,
+    "DisableSafeMode": true,
+    "DisableSecurityBypass": true,
+    "DisableBuiltinPDFViewer": true,
+    "DisableAppUpdate": true,
+    "DNSOverHTTPS": true,
+    "CaptivePortal": false,
+    "PromptForDownloadLocation": true,
+    "NetworkPrediction": false,
+    "SearchEngines": {
+      "PreventInstalls": true
+    }
+  }
+}

modules/home/programs/misc/avtools/default.nix

@@ -7,7 +7,6 @@
 
   home.packages = with pkgs; [
     ffmpeg
-    alsa-utils
     puddletag
     pulsemixer
   ];

modules/home/programs/misc/chat/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
   home.packages = with pkgs; [
     vesktop

modules/home/programs/misc/gaming/default.nix

@@ -2,7 +2,7 @@
 {
   imports = [
     ./launchers
+    ./games
     ./emulators
-    ./xash3d
   ];
 }

modules/home/programs/misc/gaming/emulators/default.nix

@@ -6,6 +6,6 @@
     ryujinx
     duckstation
     pcsx2
-    #unstable.lime3ds
+    lime3ds
   ];
 }

modules/home/programs/misc/gaming/games/default.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    openarena
+    xash3d
+  ];
+}

modules/home/programs/misc/gaming/xash3d/default.nix

@@ -1,4 +0,0 @@
-{ pkgs, ... }:
-{
-  home.packages = with pkgs; [ xash3d ];
-}

modules/home/programs/misc/general/default.nix

@@ -1,11 +1,9 @@
 { pkgs, ... }:
 {
   home.packages = with pkgs; [
-    imv
-    libreoffice-fresh
+    libreoffice
     ffmpegthumbnailer
-    thunderbird
-    protonvpn-cli_2
+    imv
     bc
   ];
 }

modules/home/programs/misc/headless/default.nix

@@ -5,6 +5,5 @@
     p7zip
     vimv
     dua
-    protonvpn-cli_2
   ];
 }

modules/home/programs/misc/production/default.nix

@@ -4,7 +4,6 @@
 
   home.packages = with pkgs; [
     krita
-    inkscape
     audacity
     blender_4_3
   ];

modules/home/programs/misc/remote-desktop/default.nix

@@ -2,6 +2,6 @@
 {
   home.packages = with pkgs; [
     moonlight-qt
-    #rustdesk-flutter
+    rustdesk-flutter
   ];
 }

modules/home/programs/misc/school/default.nix

@@ -3,7 +3,6 @@
   home.packages = with pkgs; [
     remmina
     freerdp
-    zoom-us
-    openconnect
+    gpauth
   ];
 }

modules/home/programs/terminal/carapace/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  programs.carapace.enable = true;
-}

modules/home/programs/terminal/default.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   imports = [
-    ./carapace
     ./fastfetch
     ./git
     ./ncmpcpp

modules/home/programs/terminal/fastfetch/default.nix

@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [ ./small ];
+
   programs.fastfetch.enable = true;
   home.file.".config/fastfetch/config.jsonc".source = ./config.jsonc;
 }

modules/home/programs/terminal/git/default.nix

@@ -1,10 +1,10 @@
 { pkgs, config, ... }:
 {
-  imports = [ ./lazygit ];
-
   programs.git = {
     enable = true;
     userName = "Jimbo";
     userEmail = "jimbo@${config.domains.jim2}";
   };
+
+  programs.lazygit.enable = true;
 }

modules/home/programs/terminal/git/lazygit/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  programs.lazygit.enable = true;
-}

modules/home/programs/terminal/ncmpcpp/default.nix

@@ -1,5 +1,7 @@
 { pkgs, ... }:
 {
+  home.packages = with pkgs; [ mpc-cli ];
+
   programs.ncmpcpp = {
     enable = true;
     settings = {
@@ -15,6 +17,4 @@
   };
 
   services.mpd-discord-rpc.enable = true;
-
-  home.packages = with pkgs; [ mpc-cli ];
 }

modules/home/users/default.nix

@@ -1,6 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./jimbo
-  ];
-}

modules/home/wms/default.nix

@@ -1,5 +1,11 @@
-{ ... }:
+{ lib, ... }:
 {
+  options.home.sway.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = true;
+    description = "Enable SwayWM";
+  };
+
   imports = [
     ./sway
     ./swaylock

modules/home/wms/sway/default.nix

@@ -6,13 +6,11 @@
     ./hotkeys
     ./programs
     ./rules
-    ./swayshot
-    ./swaysleep
     ./theme
   ];
 
   wayland.windowManager.sway = {
-    enable = true;
+    enable = config.home.sway.enable;
     package = null;
     wrapperFeatures.gtk = true;
     checkConfig = false;

modules/home/wms/sway/programs/default.nix

@@ -1,5 +1,10 @@
 { pkgs, ... }:
 {
+  imports = [
+    ./swayshot
+    ./swaysleep
+  ];
+
   home.packages = with pkgs; [
     clipman
     swaybg

modules/home/wms/sway/programs/swayshot/default.nix

@@ -1,7 +1,5 @@
 { pkgs, config, ... }:
 {
-  imports = [ ./swappy ];
-
   home.packages = with pkgs; [
     (pkgs.writeScriptBin "swayshot" ''
       # Swappy
@@ -14,40 +12,28 @@
         | XCURSOR_SIZE=40 slurp -w ${config.look.border.string} -c ${config.look.colors.prime} -B 00000066 -b 00000099)
         temp_file=$(mktemp -u).png
         grim -g "$selected_area" "$temp_file"
-
-        # Kill the imv window
         kill $imv_pid
 
-        # Copy the screenshot to the clipboard
+        # Copy the screenshot to the clipboard and clear the temp
         swappy -f - < "$temp_file"
-
-        # Clean up the temporary file
         rm "$temp_file"
       }
 
       # Screen
       handle_screen() {
-        # Take a screenshot and save it to the temporary file
         temp_file=$(mktemp -u).png
         grim -o $(swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .name') "$temp_file"
 
         # Check if the screenshot was successfully taken
         if [ $? -eq 0 ]; then
-          # Copy the screenshot to the clipboard
           wl-copy < "$temp_file"
-
-          # Show a notification with the screenshot
           notify-send -i "$temp_file" "Current screen copied."
-
-          # Remove the temporary file
           rm "$temp_file"
         else
-          # If the screenshot capture failed, show an error notification
           notify-send "Error: Unable to capture screenshot."
         fi
       }
 
-      # Check for command-line arguments
       if [ "$1" == "--swappy" ]; then
         handle_swappy
       elif [ "$1" == "--screen" ]; then

modules/home/wms/swaylock/default.nix

@@ -8,7 +8,7 @@ let
   text = "#FFFFFFFF";
 in {
   programs.swaylock = {
-    enable = true;
+    enable = config.home.desktop.enable;
     package = pkgs.swaylock-effects;
     settings = {
       clock = true;

modules/home/wms/waybar/default.nix

@@ -241,7 +241,7 @@
       format-icons = ["" "" "" "" ""];
     };
   in {
-    enable = true;
+    enable = config.home.desktop.enable;
     settings = {
       display1 = {
         name = "bar1";

modules/system/devices/disks/filesystems/btrfs/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  services.btrfs.autoScrub.enable = true;
-}

modules/system/devices/disks/filesystems/default.nix

@@ -1,12 +1,12 @@
 { lib, ... }:
 {
-  imports = [
-    ./btrfs
-    ./fstrim
-  ];
-
   boot.supportedFilesystems = {                             
     ntfs = true;
     zfs = lib.mkForce false;
   };
+
+  services = {
+    btrfs.autoScrub.enable = true;
+    fstrim.enable = true;
+  };
 }

modules/system/devices/disks/filesystems/fstrim/default.nix

@@ -1,4 +0,0 @@
-{ ... }:
-{
-  services.fstrim.enable = true;
-}

modules/system/devices/disks/immutable/default.nix

@@ -1,4 +1,5 @@
 { ... }:
 {
   system.etc.overlay.mutable = false;
+  boot.tmp.cleanOnBoot = true;
 }

modules/system/devices/udev/default.nix

@@ -1,7 +1,7 @@
 { ... }:
 {
   imports = [
-    ./pdp
     ./oculus
+    ./pdp
   ];
 }

modules/system/devices/video/nouveau/default.nix

@@ -1,11 +1,9 @@
 { lib, pkgs, config, ... }:
 {
-  options.system.video.nouveau = {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Enable the open-source Nouveau driver";
-    };
+  options.system.video.nouveau.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = "Enable the open-source Nouveau driver";
   };
 
   config = lib.mkIf config.system.video.nouveau.enable {

modules/system/devices/video/nvidia/default.nix

@@ -1,11 +1,9 @@
 { lib, pkgs, config, ... }:
 {
-  options.system.video.nvidia = {
-    enable = lib.mkOption {
-      type = lib.types.bool;
-      default = false;
-      description = "Enable the proprietary Nvidia stack";
-    };
+  options.system.video.nvidia.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = "Enable the proprietary Nvidia stack";
   };
 
   config = lib.mkIf config.system.video.nvidia.enable {

modules/system/options/default.nix

@@ -1,17 +1,15 @@
 { lib, ... }:
 with lib; {
-  options = {
-    system = {
-      desktop.enable = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Enable desktop apps and services";
-      };
-      server.enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Enable server services";
-      };
+  options.system = {
+    desktop.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable desktop apps and services";
+    };
+    server.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable server services";
     };
   };
 }

modules/system/programs/appimage/default.nix

@@ -1,7 +0,0 @@
-{ config, ... }:
-{
-  programs.appimage = {
-    enable = config.system.desktop.enable;
-    binfmt = config.system.desktop.enable;
-  };
-}

modules/system/programs/default.nix

@@ -1,7 +1,6 @@
 { ... }:
 {
   imports = [
-    ./appimage
     ./backlights
     ./dconf
     ./gaming

modules/system/services/general/ssh/default.nix

@@ -9,6 +9,7 @@
       PrintLastLog = "no";
       PasswordAuthentication = false;
       UsePAM = false;
+      X11Forwarding = false;
     };
   };