GUI Apps (storopoli#27)

* feat(macos): remove stevenblack hosts

* feat: GUI apps

* feat(macos): aichat

* feat(linux): back to latest vanilla kernel

* feat(linux): add mullvad GUI app

README.md

@@ -89,8 +89,6 @@ These are my NixOS/macOS Nix setup.
   [`graphicsmagick`](http://www.graphicsmagick.org/),
   [`tectonic`](https://tectonic-typesetting.github.io/),
   and [`typst`](https://typst.app/).
-- OS-level adblocking with [`StevenBlack/hosts`](https://github.com/StevenBlack/hosts)
-  in the `/etc/hosts`.
 - `age`-encrypted secrets with [`ryantm/agenix`](https://github.com/ryantm/agenix)
   with YubiKey support.
   Check the [`secrets/README.md`](secrets/README.md) for details.
@@ -118,7 +116,6 @@ Read more about this in the [NixOs Paranoid Guide](https://xeiaso.net/blog/paran
 
 ### Features
 
-- [XanMod Kernel](https://xanmod.org/)
 - [`Hyprland`](https://github.com/hyprwm/Hyprland) Wayland window manager:
 
   - [`Waybar`](https://github.com/Alexays/Waybar) status bar.

darwin/brew.nix

@@ -18,7 +18,7 @@
     ];
 
     brews = [
-      "wireguard-tools"
+      "aichat"
       "pinentry-mac"
       {
         name = "tor";
@@ -30,20 +30,22 @@
     casks = [
       "android-file-transfer"
       "bisq"
+      "chromium"
       "cryptomator"
-      "eloston-chromium"
       "iina"
-      "firefox"
       "fuse-t"
       "karabiner-elements"
       "keepassxc"
-      "obs"
       "keycastr"
+      "mullvadvpn"
+      "microsoft-teams"
+      "obs"
       "rectangle"
       "signal"
       "sparrow"
       "tor-browser"
       "transmission"
+      "vscodium"
     ];
   };
 }

darwin/system.nix

@@ -7,15 +7,6 @@
 
   nix.gc.interval.Day = 7;
 
-  # OS-level ad-blocking
-  environment.etc."hosts" = {
-    copy = true;
-    text = builtins.readFile (builtins.fetchurl {
-      url = "https://github.com/StevenBlack/hosts/raw/3.14.41/alternates/fakenews/hosts";
-      sha256 = "06qrxbcc76nmkknw3nma1qpql10zgyb8lwbmalz6hi0npxhxpng5";
-    });
-  };
-
   system = {
     # Global macOS System Settings
     defaults = {

home-manager/linux/chromium.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  programs.chromium = {
+    enable = true;
+    commandLineArgs = [
+      "--ozone-platform=wayland"
+      "--js-flags=--jitless" # remove JIT
+    ];
+  };
+}
+

home-manager/linux/default.nix

@@ -3,6 +3,7 @@
 {
   imports = [
     # linux home-manager configs
+    ./chromium.nix
     ./gpg.nix
     ./hyprland
     ./foot.nix

linux/impermanence.nix

@@ -6,6 +6,8 @@
       "/etc/nixos" # bind mounted from /nix/persist/etc/nixos to /etc/nixos
       "/etc/NetworkManager/system-connections"
       "/etc/wireguard"
+      "/etc/mullvad-vpn"
+      "/var/cache/mullvad-vpn"
       "/var/lib/bluetooth"
       "/var/lib/docker"
       "/var/lib/power-profiles-daemon"

linux/networking.nix

@@ -41,10 +41,6 @@
   networking = {
     networkmanager.enable = true;
     wireguard.enable = true;
-    stevenblack = {
-      enable = true;
-      block = [ "fakenews" ];
-    };
     firewall = {
       enable = true;
       allowedTCPPorts = [
@@ -57,10 +53,16 @@
   };
 
   services = {
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+
+    resolved.enable = true;
+
     openssh.enable = false;
 
     tor.enable = true;
   };
 
-  # TODO: wireguard configs with agenix
 }

linux/packages.nix

@@ -25,9 +25,9 @@
 
   # linux specific user packager
   users.users.user.packages = (with pkgs; [
+    vscodium
     # opsec
     keepassxc
-    ungoogled-chromium
     tor-browser-bundle-bin
     signal-desktop
 

linux/system.nix

@@ -22,7 +22,7 @@
 
   boot = {
     supportedFilesystems = [ "ntfs" ];
-    kernelPackages = pkgs.linuxPackages_xanmod_latest;
+    kernelPackages = pkgs.linuxPackages_latest;
     loader = {
       systemd-boot = {
         enable = true;