From df75e299ce9fddd736921f0fbef0a8d09bbb2fd9 Mon Sep 17 00:00:00 2001
From: Jose Storopoli <jose@storopoli.io>
Date: Sun, 7 Jan 2024 06:37:28 -0300
Subject: [PATCH] GUI Apps (#27)

* feat(macos): remove stevenblack hosts

* feat: GUI apps

* feat(macos): aichat

* feat(linux): back to latest vanilla kernel

* feat(linux): add mullvad GUI app
---
 README.md                       |  3 ---
 darwin/brew.nix                 | 10 ++++++----
 darwin/system.nix               |  9 ---------
 home-manager/linux/chromium.nix | 12 ++++++++++++
 home-manager/linux/default.nix  |  1 +
 linux/impermanence.nix          |  2 ++
 linux/networking.nix            | 12 +++++++-----
 linux/packages.nix              |  2 +-
 linux/system.nix                |  2 +-
 9 files changed, 30 insertions(+), 23 deletions(-)
 create mode 100644 home-manager/linux/chromium.nix

diff --git a/README.md b/README.md
index 7c0a004..6f0a896 100644
--- a/README.md
+++ b/README.md
@@ -89,8 +89,6 @@ These are my NixOS/macOS Nix setup.
   [`graphicsmagick`](http://www.graphicsmagick.org/),
   [`tectonic`](https://tectonic-typesetting.github.io/),
   and [`typst`](https://typst.app/).
-- OS-level adblocking with [`StevenBlack/hosts`](https://github.com/StevenBlack/hosts)
-  in the `/etc/hosts`.
 - `age`-encrypted secrets with [`ryantm/agenix`](https://github.com/ryantm/agenix)
   with YubiKey support.
   Check the [`secrets/README.md`](secrets/README.md) for details.
@@ -118,7 +116,6 @@ Read more about this in the [NixOs Paranoid Guide](https://xeiaso.net/blog/paran
 
 ### Features
 
-- [XanMod Kernel](https://xanmod.org/)
 - [`Hyprland`](https://github.com/hyprwm/Hyprland) Wayland window manager:
 
   - [`Waybar`](https://github.com/Alexays/Waybar) status bar.
diff --git a/darwin/brew.nix b/darwin/brew.nix
index 2fedcb9..a9c3710 100644
--- a/darwin/brew.nix
+++ b/darwin/brew.nix
@@ -18,7 +18,7 @@
     ];
 
     brews = [
-      "wireguard-tools"
+      "aichat"
       "pinentry-mac"
       {
         name = "tor";
@@ -30,20 +30,22 @@
     casks = [
       "android-file-transfer"
       "bisq"
+      "chromium"
       "cryptomator"
-      "eloston-chromium"
       "iina"
-      "firefox"
       "fuse-t"
       "karabiner-elements"
       "keepassxc"
-      "obs"
       "keycastr"
+      "mullvadvpn"
+      "microsoft-teams"
+      "obs"
       "rectangle"
       "signal"
       "sparrow"
       "tor-browser"
       "transmission"
+      "vscodium"
     ];
   };
 }
diff --git a/darwin/system.nix b/darwin/system.nix
index dfe1cf7..04e57a1 100644
--- a/darwin/system.nix
+++ b/darwin/system.nix
@@ -7,15 +7,6 @@
 
   nix.gc.interval.Day = 7;
 
-  # OS-level ad-blocking
-  environment.etc."hosts" = {
-    copy = true;
-    text = builtins.readFile (builtins.fetchurl {
-      url = "https://github.com/StevenBlack/hosts/raw/3.14.41/alternates/fakenews/hosts";
-      sha256 = "06qrxbcc76nmkknw3nma1qpql10zgyb8lwbmalz6hi0npxhxpng5";
-    });
-  };
-
   system = {
     # Global macOS System Settings
     defaults = {
diff --git a/home-manager/linux/chromium.nix b/home-manager/linux/chromium.nix
new file mode 100644
index 0000000..cef2917
--- /dev/null
+++ b/home-manager/linux/chromium.nix
@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  programs.chromium = {
+    enable = true;
+    commandLineArgs = [
+      "--ozone-platform=wayland"
+      "--js-flags=--jitless" # remove JIT
+    ];
+  };
+}
+
diff --git a/home-manager/linux/default.nix b/home-manager/linux/default.nix
index 47b17d1..126f215 100644
--- a/home-manager/linux/default.nix
+++ b/home-manager/linux/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     # linux home-manager configs
+    ./chromium.nix
     ./gpg.nix
     ./hyprland
     ./foot.nix
diff --git a/linux/impermanence.nix b/linux/impermanence.nix
index c421f68..e2837e1 100644
--- a/linux/impermanence.nix
+++ b/linux/impermanence.nix
@@ -6,6 +6,8 @@
       "/etc/nixos" # bind mounted from /nix/persist/etc/nixos to /etc/nixos
       "/etc/NetworkManager/system-connections"
       "/etc/wireguard"
+      "/etc/mullvad-vpn"
+      "/var/cache/mullvad-vpn"
       "/var/lib/bluetooth"
       "/var/lib/docker"
       "/var/lib/power-profiles-daemon"
diff --git a/linux/networking.nix b/linux/networking.nix
index a40d06b..1a5ea20 100644
--- a/linux/networking.nix
+++ b/linux/networking.nix
@@ -41,10 +41,6 @@
   networking = {
     networkmanager.enable = true;
     wireguard.enable = true;
-    stevenblack = {
-      enable = true;
-      block = [ "fakenews" ];
-    };
     firewall = {
       enable = true;
       allowedTCPPorts = [
@@ -57,10 +53,16 @@
   };
 
   services = {
+    mullvad-vpn = {
+      enable = true;
+      package = pkgs.mullvad-vpn;
+    };
+
+    resolved.enable = true;
+
     openssh.enable = false;
 
     tor.enable = true;
   };
 
-  # TODO: wireguard configs with agenix
 }
diff --git a/linux/packages.nix b/linux/packages.nix
index 3d9dad5..59165d3 100644
--- a/linux/packages.nix
+++ b/linux/packages.nix
@@ -25,9 +25,9 @@
 
   # linux specific user packager
   users.users.user.packages = (with pkgs; [
+    vscodium
     # opsec
     keepassxc
-    ungoogled-chromium
     tor-browser-bundle-bin
     signal-desktop
 
diff --git a/linux/system.nix b/linux/system.nix
index 9facee2..0c46da8 100644
--- a/linux/system.nix
+++ b/linux/system.nix
@@ -22,7 +22,7 @@
 
   boot = {
     supportedFilesystems = [ "ntfs" ];
-    kernelPackages = pkgs.linuxPackages_xanmod_latest;
+    kernelPackages = pkgs.linuxPackages_latest;
     loader = {
       systemd-boot = {
         enable = true;