Update

docs/APPS.md

@@ -4,10 +4,9 @@
 
 ## Laptop
 
-The laptop configuration is used by a Omen 16 laptop w/ nvidia and an amd gpu running NixOS.
+The laptop configuration is used by an Omen 16 laptop w/ nvidia and an amd gpu running NixOS.
 The configurations files can be found in the `hosts/laptop` directory.
 
-
 | Category       | Name          |
 |----------------|---------------|
 | WM             | Hyprland      |
@@ -42,7 +41,7 @@ The configurations files can be found in the `hosts/laptop` directory.
 
 The server configuration is used by a home server running NixOS.
 The configurations files can be found in the `hosts/server` directory.
-I mainly use it for self hosting websites and services such as Nextcloud, Vaultwarden, ... 
+I mainly use it for self-hosting websites and services such as Nextcloud, Vaultwarden, ...
 I exposed some services to the internet using a reverse proxy (Nginx) and cloudflare-dyndns, others are accessed through a tailscale network
 
 ### Apps

docs/CONTRIBUTING.md

@@ -6,7 +6,7 @@ The process is straight-forward.
 
 - Read [How to get faster PR reviews](https://github.com/kubernetes/community/blob/master/contributors/guide/pull-requests.md#best-practices-for-faster-reviews) by Kubernetes (but skip step 0 and 1)
 - Fork Nixy [git repository](https://github.com/anotherhadi/nixy).
-- Write your changes (new theme, bug fixes, task in todo, ...).
+- Write your changes (new theme, bug fixes, task in to-do, ...).
 - Create a Pull Request against the main branch of Nixy.
 
 > [!WARNING]

docs/THEMES.md

@@ -4,7 +4,7 @@ Themes are defined in `hosts/themes`. Those themes define the colors, fonts, ico
 You can change the selected theme by changing the import statement of your host's variables.nix file.
 
 > [!TIP]
-> To apply the theme to Duckduckgo, follow the instructions in `$HOME/.duckduckgo-colorscheme.js`
+> To apply the theme to DuckDuckGo, follow the instructions in `$HOME/.duckduckgo-colorscheme.js`
 
 ## Create your theme
 

docs/TODO.md

@@ -7,11 +7,14 @@ feel free to contribute <3 ([CONTRIBUTING.md](CONTRIBUTING.md))
   - [ ] Variables-template with defaults
   - [ ] Themes
     - [ ] Upload new wallpapers
-    - [ ] MacOS theme
+    - [ ] macOS theme
   - [ ] Write a hyprland shortcuts markdown file (Parse the hyprland settings conf)
-  - [ ] Tofi (Wofi but terminal based)
+  - [ ] Tofi (Wofi, but terminal based)
   - [ ] add golang bin dir to path
 
+- [ ] Qutebrowser
+  - [ ] Bitwarden integration (I need this.)
+
 - [ ] Waybar
   - [ ] Caffeine status
   - [ ] Night-shift status
@@ -28,6 +31,7 @@ feel free to contribute <3 ([CONTRIBUTING.md](CONTRIBUTING.md))
   - [ ] Markdown snippets
   - [ ] Whichkey: Description for keybindings
   - [ ] Spelling
+  - [ ] Flash.nvim
 
 - [ ] Backup system for some folders ($home/dev, $home/pictures, ...)
   - [ ] Exclude file pattern (nodes modules, ...)

docs/src/README_template.md

@@ -50,4 +50,4 @@ sudo nixos-rebuild switch --flake ~/.config/nixos#yourhostname
 - [SCRIPTS.md](docs/SCRIPTS.md): Scripts that are available
 - [TODO.md](docs/TODO.md): What's next (feel free to contribute)
 - [CONTRIBUTING.md](docs/CONTRIBUTING.md): How to contribute
-- [LICENSE](LICENSE): MIT Licensey
+- [LICENSE](LICENSE): MIT License

home/programs/nvim/default.nix

@@ -25,6 +25,7 @@
     ./plugins/noice.nix
     ./plugins/obsidian.nix
     ./plugins/image.nix
+    ./plugins/ltex.nix
     ./options.nix
     ./colorscheme.nix
   ];

home/programs/nvim/plugins/alpha.nix

@@ -71,7 +71,7 @@
             type = "button";
             val = "  NixOs Config";
             on_press.__raw =
-              "function() vim.cmd[[e ${config.var.configDirectory}]] end";
+              "function() vim.cmd[[Neotree ${config.var.configDirectory}]] end";
             opts = {
               shortcut = "nc";
               position = "center";

home/programs/nvim/plugins/lsp.nix

@@ -11,6 +11,13 @@
         tailwindcss.enable = true;
         html.enable = true;
         svelte.enable = true;
+        ltex = {
+          enable = true;
+          settings = {
+            enabled = true;
+            language = "en";
+          };
+        };
       };
       keymaps.lspBuf = {
         "gd" = "definition";

home/programs/nvim/plugins/ltex.nix

@@ -0,0 +1,10 @@
+{
+  programs.nixvim.plugins.ltex-extra = {
+    enable = true;
+    settings = {
+      initCheck = true;
+      loadLangs = [ "en-US" "fr-FR" ];
+      logLevel = "non";
+    };
+  };
+}

home/programs/qutebrowser/default.nix

@@ -73,7 +73,10 @@ let
 
 in {
 
-  imports = [ ./duckduckgo-colorscheme.nix ];
+  imports = [
+    ./duckduckgo-colorscheme.nix
+    # ./userscripts.nix
+  ];
 
   programs.qutebrowser = {
     enable = true;

home/programs/qutebrowser/userscripts.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }: {
+
+  home.packages = with pkgs; [
+    keyutils
+    python3
+    python311Packages.pyperclip
+    python312Packages.tldextract
+  ];
+
+  xdg.configFile."qutebrowser/userscripts/bitwarden" = {
+    source = ./userscripts/qute-bitwarden.py;
+    executable = true;
+  };
+}

home/programs/qutebrowser/userscripts/qute-bitwarden.py

@@ -0,0 +1,291 @@
+#!/usr/bin/env python3
+
+# SPDX-FileCopyrightText: Chris Braun (cryzed) <cryzed@googlemail.com>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+"""
+Insert login information using Bitwarden CLI and a dmenu-compatible application
+(e.g. dmenu, rofi -dmenu, ...).
+"""
+
+USAGE = """The domain of the site has to be in the name of the Bitwarden entry, for example: "github.com/cryzed" or
+"websites/github.com".  The login information is inserted by emulating key events using qutebrowser's fake-key command in this manner:
+[USERNAME]<Tab>[PASSWORD], which is compatible with almost all login forms.
+
+If enabled, with the `--totp` flag, it will also move the TOTP code to the
+clipboard, much like the Firefox add-on.
+
+You must log into Bitwarden CLI using `bw login` prior to use of this script.
+The session key will be stored using keyctl for the number of seconds passed to
+the --auto-lock option.
+
+To use in qutebrowser, run: `spawn --userscript qute-bitwarden`
+"""
+
+EPILOG = """Dependencies: tldextract (Python 3 module), pyperclip (optional
+Python module, used for TOTP codes), Bitwarden CLI (1.7.4 is known to work
+but older versions may well also work)
+
+WARNING: The login details are viewable as plaintext in qutebrowser's debug log
+(qute://log) and might be shared if you decide to submit a crash report!"""
+
+import argparse
+import enum
+import functools
+import os
+import shlex
+import subprocess
+import sys
+import json
+import tldextract
+
+argument_parser = argparse.ArgumentParser(
+    description=__doc__,
+    usage=USAGE,
+    epilog=EPILOG,
+)
+argument_parser.add_argument('url', nargs='?', default=os.getenv('QUTE_URL'))
+argument_parser.add_argument('--dmenu-invocation', '-d', default='wofi --dmenu -i',
+                             help='Invocation used to execute a dmenu-provider')
+argument_parser.add_argument('--password-prompt-invocation', '-p', default='rofi -dmenu -p "Master Password" -password -lines 0',
+                             help='Invocation used to prompt the user for their Bitwarden password')
+argument_parser.add_argument('--no-insert-mode', '-n', dest='insert_mode', action='store_false',
+                             help="Don't automatically enter insert mode")
+argument_parser.add_argument('--totp', '-t', action='store_true',
+                             help="Copy TOTP key to clipboard")
+argument_parser.add_argument('--io-encoding', '-i', default='UTF-8',
+                             help='Encoding used to communicate with subprocesses')
+argument_parser.add_argument('--merge-candidates', '-m', action='store_true',
+                             help='Merge pass candidates for fully-qualified and registered domain name')
+argument_parser.add_argument('--auto-lock', type=int, default=900,
+                             help='Automatically lock the vault after this many seconds')
+group = argument_parser.add_mutually_exclusive_group()
+group.add_argument('--username-only', '-e',
+                   action='store_true', help='Only insert username')
+group.add_argument('--password-only', '-w',
+                   action='store_true', help='Only insert password')
+group.add_argument('--totp-only', '-T',
+                   action='store_true', help='Only insert totp code')
+
+stderr = functools.partial(print, file=sys.stderr)
+
+
+class ExitCodes(enum.IntEnum):
+    SUCCESS = 0
+    FAILURE = 1
+    # 1 is automatically used if Python throws an exception
+    NO_PASS_CANDIDATES = 2
+    COULD_NOT_MATCH_USERNAME = 3
+    COULD_NOT_MATCH_PASSWORD = 4
+
+
+def qute_command(command):
+    with open(os.environ['QUTE_FIFO'], 'w') as fifo:
+        fifo.write(command + '\n')
+        fifo.flush()
+
+
+def ask_password(password_prompt_invocation):
+    process = subprocess.run(
+        shlex.split(password_prompt_invocation),
+        text=True,
+        stdout=subprocess.PIPE,
+    )
+    if process.returncode > 0:
+        raise Exception('Could not unlock vault')
+    master_pass = process.stdout.strip()
+    return subprocess.check_output(
+        ['bw', 'unlock', '--raw', master_pass],
+        text=True,
+    ).strip()
+
+
+def get_session_key(auto_lock, password_prompt_invocation):
+    if auto_lock == 0:
+        subprocess.call(['keyctl', 'purge', 'user', 'bw_session'])
+        return ask_password(password_prompt_invocation)
+    else:
+        process = subprocess.run(
+            ['keyctl', 'request', 'user', 'bw_session'],
+            text=True,
+            stdout=subprocess.PIPE,
+        )
+        key_id = process.stdout.strip()
+        if process.returncode > 0:
+            session = ask_password(password_prompt_invocation)
+            if not session:
+                raise Exception('Could not unlock vault')
+            key_id = subprocess.check_output(
+                ['keyctl', 'add', 'user', 'bw_session', session, '@u'],
+                text=True,
+            ).strip()
+
+        if auto_lock > 0:
+            subprocess.call(['keyctl', 'timeout', str(key_id), str(auto_lock)])
+        return subprocess.check_output(
+            ['keyctl', 'pipe', str(key_id)],
+            text=True,
+        ).strip()
+
+
+def pass_(domain, encoding, auto_lock, password_prompt_invocation):
+    session_key = get_session_key(auto_lock, password_prompt_invocation)
+    process = subprocess.run(
+        ['bw', 'list', 'items', '--session', session_key, '--url', domain],
+        capture_output=True,
+    )
+
+    err = process.stderr.decode(encoding).strip()
+    if err:
+        msg = 'Bitwarden CLI returned for {:s} - {:s}'.format(domain, err)
+        stderr(msg)
+
+    if process.returncode:
+        return '[]'
+
+    out = process.stdout.decode(encoding).strip()
+
+    return out
+
+
+def get_totp_code(selection_id, domain_name, encoding, auto_lock, password_prompt_invocation):
+    session_key = get_session_key(auto_lock, password_prompt_invocation)
+    process = subprocess.run(
+        ['bw', 'get', 'totp', '--session', session_key, selection_id],
+        capture_output=True,
+    )
+
+    err = process.stderr.decode(encoding).strip()
+    if err:
+        # domain_name instead of selection_id to make it more user-friendly
+        msg = 'Bitwarden CLI returned for {:s} - {:s}'.format(domain_name, err)
+        stderr(msg)
+
+    if process.returncode:
+        return '[]'
+
+    out = process.stdout.decode(encoding).strip()
+
+    return out
+
+
+def dmenu(items, invocation, encoding):
+    command = shlex.split(invocation)
+    process = subprocess.run(command, input='\n'.join(
+        items).encode(encoding), stdout=subprocess.PIPE)
+    return process.stdout.decode(encoding).strip()
+
+
+def fake_key_raw(text):
+    for character in text:
+        # Escape all characters by default, space requires special handling
+        sequence = '" "' if character == ' ' else r'\{}'.format(character)
+        qute_command('fake-key {}'.format(sequence))
+
+
+def main(arguments):
+    if not arguments.url:
+        argument_parser.print_help()
+        return ExitCodes.FAILURE
+
+    extract_result = tldextract.extract(arguments.url)
+
+    # Try to find candidates using targets in the following order: fully-qualified domain name (includes subdomains),
+    # the registered domain name and finally: the IPv4 address if that's what
+    # the URL represents
+    candidates = []
+    for target in filter(None, [
+                extract_result.fqdn,
+                extract_result.registered_domain,
+                extract_result.subdomain + '.' + extract_result.domain,
+                extract_result.domain,
+                extract_result.ipv4]):
+        target_candidates = json.loads(
+            pass_(
+                target,
+                arguments.io_encoding,
+                arguments.auto_lock,
+                arguments.password_prompt_invocation,
+            )
+        )
+        if not target_candidates:
+            continue
+
+        candidates = candidates + target_candidates
+        if not arguments.merge_candidates:
+            break
+    else:
+        if not candidates:
+            stderr('No pass candidates for URL {!r} found!'.format(
+                arguments.url))
+            return ExitCodes.NO_PASS_CANDIDATES
+
+    if len(candidates) == 1:
+        selection = candidates.pop()
+    else:
+        choices = ['{:s} | {:s}'.format(c['name'], c['login']['username']) for c in candidates]
+        choice = dmenu(choices, arguments.dmenu_invocation, arguments.io_encoding)
+        choice_tokens = choice.split('|')
+        choice_name = choice_tokens[0].strip()
+        choice_username = choice_tokens[1].strip()
+        selection = next((c for (i, c) in enumerate(candidates)
+                          if c['name'] == choice_name
+                          and c['login']['username'] == choice_username),
+                         None)
+
+    # Nothing was selected, simply return
+    if not selection:
+        return ExitCodes.SUCCESS
+
+    username = selection['login']['username']
+    password = selection['login']['password']
+    totp = selection['login']['totp']
+
+    if arguments.username_only:
+        fake_key_raw(username)
+    elif arguments.password_only:
+        fake_key_raw(password)
+    elif arguments.totp_only:
+        # No point in moving it to the clipboard in this case
+        fake_key_raw(
+            get_totp_code(
+                selection['id'],
+                selection['name'],
+                arguments.io_encoding,
+                arguments.auto_lock,
+                arguments.password_prompt_invocation,
+            )
+        )
+    else:
+        # Enter username and password using fake-key and <Tab> (which seems to work almost universally), then switch
+        # back into insert-mode, so the form can be directly submitted by
+        # hitting enter afterwards
+        fake_key_raw(username)
+        qute_command('fake-key <Tab>')
+        fake_key_raw(password)
+
+    if arguments.insert_mode:
+        qute_command('mode-enter insert')
+
+    # If it finds a TOTP code, it copies it to the clipboard,
+    # which is the same behavior as the Firefox add-on.
+    if not arguments.totp_only and totp and arguments.totp:
+        # The import is done here, to make pyperclip an optional dependency
+        import pyperclip
+        pyperclip.copy(
+            get_totp_code(
+                selection['id'],
+                selection['name'],
+                arguments.io_encoding,
+                arguments.auto_lock,
+                arguments.password_prompt_invocation,
+            )
+        )
+
+    return ExitCodes.SUCCESS
+
+
+if __name__ == '__main__':
+    arguments = argument_parser.parse_args()
+    sys.exit(main(arguments))

hosts/modules/nvidia.nix

@@ -31,9 +31,9 @@ in {
   hardware = {
     nvidia = {
       open = false;
-      nvidiaSettings = false;
+      nvidiaSettings = true;
       powerManagement.enable =
-        false; # This can cause sleep/suspend to fail and saves entire VRAM to /tmp/
+        true; # This can cause sleep/suspend to fail and saves entire VRAM to /tmp/
       modesetting.enable = true;
       package = nvidiaDriverChannel;
     };