diff --git a/flake.lock b/flake.lock index 965e115..c908eed 100644 --- a/flake.lock +++ b/flake.lock @@ -90,6 +90,22 @@ "type": "github" } }, + "nix-flatpak": { + "locked": { + "lastModified": 1739444422, + "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "owner": "gmodena", + "repo": "nix-flatpak", + "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "type": "github" + }, + "original": { + "owner": "gmodena", + "ref": "v0.6.0", + "repo": "nix-flatpak", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1750969886, @@ -203,6 +219,7 @@ "agenix": "agenix", "home-manager": "home-manager", "nix-darwin": "nix-darwin", + "nix-flatpak": "nix-flatpak", "nixpkgs": "nixpkgs", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-unstable": "nixpkgs-unstable", diff --git a/flake.nix b/flake.nix index 70f93f6..b2cfd90 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,7 @@ home-manager.follows = "home-manager"; }; }; + nix-flatpak.url = "github:gmodena/nix-flatpak?ref=v0.6.0"; quadlet-nix.url = "github:SEIAROTg/quadlet-nix"; # Darwin-specific inputs @@ -47,8 +48,8 @@ }; outputs = { self, nix-darwin, nixpkgs, nixpkgs-darwin, nixpkgs-unstable - , home-manager, agenix, rycee-nurpkgs, nur, plasma-manager, quadlet-nix, ... - }: + , home-manager, agenix, rycee-nurpkgs, nur, nix-flatpak, plasma-manager + , quadlet-nix, ... }: let mkHomeConfiguration = { hostname, arch ? "x86_64", os ? "linux" , desktop ? false, extraModules ? [ ] }: @@ -75,6 +76,7 @@ ] ++ (if desktop then [ ./homes/desktop.nix ] else [ ]) ++ (if (desktop && os == "linux") then [ ./homes/linux-desktop.nix + nix-flatpak.homeManagerModules.nix-flatpak plasma-manager.homeManagerModules.plasma-manager ] else [ ]) ++ extraModules; diff --git a/homes/linux-desktop.nix b/homes/linux-desktop.nix index 2974bad..75de35d 100644 --- a/homes/linux-desktop.nix +++ b/homes/linux-desktop.nix @@ -10,6 +10,22 @@ in { }; programs = { plasma = plasma-config { inherit config; }; }; services = { + flatpak = { + enable = true; + # Note: Right now, this does not actually install flatpaks correctly on + # harmony. + # It will however, alert me that certain packages are not installed, and + # serves as a place for me to write down the flatpaks I want to install + # anyway + packages = [ + "com.github.tchx84.Flatseal" + "com.logseq.Logseq" + "io.freetubeapp.FreeTube" + "io.github.alainm23.planify" + "io.openrct2.OpenRCT2" + "net.ankiweb.Anki" + ]; + }; gpg-agent = { # Use kwallet cli, but put it in extraConfig, otherwise gpg-agent will # ask the cli for the password, instead of asking the pinentry package for it diff --git a/homes/odyssey.nix b/homes/odyssey.nix index 53b5368..0a48a8a 100644 --- a/homes/odyssey.nix +++ b/homes/odyssey.nix @@ -13,6 +13,10 @@ }; services = { gpg-agent = { sshKeys = [ "F72C07DBA3DC0903C3ABB55E8B460803FEC22640" ]; }; + flatpak = { + packages = + [ "com.bitwarden.desktop" "dev.deedles.Trayscale" "org.signal.Signal" ]; + }; }; xdg = { configFile = { diff --git a/playbook.yaml b/playbook.yaml index 04105b0..0d857a7 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -188,8 +188,6 @@ - nextcloud-client - nextcloud-client-dolphin - obs-studio - - onedrive - - protontricks - qownnotes - qt - rssguard @@ -216,46 +214,30 @@ ansible.builtin.dnf: name: "*" state: latest # noqa: package-latest + # Generally speaking, I try to install Flatpak applications at the user + # level b/c that really gives more credence to the whole sandboxing idea + # (concept of least privilege). Regardless, we should make sure all the + # system-level Flatpaks are up-to-date. + - name: Upgrade system Flatpaks + community.general.flatpak: + name: "*" + state: latest + method: system -# Generally speaking, I try to install Flatpak applications at the user level -# b/c that really gives more credence to the whole sandboxing idea (concept of -# least privilege). Flatpaks are configured differently per-arch, so we go back -# to different configs for each group -- name: Configure common Flatpaks +# User-installed Flatpaks are to be installed via home-manager - or at least, +# that's the goal. (There currently seems to be a bug where my GPG configuration +# is getting in the way of validating the Flathub remote, but I am still +# specifying Flatpaks in services.flatpak.) Thanks to that bug, I want a way to +# have this play upgrade my Flatpaks. +- name: Ensure Flatpak packages are up-to-date hosts: desktop become: false tasks: - - name: Add Flathub remote - community.general.flatpak_remote: - name: flathub - state: present - flatpakrepo_url: https://dl.flathub.org/repo/flathub.flatpakrepo - method: user - - name: Install common Flatpaks + - name: Upgrade user Flatpaks community.general.flatpak: - name: - - com.github.tchx84.Flatseal - - com.logseq.Logseq - - io.freetubeapp.FreeTube - - io.github.alainm23.planify - - io.openrct2.OpenRCT2 - - net.ankiweb.Anki + name: "*" state: latest method: user - remote: flathub -- name: Configure amd64 Flatpaks - hosts: amd64 - become: false - tasks: - - name: Install amd64 Flatpaks - community.general.flatpak: - name: - - com.bitwarden.desktop - - dev.deedles.Trayscale - - org.signal.Signal - state: latest - method: user - remote: flathub # Pull the latest home-manager configuration - name: Ensure home-manager configuration is up-to-date