tings

author: Fuwn <[email protected]> 2024-09-03 16:11:43 -0700
committer: Fuwn <[email protected]> 2024-09-03 16:11:43 -0700
commit: a93e1fa90e9951d728e968003ea810abeba64e4c (patch)
tree: e2b2952fcc2d1f08b327a1a6fe0c58d70dc0e54f
parent: tor mostly (diff)
download: nixos-config-a93e1fa90e9951d728e968003ea810abeba64e4c.tar.xz
nixos-config-a93e1fa90e9951d728e968003ea810abeba64e4c.zip
10 files changed, 33 insertions, 19 deletions
diff --git a/modules/boot/default.nix b/modules/boot/default.nix
index 577e74a..964a4e1 100644
--- a/modules/boot/default.nix
+++ b/modules/boot/default.nix
@@ -31,11 +31,15 @@
       zenpower
     ];
 
-    # initrd.availableKernelModules = [
-    #   "aesni_intel"
-    #   "cryptd"
-    #   "usb_storage"
-    # ];
+    initrd = {
+      # systemd.enable = true;
+
+      availableKernelModules = [
+        # "aesni_intel"
+        # "cryptd"
+        "usb_storage"
+      ];
+    };
 
     kernelModules = [
       "v4l2loopback"
diff --git a/modules/boot/grub.nix b/modules/boot/grub.nix
index fd6e1e8..49e0eef 100644
--- a/modules/boot/grub.nix
+++ b/modules/boot/grub.nix
@@ -13,14 +13,14 @@
     gfxpayloadEfi = "keep";
     splashMode = "normal";
 
-    extraEntries = ''
-      menuentry "Arch Linux (linux-clear)" {
-        linux /vmlinuz-linux-clear
-        initrd /amd-ucode.img
-        initrd /booster-linux-clear.img
-        options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1
-      }
-    '';
+    # extraEntries = ''
+    #   menuentry "Arch Linux (linux-clear)" {
+    #     linux /vmlinuz-linux-clear
+    #     initrd /amd-ucode.img
+    #     initrd /booster-linux-clear.img
+    #     options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1
+    #   }
+    # '';
 
     theme = pkgs.fetchFromGitHub {
       owner = "Lxtharia";
diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix
index 73bc44f..8077042 100644
--- a/modules/networking/firewall.nix
+++ b/modules/networking/firewall.nix
@@ -2,6 +2,7 @@
   networking.firewall = {
     enable = true;
     allowedUDPPorts = [ 53 ];
+    allowPing = false;
 
     allowedTCPPorts = [
       80
diff --git a/modules/networking/networkmanager.nix b/modules/networking/networkmanager.nix
index edb4c1c..8435824 100644
--- a/modules/networking/networkmanager.nix
+++ b/modules/networking/networkmanager.nix
@@ -4,5 +4,6 @@
     enable = true;
     plugins = [ pkgs.networkmanager-openvpn ];
     dns = "systemd-resolved";
+    wifi.backend = "iwd";
   };
 }
diff --git a/modules/nix.nix b/modules/nix.nix
index 6de07bb..ee392d7 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -11,6 +11,7 @@
       extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
       keep-going = true;
       accept-flake-config = false;
+      stalled-download-timeout = 20;
 
       system-features = [
         "nixos-test"
diff --git a/modules/security/doas.nix b/modules/security/doas.nix
index 32dcca0..af717ca 100644
--- a/modules/security/doas.nix
+++ b/modules/security/doas.nix
@@ -4,7 +4,8 @@
     extraRules = [
       {
         keepEnv = true;
-        persist = true;
+        # persist = true;
+        noPass = true;
         users = [ "ebisu" ];
       }
     ];
diff --git a/modules/security/sudo.nix b/modules/security/sudo.nix
index bbb2e20..5c79eaf 100644
--- a/modules/security/sudo.nix
+++ b/modules/security/sudo.nix
@@ -2,5 +2,6 @@
   security.sudo = {
     enable = true;
     execWheelOnly = true;
+    wheelNeedsPassword = false;
   };
 }
diff --git a/modules/services/dbus.nix b/modules/services/dbus.nix
index f3c158a..d67ed2b 100644
--- a/modules/services/dbus.nix
+++ b/modules/services/dbus.nix
@@ -1,8 +1,11 @@
 {
-  services.dbus.enable = true;
+  services.dbus = {
+    enable = true;
+    implementation = "broker";
 
-  # services.dbus.packages = [
-  #   # pkgs.flatpak
-  #   pkgs.xdg-desktop-portal
-  # ];
+    # packages = [
+    #   # pkgs.flatpak
+    #   pkgs.xdg-desktop-portal
+    # ];
+  };
 }
diff --git a/modules/services/default.nix b/modules/services/default.nix
index e4ef4e7..7c881c1 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -25,5 +25,6 @@
     thermald.enable = true;
     chrony.enable = false;
     timesyncd.enable = true;
+    irqbalance.enable = true;
   };
 }
diff --git a/modules/virtualisation.nix b/modules/virtualisation.nix
index 9355893..579a0e2 100644
--- a/modules/virtualisation.nix
+++ b/modules/virtualisation.nix
@@ -7,6 +7,7 @@
       enableOnBoot = false;
       liveRestore = true;
       enableNvidia = lib.mkForce true;
+      extraOptions = "--iptables=False";
 
       daemon.settings = {
         default-runtime = "nvidia";
author	Fuwn <[email protected]>	2024-09-03 16:11:43 -0700
committer	Fuwn <[email protected]>	2024-09-03 16:11:43 -0700
commit	a93e1fa90e9951d728e968003ea810abeba64e4c (patch)
tree	e2b2952fcc2d1f08b327a1a6fe0c58d70dc0e54f
parent	tor mostly (diff)
download	nixos-config-a93e1fa90e9951d728e968003ea810abeba64e4c.tar.xz nixos-config-a93e1fa90e9951d728e968003ea810abeba64e4c.zip