summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/boot/default.nix14
-rw-r--r--modules/boot/grub.nix16
-rw-r--r--modules/networking/firewall.nix1
-rw-r--r--modules/networking/networkmanager.nix1
-rw-r--r--modules/nix.nix1
-rw-r--r--modules/security/doas.nix3
-rw-r--r--modules/security/sudo.nix1
-rw-r--r--modules/services/dbus.nix13
-rw-r--r--modules/services/default.nix1
-rw-r--r--modules/virtualisation.nix1
10 files changed, 33 insertions, 19 deletions
diff --git a/modules/boot/default.nix b/modules/boot/default.nix
index 577e74a..964a4e1 100644
--- a/modules/boot/default.nix
+++ b/modules/boot/default.nix
@@ -31,11 +31,15 @@
zenpower
];
- # initrd.availableKernelModules = [
- # "aesni_intel"
- # "cryptd"
- # "usb_storage"
- # ];
+ initrd = {
+ # systemd.enable = true;
+
+ availableKernelModules = [
+ # "aesni_intel"
+ # "cryptd"
+ "usb_storage"
+ ];
+ };
kernelModules = [
"v4l2loopback"
diff --git a/modules/boot/grub.nix b/modules/boot/grub.nix
index fd6e1e8..49e0eef 100644
--- a/modules/boot/grub.nix
+++ b/modules/boot/grub.nix
@@ -13,14 +13,14 @@
gfxpayloadEfi = "keep";
splashMode = "normal";
- extraEntries = ''
- menuentry "Arch Linux (linux-clear)" {
- linux /vmlinuz-linux-clear
- initrd /amd-ucode.img
- initrd /booster-linux-clear.img
- options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1
- }
- '';
+ # extraEntries = ''
+ # menuentry "Arch Linux (linux-clear)" {
+ # linux /vmlinuz-linux-clear
+ # initrd /amd-ucode.img
+ # initrd /booster-linux-clear.img
+ # options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1
+ # }
+ # '';
theme = pkgs.fetchFromGitHub {
owner = "Lxtharia";
diff --git a/modules/networking/firewall.nix b/modules/networking/firewall.nix
index 73bc44f..8077042 100644
--- a/modules/networking/firewall.nix
+++ b/modules/networking/firewall.nix
@@ -2,6 +2,7 @@
networking.firewall = {
enable = true;
allowedUDPPorts = [ 53 ];
+ allowPing = false;
allowedTCPPorts = [
80
diff --git a/modules/networking/networkmanager.nix b/modules/networking/networkmanager.nix
index edb4c1c..8435824 100644
--- a/modules/networking/networkmanager.nix
+++ b/modules/networking/networkmanager.nix
@@ -4,5 +4,6 @@
enable = true;
plugins = [ pkgs.networkmanager-openvpn ];
dns = "systemd-resolved";
+ wifi.backend = "iwd";
};
}
diff --git a/modules/nix.nix b/modules/nix.nix
index 6de07bb..ee392d7 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -11,6 +11,7 @@
extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
keep-going = true;
accept-flake-config = false;
+ stalled-download-timeout = 20;
system-features = [
"nixos-test"
diff --git a/modules/security/doas.nix b/modules/security/doas.nix
index 32dcca0..af717ca 100644
--- a/modules/security/doas.nix
+++ b/modules/security/doas.nix
@@ -4,7 +4,8 @@
extraRules = [
{
keepEnv = true;
- persist = true;
+ # persist = true;
+ noPass = true;
users = [ "ebisu" ];
}
];
diff --git a/modules/security/sudo.nix b/modules/security/sudo.nix
index bbb2e20..5c79eaf 100644
--- a/modules/security/sudo.nix
+++ b/modules/security/sudo.nix
@@ -2,5 +2,6 @@
security.sudo = {
enable = true;
execWheelOnly = true;
+ wheelNeedsPassword = false;
};
}
diff --git a/modules/services/dbus.nix b/modules/services/dbus.nix
index f3c158a..d67ed2b 100644
--- a/modules/services/dbus.nix
+++ b/modules/services/dbus.nix
@@ -1,8 +1,11 @@
{
- services.dbus.enable = true;
+ services.dbus = {
+ enable = true;
+ implementation = "broker";
- # services.dbus.packages = [
- # # pkgs.flatpak
- # pkgs.xdg-desktop-portal
- # ];
+ # packages = [
+ # # pkgs.flatpak
+ # pkgs.xdg-desktop-portal
+ # ];
+ };
}
diff --git a/modules/services/default.nix b/modules/services/default.nix
index e4ef4e7..7c881c1 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -25,5 +25,6 @@
thermald.enable = true;
chrony.enable = false;
timesyncd.enable = true;
+ irqbalance.enable = true;
};
}
diff --git a/modules/virtualisation.nix b/modules/virtualisation.nix
index 9355893..579a0e2 100644
--- a/modules/virtualisation.nix
+++ b/modules/virtualisation.nix
@@ -7,6 +7,7 @@
enableOnBoot = false;
liveRestore = true;
enableNvidia = lib.mkForce true;
+ extraOptions = "--iptables=False";
daemon.settings = {
default-runtime = "nvidia";
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 22:26:13 +0000