diff options
Diffstat (limited to 'modules/system')
38 files changed, 683 insertions, 0 deletions
diff --git a/modules/system/access/default.nix b/modules/system/access/default.nix new file mode 100644 index 0000000..7db7629 --- /dev/null +++ b/modules/system/access/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./gnupg.nix + ./mosh.nix + ./ssh.nix + ]; +} diff --git a/modules/system/access/gnupg.nix b/modules/system/access/gnupg.nix new file mode 100644 index 0000000..aeffb23 --- /dev/null +++ b/modules/system/access/gnupg.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-curses; + + settings = { + enable-ssh-support = ""; + ttyname = "$GPG_TTY"; + default-cache-ttl = 34560000; # 60 + max-cache-ttl = 34560000; # 120 + allow-loopback-pinentry = ""; + }; + }; +} diff --git a/modules/system/access/mosh.nix b/modules/system/access/mosh.nix new file mode 100644 index 0000000..c9af5bf --- /dev/null +++ b/modules/system/access/mosh.nix @@ -0,0 +1,6 @@ +{ + programs.mosh = { + enable = true; + openFirewall = false; + }; +} diff --git a/modules/system/access/ssh.nix b/modules/system/access/ssh.nix new file mode 100644 index 0000000..b1fc187 --- /dev/null +++ b/modules/system/access/ssh.nix @@ -0,0 +1,26 @@ +{ + programs.ssh.startAgent = false; + + services.openssh = { + enable = true; + ports = [ 22 ]; + openFirewall = false; + + settings = { + KexAlgorithms = [ + "curve25519-sha256" + "diffie-hellman-group16-sha512" + "diffie-hellman-group18-sha512" + "diffie-hellman-group-exchange-sha256" + ]; + + Macs = [ + ]; + }; + }; +} diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix new file mode 100644 index 0000000..9a517ef --- /dev/null +++ b/modules/system/boot/default.nix @@ -0,0 +1,32 @@ +{ + pkgs, + config, + ... +}: +{ + imports = [ + ./grub.nix + ./systemd-boot.nix + ]; + + boot = { + crashDump.enable = false; + consoleLogLevel = 3; + kernelPackages = pkgs.linuxPackages_zen; + + kernelParams = [ + "iommu=pt" + "threadirqs" + ]; + + loader = { + timeout = 5; + generationsDir.copyKernels = true; + + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + }; +} diff --git a/modules/system/boot/grub.nix b/modules/system/boot/grub.nix new file mode 100644 index 0000000..49e0eef --- /dev/null +++ b/modules/system/boot/grub.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: +{ + boot.loader.grub = { + enable = true; + device = "nodev"; + efiSupport = true; + useOSProber = true; + configurationLimit = 10; + memtest86.enable = true; + gfxmodeEfi = "1920x1080x32"; + gfxmodeBios = "1920x1080x32"; + gfxpayloadBios = "keep"; + gfxpayloadEfi = "keep"; + splashMode = "normal"; + + # extraEntries = '' + # menuentry "Arch Linux (linux-clear)" { + # linux /vmlinuz-linux-clear + # initrd /amd-ucode.img + # initrd /booster-linux-clear.img + # options root=PARTUUID=f510f35d-76a0-4469-aad5-da449541ecd2 rootflags=subvol=@ rw rootfstype=btrfs psi=1 nvidia_drm.modeset=1 + # } + # ''; + + theme = pkgs.fetchFromGitHub { + owner = "Lxtharia"; + repo = "minegrub-theme"; + rev = "193b3a7c3d432f8c6af10adfb465b781091f56b3"; + sha256 = "1bvkfmjzbk7pfisvmyw5gjmcqj9dab7gwd5nmvi8gs4vk72bl2ap"; + }; + }; +} diff --git a/modules/system/boot/systemd-boot.nix b/modules/system/boot/systemd-boot.nix new file mode 100644 index 0000000..5b50bad --- /dev/null +++ b/modules/system/boot/systemd-boot.nix @@ -0,0 +1,10 @@ +{ + boot.loader.systemd-boot = { + enable = false; + editor = true; + consoleMode = "max"; + memtest86.enable = true; + netbootxyz.enable = true; + configurationLimit = 10; + }; +} diff --git a/modules/system/datetime/datetime.nix b/modules/system/datetime/datetime.nix new file mode 100644 index 0000000..7451fa2 --- /dev/null +++ b/modules/system/datetime/datetime.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: +{ + time.timeZone = "America/Los_Angeles"; + location.provider = "geoclue2"; + + services = { + chrony.enable = false; + timesyncd.enable = true; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + + inputMethod = { + enable = true; + type = "fcitx5"; + + fcitx5 = { + waylandFrontend = true; + + addons = with pkgs; [ + fcitx5-configtool + fcitx5-gtk + fcitx5-hangul + fcitx5-mozc + fcitx5-rime + rime-data + catppuccin-fcitx5 + ]; + }; + }; + }; +} diff --git a/modules/system/datetime/default.nix b/modules/system/datetime/default.nix new file mode 100644 index 0000000..97ba4c8 --- /dev/null +++ b/modules/system/datetime/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./datetime.nix + ./openntpd.nix + ]; +} diff --git a/modules/system/datetime/openntpd.nix b/modules/system/datetime/openntpd.nix new file mode 100644 index 0000000..ec59d5b --- /dev/null +++ b/modules/system/datetime/openntpd.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +{ + services.openntpd = { + enable = true; + + extraConfig = '' + listen on 127.0.0.1 + listen on ::1 + ''; + }; + + environment.systemPackages = [ pkgs.openntpd ]; +} diff --git a/modules/system/default.nix b/modules/system/default.nix new file mode 100644 index 0000000..cdef99d --- /dev/null +++ b/modules/system/default.nix @@ -0,0 +1,24 @@ +{ + imports = [ + ./access + ./boot + ./datetime + ./desktop + ./networking + ./services + ./encryption.nix + ./programs.nix + ./systemd.nix + ./users.nix + ./variables.nix + ]; + + system = { + autoUpgrade.enable = false; + + switch = { + enable = false; + enableNg = true; + }; + }; +} diff --git a/modules/system/desktop/default.nix b/modules/system/desktop/default.nix new file mode 100644 index 0000000..bd2c811 --- /dev/null +++ b/modules/system/desktop/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./gtk.nix + ./xdg-portal.nix + ]; +} diff --git a/modules/system/desktop/gtk.nix b/modules/system/desktop/gtk.nix new file mode 100644 index 0000000..4357e75 --- /dev/null +++ b/modules/system/desktop/gtk.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + gtk2 + gtk3 + gtk4 + ]; +} diff --git a/modules/system/desktop/xdg-portal.nix b/modules/system/desktop/xdg-portal.nix new file mode 100644 index 0000000..72bcb97 --- /dev/null +++ b/modules/system/desktop/xdg-portal.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + xdg.portal = { + enable = true; + config.common.default = "*"; + # wlr.enable = true; + # xdgOpenUsePortal = true; + + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; +} diff --git a/modules/system/encryption.nix b/modules/system/encryption.nix new file mode 100644 index 0000000..53a24bb --- /dev/null +++ b/modules/system/encryption.nix @@ -0,0 +1,16 @@ +{ + boot = { + initrd.availableKernelModules = [ + # "aesni_intel" + # "cryptd" + "usb_storage" + ]; + + # <https://wiki.archlinux.org/title/Dm-crypt/System_configuration#Timeout> + kernelParams = [ + "luks.options=timeout=0" + "rd.luks.options=timeout=0" + "rootflags=x-systemd.device-timeout=0" + ]; + }; +} diff --git a/modules/system/networking/default.nix b/modules/system/networking/default.nix new file mode 100644 index 0000000..96f89d0 --- /dev/null +++ b/modules/system/networking/default.nix @@ -0,0 +1,33 @@ +{ + imports = [ + ./vpn + ./dhcpcd.nix + ./fail2ban.nix + ./firewall.nix + ./ipv6.nix + ./loopback.nix + ./networkmanager.nix + ./optimise.nix + ./resolved.nix + ./tor.nix + ]; + + networking = { + hostName = "kansai"; + nftables.enable = true; + + nameservers = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + ]; + + timeServers = [ + "0.nixos.pool.ntp.org" + "1.nixos.pool.ntp.org" + "2.nixos.pool.ntp.org" + "3.nixos.pool.ntp.org" + ]; + }; +} diff --git a/modules/system/networking/dhcpcd.nix b/modules/system/networking/dhcpcd.nix new file mode 100644 index 0000000..99ac0f3 --- /dev/null +++ b/modules/system/networking/dhcpcd.nix @@ -0,0 +1,6 @@ +{ + networking.dhcpcd = { + wait = "background"; + extraConfig = "noarp"; + }; +} diff --git a/modules/system/networking/fail2ban.nix b/modules/system/networking/fail2ban.nix new file mode 100644 index 0000000..fa45565 --- /dev/null +++ b/modules/system/networking/fail2ban.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: +{ + services.fail2ban = { + enable = false; + + ignoreIP = [ + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + ]; + + jails.sshd.settings = { + enabled = true; + filter = "sshd[mode=aggressive]"; + port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports); + }; + }; +} diff --git a/modules/system/networking/firewall.nix b/modules/system/networking/firewall.nix new file mode 100644 index 0000000..569089c --- /dev/null +++ b/modules/system/networking/firewall.nix @@ -0,0 +1,12 @@ +{ + networking.firewall = { + enable = true; + allowedUDPPorts = [ 53 ]; + allowPing = false; + + allowedTCPPorts = [ + 80 + 443 + ]; + }; +} diff --git a/modules/system/networking/ipv6.nix b/modules/system/networking/ipv6.nix new file mode 100644 index 0000000..274c1ae --- /dev/null +++ b/modules/system/networking/ipv6.nix @@ -0,0 +1,9 @@ +{ + boot.kernel.sysctl = { + "net.ipv6.conf.enp42s0.disable_ipv6" = true; + "net.ipv6.conf.wlp4s0.disable_ipv6" = true; + "net.ipv6.conf.tun0.disable_ipv6" = true; + }; + + networking.enableIPv6 = false; +} diff --git a/modules/system/networking/loopback.nix b/modules/system/networking/loopback.nix new file mode 100644 index 0000000..62e745e --- /dev/null +++ b/modules/system/networking/loopback.nix @@ -0,0 +1,7 @@ +{ config, ... }: +{ + boot = { + kernelModules = [ "v4l2loopback" ]; + extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + }; +} diff --git a/modules/system/networking/networkmanager.nix b/modules/system/networking/networkmanager.nix new file mode 100644 index 0000000..e5fdfc1 --- /dev/null +++ b/modules/system/networking/networkmanager.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ pkgs.networkmanagerapplet ]; + + networking.networkmanager = { + enable = true; + plugins = [ pkgs.networkmanager-openvpn ]; + dns = "systemd-resolved"; + wifi.backend = "iwd"; + + unmanaged = [ + "interface-name:tailscale*" + "interface-name:br-*" + "interface-name:rndis*" + "interface-name:docker*" + "interface-name:virbr*" + "interface-name:vboxnet*" + "interface-name:waydroid*" + "type:bridge" + ]; + }; +} diff --git a/modules/system/networking/optimise.nix b/modules/system/networking/optimise.nix new file mode 100644 index 0000000..c6f2bec --- /dev/null +++ b/modules/system/networking/optimise.nix @@ -0,0 +1,73 @@ +{ + boot = { + kernelModules = [ + "tls" + "tcp_bbr" + ]; + + kernel.sysctl = { + # TCP hardening + # Prevent bogus ICMP errors from filling up logs. + "net.ipv4.icmp_ignore_bogus_error_responses" = 1; + # Reverse path filtering causes the kernel to do source validation of + # packets received from all interfaces. This can mitigate IP spoofing. + "net.ipv4.conf.default.rp_filter" = 1; + "net.ipv4.conf.all.rp_filter" = 1; + # Do not accept IP source route packets (we're not a router) + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + # Don't send ICMP redirects (again, we're on a router) + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + # Refuse ICMP redirects (MITM mitigations) + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + # Protects against SYN flood attacks + "net.ipv4.tcp_syncookies" = 1; + # Incomplete protection again TIME-WAIT assassination + "net.ipv4.tcp_rfc1337" = 1; + # And other stuff + "net.ipv4.conf.all.log_martians" = true; + "net.ipv4.conf.default.log_martians" = true; + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + "net.ipv6.conf.default.accept_ra" = 0; + "net.ipv6.conf.all.accept_ra" = 0; + "net.ipv4.tcp_timestamps" = 0; + + # TCP optimization + # TCP Fast Open is a TCP extension that reduces network latency by packing + # data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for + # both incoming and outgoing connections: + "net.ipv4.tcp_fastopen" = 3; + # Bufferbloat mitigations + slight improvement in throughput & latency + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.core.default_qdisc" = "cake"; + + # Other stuff that I am too lazy to document + "net.core.optmem_max" = 65536; + "net.core.rmem_default" = 1048576; + "net.core.rmem_max" = 16777216; + "net.core.somaxconn" = 8192; + "net.core.wmem_default" = 1048576; + "net.core.wmem_max" = 16777216; + "net.ipv4.ip_local_port_range" = "16384 65535"; + "net.ipv4.tcp_max_syn_backlog" = 8192; + "net.ipv4.tcp_max_tw_buckets" = 2000000; + "net.ipv4.tcp_mtu_probing" = 1; + "net.ipv4.tcp_rmem" = "4096 1048576 2097152"; + "net.ipv4.tcp_slow_start_after_idle" = 0; + "net.ipv4.tcp_tw_reuse" = 1; + "net.ipv4.tcp_wmem" = "4096 65536 16777216"; + "net.ipv4.udp_rmem_min" = 8192; + "net.ipv4.udp_wmem_min" = 8192; + "net.netfilter.nf_conntrack_generic_timeout" = 60; + "net.netfilter.nf_conntrack_max" = 1048576; + "net.netfilter.nf_conntrack_tcp_timeout_established" = 600; + "net.netfilter.nf_conntrack_tcp_timeout_time_wait" = 1; + }; + }; +} diff --git a/modules/system/networking/resolved.nix b/modules/system/networking/resolved.nix new file mode 100644 index 0000000..632ca7a --- /dev/null +++ b/modules/system/networking/resolved.nix @@ -0,0 +1,15 @@ +{ + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + dnsovertls = "true"; + + fallbackDns = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + ]; + }; +} diff --git a/modules/system/networking/tor.nix b/modules/system/networking/tor.nix new file mode 100644 index 0000000..3e3831f --- /dev/null +++ b/modules/system/networking/tor.nix @@ -0,0 +1,6 @@ +{ + services.tor = { + enable = true; + client.enable = true; + }; +} diff --git a/modules/system/networking/vpn/default.nix b/modules/system/networking/vpn/default.nix new file mode 100644 index 0000000..92a11b0 --- /dev/null +++ b/modules/system/networking/vpn/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./pia.nix + ./tailscale.nix + ]; +} diff --git a/modules/system/networking/vpn/pia.nix b/modules/system/networking/vpn/pia.nix new file mode 100644 index 0000000..d52dbf8 --- /dev/null +++ b/modules/system/networking/vpn/pia.nix @@ -0,0 +1,10 @@ +{ secrets, ... }: +{ + services.pia = { + enable = true; + + authUserPass = { + inherit (secrets.pia) username password; + }; + }; +} diff --git a/modules/system/networking/vpn/tailscale.nix b/modules/system/networking/vpn/tailscale.nix new file mode 100644 index 0000000..5d51594 --- /dev/null +++ b/modules/system/networking/vpn/tailscale.nix @@ -0,0 +1,4 @@ +{ + services.tailscale.enable = true; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; +} diff --git a/modules/system/programs.nix b/modules/system/programs.nix new file mode 100644 index 0000000..8a856d5 --- /dev/null +++ b/modules/system/programs.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + programs = { + fish.enable = true; + mtr.enable = true; + dconf.enable = true; + ccache.enable = true; + + bash.interactiveShellInit = '' + export HISTFILE="$XDG_STATE_HOME/bash/history" + ''; + }; + + environment.systemPackages = with pkgs; [ + vim + wget + git + pinentry + runc + ]; +} diff --git a/modules/system/services/ananicy.nix b/modules/system/services/ananicy.nix new file mode 100644 index 0000000..bdc9bbd --- /dev/null +++ b/modules/system/services/ananicy.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + services.ananicy = { + enable = false; + package = pkgs.ananicy-cpp; + rulesProvider = pkgs.ananicy-rules-cachyos; + }; +} diff --git a/modules/system/services/dbus.nix b/modules/system/services/dbus.nix new file mode 100644 index 0000000..d67ed2b --- /dev/null +++ b/modules/system/services/dbus.nix @@ -0,0 +1,11 @@ +{ + services.dbus = { + enable = true; + implementation = "broker"; + + # packages = [ + # # pkgs.flatpak + # pkgs.xdg-desktop-portal + # ]; + }; +} diff --git a/modules/system/services/default.nix b/modules/system/services/default.nix new file mode 100644 index 0000000..44436bd --- /dev/null +++ b/modules/system/services/default.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + imports = [ + ./ananicy.nix + ./dbus.nix + ./libinput.nix + ./ollama.nix + ./xserver.nix + ]; + + services = { + printing.enable = false; + gnome.gnome-keyring.enable = true; + fstrim.enable = true; + gvfs.enable = true; + udev.packages = with pkgs; [ pkgs.logitech-udev-rules ]; + thermald.enable = true; + irqbalance.enable = true; + }; +} diff --git a/modules/system/services/libinput.nix b/modules/system/services/libinput.nix new file mode 100644 index 0000000..643f814 --- /dev/null +++ b/modules/system/services/libinput.nix @@ -0,0 +1,13 @@ +{ + services.libinput = { + enable = true; + + mouse = { + accelProfile = "flat"; + }; + + touchpad = { + accelProfile = "flat"; + }; + }; +} diff --git a/modules/system/services/ollama.nix b/modules/system/services/ollama.nix new file mode 100644 index 0000000..2638d12 --- /dev/null +++ b/modules/system/services/ollama.nix @@ -0,0 +1,6 @@ +{ + services.ollama = { + enable = false; + acceleration = "cuda"; + }; +} diff --git a/modules/system/services/xserver.nix b/modules/system/services/xserver.nix new file mode 100644 index 0000000..e08ac04 --- /dev/null +++ b/modules/system/services/xserver.nix @@ -0,0 +1,6 @@ +{ + services.xserver = { + xkb.layout = "us"; + videoDrivers = [ "nvidia" ]; + }; +} diff --git a/modules/system/systemd.nix b/modules/system/systemd.nix new file mode 100644 index 0000000..9ecb5b2 --- /dev/null +++ b/modules/system/systemd.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + # boot.initrd.systemd.enable = true; + + systemd.services.containerd.path = with pkgs; [ + containerd + runc + iptables + nvidia-docker + ]; +} diff --git a/modules/system/users.nix b/modules/system/users.nix new file mode 100644 index 0000000..4055353 --- /dev/null +++ b/modules/system/users.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: +let + initialPassword = "123456"; +in +{ + users.users = { + root = { + inherit initialPassword; + + shell = pkgs.bash; + }; + + ebisu = { + inherit initialPassword; + + isNormalUser = true; + shell = pkgs.fish; + + extraGroups = [ + "wheel" + "systemd-journal" + "audio" + "video" + "input" + "plugdev" + "lp" + "tss" + "power" + "nix" + "network" + "networkmanager" + "wireshark" + "mysql" + "docker" + "podman" + "git" + "libvirtd" + "kvm" + ]; + }; + }; +} diff --git a/modules/system/variables.nix b/modules/system/variables.nix new file mode 100644 index 0000000..7e9b794 --- /dev/null +++ b/modules/system/variables.nix @@ -0,0 +1,74 @@ +{ + environment.variables = { + # OpenGL + __GL_GSYNC_ALLOWED = "1"; + __GL_VRR_ALLOWED = "0"; + __GL_MaxFramesAllowed = "1"; + + # Java + _JAVA_AWT_WM_NONREPARENTING = "1"; + + # Qt + QT_AUTO_SCREEN_SCALE_FACTOR = "1"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + QT_QPA_PLATFORM = "wayland;xcb"; + DISABLE_QT5_COMPAT = "0"; + DISABLE_QT_COMPAT = "0"; + QT_QPA_PLATFORMTHEME = "qt5ct"; + # QT_STYLE_OVERRIDE = "kvantum"; + + # Electron + # ELECTRON_OZONE_PLATFORM_HINT = "auto"; + # OZONE_PLATFORM = "wayland"; + NIXOS_OZONE_WL = "1"; + + # Proton + PROTON_ENABLE_NGX_UPDATER = "1"; + + # wlroots + WLR_NO_HARDWARE_CURSORS = "1"; + WLR_DRM_NO_ATOMIC = "1"; + WLR_USE_LIBINPUT = "1"; + WLR_RENDERER_ALLOW_SOFTWARE = "1"; + WLR_DRM_DEVICES = "/dev/dri/card0"; + WLR_EGL_NO_MODIFIERS = "1"; + WLR_BACKEND = "vulkan"; + WLR_RENDERER = "vulkan"; + + # Mozilla + MOZ_ENABLE_WAYLAND = "1"; + MOZ_DISABLE_RDD_SANDBOX = "1"; + + # Nvidia + LIBVA_DRIVER_NAME = "nvidia"; + __GLX_VENDOR_LIBRARY_NAME = "nvidia"; + GBM_BACKEND = "nvidia-drm"; + __VK_LAYER_NV_optimus = "NVIDIA_only"; + __NV_PRIME_RENDER_OFFLOAD = "1"; + NVD_BACKEND = "direct"; + + # Fcitx + # https://fcitx-im.org/wiki/Using_Fcitx_5_on_Wayland + QT_IM_MODULE = "fcitx"; + XMODIFIERS = "@im=fcitx"; + # GTK_IM_MODULE = "wayland"; + # GTK_IM_MODULE = "fcitx"; + SDL_IM_MODULE = "fcitx"; + GLFW_IM_MODULE = "ibus"; + INPUT_METHOD = "fcitx"; + CUDA_CACHE_PATH = "$XDG_CACHE_HOME/nv"; + + # Other Wayland + GDK_BACKEND = "wayland,x11,*"; + SDL_VIDEODRIVER = "wayland"; + CLUTTER_BACKEND = "wayland"; + XWAYLAND_NO_GLAMOR = "1"; # Gamescope + ANKI_WAYLAND = "1"; + XDG_SESSION_TYPE = "wayland"; + + # Other + GTK_USE_PORTAL = "1"; + DIRENV_LOG_FORMAT = ""; + SSH_AUTH_SOCK = "/run/user/1000/keyring/ssh"; + }; +} |