9 files changed, 32 insertions, 9 deletions

diff --git a/modules/default.nix b/modules/default.nix
index 2e3bb89..1f34456 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -14,5 +14,7 @@
     ./xdg-portal.nix
   ];
 
+  nixpkgs.config.allowUnfree = true;
   location.provider = "geoclue2";
+  system.autoUpgrade.enable = false;
 }
diff --git a/modules/networking.nix b/modules/networking.nix
index d2d2f0d..b60b2c4 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -2,6 +2,7 @@
   networking = {
     hostName = "kansai";
     networkmanager.enable = false;
+    nftables.enable = true;
 
     nameservers = [
       "1.1.1.1"
diff --git a/modules/nix.nix b/modules/nix.nix
index 8efc3ef..c6b227a 100644
--- a/modules/nix.nix
+++ b/modules/nix.nix
@@ -1,6 +1,4 @@
-{
-  nixpkgs.config.allowUnfree = true;
-
+{ config, ... }: {
   nix = {
     settings = {
       auto-optimise-store = true;
@@ -8,6 +6,7 @@
       warn-dirty = false;
       log-lines = 50;
       # sandbox = "relaxed";
+      extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
 
       trusted-users = [
         "@wheel"
@@ -22,11 +21,15 @@
         "https://cache.nixos.org/"
         "https://nix-community.cachix.org"
         "https://hyprland.cachix.org"
+        "https://nyx.chaotic.cx/"
+        "https://nixpkgs-wayland.cachix.org/"
       ];
 
       trusted-public-keys = [
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+        "nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
+        "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
       ];
 
       experimental-features = [
@@ -36,9 +39,9 @@
     };
 
     gc = {
-      automatic = false;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 3d";
     };
   };
 }
diff --git a/modules/programs/default.nix b/modules/programs/default.nix
index df9231e..cfba847 100644
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@@ -10,5 +10,6 @@
     mtr.enable = true;
     dconf.enable = true;
     ssh.startAgent = false;
+    ccache.enable = true;
   };
 }
diff --git a/modules/programs/nh.nix b/modules/programs/nh.nix
index ebb4137..0327920 100644
--- a/modules/programs/nh.nix
+++ b/modules/programs/nh.nix
@@ -3,8 +3,8 @@
     enable = true;
 
     clean = {
-      enable = true;
-      extraArgs = "--keep-since 4d --keep 3";
+      enable = false;
+      extraArgs = "--keep-since 3d --keep 3";
     };
   };
 }
diff --git a/modules/services/ananicy.nix b/modules/services/ananicy.nix
new file mode 100644
index 0000000..7e86026
--- /dev/null
+++ b/modules/services/ananicy.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }: {
+  services.ananicy = {
+    enable = true;
+    package = pkgs.ananicy-cpp;
+    rulesProvider = pkgs.ananicy-rules-cachyos;
+  };
+}
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 4b630d6..d629f38 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./ananicy.nix
     ./dbus.nix
     ./libinput.nix
     ./openssh.nix
diff --git a/modules/users.nix b/modules/users.nix
index 84a2ea3..ca1ee02 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -4,7 +4,10 @@ let
 in
 {
   users.users = {
-    root.initialPassword = initialPassword;
+    root = {
+      initialPassword = initialPassword;
+      shell = pkgs.bash;
+    };
 
     ebisu = {
       isNormalUser = true;
diff --git a/modules/virtualisation.nix b/modules/virtualisation.nix
index 6add74f..442cbf7 100644
--- a/modules/virtualisation.nix
+++ b/modules/virtualisation.nix
@@ -4,6 +4,11 @@
       enable = true;
       storageDriver = "btrfs";
       enableOnBoot = false;
+
+      rootless = {
+        enable = true;
+        setSocketVariable = true;
+      };
     };
 
     libvirtd.enable = true;