diff options
| author | sefidel <contact@sefidel.net> | 2021-12-31 21:36:32 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2021-12-31 21:42:28 +0900 |
| commit | 4dae1769aaf420643f99685c420197239f6b8755 (patch) | |
| tree | 0a177f703b12147950d6d1a5bb66a24d5ae05b5a /nixos/configurations/alpha.nix | |
| parent | 729d0b0dec6453bc69571c0e142e77170fa30fad (diff) | |
| download | nixrc-4dae1769aaf420643f99685c420197239f6b8755.tar.gz nixrc-4dae1769aaf420643f99685c420197239f6b8755.zip | |
*: fix minor designs
Diffstat (limited to 'nixos/configurations/alpha.nix')
| -rw-r--r-- | nixos/configurations/alpha.nix | 60 |
1 files changed, 53 insertions, 7 deletions
diff --git a/nixos/configurations/alpha.nix b/nixos/configurations/alpha.nix index 1e84872..67a8416 100644 --- a/nixos/configurations/alpha.nix +++ b/nixos/configurations/alpha.nix @@ -3,16 +3,46 @@ { imports = []; - security.chromiumSuidSandbox.enable = true; + security = { + acme.acceptTerms = true; + protectKernelImage = true; + rtkit.enable = true; + chromiumSuidSandbox.enable = true; + sudo.wheelNeedsPassword = false; + }; boot.kernelPackages = pkgs.linuxPackages_xanmod; + boot.kernelParams = [ + "nmi_watchdog=0" + "systemd.watchdog-device/dev/watchdog" + ]; + boot.kernel.sysctl = { + "net.ipv4.conf.default.log_martians" = 1; + "net.ipv4.conf.all.log_martians" = 1; + "net.ipv4.tcp_mtu_probing" = 1; + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_congestion_control" = "bbr2"; + "net.ipv4.conf.default.rp_filter" = 1; + "net.ipv4.conf.all.rp_filter" = 1; + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + "net.ipv4.tcp_rfc1337" = 1; + }; # GRUB bootloader boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; version = 2; - efiSupport = true; + efiSupport = true; configurationLimit = 10; device = "nodev"; useOSProber = true; @@ -27,8 +57,6 @@ ''; }; - boot.plymouth.enable = true; - networking.networkmanager.enable = true; networking.useDHCP = false; networking.firewall.enable = true; @@ -46,9 +74,11 @@ services.openssh.enable = true; sound.enable = true; - hardware.pulseaudio = { + services.pipewire = { enable = true; - package = pkgs.pulseaudioFull; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; }; hardware.bluetooth.enable = true; @@ -56,9 +86,16 @@ services.greetd = { enable = true; - settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -c sway"; }; + # https://github.com/apognu/tuigreet/issues/17 + systemd.services.greetd.unitConfig.After = lib.mkOverride 0 [ "multi-user.target" ]; + + services.journald.extraConfig = lib.mkForce ""; + + systemd.extraConfig = "RebootWatchdogSec=5"; + programs = { sway = { enable = true; @@ -90,6 +127,15 @@ hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + xdg.portal = { + enable = true; + gtkUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr + ]; + }; + virtualisation.libvirtd.enable = true; users.users = { |