diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/configurations/alpha.nix | 60 | ||||
| -rw-r--r-- | nixos/configurations/hardware/alpha.nix | 2 |
2 files changed, 54 insertions, 8 deletions
diff --git a/nixos/configurations/alpha.nix b/nixos/configurations/alpha.nix index 1e84872..67a8416 100644 --- a/nixos/configurations/alpha.nix +++ b/nixos/configurations/alpha.nix @@ -3,16 +3,46 @@ { imports = []; - security.chromiumSuidSandbox.enable = true; + security = { + acme.acceptTerms = true; + protectKernelImage = true; + rtkit.enable = true; + chromiumSuidSandbox.enable = true; + sudo.wheelNeedsPassword = false; + }; boot.kernelPackages = pkgs.linuxPackages_xanmod; + boot.kernelParams = [ + "nmi_watchdog=0" + "systemd.watchdog-device/dev/watchdog" + ]; + boot.kernel.sysctl = { + "net.ipv4.conf.default.log_martians" = 1; + "net.ipv4.conf.all.log_martians" = 1; + "net.ipv4.tcp_mtu_probing" = 1; + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_congestion_control" = "bbr2"; + "net.ipv4.conf.default.rp_filter" = 1; + "net.ipv4.conf.all.rp_filter" = 1; + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + "net.ipv4.tcp_rfc1337" = 1; + }; # GRUB bootloader boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; version = 2; - efiSupport = true; + efiSupport = true; configurationLimit = 10; device = "nodev"; useOSProber = true; @@ -27,8 +57,6 @@ ''; }; - boot.plymouth.enable = true; - networking.networkmanager.enable = true; networking.useDHCP = false; networking.firewall.enable = true; @@ -46,9 +74,11 @@ services.openssh.enable = true; sound.enable = true; - hardware.pulseaudio = { + services.pipewire = { enable = true; - package = pkgs.pulseaudioFull; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; }; hardware.bluetooth.enable = true; @@ -56,9 +86,16 @@ services.greetd = { enable = true; - settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -c sway"; }; + # https://github.com/apognu/tuigreet/issues/17 + systemd.services.greetd.unitConfig.After = lib.mkOverride 0 [ "multi-user.target" ]; + + services.journald.extraConfig = lib.mkForce ""; + + systemd.extraConfig = "RebootWatchdogSec=5"; + programs = { sway = { enable = true; @@ -90,6 +127,15 @@ hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + xdg.portal = { + enable = true; + gtkUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr + ]; + }; + virtualisation.libvirtd.enable = true; users.users = { diff --git a/nixos/configurations/hardware/alpha.nix b/nixos/configurations/hardware/alpha.nix index e8d3e17..409d7b1 100644 --- a/nixos/configurations/hardware/alpha.nix +++ b/nixos/configurations/hardware/alpha.nix @@ -15,7 +15,7 @@ in { boot.initrd.availableKernelModules = [ "xhci-pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "tcp_bbr" ]; boot.extraModulePackages = [ ]; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; |