summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-03-08 21:30:37 +0300
committerAzat Bahawi <azat@bahawi.net>2024-03-08 21:30:37 +0300
commit04be52d7b75eb62203a3af8d85e36e3584123f90 (patch)
tree5ad22924998c10c45834eadae6c0498a3ac4be1b
parent037ef27243eab47d6e1c29f231c248dc2aa4966e (diff)
2024-03-08
Diffstat
-rw-r--r--flake.lock60
-rw-r--r--modules/common/emacs/doom/config.el3
-rw-r--r--modules/common/profiles/dev/containers.nix9
-rw-r--r--modules/nixos/common/networking.nix4
-rw-r--r--modules/nixos/games/mangohud.nix26
-rw-r--r--modules/nixos/games/steam-run.nix1
-rw-r--r--modules/nixos/games/steam.nix8
-rw-r--r--modules/nixos/matrix/dendrite.nix3
-rw-r--r--modules/nixos/profiles/headless.nix2
-rw-r--r--modules/nixos/shadowsocks.nix9
-rw-r--r--modules/nixos/soju.nix2
-rw-r--r--modules/nixos/unbound.nix9
12 files changed, 70 insertions, 66 deletions
diff --git a/flake.lock b/flake.lock
index e02085f..991b721 100644
--- a/flake.lock
+++ b/flake.lock
@@ -271,11 +271,11 @@
]
},
"locked": {
- "lastModified": 1709270649,
- "narHash": "sha256-ox/QjE33yeC9ESx9viogCH8bWlB7Odkmp0mLy2PJD30=",
+ "lastModified": 1709771483,
+ "narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=",
"owner": "LnL7",
"repo": "nix-darwin",
- "rev": "c2751db910d47a0f08e989fe1360897d90fc3961",
+ "rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6",
"type": "github"
},
"original": {
@@ -420,11 +420,11 @@
]
},
"locked": {
- "lastModified": 1709204054,
- "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+ "lastModified": 1709904018,
+ "narHash": "sha256-fVp/89wNjWg7OQ/Gj3eSK2IXKDk9mXSj5ltOz98Ce2w=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+ "rev": "8b07ca541939211d3cc437ddfd74ebdef3d72471",
"type": "github"
},
"original": {
@@ -468,11 +468,11 @@
]
},
"locked": {
- "lastModified": 1706742486,
- "narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=",
+ "lastModified": 1709905972,
+ "narHash": "sha256-18OF2/ypr0n4Lp6Fk5SLHPu12ok6jM+Hv3sC0PCim0Q=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
- "rev": "9e36323ae3dde787f761420465c3ae560f3dbf29",
+ "rev": "572c1b4d69deea1093ac231c37927cfa8ccad477",
"type": "gitlab"
},
"original": {
@@ -494,11 +494,11 @@
]
},
"locked": {
- "lastModified": 1709256031,
- "narHash": "sha256-9kwgroCPU51++PXFGaadQJkXxyouEmUtlCZmhocHLfo=",
+ "lastModified": 1709860485,
+ "narHash": "sha256-ZcD6awXKI5RHBq5VwWgFnI203+Cl0pd8QFr2DsMyRYo=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
- "rev": "b03e96e1bd7a4fefc9248844f4484b833cb8135e",
+ "rev": "ff8caea3c999a5173d021fc76c84addbf7bbf785",
"type": "github"
},
"original": {
@@ -514,11 +514,11 @@
]
},
"locked": {
- "lastModified": 1708830466,
- "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=",
+ "lastModified": 1709906691,
+ "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b",
+ "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178",
"type": "github"
},
"original": {
@@ -529,11 +529,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1709147990,
- "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
+ "lastModified": 1709410583,
+ "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
+ "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
"type": "github"
},
"original": {
@@ -544,11 +544,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1709230475,
- "narHash": "sha256-QI/0GiTvWxhBJ/bpredarfAUARnP6zE1vCOifsZ220A=",
+ "lastModified": 1709780214,
+ "narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "b5f6e3881acf8ca8a35b8cdb8d4021e5bd469a4e",
+ "rev": "f945939fd679284d736112d3d5410eb867f3b31c",
"type": "github"
},
"original": {
@@ -560,11 +560,11 @@
},
"nixpkgs-master": {
"locked": {
- "lastModified": 1709277635,
- "narHash": "sha256-JksaB0ZjX805Udu2EpgGqzr/QaPE64v9CqPKNowGrzk=",
+ "lastModified": 1709911891,
+ "narHash": "sha256-abdPgw2J4s/FxdamRQWEX8hpot+NaeaHoZTK0nshb0Q=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "f7fca9d98b0ec282f4b0d63f1fc2e38caf4ea55a",
+ "rev": "b4af4efff2fc40287d7a4f17b59d2754107b02bb",
"type": "github"
},
"original": {
@@ -576,11 +576,11 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1709251216,
- "narHash": "sha256-YIqYA4e1561zvBK2F7h9ilScnBy+0stgLHb3zOzpmOA=",
+ "lastModified": 1709909254,
+ "narHash": "sha256-C9HGaGbYlWv/lBXtwxAD+tkwVqIDImNLVlA6Kma4vOg=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "1f50575dc92e39cdec74ab832987f41a57de7f68",
+ "rev": "033e72165ef3f3b6be6d901444ed5e5d0ef699aa",
"type": "github"
},
"original": {
@@ -748,11 +748,11 @@
]
},
"locked": {
- "lastModified": 1709256035,
- "narHash": "sha256-ITBljUSiKjrxkmY/TnLWARn2C/DkvehAreyObQ3et+4=",
+ "lastModified": 1709860999,
+ "narHash": "sha256-fZd5nkY4tnCrIjDKC/0aguldQtV7nsU/byihYF3GCLU=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
- "rev": "4c837a448eec3c02bcc632c5edd3474173e5cb12",
+ "rev": "f482c1c39027a8c03b86c3dc43637d80a1440918",
"type": "github"
},
"original": {
diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el
index 3b771ad..15bcdff 100644
--- a/modules/common/emacs/doom/config.el
+++ b/modules/common/emacs/doom/config.el
@@ -188,9 +188,10 @@
:host "azahi.cc"
:port 6697
:tls t
+ :logging nil
:user ,(concat circe-default-user "/" server)
:pass ,(lambda (&rest _)
- (+pass-get-secret ""))))
+ (+pass-get-secret "server/soju.shire.net/azahi"))))
'("libera" "oftc" "hackint" "rizon")))
;;
diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix
index d9b67d0..e90c88e 100644
--- a/modules/common/profiles/dev/containers.nix
+++ b/modules/common/profiles/dev/containers.nix
@@ -34,14 +34,7 @@ in {
};
packages = with pkgs; [
- argocd
- chart-testing
- clusterctl
- cmctl
- datree
- istioctl
k9s
- kubeconform
kubectl
kubectl-doctor
kubectl-images
@@ -50,10 +43,8 @@ in {
kubelogin-oidc
kubent
kubernetes-helm
- kubeseal
kubespy
minikube
- skaffold
skopeo
stern
telepresence2
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix
index 91306be..fb7d9b2 100644
--- a/modules/nixos/common/networking.nix
+++ b/modules/nixos/common/networking.nix
@@ -36,13 +36,15 @@ in {
useDHCP = false;
+ nftables.enable = true;
+
firewall = {
enable = true;
rejectPackets = false;
allowPing = true;
- pingLimit = "--limit 1/minute --limit-burst 5";
+ pingLimit = "1/minute burst 5 packets";
logRefusedConnections = false;
logRefusedPackets = false;
diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix
index d693c82..509e035 100644
--- a/modules/nixos/games/mangohud.nix
+++ b/modules/nixos/games/mangohud.nix
@@ -9,17 +9,21 @@ in {
options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud";
config = mkIf cfg.enable {
- hm.programs.mangohud = {
- enable = true;
- settings = {
- fps = true;
- frame_timing = true;
- gpu_stats = true;
- gpu_temp = true;
- cpu_stats = true;
- cpu_temp = true;
- ram = true;
- vram = true;
+ hm = {
+ stylix.targets.mangohud.enable = false;
+
+ programs.mangohud = {
+ enable = true;
+ settings = {
+ fps = true;
+ frame_timing = true;
+ gpu_stats = true;
+ gpu_temp = true;
+ cpu_stats = true;
+ cpu_temp = true;
+ ram = true;
+ vram = true;
+ };
};
};
};
diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix
index 2643c95..fc51c85 100644
--- a/modules/nixos/games/steam-run.nix
+++ b/modules/nixos/games/steam-run.nix
@@ -24,6 +24,7 @@ in {
games = {
enable32BitSupport = true;
gamemode.enable = true;
+ mangohud.enable = true;
};
};
diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix
index 8dfa72c..c81d344 100644
--- a/modules/nixos/games/steam.nix
+++ b/modules/nixos/games/steam.nix
@@ -17,9 +17,15 @@ in {
games = {
enable32BitSupport = true;
gamemode.enable = true;
+ mangohud.enable = true;
};
};
- hm.home.packages = with pkgs; [steam];
+ hm.home.packages = with pkgs; [
+ (steam.override {extraEnv.MANGOHUD = 1;})
+ protontricks
+ ];
+
+ hardware.steam-hardware.enable = true;
};
}
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index d5c9308..c65b55b 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -106,8 +106,9 @@ in {
systemd.services.dendrite = {
description = "Dendrite Matrix homeserver";
- requires = ["network.target"];
wantedBy = ["multi-user.target"];
+ requires = ["network.target" "postgresql.service"];
+ after = ["network.target" "postgresql.service"];
serviceConfig = let
needsPrivileges = cfg.port < 1024;
capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"];
diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix
index f0357ab..d1fcfa4 100644
--- a/modules/nixos/profiles/headless.nix
+++ b/modules/nixos/profiles/headless.nix
@@ -22,7 +22,7 @@ in {
# the latest LTS release + hardened patches (just in case).
#
# [1]: https://kernel.org
- boot.kernelPackages = pkgs.linuxPackages_5_15_hardened;
+ boot.kernelPackages = pkgs.linuxPackages_6_6_hardened;
nix = {
gc = {
diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix
index 97eb17f..69688da 100644
--- a/modules/nixos/shadowsocks.nix
+++ b/modules/nixos/shadowsocks.nix
@@ -100,14 +100,7 @@ in {
'';
};
- networking.firewall = {
- allowedTCPPorts = [cfg.port];
- extraCommands = ''
- iptables -A nixos-fw -p tcp --syn --dport ${
- toString cfg.port
- } -m connlimit --connlimit-above 32 -j nixos-fw-refuse
- '';
- };
+ networking.firewall.allowedTCPPorts = [cfg.port];
# https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks
boot.kernel.sysctl = {
diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix
index ea95bb3..71dff86 100644
--- a/modules/nixos/soju.nix
+++ b/modules/nixos/soju.nix
@@ -70,6 +70,8 @@ in {
systemd.services.soju = {
description = "soju IRC bouncer";
wantedBy = ["multi-user.target"];
+ wants = ["network-online.target"];
+ requires = ["postgresql.service"];
after = ["network-online.target" "postgresql.service"];
serviceConfig = {
ExecStart = let
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index e6cad81..5aaf104 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -35,6 +35,7 @@ in {
withTFO = true;
};
+ checkconf = false;
settings = {
server = {
interface = with this.wireguard; [
@@ -164,9 +165,10 @@ in {
name = "unbound-adblock-update";
runtimeInputs = [pkgs.curl package];
text = ''
- curl -s \
- "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \
- >${adblock-conf}
+ curl \
+ -s \
+ -o ${adblock-conf} \
+ "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf"
if [[ -f "${localControlSocketPath}" ]]; then
unbound-control reload
@@ -179,6 +181,7 @@ in {
timers.unbound-adblock-update = {
requires = ["network-online.target"];
+ after = ["network-online.target"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 00:53:26 +0000