about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-03-08 21:30:37 +0300
committerAzat Bahawi <azat@bahawi.net>2024-03-08 21:30:37 +0300
commit04be52d7b75eb62203a3af8d85e36e3584123f90 (patch)
tree5ad22924998c10c45834eadae6c0498a3ac4be1b
parent2024-03-04 (diff)
2024-03-08
-rw-r--r--flake.lock60
-rw-r--r--modules/common/emacs/doom/config.el3
-rw-r--r--modules/common/profiles/dev/containers.nix9
-rw-r--r--modules/nixos/common/networking.nix4
-rw-r--r--modules/nixos/games/mangohud.nix26
-rw-r--r--modules/nixos/games/steam-run.nix1
-rw-r--r--modules/nixos/games/steam.nix8
-rw-r--r--modules/nixos/matrix/dendrite.nix3
-rw-r--r--modules/nixos/profiles/headless.nix2
-rw-r--r--modules/nixos/shadowsocks.nix9
-rw-r--r--modules/nixos/soju.nix2
-rw-r--r--modules/nixos/unbound.nix9
12 files changed, 70 insertions, 66 deletions
diff --git a/flake.lock b/flake.lock
index e02085f..991b721 100644
--- a/flake.lock
+++ b/flake.lock
@@ -271,11 +271,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709270649,
-        "narHash": "sha256-ox/QjE33yeC9ESx9viogCH8bWlB7Odkmp0mLy2PJD30=",
+        "lastModified": 1709771483,
+        "narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "c2751db910d47a0f08e989fe1360897d90fc3961",
+        "rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6",
         "type": "github"
       },
       "original": {
@@ -420,11 +420,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709204054,
-        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+        "lastModified": 1709904018,
+        "narHash": "sha256-fVp/89wNjWg7OQ/Gj3eSK2IXKDk9mXSj5ltOz98Ce2w=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+        "rev": "8b07ca541939211d3cc437ddfd74ebdef3d72471",
         "type": "github"
       },
       "original": {
@@ -468,11 +468,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706742486,
-        "narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=",
+        "lastModified": 1709905972,
+        "narHash": "sha256-18OF2/ypr0n4Lp6Fk5SLHPu12ok6jM+Hv3sC0PCim0Q=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "9e36323ae3dde787f761420465c3ae560f3dbf29",
+        "rev": "572c1b4d69deea1093ac231c37927cfa8ccad477",
         "type": "gitlab"
       },
       "original": {
@@ -494,11 +494,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709256031,
-        "narHash": "sha256-9kwgroCPU51++PXFGaadQJkXxyouEmUtlCZmhocHLfo=",
+        "lastModified": 1709860485,
+        "narHash": "sha256-ZcD6awXKI5RHBq5VwWgFnI203+Cl0pd8QFr2DsMyRYo=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "b03e96e1bd7a4fefc9248844f4484b833cb8135e",
+        "rev": "ff8caea3c999a5173d021fc76c84addbf7bbf785",
         "type": "github"
       },
       "original": {
@@ -514,11 +514,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708830466,
-        "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=",
+        "lastModified": 1709906691,
+        "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b",
+        "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178",
         "type": "github"
       },
       "original": {
@@ -529,11 +529,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1709147990,
-        "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
+        "lastModified": 1709410583,
+        "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
+        "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
         "type": "github"
       },
       "original": {
@@ -544,11 +544,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709230475,
-        "narHash": "sha256-QI/0GiTvWxhBJ/bpredarfAUARnP6zE1vCOifsZ220A=",
+        "lastModified": 1709780214,
+        "narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b5f6e3881acf8ca8a35b8cdb8d4021e5bd469a4e",
+        "rev": "f945939fd679284d736112d3d5410eb867f3b31c",
         "type": "github"
       },
       "original": {
@@ -560,11 +560,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1709277635,
-        "narHash": "sha256-JksaB0ZjX805Udu2EpgGqzr/QaPE64v9CqPKNowGrzk=",
+        "lastModified": 1709911891,
+        "narHash": "sha256-abdPgw2J4s/FxdamRQWEX8hpot+NaeaHoZTK0nshb0Q=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f7fca9d98b0ec282f4b0d63f1fc2e38caf4ea55a",
+        "rev": "b4af4efff2fc40287d7a4f17b59d2754107b02bb",
         "type": "github"
       },
       "original": {
@@ -576,11 +576,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1709251216,
-        "narHash": "sha256-YIqYA4e1561zvBK2F7h9ilScnBy+0stgLHb3zOzpmOA=",
+        "lastModified": 1709909254,
+        "narHash": "sha256-C9HGaGbYlWv/lBXtwxAD+tkwVqIDImNLVlA6Kma4vOg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1f50575dc92e39cdec74ab832987f41a57de7f68",
+        "rev": "033e72165ef3f3b6be6d901444ed5e5d0ef699aa",
         "type": "github"
       },
       "original": {
@@ -748,11 +748,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709256035,
-        "narHash": "sha256-ITBljUSiKjrxkmY/TnLWARn2C/DkvehAreyObQ3et+4=",
+        "lastModified": 1709860999,
+        "narHash": "sha256-fZd5nkY4tnCrIjDKC/0aguldQtV7nsU/byihYF3GCLU=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "4c837a448eec3c02bcc632c5edd3474173e5cb12",
+        "rev": "f482c1c39027a8c03b86c3dc43637d80a1440918",
         "type": "github"
       },
       "original": {
diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el
index 3b771ad..15bcdff 100644
--- a/modules/common/emacs/doom/config.el
+++ b/modules/common/emacs/doom/config.el
@@ -188,9 +188,10 @@
                   :host "azahi.cc"
                   :port 6697
                   :tls t
+                  :logging nil
                   :user ,(concat circe-default-user "/" server)
                   :pass ,(lambda (&rest _)
-                           (+pass-get-secret ""))))
+                           (+pass-get-secret "server/soju.shire.net/azahi"))))
               '("libera" "oftc" "hackint" "rizon")))
 
 ;;
diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix
index d9b67d0..e90c88e 100644
--- a/modules/common/profiles/dev/containers.nix
+++ b/modules/common/profiles/dev/containers.nix
@@ -34,14 +34,7 @@ in {
       };
 
       packages = with pkgs; [
-        argocd
-        chart-testing
-        clusterctl
-        cmctl
-        datree
-        istioctl
         k9s
-        kubeconform
         kubectl
         kubectl-doctor
         kubectl-images
@@ -50,10 +43,8 @@ in {
         kubelogin-oidc
         kubent
         kubernetes-helm
-        kubeseal
         kubespy
         minikube
-        skaffold
         skopeo
         stern
         telepresence2
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix
index 91306be..fb7d9b2 100644
--- a/modules/nixos/common/networking.nix
+++ b/modules/nixos/common/networking.nix
@@ -36,13 +36,15 @@ in {
 
         useDHCP = false;
 
+        nftables.enable = true;
+
         firewall = {
           enable = true;
 
           rejectPackets = false;
 
           allowPing = true;
-          pingLimit = "--limit 1/minute --limit-burst 5";
+          pingLimit = "1/minute burst 5 packets";
 
           logRefusedConnections = false;
           logRefusedPackets = false;
diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix
index d693c82..509e035 100644
--- a/modules/nixos/games/mangohud.nix
+++ b/modules/nixos/games/mangohud.nix
@@ -9,17 +9,21 @@ in {
   options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud";
 
   config = mkIf cfg.enable {
-    hm.programs.mangohud = {
-      enable = true;
-      settings = {
-        fps = true;
-        frame_timing = true;
-        gpu_stats = true;
-        gpu_temp = true;
-        cpu_stats = true;
-        cpu_temp = true;
-        ram = true;
-        vram = true;
+    hm = {
+      stylix.targets.mangohud.enable = false;
+
+      programs.mangohud = {
+        enable = true;
+        settings = {
+          fps = true;
+          frame_timing = true;
+          gpu_stats = true;
+          gpu_temp = true;
+          cpu_stats = true;
+          cpu_temp = true;
+          ram = true;
+          vram = true;
+        };
       };
     };
   };
diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix
index 2643c95..fc51c85 100644
--- a/modules/nixos/games/steam-run.nix
+++ b/modules/nixos/games/steam-run.nix
@@ -24,6 +24,7 @@ in {
       games = {
         enable32BitSupport = true;
         gamemode.enable = true;
+        mangohud.enable = true;
       };
     };
 
diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix
index 8dfa72c..c81d344 100644
--- a/modules/nixos/games/steam.nix
+++ b/modules/nixos/games/steam.nix
@@ -17,9 +17,15 @@ in {
       games = {
         enable32BitSupport = true;
         gamemode.enable = true;
+        mangohud.enable = true;
       };
     };
 
-    hm.home.packages = with pkgs; [steam];
+    hm.home.packages = with pkgs; [
+      (steam.override {extraEnv.MANGOHUD = 1;})
+      protontricks
+    ];
+
+    hardware.steam-hardware.enable = true;
   };
 }
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index d5c9308..c65b55b 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -106,8 +106,9 @@ in {
 
       systemd.services.dendrite = {
         description = "Dendrite Matrix homeserver";
-        requires = ["network.target"];
         wantedBy = ["multi-user.target"];
+        requires = ["network.target" "postgresql.service"];
+        after = ["network.target" "postgresql.service"];
         serviceConfig = let
           needsPrivileges = cfg.port < 1024;
           capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"];
diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix
index f0357ab..d1fcfa4 100644
--- a/modules/nixos/profiles/headless.nix
+++ b/modules/nixos/profiles/headless.nix
@@ -22,7 +22,7 @@ in {
     # the latest LTS release + hardened patches (just in case).
     #
     # [1]: https://kernel.org
-    boot.kernelPackages = pkgs.linuxPackages_5_15_hardened;
+    boot.kernelPackages = pkgs.linuxPackages_6_6_hardened;
 
     nix = {
       gc = {
diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix
index 97eb17f..69688da 100644
--- a/modules/nixos/shadowsocks.nix
+++ b/modules/nixos/shadowsocks.nix
@@ -100,14 +100,7 @@ in {
       '';
     };
 
-    networking.firewall = {
-      allowedTCPPorts = [cfg.port];
-      extraCommands = ''
-        iptables -A nixos-fw -p tcp --syn --dport ${
-          toString cfg.port
-        } -m connlimit --connlimit-above 32 -j nixos-fw-refuse
-      '';
-    };
+    networking.firewall.allowedTCPPorts = [cfg.port];
 
     # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks
     boot.kernel.sysctl = {
diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix
index ea95bb3..71dff86 100644
--- a/modules/nixos/soju.nix
+++ b/modules/nixos/soju.nix
@@ -70,6 +70,8 @@ in {
       systemd.services.soju = {
         description = "soju IRC bouncer";
         wantedBy = ["multi-user.target"];
+        wants = ["network-online.target"];
+        requires = ["postgresql.service"];
         after = ["network-online.target" "postgresql.service"];
         serviceConfig = {
           ExecStart = let
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index e6cad81..5aaf104 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -35,6 +35,7 @@ in {
             withTFO = true;
           };
 
+          checkconf = false;
           settings = {
             server = {
               interface = with this.wireguard; [
@@ -164,9 +165,10 @@ in {
                 name = "unbound-adblock-update";
                 runtimeInputs = [pkgs.curl package];
                 text = ''
-                  curl -s \
-                    "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \
-                    >${adblock-conf}
+                  curl \
+                    -s \
+                    -o ${adblock-conf} \
+                    "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf"
 
                   if [[ -f "${localControlSocketPath}" ]]; then
                     unbound-control reload
@@ -179,6 +181,7 @@ in {
 
         timers.unbound-adblock-update = {
           requires = ["network-online.target"];
+          after = ["network-online.target"];
           timerConfig = {
             OnCalendar = "daily";
             Persistent = true;

Consider giving Nix/NixOS a try! <3