diff options
-rw-r--r-- | .editorconfig | 4 | ||||
-rw-r--r-- | flake.lock | 66 | ||||
-rw-r--r-- | modules/common/common/nix/default.nix | 1 | ||||
-rw-r--r-- | modules/common/emacs/default.nix | 7 | ||||
-rw-r--r-- | modules/common/emacs/doom/config.el | 49 | ||||
-rw-r--r-- | modules/common/emacs/doom/init.el | 6 | ||||
-rw-r--r-- | modules/common/fonts.nix | 7 | ||||
-rw-r--r-- | modules/common/mpv.nix | 79 | ||||
-rw-r--r-- | modules/common/zathura.nix | 5 | ||||
-rw-r--r-- | modules/nixos/default.nix | 2 | ||||
-rw-r--r-- | modules/nixos/firefox/userContent.css | 1 | ||||
-rw-r--r-- | modules/nixos/fonts.nix | 55 | ||||
-rw-r--r-- | modules/nixos/monitoring/default.nix | 5 | ||||
-rw-r--r-- | modules/nixos/mpv.nix | 89 | ||||
-rw-r--r-- | modules/nixos/zathura.nix | 15 | ||||
-rw-r--r-- | nixosConfigurations/yavanna/default.nix | 27 |
16 files changed, 249 insertions, 169 deletions
diff --git a/.editorconfig b/.editorconfig index f3067de..5d5056f 100644 --- a/.editorconfig +++ b/.editorconfig @@ -20,3 +20,7 @@ indent_style = space [*.{yaml,yml}] indent_size = 2 indent_style = space + +[*.el] +indent_size = unset +indent_style = unset diff --git a/flake.lock b/flake.lock index 8419e2f..d157b10 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1698429334, - "narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=", + "lastModified": 1699437533, + "narHash": "sha256-lMoPz9c89CpPVuJ95OFFesM9JagCF0soGbQatj3ZhqM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7", + "rev": "eb2b9b64238349bd351561e32e260cac15db6f9a", "type": "github" }, "original": { @@ -266,11 +266,11 @@ ] }, "locked": { - "lastModified": 1698479159, - "narHash": "sha256-rJHBDwW4LbADEfhkgGHjKGfL2dF44NrlyXdXeZrQahs=", + "lastModified": 1699368917, + "narHash": "sha256-nUtGIWf86BOkUbtksWtfglvCZ/otP0FTZlQH8Rzc7PA=", "owner": "nix-community", "repo": "home-manager", - "rev": "f92a54fef4eacdbe86b0a2054054dd58b0e2a2a4", + "rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3", "type": "github" }, "original": { @@ -309,11 +309,11 @@ ] }, "locked": { - "lastModified": 1698471646, - "narHash": "sha256-+1c4oNDPUtT4iuipUvmw/4xaTKT7zLMgSYqZx8R6icg=", + "lastModified": 1699233548, + "narHash": "sha256-oV0OdM6BOmPOM2CES3zZ24XFMkIrUKw4hjH50RxfWqw=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "0581ffbd2fbc223edf1baae72efbf7f96f190d0a", + "rev": "3888af3947c721fb51ee97f24fef891566b1552f", "type": "github" }, "original": { @@ -336,11 +336,11 @@ ] }, "locked": { - "lastModified": 1698455861, - "narHash": "sha256-qCG2FqdCpJFTdwRzH4CfYUIwyXdLXH+mbkWTJv4wz5k=", + "lastModified": 1699406699, + "narHash": "sha256-Y/cuCmpmkAIhhKmoF97k4ZG4I2hRH6kcZe00BH3KN3U=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ccb2cfa4b140dd2a535c01488c42387d51b8c928", + "rev": "57af5d8164187dcb4015e9efc823f7bd33d9c6fc", "type": "github" }, "original": { @@ -352,11 +352,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1698053470, - "narHash": "sha256-sP8D/41UiwC2qn0X40oi+DfuVzNHMROqIWdSdCI/AYA=", + "lastModified": 1699159446, + "narHash": "sha256-cL63IjsbPl2otS7R4kdXbVOJOXYMpGw5KGZoWgdCuCM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "80d98a7d55c6e27954a166cb583a41325e9512d7", + "rev": "627bc9b88256379578885a7028c9e791c29fb581", "type": "github" }, "original": { @@ -368,11 +368,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698336494, - "narHash": "sha256-sO72WDBKyijYD1GcKPlGsycKbMBiTJMBCnmOxLAs880=", + "lastModified": 1699343069, + "narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "808c0d8c53c7ae50f82aca8e7df263225cf235bf", + "rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d", "type": "github" }, "original": { @@ -384,11 +384,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1698614678, - "narHash": "sha256-gtwLWmybxUJyKjDTpp5ERPESHQg6ZCiOhz49cepEUbo=", + "lastModified": 1699481204, + "narHash": "sha256-VthbrNgoxDUjVcMqX6IciqfrraiHIbPV1LHQvG0jnvc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a905c3a544a422b92db99758489e20d84ed755cb", + "rev": "4e4bbb01ebfa4a1ce322f036007ec4d653071523", "type": "github" }, "original": { @@ -400,11 +400,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1698501290, - "narHash": "sha256-2fsEjktglg903ssQvFRXNSnjxky1D+LxVSMVzD2c8fo=", + "lastModified": 1699458350, + "narHash": "sha256-AHoi7cM4SzQTpu4ZMzt+KDoxxka/qjGPvR+0lvaLgf0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "755f966284752c695e6e64c996891eab2ff7fffa", + "rev": "da44563672fb0faca83dc56185472e56d1a21852", "type": "github" }, "original": { @@ -428,11 +428,11 @@ ] }, "locked": { - "lastModified": 1698504351, - "narHash": "sha256-/bj7Sy32j2HPtIuwjV94ZqF3A8A3CIouOngz8pdMn2I=", + "lastModified": 1699308475, + "narHash": "sha256-sFHOFiE+GV1JkwDmHi0LLJLSRyggdIK1Yra02oj2eZg=", "owner": "nix-community", "repo": "nixvim", - "rev": "9004ffe32f68bb9cc3e5907bdb55ceccddca44a0", + "rev": "6b93c8fa6db999320d53f13e0ebd555e33f86577", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nur": { "locked": { - "lastModified": 1698513999, - "narHash": "sha256-JFWbAmExdWkghvKLjbNdWq2oNyrg5qcxTcCHrN1MTeA=", + "lastModified": 1699481792, + "narHash": "sha256-7gt0Cci+AQoEWNVEMkmxALy/08hdup9/4KQ5zOYW3iE=", "owner": "nix-community", "repo": "NUR", - "rev": "984c4715454a4f5fdd753a1b667893c206729ab5", + "rev": "a865eb8d6829bd7317360abcb53a94381a21eeb1", "type": "github" }, "original": { @@ -538,11 +538,11 @@ ] }, "locked": { - "lastModified": 1698227354, - "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "lastModified": 1699271226, + "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "bd38df3d508dfcdff52cd243d297f218ed2257bf", + "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128", "type": "github" }, "original": { diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix index ad7e706..370667c 100644 --- a/modules/common/common/nix/default.nix +++ b/modules/common/common/nix/default.nix @@ -190,6 +190,7 @@ with lib; { this = my.configurations.${hostname}; inherit (local) config; inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + pretty = expr: lib.trace (lib.generators.toPretty {} expr) {}; } // configurations // local._module.args ''; diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix index dfc657c..e7597ad 100644 --- a/modules/common/emacs/default.nix +++ b/modules/common/emacs/default.nix @@ -83,6 +83,8 @@ in { gnumake # :term vterm gnuplot # :lang (org +gnuplot) gnutls # doom! + go # :lang go org + gocode # :lang go org gomodifytags # :lang go gopls # :lang (go +lsp) gore # :lang go @@ -154,7 +156,10 @@ in { circe-default-user circe-default-nick) ;; :lang plantuml - (setq org-plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar") + (setq plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar" + plantuml-executable-path "${pkgs.plantuml}/bin/plantuml" + org-plantuml-jar-path plantuml-jar-path + org-plantuml-executable-path plantuml-executable-path) ;; :input japanese (setq migemo-dictionary "${pkgs.cmigemo}/share/migemo/utf-8/migemo-dict") diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index 493a79a..df8b82e 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -50,7 +50,6 @@ ("WAIT" . +org-todo-onhold) ("HOLD" . +org-todo-onhold) ("PROJ" . +org-todo-project) - ("NO" . +org-todo-cancel) ("KILL" . +org-todo-cancel)) org-capture-templates '(("t" "Personal todo" entry (file+headline +org-capture-todo-file "Inbox") @@ -62,13 +61,13 @@ (file+olp+datetree +org-capture-journal-file) "* %U %?\n%i\n%a" :prepend t) ("p" "Templates for projects") - ("pt" "Project-local todo" entry ; {project-root}/todo.org + ("pt" "Project-local todo" entry (file+headline +org-capture-project-todo-file "Inbox") "* TODO %?\n%i\n%a" :prepend t) - ("pn" "Project-local notes" entry ; {project-root}/notes.org + ("pn" "Project-local notes" entry (file+headline +org-capture-project-notes-file "Inbox") "* %U %?\n%i\n%a" :prepend t) - ("pc" "Project-local changelog" entry ; {project-root}/changelog.org + ("pc" "Project-local changelog" entry (file+headline +org-capture-project-changelog-file "Unreleased") "* %U %?\n%i\n%a" :prepend t) ("o" "Centralized templates for projects") @@ -105,6 +104,13 @@ org-roam-ui-open-on-start t)) ;; +;;; PlantUML +;; + +(setq plantuml-default-exec-mode 'executable + org-plantuml-exec-mode 'plantuml) + +;; ;;; Elisp ;; @@ -166,32 +172,15 @@ ;;; Circe ;; -(defun nixfiles/irc-bouncer-password-f (&rest _) - (+pass-get-secret "server/soju.manwe.shire.net/azahi")) - -(set-irc-server! "libera" - `(:host "shire.net" - :port 6667 - :user "azahi/libera" - :pass nixfiles/irc-bouncer-password-f)) - -(set-irc-server! "oftc" - `(:host "shire.net" - :port 6667 - :user "azahi/oftc" - :pass nixfiles/irc-bouncer-password-f)) - -(set-irc-server! "hackint" - `(:host "shire.net" - :port 6667 - :user "azahi/hackint" - :pass nixfiles/irc-bouncer-password-f)) - -(set-irc-server! "rizon" - `(:host "shire.net" - :port 6667 - :user "azahi/rizon" - :pass nixfiles/irc-bouncer-password-f)) +(setq circe-network-options + (mapcar (lambda (server) + `(,server :server-buffer-name ,server + :host "shire.net" + :port 6667 + :user ,(concat circe-default-user "/" server) + :pass ,(lambda (&rest _) + (+pass-get-secret "server/soju.manwe.shire.net/azahi")))) + '("libera" "oftc" "hackint" "rizon"))) ;; ;;; Hledger diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el index a76d0e3..3b26e0d 100644 --- a/modules/common/emacs/doom/init.el +++ b/modules/common/emacs/doom/init.el @@ -10,12 +10,12 @@ doom ;; doom-dashboard ;; doom-quit - ;; emoji + (emoji +unicode) hl-todo hydra indent-guides - ;; ligatures - ;; modeline + (ligatures +extra) + (modeline +light) ;; nav-flash ophints (popup +defaults) diff --git a/modules/common/fonts.nix b/modules/common/fonts.nix index adf6a3f..1e204e5 100644 --- a/modules/common/fonts.nix +++ b/modules/common/fonts.nix @@ -24,6 +24,13 @@ with lib; { (iosevka-bin.override {variant = "etoile";}) iosevka-bin sarasa-gothic + source-han-mono + source-han-sans + source-han-serif + noto-fonts + noto-fonts-emoji + twitter-color-emoji + font-awesome ]; }; diff --git a/modules/common/mpv.nix b/modules/common/mpv.nix index 757ccd8..37fbe4c 100644 --- a/modules/common/mpv.nix +++ b/modules/common/mpv.nix @@ -10,85 +10,6 @@ in { options.nixfiles.modules.mpv.enable = mkEnableOption "mpv"; config = mkIf cfg.enable { - nixfiles.modules.common.xdg.defaultApplications.mpv = let - audio = [ - "audio/aac" - "audio/ac3" - "audio/basic" - "audio/flac" - "audio/midi" - "audio/mp4" - "audio/mpeg" - "audio/ogg" - "audio/opus" - "audio/vnd.dts" - "audio/vnd.dts.hd" - "audio/webm" - "audio/x-adpcm" - "audio/x-aifc" - "audio/x-aiff" - "audio/x-ape" - "audio/x-flac+ogg" - "audio/x-m4b" - "audio/x-m4r" - "audio/x-matroska" - "audio/x-mpegurl" - "audio/x-musepack" - "audio/x-opus+ogg" - "audio/x-speex" - "audio/x-speex+ogg" - "audio/x-vorbis+ogg" - "audio/x-wav" - "audio/x-wavpack" - "x-content/audio-cdda" - "x-content/audio-dvd" - ]; - video = [ - "video/3gpp" - "video/3gpp2" - "video/mkv" - "video/mp2t" - "video/mp4" - "video/mpeg" - "video/ogg" - "video/quicktime" - "video/vnd.mpegurl" - "video/vnd.radgamettools.bink" - "video/vnd.radgamettools.smacker" - "video/wavelet" - "video/webm" - "video/x-matroska" - "video/x-matroska-3d" - "video/x-mjpeg" - "video/x-msvideo" - "video/x-ogm+ogg" - "video/x-theora+ogg" - "x-content/video-bluray" - "x-content/video-dvd" - "x-content/video-hddvd" - "x-content/video-svcd" - "x-content/video-vcd" - ]; - image = [ - "image/avif" - "image/bmp" - "image/gif" - "image/jp2" - "image/jpeg" - "image/jpg" - "image/jpm" - "image/jpx" - "image/jxl" - "image/png" - "image/tiff" - "image/vnd.microsoft.icon" - "image/webp" - "image/webp" - "image/x-tga" - ]; - in - audio ++ video ++ image; - hm.programs = { mpv = { enable = true; diff --git a/modules/common/zathura.nix b/modules/common/zathura.nix index 408f218..f78a9e9 100644 --- a/modules/common/zathura.nix +++ b/modules/common/zathura.nix @@ -10,11 +10,6 @@ in { mkEnableOption "Zathura PDF reader"; config = mkIf cfg.enable { - nixfiles.modules.common.xdg.defaultApplications."org.pwmt.zathura" = [ - "application/pdf" - "application/epub+zip" - ]; - hm.programs.zathura = with config.nixfiles.modules; { enable = true; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1b1ec75..35694f4 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -33,6 +33,7 @@ _: { ./matrix ./monitoring ./mpd.nix + ./mpv.nix ./murmur.nix ./nextcloud.nix ./nginx.nix @@ -68,5 +69,6 @@ _: { ./wireguard.nix ./x11.nix ./xmonad.nix + ./zathura.nix ]; } diff --git a/modules/nixos/firefox/userContent.css b/modules/nixos/firefox/userContent.css index 9d59704..8615990 100644 --- a/modules/nixos/firefox/userContent.css +++ b/modules/nixos/firefox/userContent.css @@ -54,7 +54,6 @@ .js-user-status-item, .protip, .pt-3.mt-3.d-none.d-md-block, /* Profile achievements. */ - .text-small.color-fg-muted, /* Useless tips. */ .user-status-circle-badge-container, .user-status-container, a[href^="/account/choose?action=upgrade"], diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix index f11a27d..f9624ec 100644 --- a/modules/nixos/fonts.nix +++ b/modules/nixos/fonts.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: with lib; let @@ -8,36 +9,58 @@ with lib; let in { config = mkMerge [ (mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["symbola"]; hm.fonts.fontconfig.enable = true; fonts = { - inherit (cfg) packages; + packages = cfg.packages ++ [pkgs.symbola]; fontconfig = { enable = true; defaultFonts = { - monospace = [ + emoji = mkForce [ + "Twitter Color Emoji" + "Noto Color Emoji" + "Symbola" + ]; + monospace = mkForce [ "Iosevka" - "Sarasa Mono K" - "Sarasa Mono J" - "Sarasa Mono SC" - "Sarasa Mono CL" + "Sarasa Mono" + "Source Han Mono" + "Noto Sans Mono" ]; - sansSerif = [ + sansSerif = mkForce [ "Iosevka Aile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" + "Sarasa Gothic" + "Source Han Sans" + "Noto Sans" ]; - serif = [ + serif = mkForce [ "Iosevka Etoile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" + "Sarasa Gothic" + "Source Han Serif" + "Noto Serif" ]; }; + + localConf = '' + <?xml version='1.0'?> + <!DOCTYPE fontconfig SYSTEM 'urn:fontconfig:fonts.dtd'> + <fontconfig> + <alias binding="same"> + <family>Helvetica</family> + <prefer> + <family>sans-serif</family> + </prefer> + </alias> + <alias binding="same"> + <family>Arial</family> + <prefer> + <family>sans-serif</family> + </prefer> + </alias> + </fontconfig> + ''; }; }; }) diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix index 7f62874..57adf1c 100644 --- a/modules/nixos/monitoring/default.nix +++ b/modules/nixos/monitoring/default.nix @@ -194,6 +194,11 @@ in { hosts = [manwe]; inherit (config.services.prometheus.exporters.wireguard) port; }; + # TODO Wait for https://github.com/NixOS/nixpkgs/pull/265696 + exportarr-lidarr = { + hosts = [yavanna]; + port = 9708; + }; }; ruleFiles = [ diff --git a/modules/nixos/mpv.nix b/modules/nixos/mpv.nix new file mode 100644 index 0000000..efe1729 --- /dev/null +++ b/modules/nixos/mpv.nix @@ -0,0 +1,89 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.mpv; +in { + config = mkIf cfg.enable { + nixfiles.modules.common.xdg.defaultApplications.mpv = let + audio = [ + "audio/aac" + "audio/ac3" + "audio/basic" + "audio/flac" + "audio/midi" + "audio/mp4" + "audio/mpeg" + "audio/ogg" + "audio/opus" + "audio/vnd.dts" + "audio/vnd.dts.hd" + "audio/webm" + "audio/x-adpcm" + "audio/x-aifc" + "audio/x-aiff" + "audio/x-ape" + "audio/x-flac+ogg" + "audio/x-m4b" + "audio/x-m4r" + "audio/x-matroska" + "audio/x-mpegurl" + "audio/x-musepack" + "audio/x-opus+ogg" + "audio/x-speex" + "audio/x-speex+ogg" + "audio/x-vorbis+ogg" + "audio/x-wav" + "audio/x-wavpack" + "x-content/audio-cdda" + "x-content/audio-dvd" + ]; + video = [ + "video/3gpp" + "video/3gpp2" + "video/mkv" + "video/mp2t" + "video/mp4" + "video/mpeg" + "video/ogg" + "video/quicktime" + "video/vnd.mpegurl" + "video/vnd.radgamettools.bink" + "video/vnd.radgamettools.smacker" + "video/wavelet" + "video/webm" + "video/x-matroska" + "video/x-matroska-3d" + "video/x-mjpeg" + "video/x-msvideo" + "video/x-ogm+ogg" + "video/x-theora+ogg" + "x-content/video-bluray" + "x-content/video-dvd" + "x-content/video-hddvd" + "x-content/video-svcd" + "x-content/video-vcd" + ]; + image = [ + "image/avif" + "image/bmp" + "image/gif" + "image/jp2" + "image/jpeg" + "image/jpg" + "image/jpm" + "image/jpx" + "image/jxl" + "image/png" + "image/tiff" + "image/vnd.microsoft.icon" + "image/webp" + "image/webp" + "image/x-tga" + ]; + in + audio ++ video ++ image; + }; +} diff --git a/modules/nixos/zathura.nix b/modules/nixos/zathura.nix new file mode 100644 index 0000000..e7d1415 --- /dev/null +++ b/modules/nixos/zathura.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.zathura; +in { + config = mkIf cfg.enable { + nixfiles.modules.common.xdg.defaultApplications."org.pwmt.zathura" = [ + "application/pdf" + "application/epub+zip" + ]; + }; +} diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix index da74c03..4aacb9d 100644 --- a/nixosConfigurations/yavanna/default.nix +++ b/nixosConfigurations/yavanna/default.nix @@ -1,4 +1,10 @@ -{lib, ...}: +{ + config, + pkgs, + inputs, + lib, + ... +}: with lib; { nixfiles.modules = { wireguard.client.enable = true; @@ -12,6 +18,25 @@ with lib; { jackett.enable = true; }; + # TODO Wait for https://github.com/NixOS/nixpkgs/pull/265696 + disabledModules = ["services/monitoring/prometheus/exporters.nix"]; + imports = ["${inputs.nixpkgs-local}/nixos/modules/services/monitoring/prometheus/exporters.nix"]; + services.prometheus.exporters.exportarr-lidarr = { + enable = true; + url = "http://127.0.0.1"; + apiKeyFile = pkgs.writeText "api-key" "5a4311dd98a240b6a9fe0cac9146341e"; + port = mkDefault 9708; + inherit (config.services.lidarr) user; + inherit (config.services.lidarr) group; + listenAddress = this.wireguard.ipv4.address; + environment.CONFIG = "/var/lib/lidarr/.config/Lidarr/config.xml"; + }; + systemd.services.prometheus-exportarr-lidarr-exporter.serviceConfig = { + ProcSubset = "pid"; + ProtectProc = "invisible"; + SystemCallFilter = ["@system-service" "~@privileged"]; + }; + boot.loader.grub = { enable = true; device = "/dev/sda"; |