about summary refs log tree commit diff
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos')
-rw-r--r--modules/nixos/common/networking.nix4
-rw-r--r--modules/nixos/games/mangohud.nix26
-rw-r--r--modules/nixos/games/steam-run.nix1
-rw-r--r--modules/nixos/games/steam.nix8
-rw-r--r--modules/nixos/matrix/dendrite.nix3
-rw-r--r--modules/nixos/profiles/headless.nix2
-rw-r--r--modules/nixos/shadowsocks.nix9
-rw-r--r--modules/nixos/soju.nix2
-rw-r--r--modules/nixos/unbound.nix9
9 files changed, 38 insertions, 26 deletions
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix
index 91306be..fb7d9b2 100644
--- a/modules/nixos/common/networking.nix
+++ b/modules/nixos/common/networking.nix
@@ -36,13 +36,15 @@ in {
 
         useDHCP = false;
 
+        nftables.enable = true;
+
         firewall = {
           enable = true;
 
           rejectPackets = false;
 
           allowPing = true;
-          pingLimit = "--limit 1/minute --limit-burst 5";
+          pingLimit = "1/minute burst 5 packets";
 
           logRefusedConnections = false;
           logRefusedPackets = false;
diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix
index d693c82..509e035 100644
--- a/modules/nixos/games/mangohud.nix
+++ b/modules/nixos/games/mangohud.nix
@@ -9,17 +9,21 @@ in {
   options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud";
 
   config = mkIf cfg.enable {
-    hm.programs.mangohud = {
-      enable = true;
-      settings = {
-        fps = true;
-        frame_timing = true;
-        gpu_stats = true;
-        gpu_temp = true;
-        cpu_stats = true;
-        cpu_temp = true;
-        ram = true;
-        vram = true;
+    hm = {
+      stylix.targets.mangohud.enable = false;
+
+      programs.mangohud = {
+        enable = true;
+        settings = {
+          fps = true;
+          frame_timing = true;
+          gpu_stats = true;
+          gpu_temp = true;
+          cpu_stats = true;
+          cpu_temp = true;
+          ram = true;
+          vram = true;
+        };
       };
     };
   };
diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix
index 2643c95..fc51c85 100644
--- a/modules/nixos/games/steam-run.nix
+++ b/modules/nixos/games/steam-run.nix
@@ -24,6 +24,7 @@ in {
       games = {
         enable32BitSupport = true;
         gamemode.enable = true;
+        mangohud.enable = true;
       };
     };
 
diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix
index 8dfa72c..c81d344 100644
--- a/modules/nixos/games/steam.nix
+++ b/modules/nixos/games/steam.nix
@@ -17,9 +17,15 @@ in {
       games = {
         enable32BitSupport = true;
         gamemode.enable = true;
+        mangohud.enable = true;
       };
     };
 
-    hm.home.packages = with pkgs; [steam];
+    hm.home.packages = with pkgs; [
+      (steam.override {extraEnv.MANGOHUD = 1;})
+      protontricks
+    ];
+
+    hardware.steam-hardware.enable = true;
   };
 }
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index d5c9308..c65b55b 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -106,8 +106,9 @@ in {
 
       systemd.services.dendrite = {
         description = "Dendrite Matrix homeserver";
-        requires = ["network.target"];
         wantedBy = ["multi-user.target"];
+        requires = ["network.target" "postgresql.service"];
+        after = ["network.target" "postgresql.service"];
         serviceConfig = let
           needsPrivileges = cfg.port < 1024;
           capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"];
diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix
index f0357ab..d1fcfa4 100644
--- a/modules/nixos/profiles/headless.nix
+++ b/modules/nixos/profiles/headless.nix
@@ -22,7 +22,7 @@ in {
     # the latest LTS release + hardened patches (just in case).
     #
     # [1]: https://kernel.org
-    boot.kernelPackages = pkgs.linuxPackages_5_15_hardened;
+    boot.kernelPackages = pkgs.linuxPackages_6_6_hardened;
 
     nix = {
       gc = {
diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix
index 97eb17f..69688da 100644
--- a/modules/nixos/shadowsocks.nix
+++ b/modules/nixos/shadowsocks.nix
@@ -100,14 +100,7 @@ in {
       '';
     };
 
-    networking.firewall = {
-      allowedTCPPorts = [cfg.port];
-      extraCommands = ''
-        iptables -A nixos-fw -p tcp --syn --dport ${
-          toString cfg.port
-        } -m connlimit --connlimit-above 32 -j nixos-fw-refuse
-      '';
-    };
+    networking.firewall.allowedTCPPorts = [cfg.port];
 
     # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks
     boot.kernel.sysctl = {
diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix
index ea95bb3..71dff86 100644
--- a/modules/nixos/soju.nix
+++ b/modules/nixos/soju.nix
@@ -70,6 +70,8 @@ in {
       systemd.services.soju = {
         description = "soju IRC bouncer";
         wantedBy = ["multi-user.target"];
+        wants = ["network-online.target"];
+        requires = ["postgresql.service"];
         after = ["network-online.target" "postgresql.service"];
         serviceConfig = {
           ExecStart = let
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index e6cad81..5aaf104 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -35,6 +35,7 @@ in {
             withTFO = true;
           };
 
+          checkconf = false;
           settings = {
             server = {
               interface = with this.wireguard; [
@@ -164,9 +165,10 @@ in {
                 name = "unbound-adblock-update";
                 runtimeInputs = [pkgs.curl package];
                 text = ''
-                  curl -s \
-                    "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \
-                    >${adblock-conf}
+                  curl \
+                    -s \
+                    -o ${adblock-conf} \
+                    "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf"
 
                   if [[ -f "${localControlSocketPath}" ]]; then
                     unbound-control reload
@@ -179,6 +181,7 @@ in {
 
         timers.unbound-adblock-update = {
           requires = ["network-online.target"];
+          after = ["network-online.target"];
           timerConfig = {
             OnCalendar = "daily";
             Persistent = true;

Consider giving Nix/NixOS a try! <3