diff options
Diffstat (limited to 'modules/nixos')
-rw-r--r-- | modules/nixos/common/networking.nix | 4 | ||||
-rw-r--r-- | modules/nixos/games/mangohud.nix | 26 | ||||
-rw-r--r-- | modules/nixos/games/steam-run.nix | 1 | ||||
-rw-r--r-- | modules/nixos/games/steam.nix | 8 | ||||
-rw-r--r-- | modules/nixos/matrix/dendrite.nix | 3 | ||||
-rw-r--r-- | modules/nixos/profiles/headless.nix | 2 | ||||
-rw-r--r-- | modules/nixos/shadowsocks.nix | 9 | ||||
-rw-r--r-- | modules/nixos/soju.nix | 2 | ||||
-rw-r--r-- | modules/nixos/unbound.nix | 9 |
9 files changed, 38 insertions, 26 deletions
diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix index 91306be..fb7d9b2 100644 --- a/modules/nixos/common/networking.nix +++ b/modules/nixos/common/networking.nix @@ -36,13 +36,15 @@ in { useDHCP = false; + nftables.enable = true; + firewall = { enable = true; rejectPackets = false; allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; + pingLimit = "1/minute burst 5 packets"; logRefusedConnections = false; logRefusedPackets = false; diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix index d693c82..509e035 100644 --- a/modules/nixos/games/mangohud.nix +++ b/modules/nixos/games/mangohud.nix @@ -9,17 +9,21 @@ in { options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; config = mkIf cfg.enable { - hm.programs.mangohud = { - enable = true; - settings = { - fps = true; - frame_timing = true; - gpu_stats = true; - gpu_temp = true; - cpu_stats = true; - cpu_temp = true; - ram = true; - vram = true; + hm = { + stylix.targets.mangohud.enable = false; + + programs.mangohud = { + enable = true; + settings = { + fps = true; + frame_timing = true; + gpu_stats = true; + gpu_temp = true; + cpu_stats = true; + cpu_temp = true; + ram = true; + vram = true; + }; }; }; }; diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix index 2643c95..fc51c85 100644 --- a/modules/nixos/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -24,6 +24,7 @@ in { games = { enable32BitSupport = true; gamemode.enable = true; + mangohud.enable = true; }; }; diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix index 8dfa72c..c81d344 100644 --- a/modules/nixos/games/steam.nix +++ b/modules/nixos/games/steam.nix @@ -17,9 +17,15 @@ in { games = { enable32BitSupport = true; gamemode.enable = true; + mangohud.enable = true; }; }; - hm.home.packages = with pkgs; [steam]; + hm.home.packages = with pkgs; [ + (steam.override {extraEnv.MANGOHUD = 1;}) + protontricks + ]; + + hardware.steam-hardware.enable = true; }; } diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index d5c9308..c65b55b 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -106,8 +106,9 @@ in { systemd.services.dendrite = { description = "Dendrite Matrix homeserver"; - requires = ["network.target"]; wantedBy = ["multi-user.target"]; + requires = ["network.target" "postgresql.service"]; + after = ["network.target" "postgresql.service"]; serviceConfig = let needsPrivileges = cfg.port < 1024; capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"]; diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix index f0357ab..d1fcfa4 100644 --- a/modules/nixos/profiles/headless.nix +++ b/modules/nixos/profiles/headless.nix @@ -22,7 +22,7 @@ in { # the latest LTS release + hardened patches (just in case). # # [1]: https://kernel.org - boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; + boot.kernelPackages = pkgs.linuxPackages_6_6_hardened; nix = { gc = { diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix index 97eb17f..69688da 100644 --- a/modules/nixos/shadowsocks.nix +++ b/modules/nixos/shadowsocks.nix @@ -100,14 +100,7 @@ in { ''; }; - networking.firewall = { - allowedTCPPorts = [cfg.port]; - extraCommands = '' - iptables -A nixos-fw -p tcp --syn --dport ${ - toString cfg.port - } -m connlimit --connlimit-above 32 -j nixos-fw-refuse - ''; - }; + networking.firewall.allowedTCPPorts = [cfg.port]; # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix index ea95bb3..71dff86 100644 --- a/modules/nixos/soju.nix +++ b/modules/nixos/soju.nix @@ -70,6 +70,8 @@ in { systemd.services.soju = { description = "soju IRC bouncer"; wantedBy = ["multi-user.target"]; + wants = ["network-online.target"]; + requires = ["postgresql.service"]; after = ["network-online.target" "postgresql.service"]; serviceConfig = { ExecStart = let diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index e6cad81..5aaf104 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -35,6 +35,7 @@ in { withTFO = true; }; + checkconf = false; settings = { server = { interface = with this.wireguard; [ @@ -164,9 +165,10 @@ in { name = "unbound-adblock-update"; runtimeInputs = [pkgs.curl package]; text = '' - curl -s \ - "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \ - >${adblock-conf} + curl \ + -s \ + -o ${adblock-conf} \ + "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf" if [[ -f "${localControlSocketPath}" ]]; then unbound-control reload @@ -179,6 +181,7 @@ in { timers.unbound-adblock-update = { requires = ["network-online.target"]; + after = ["network-online.target"]; timerConfig = { OnCalendar = "daily"; Persistent = true; |