From 04be52d7b75eb62203a3af8d85e36e3584123f90 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Fri, 8 Mar 2024 21:30:37 +0300 Subject: 2024-03-08 --- flake.lock | 60 +++++++++++++++--------------- modules/common/emacs/doom/config.el | 3 +- modules/common/profiles/dev/containers.nix | 9 ----- modules/nixos/common/networking.nix | 4 +- modules/nixos/games/mangohud.nix | 26 +++++++------ modules/nixos/games/steam-run.nix | 1 + modules/nixos/games/steam.nix | 8 +++- modules/nixos/matrix/dendrite.nix | 3 +- modules/nixos/profiles/headless.nix | 2 +- modules/nixos/shadowsocks.nix | 9 +---- modules/nixos/soju.nix | 2 + modules/nixos/unbound.nix | 9 +++-- 12 files changed, 70 insertions(+), 66 deletions(-) diff --git a/flake.lock b/flake.lock index e02085f..991b721 100644 --- a/flake.lock +++ b/flake.lock @@ -271,11 +271,11 @@ ] }, "locked": { - "lastModified": 1709270649, - "narHash": "sha256-ox/QjE33yeC9ESx9viogCH8bWlB7Odkmp0mLy2PJD30=", + "lastModified": 1709771483, + "narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c2751db910d47a0f08e989fe1360897d90fc3961", + "rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6", "type": "github" }, "original": { @@ -420,11 +420,11 @@ ] }, "locked": { - "lastModified": 1709204054, - "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", + "lastModified": 1709904018, + "narHash": "sha256-fVp/89wNjWg7OQ/Gj3eSK2IXKDk9mXSj5ltOz98Ce2w=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f3367769a93b226c467551315e9e270c3f78b15", + "rev": "8b07ca541939211d3cc437ddfd74ebdef3d72471", "type": "github" }, "original": { @@ -468,11 +468,11 @@ ] }, "locked": { - "lastModified": 1706742486, - "narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=", + "lastModified": 1709905972, + "narHash": "sha256-18OF2/ypr0n4Lp6Fk5SLHPu12ok6jM+Hv3sC0PCim0Q=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "9e36323ae3dde787f761420465c3ae560f3dbf29", + "rev": "572c1b4d69deea1093ac231c37927cfa8ccad477", "type": "gitlab" }, "original": { @@ -494,11 +494,11 @@ ] }, "locked": { - "lastModified": 1709256031, - "narHash": "sha256-9kwgroCPU51++PXFGaadQJkXxyouEmUtlCZmhocHLfo=", + "lastModified": 1709860485, + "narHash": "sha256-ZcD6awXKI5RHBq5VwWgFnI203+Cl0pd8QFr2DsMyRYo=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "b03e96e1bd7a4fefc9248844f4484b833cb8135e", + "rev": "ff8caea3c999a5173d021fc76c84addbf7bbf785", "type": "github" }, "original": { @@ -514,11 +514,11 @@ ] }, "locked": { - "lastModified": 1708830466, - "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=", + "lastModified": 1709906691, + "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b", + "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178", "type": "github" }, "original": { @@ -529,11 +529,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709147990, - "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", + "lastModified": 1709410583, + "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", + "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", "type": "github" }, "original": { @@ -544,11 +544,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709230475, - "narHash": "sha256-QI/0GiTvWxhBJ/bpredarfAUARnP6zE1vCOifsZ220A=", + "lastModified": 1709780214, + "narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b5f6e3881acf8ca8a35b8cdb8d4021e5bd469a4e", + "rev": "f945939fd679284d736112d3d5410eb867f3b31c", "type": "github" }, "original": { @@ -560,11 +560,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1709277635, - "narHash": "sha256-JksaB0ZjX805Udu2EpgGqzr/QaPE64v9CqPKNowGrzk=", + "lastModified": 1709911891, + "narHash": "sha256-abdPgw2J4s/FxdamRQWEX8hpot+NaeaHoZTK0nshb0Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f7fca9d98b0ec282f4b0d63f1fc2e38caf4ea55a", + "rev": "b4af4efff2fc40287d7a4f17b59d2754107b02bb", "type": "github" }, "original": { @@ -576,11 +576,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1709251216, - "narHash": "sha256-YIqYA4e1561zvBK2F7h9ilScnBy+0stgLHb3zOzpmOA=", + "lastModified": 1709909254, + "narHash": "sha256-C9HGaGbYlWv/lBXtwxAD+tkwVqIDImNLVlA6Kma4vOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f50575dc92e39cdec74ab832987f41a57de7f68", + "rev": "033e72165ef3f3b6be6d901444ed5e5d0ef699aa", "type": "github" }, "original": { @@ -748,11 +748,11 @@ ] }, "locked": { - "lastModified": 1709256035, - "narHash": "sha256-ITBljUSiKjrxkmY/TnLWARn2C/DkvehAreyObQ3et+4=", + "lastModified": 1709860999, + "narHash": "sha256-fZd5nkY4tnCrIjDKC/0aguldQtV7nsU/byihYF3GCLU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4c837a448eec3c02bcc632c5edd3474173e5cb12", + "rev": "f482c1c39027a8c03b86c3dc43637d80a1440918", "type": "github" }, "original": { diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index 3b771ad..15bcdff 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -188,9 +188,10 @@ :host "azahi.cc" :port 6697 :tls t + :logging nil :user ,(concat circe-default-user "/" server) :pass ,(lambda (&rest _) - (+pass-get-secret "")))) + (+pass-get-secret "server/soju.shire.net/azahi")))) '("libera" "oftc" "hackint" "rizon"))) ;; diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix index d9b67d0..e90c88e 100644 --- a/modules/common/profiles/dev/containers.nix +++ b/modules/common/profiles/dev/containers.nix @@ -34,14 +34,7 @@ in { }; packages = with pkgs; [ - argocd - chart-testing - clusterctl - cmctl - datree - istioctl k9s - kubeconform kubectl kubectl-doctor kubectl-images @@ -50,10 +43,8 @@ in { kubelogin-oidc kubent kubernetes-helm - kubeseal kubespy minikube - skaffold skopeo stern telepresence2 diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix index 91306be..fb7d9b2 100644 --- a/modules/nixos/common/networking.nix +++ b/modules/nixos/common/networking.nix @@ -36,13 +36,15 @@ in { useDHCP = false; + nftables.enable = true; + firewall = { enable = true; rejectPackets = false; allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; + pingLimit = "1/minute burst 5 packets"; logRefusedConnections = false; logRefusedPackets = false; diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix index d693c82..509e035 100644 --- a/modules/nixos/games/mangohud.nix +++ b/modules/nixos/games/mangohud.nix @@ -9,17 +9,21 @@ in { options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; config = mkIf cfg.enable { - hm.programs.mangohud = { - enable = true; - settings = { - fps = true; - frame_timing = true; - gpu_stats = true; - gpu_temp = true; - cpu_stats = true; - cpu_temp = true; - ram = true; - vram = true; + hm = { + stylix.targets.mangohud.enable = false; + + programs.mangohud = { + enable = true; + settings = { + fps = true; + frame_timing = true; + gpu_stats = true; + gpu_temp = true; + cpu_stats = true; + cpu_temp = true; + ram = true; + vram = true; + }; }; }; }; diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix index 2643c95..fc51c85 100644 --- a/modules/nixos/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -24,6 +24,7 @@ in { games = { enable32BitSupport = true; gamemode.enable = true; + mangohud.enable = true; }; }; diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix index 8dfa72c..c81d344 100644 --- a/modules/nixos/games/steam.nix +++ b/modules/nixos/games/steam.nix @@ -17,9 +17,15 @@ in { games = { enable32BitSupport = true; gamemode.enable = true; + mangohud.enable = true; }; }; - hm.home.packages = with pkgs; [steam]; + hm.home.packages = with pkgs; [ + (steam.override {extraEnv.MANGOHUD = 1;}) + protontricks + ]; + + hardware.steam-hardware.enable = true; }; } diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index d5c9308..c65b55b 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -106,8 +106,9 @@ in { systemd.services.dendrite = { description = "Dendrite Matrix homeserver"; - requires = ["network.target"]; wantedBy = ["multi-user.target"]; + requires = ["network.target" "postgresql.service"]; + after = ["network.target" "postgresql.service"]; serviceConfig = let needsPrivileges = cfg.port < 1024; capabilities = [""] ++ optionals needsPrivileges ["CAP_NET_BIND_SERVICE"]; diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix index f0357ab..d1fcfa4 100644 --- a/modules/nixos/profiles/headless.nix +++ b/modules/nixos/profiles/headless.nix @@ -22,7 +22,7 @@ in { # the latest LTS release + hardened patches (just in case). # # [1]: https://kernel.org - boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; + boot.kernelPackages = pkgs.linuxPackages_6_6_hardened; nix = { gc = { diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix index 97eb17f..69688da 100644 --- a/modules/nixos/shadowsocks.nix +++ b/modules/nixos/shadowsocks.nix @@ -100,14 +100,7 @@ in { ''; }; - networking.firewall = { - allowedTCPPorts = [cfg.port]; - extraCommands = '' - iptables -A nixos-fw -p tcp --syn --dport ${ - toString cfg.port - } -m connlimit --connlimit-above 32 -j nixos-fw-refuse - ''; - }; + networking.firewall.allowedTCPPorts = [cfg.port]; # https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks boot.kernel.sysctl = { diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix index ea95bb3..71dff86 100644 --- a/modules/nixos/soju.nix +++ b/modules/nixos/soju.nix @@ -70,6 +70,8 @@ in { systemd.services.soju = { description = "soju IRC bouncer"; wantedBy = ["multi-user.target"]; + wants = ["network-online.target"]; + requires = ["postgresql.service"]; after = ["network-online.target" "postgresql.service"]; serviceConfig = { ExecStart = let diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index e6cad81..5aaf104 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -35,6 +35,7 @@ in { withTFO = true; }; + checkconf = false; settings = { server = { interface = with this.wireguard; [ @@ -164,9 +165,10 @@ in { name = "unbound-adblock-update"; runtimeInputs = [pkgs.curl package]; text = '' - curl -s \ - "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \ - >${adblock-conf} + curl \ + -s \ + -o ${adblock-conf} \ + "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/multi.blacklist.conf" if [[ -f "${localControlSocketPath}" ]]; then unbound-control reload @@ -179,6 +181,7 @@ in { timers.unbound-adblock-update = { requires = ["network-online.target"]; + after = ["network-online.target"]; timerConfig = { OnCalendar = "daily"; Persistent = true; -- cgit v1.2.3