blob: ca604cb0bcf4f953c877c97a73e37d1885d247d2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
{
config,
lib,
pkgs,
this,
...
}:
with lib; let
cfg = config.nixfiles.modules.profiles.headful;
in {
config = mkIf cfg.enable {
nixfiles.modules = {
chromium.enable = true;
firefox.enable = true;
sound.enable = true;
x11.enable = true;
dwm.enable = mkDefault false;
kde.enable = mkDefault true;
xmonad.enable = mkDefault false;
};
hm = {
home.packages = with pkgs; [
calibre
imv
neochat
tdesktop
tor-browser
];
programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open";
};
boot = {
kernelPackages = mkDefault pkgs.linuxPackages_latest;
# There are (arguably) not a lot of reasons to keep mitigations enabled
# for on machine that is not web-facing. First of all, to completely
# mitigate any possible Spectre holes one would need to disable
# Hyperthreading altogether which will essentially put one's computer into
# the stone age by not being able to to effectively utilise multi-core its
# multicore capabilities. Secondly, by enabling mitigations, we introduce
# a plethora of performace overheads[1], which, albeit small, but still
# contribute to the overall speed of things. This is however still poses a
# security risk, which I am willing to take.
#
# [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
kernelParams = ["mitigations=off"];
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
configurationLimit = 10;
};
};
};
hardware.opengl = {
enable = true;
driSupport = true;
};
programs = {
iftop.enable = true;
mtr.enable = true;
};
services = {
# https://github.com/NixOS/nixpkgs/issues/135888
upower.enable = true;
psd.enable = true;
};
environment.systemPackages = with pkgs; [lm_sensors];
my.extraGroups = ["audio" "video" "input"];
};
}
|
