diff --git a/hosts/micronix/config/sysctl.d/hardening.nix b/hosts/micronix/config/sysctl.d/hardening.nix index 6a8ac0f..c86dfe3 100644 --- a/hosts/micronix/config/sysctl.d/hardening.nix +++ b/hosts/micronix/config/sysctl.d/hardening.nix @@ -11,7 +11,6 @@ "kernel.perf_event_paranoid" = "-1"; "kernel.printk" = "3 3 3 3"; "kernel.sysrq" = "4"; - "kernel.unprivileged_bpf_disabled" = "1"; "kernel.yama.ptrace_scope" = "0"; "net.core.bpf_jit_harden" = "2"; "net.ipv4.conf.all.accept_redirects" = "0"; diff --git a/hosts/micronix/default.nix b/hosts/micronix/default.nix index bf75a4c..565bfb3 100644 --- a/hosts/micronix/default.nix +++ b/hosts/micronix/default.nix @@ -6,11 +6,9 @@ ./fonts.nix ./sound.nix ./ui.nix - ./searxng.nix ./energy.nix ./ssh.nix ./networking.nix - ./steam.nix ]; config = { diff --git a/hosts/micronix/energy.nix b/hosts/micronix/energy.nix index bd4aa75..7a8e3e0 100644 --- a/hosts/micronix/energy.nix +++ b/hosts/micronix/energy.nix @@ -5,7 +5,7 @@ TLP_ENABLE = 1; DISK_IDLE_SECS_ON_AC = 0; - DISK_IDLE_SECS_ON_BAT = 1; + DISK_IDLE_SECS_ON_BAT = 0; CPU_DRIVER_OPMODE_ON_AC = "active"; CPU_DRIVER_OPMODE_ON_BAT = "active"; @@ -24,7 +24,7 @@ PLATFORM_PROFILE_ON_AC = "performance"; PLATFORM_PROFILE_ON_BAT = "performance"; - DISK_DEVICES = "nvme0n1"; + DISK_DEVICES = "nvme0"; DISK_APM_LEVEL_ON_AC = "255 255"; DISK_APM_LEVEL_ON_BAT = "128 128"; @@ -57,7 +57,7 @@ SOUND_POWER_SAVE_CONTROLLER = "N"; PCIE_ASPM_ON_AC = "performance"; - PCIE_ASPM_ON_BAT = "powersave"; + PCIE_ASPM_ON_BAT = "performance"; RUNTIME_PM_ON_AC = "auto"; RUNTIME_PM_ON_BAT = "auto"; diff --git a/hosts/micronix/networking.nix b/hosts/micronix/networking.nix index 99c768b..7bbf6dd 100644 --- a/hosts/micronix/networking.nix +++ b/hosts/micronix/networking.nix @@ -13,10 +13,10 @@ }; nameservers = [ - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "2620:fe::fe#dns.quad9.net" - "2620:fe::9#dns.quad9.net" + "1.1.1.1#cloudflare-dns.com" + "1.0.0.1#cloudflare-dns.com" + "2606:4700:4700::1111#cloudflare-dns.com" + "2606:4700:4700::1001#cloudflare-dns.com" ]; firewall = { enable = true; @@ -31,10 +31,10 @@ dnssec = "true"; domains = ["~."]; fallbackDns = [ - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "2620:fe::fe#dns.quad9.net" - "2620:fe::9#dns.quad9.net" + "1.1.1.1#cloudflare-dns.com" + "1.0.0.1#cloudflare-dns.com" + "2606:4700:4700::1111#cloudflare-dns.com" + "2606:4700:4700::1001#cloudflare-dns.com" ]; dnsovertls = "true"; llmnr = "true"; diff --git a/hosts/micronix/searxng.nix b/hosts/micronix/searxng.nix deleted file mode 100644 index 276b225..0000000 --- a/hosts/micronix/searxng.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - services.searx = { - enable = true; - redisCreateLocally = true; - settings.server = { - bind_address = "127.0.0.1"; - port = 8192; - secret_key = "17869ed44904151e3df472ffc1ae9e8c674dec896672eeb85ce6a93a243a755ecc292f46854e7becc01154866589eb1df5142677bad19a17b16759e633e3b7b8"; # This is a locally running SearXNG instance so. - image_proxy = true; - }; - }; -} diff --git a/hosts/micronix/sound.nix b/hosts/micronix/sound.nix index a2d6a11..f56bc9e 100644 --- a/hosts/micronix/sound.nix +++ b/hosts/micronix/sound.nix @@ -36,12 +36,12 @@ }; "filter" = { "properties" = { - "node.latency" = "1024/48000"; + "node.latency" = "2048/192000"; }; }; "stream" = { "properties" = { - "node.latency" = "1024/48000"; + "node.latency" = "2048/192000"; "node.autoconnect" = true; "resample.quality" = 14; "channelmix.normalize" = true; @@ -79,12 +79,12 @@ }; "filter" = { "properties" = { - "node.latency" = "1024/48000"; + "node.latency" = "2048/192000"; }; }; "stream" = { "properties" = { - "node.latency" = "1024/48000"; + "node.latency" = "2048/192000"; "node.autoconnect" = true; "resample.quality" = 14; "channelmix.normalize" = true; @@ -99,7 +99,7 @@ ]; "actions" = { "update-props" = { - "node.latency" = "512/48000"; + "node.latency" = "512/192000"; }; }; } @@ -145,7 +145,7 @@ "rt.time.soft" = -1; "rt.time.hard" = -1; "uclamp.min" = 0; - "uclamp.max" = 1024; + "uclamp.max" = 2048; }; "flags" = ["ifexists" "nofail"]; } @@ -244,8 +244,8 @@ ]; "core.daemon" = true; "core.name" = "pipewire-0"; - "default.clock.rate" = 48000; - "default.clock.allowed-rates" = [48000]; + "default.clock.rate" = 192000; + "default.clock.allowed-rates" = [192000]; "module.x11.bell" = true; "module.access" = true; "module.jackdbus-detect" = true; @@ -259,7 +259,7 @@ ]; "actions" = { "update-props" = { - "default.clock.min-quantum" = 1024; + "default.clock.min-quantum" = 2048; }; }; } @@ -285,7 +285,7 @@ "rt.time.soft" = -1; "rt.time.hard" = -1; "uclamp.min" = 0; - "uclamp.max" = 1024; + "uclamp.max" = 2048; }; "flags" = ["ifexists" "nofail"]; } diff --git a/hosts/micronix/steam.nix b/hosts/micronix/steam.nix deleted file mode 100644 index 99020eb..0000000 --- a/hosts/micronix/steam.nix +++ /dev/null @@ -1,21 +0,0 @@ -{pkgs, ...}: { - programs.steam = { - enable = true; - extraPackages = with pkgs; [ - gamescope_git - latencyflex-vulkan - ]; - extraCompatPackages = with pkgs; [ - proton-ge-custom - ]; - extest = { - enable = true; - }; - protontricks = { - enable = true; - }; - gamescopeSession = { - enable = true; - }; - }; -} diff --git a/hosts/micronix/system.nix b/hosts/micronix/system.nix index b96b229..db42c07 100644 --- a/hosts/micronix/system.nix +++ b/hosts/micronix/system.nix @@ -101,7 +101,7 @@ use-cgroups = true; }; - boot.initrd.kernelModules = ["amdgpu"]; + boot.initrd.kernelModules = ["amdgpu", "sha256", "sha512"]; # Processor settings for AMD hardware.cpu.amd = { @@ -137,11 +137,6 @@ enable32Bit = true; }; - chaotic = { - mesa-git.enable = true; - hdr.enable = true; - }; - # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = ["amdgpu"]; diff --git a/hosts/micronix/users.nix b/hosts/micronix/users.nix index ff24bb0..0c05675 100644 --- a/hosts/micronix/users.nix +++ b/hosts/micronix/users.nix @@ -1,14 +1,12 @@ {pkgs, ...}: { - alqueva.users.xmm = { + alqueva.users.unix = { shell = pkgs.zsh; - packages = builtins.attrValues { inherit (pkgs) wget2 fastfetch btop-rocm - emacs30-pgtk kitty firefox_nightly ffmpeg-full @@ -29,13 +27,7 @@ pulseaudio man-pages man-pages-posix - capitaine-cursors xwayland-satellite - tinyxxd - furnace - adwaita-icon-theme - adwaita-icon-theme-legacy - morewaita-icon-theme ; inherit (pkgs.nodePackages_latest) @@ -69,23 +61,8 @@ ]; }; - services.emacs = { - enable = true; - package = pkgs.emacs30-pgtk; - defaultEditor = true; - startWithGraphical = true; - }; - services.flatpak.enable = true; - services.deluge = { - enable = true; - web = { - enable = true; - }; - openFilesLimit = 16384; - }; - documentation = { enable = true; dev = { @@ -128,7 +105,6 @@ shellAliases = { ll = "ls -l"; - ed = "emacsclient -r"; update = "sudo nixos-rebuild switch --upgrade --upgrade-all"; nixdev = "cd $HOME/.config/nixos"; };