diff --git a/nixos/configuration.nix b/nixos/configuration.nix index d118a0c..0f5f23f 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -2,14 +2,13 @@ { # Imports - imports = - [ - ./hardware-configuration.nix - ./modules/wifi-dongle.nix - ./modules/disable-hibernation.nix - ./modules/dns-over-https.nix - ./modules/nvidia.nix - ]; + imports = [ + ./hardware-configuration.nix + ./modules/wifi-dongle.nix + ./modules/disable-hibernation.nix + ./modules/dns-over-https.nix + ./modules/nvidia.nix + ]; # Bootloader. boot.loader.systemd-boot.enable = true; @@ -68,11 +67,7 @@ enable = true; theme = "catppuccin-sddm-corners"; # Fix keyboard showing up unnecesarilly - settings = { - General = { - InputMethod=""; - }; - }; + settings = { General = { InputMethod = ""; }; }; }; # Setup plasma with excluding a couple unnecesarry packages @@ -145,28 +140,31 @@ ryzenadj wineWowPackages.staging lutris - (catppuccin-kde.override { winDecStyles = ["classic" "modern"] ;}) + (catppuccin-kde.override { winDecStyles = [ "classic" "modern" ]; }) catppuccin-sddm-corners ]; # Wireguard settings networking.firewall = { - # if packets are still dropped, they will show up in dmesg - logReversePathDrops = true; - # wireguard trips rpfilter up - extraCommands = '' - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN - ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN - ''; - extraStopCommands = '' - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true - ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true - ''; + enable = true; + # allow specific tcp ports + allowedTCPPorts = [ 2234 ]; + # if packets are still dropped, they will show up in dmesg + logReversePathDrops = true; + # wireguard trips rpfilter up + extraCommands = '' + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN + ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN + ''; + extraStopCommands = '' + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true + ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true + ''; }; # Enable fstrim services.fstrim.enable = true; - + # Enable ratbagd for mice configuration services.ratbagd.enable = true; @@ -190,7 +188,8 @@ users.users.crony = { isNormalUser = true; description = "Crony"; - extraGroups = [ "networkmanager" "wheel" "video" "input" "audio" "libvirtd" ]; + extraGroups = + [ "networkmanager" "wheel" "video" "input" "audio" "libvirtd" ]; shell = pkgs.zsh; }; @@ -203,8 +202,8 @@ interpreter = "${pkgs.appimage-run}/bin/appimage-run"; recognitionType = "magic"; offset = 0; - mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; - magicOrExtension = ''\x7fELF....AI\x02''; + mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff"; + magicOrExtension = "\\x7fELF....AI\\x02"; }; # Automatic cleanup and optimization @@ -221,17 +220,16 @@ description = "Set my ryzen cpu power."; serviceConfig = { Type = "oneshot"; - ExecStart = toString ( - pkgs.writeShellScript "ryzenadj-setup" '' - ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit 35000 --fast-limit 35000 --slow-limit 35000 --slow-time 60 --stapm-time 1000 --tctl-temp 75 --vrmmax-current 65000 - ''); + ExecStart = toString (pkgs.writeShellScript "ryzenadj-setup" '' + ${pkgs.ryzenadj}/bin/ryzenadj --stapm-limit 35000 --fast-limit 35000 --slow-limit 35000 --slow-time 60 --stapm-time 1000 --tctl-temp 75 --vrmmax-current 65000 + ''); }; - wantedBy = ["default.target"]; + wantedBy = [ "default.target" ]; }; # Esync systemd.extraConfig = "DefaultLimitNOFILE=1048576"; - + security.pam.loginLimits = [{ domain = "*"; type = "hard";