diff --git a/flake.lock b/flake.lock index 2af1d4d..1fd0e8b 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1748012719, - "narHash": "sha256-s6VG70nqLCzAOLRgZ3oETQ8VJcsrEUol2vjTiYyesK4=", + "lastModified": 1746786847, + "narHash": "sha256-QKb+8DHlceK62uPHd+KTI22efwUMJ8zI2eD6HOSw99s=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "37e5621dde5c25ccac4f6da4d7c60f45fc71ff88", + "rev": "a2a9e3cec4945c4f6bb93622b860ef696ed3c075", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1748529677, - "narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=", + "lastModified": 1747155932, + "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=", "owner": "nix-community", "repo": "home-manager", - "rev": "da282034f4d30e787b8a10722431e8b650a907ef", + "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1748145500, - "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=", + "lastModified": 1746934494, + "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927", + "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1747646130, - "narHash": "sha256-B4+JyeF6u7FINPD1Fzc7QiDlmG1L06z/34MqMlBfPDQ=", + "lastModified": 1747037786, + "narHash": "sha256-nhOupZpHdrUYK2a2y1y238VEPVpUmJw/nEd212wyG0c=", "owner": "nix-community", "repo": "nix-ld", - "rev": "14ad0c0a26dae752c93fa9fa59437bfd2b8aaf69", + "rev": "90316ea7ffa3336547b85b3b2827d9d4552a4a79", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748370509, - "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1748486227, - "narHash": "sha256-veMuFa9cq/XgUXp1S57oC8K0TIw3XyZWL2jIyGWlW0c=", + "lastModified": 1747103809, + "narHash": "sha256-a3Yk+CoFmNw7V8J/si/AM8WuI/qTxQhiJpuQ7HFl774=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "4bf1892eb81113e868efe67982b64f1da15c8c5a", + "rev": "fe36c63649875f391949e8b2ec33949d0cd8aa95", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1748397853, - "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", + "lastModified": 1747101711, + "narHash": "sha256-VJ6NkQAIXvNr+THN6TlNqlSY3lB1hv/o4yvfG82sHQI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", + "rev": "1830b606ba0a839ab60f8465c23613620e9982de", "type": "github" }, "original": { diff --git a/home/kitty.nix b/home/kitty.nix index aedaf96..40f25ef 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -13,7 +13,7 @@ # for confirmation confirm_os_window_close = 0; clear_all_shortcuts = true; - background_opacity = 0.9; + background_opacity = 0.85; # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager @@ -21,7 +21,7 @@ # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; # "scrollback_lines" = 20000; - # wheel_scroll_multiplier = 50; + wheel_scroll_multiplier = 50; }; keybindings = { # kitty_mod is ctrl+shift by default diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index db3dfb2..ffc0360 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -57,6 +57,7 @@ gdb fuzzel hugo + ghidra sccache awscli2 p7zip @@ -83,10 +84,10 @@ jujutsu ffmpeg typst - pavucontrol # reversing radare2 + ida-free jadx frida-tools mitmproxy diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index eeb62c9..6f73eaf 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,5 +1,6 @@ { pkgs, + lib, ... }: { @@ -69,10 +70,7 @@ networkmanager.enable = true; firewall = { enable = true; - trustedInterfaces = [ - "tailscale0" - "podman1" - ]; + trustedInterfaces = [ "tailscale0" ]; allowedTCPPorts = [ 22 80 @@ -81,6 +79,32 @@ allowedUDPPorts = [ 443 ]; + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off + + # clear existing rules + ${tc} qdisc del dev ens18 root || true + + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 10 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% + + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 + + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 + ''; }; interfaces.ens18 = { ipv6.addresses = [ @@ -133,7 +157,6 @@ environment.systemPackages = with pkgs; [ vim - neovim wget curl tree diff --git a/hosts/common.nix b/hosts/common.nix index c125822..b1989b1 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -39,7 +39,7 @@ i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { - firewall.logRefusedConnections = true; + firewall.logRefusedConnections = false; nameservers = [ # quad9 (unfiltered) "2620:fe::10" @@ -56,7 +56,6 @@ "nts.teambelgium.net" "c.st1.ntp.br" ]; - nftables.enable = true; }; services.chrony = { enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 763c51e..e59abc3 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -44,11 +44,10 @@ efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_6_14; + kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; - kernelModules = [ "8821ce" ]; kernelParams = [ # see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management "pcie_aspm=off" @@ -61,10 +60,7 @@ enable = true; pkiBundle = "/var/lib/sbctl"; }; - kernel.sysctl = { - "kernel.sysrq" = 1; - # "net.ipv4.ip_forward" = 1; - }; + kernel.sysctl."kernel.sysrq" = 1; binfmt.emulatedSystems = [ "aarch64-linux" ]; }; @@ -91,12 +87,12 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ - "tailscale0" - ]; - extraInputRules = '' - ip saddr 192.168.100.0/24 tcp dport 9234 accept - ''; + trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ]; + # allowedTCPPorts = [ + # 8080 # mitmproxy + # 22000 # syncthing + # 3003 # immich-ml + # ]; }; hosts = { "100.122.132.30" = [ "s3.cy7.sh" ]; @@ -109,10 +105,8 @@ pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; - wireplumber.extraConfig."10-bluetooth-enhancements" = { - "wireplumber.settings" = { - "bluetooth.autoswitch-to-headset-profile" = false; - }; + wireplumber.extraConfig.bluetoothEnhancements = { + # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration "monitor.bluez.properties" = { "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; @@ -120,27 +114,27 @@ "bluez5.roles" = [ "a2dp_sink" "a2dp_source" + "hsp_hs" + "hsp_ag" "hfp_hf" "hfp_ag" ]; }; }; # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters - wireplumber.extraConfig."11-disable-suspend" = { - "monitor.bluez.rules" = [ - { - matches = [ - { - "device.name" = "bluez_card.*"; - } - ]; - actions = { - update-props = { - "session.suspend-timeout-seconds" = 0; - }; - }; - } - ]; + wireplumber.extraConfig.disableSuspend = { + "monitor.bluez.rules" = { + matches = [ + { + "node.name" = "bluez_output.*"; + } + ]; + }; + actions = { + update-props = { + "session.suspend-timeout-seconds" = 0; + }; + }; }; }; @@ -219,14 +213,10 @@ }; fonts = { - packages = - (with pkgs; [ - ibm-plex - ]) - ++ (with pkgs.nerd-fonts; [ - roboto-mono - jetbrains-mono - ]); + packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; enableDefaultPackages = true; }; @@ -277,10 +267,6 @@ enable = true; qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; - # virtualisation.vmware.host = { - # enable = true; - # package = pkgs.vmware-workstation; - # }; programs.virt-manager.enable = true; my.containerization.enable = true; @@ -420,12 +406,4 @@ wl-clipboard ]; }; - - programs.ghidra = { - enable = true; - package = pkgs.ghidra.withExtensions (p: with p; [ - findcrypt - ret-sync - ]); - }; } diff --git a/hosts/ytnix/hardware-configuration.nix b/hosts/ytnix/hardware-configuration.nix index cd1c283..c98a8c5 100644 --- a/hosts/ytnix/hardware-configuration.nix +++ b/hosts/ytnix/hardware-configuration.nix @@ -82,5 +82,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault true; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/modules/backup.nix b/modules/backup.nix index b9d43c1..a07542d 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -21,7 +21,7 @@ let "/var/lib/docker" "/var/lib/containers" # podman "/var/lib/systemd" - "/var/lib/libvirt/images" + "/var/lib/libvirt" "**/.rustup" "**/.cargo" "**/.docker"