diff --git a/flake.lock b/flake.lock index 1fd0e8b..2af1d4d 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1746786847, - "narHash": "sha256-QKb+8DHlceK62uPHd+KTI22efwUMJ8zI2eD6HOSw99s=", + "lastModified": 1748012719, + "narHash": "sha256-s6VG70nqLCzAOLRgZ3oETQ8VJcsrEUol2vjTiYyesK4=", "owner": "deuxfleurs-org", "repo": "garage", - "rev": "a2a9e3cec4945c4f6bb93622b860ef696ed3c075", + "rev": "37e5621dde5c25ccac4f6da4d7c60f45fc71ff88", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1747155932, - "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=", + "lastModified": 1748529677, + "narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c", + "rev": "da282034f4d30e787b8a10722431e8b650a907ef", "type": "github" }, "original": { @@ -257,11 +257,11 @@ ] }, "locked": { - "lastModified": 1746934494, - "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", + "lastModified": 1748145500, + "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", + "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1747037786, - "narHash": "sha256-nhOupZpHdrUYK2a2y1y238VEPVpUmJw/nEd212wyG0c=", + "lastModified": 1747646130, + "narHash": "sha256-B4+JyeF6u7FINPD1Fzc7QiDlmG1L06z/34MqMlBfPDQ=", "owner": "nix-community", "repo": "nix-ld", - "rev": "90316ea7ffa3336547b85b3b2827d9d4552a4a79", + "rev": "14ad0c0a26dae752c93fa9fa59437bfd2b8aaf69", "type": "github" }, "original": { @@ -292,11 +292,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { @@ -417,11 +417,11 @@ ] }, "locked": { - "lastModified": 1747103809, - "narHash": "sha256-a3Yk+CoFmNw7V8J/si/AM8WuI/qTxQhiJpuQ7HFl774=", + "lastModified": 1748486227, + "narHash": "sha256-veMuFa9cq/XgUXp1S57oC8K0TIw3XyZWL2jIyGWlW0c=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "fe36c63649875f391949e8b2ec33949d0cd8aa95", + "rev": "4bf1892eb81113e868efe67982b64f1da15c8c5a", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1747101711, - "narHash": "sha256-VJ6NkQAIXvNr+THN6TlNqlSY3lB1hv/o4yvfG82sHQI=", + "lastModified": 1748397853, + "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1830b606ba0a839ab60f8465c23613620e9982de", + "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "type": "github" }, "original": { diff --git a/home/kitty.nix b/home/kitty.nix index 40f25ef..aedaf96 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -13,7 +13,7 @@ # for confirmation confirm_os_window_close = 0; clear_all_shortcuts = true; - background_opacity = 0.85; + background_opacity = 0.9; # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager @@ -21,7 +21,7 @@ # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; # "scrollback_lines" = 20000; - wheel_scroll_multiplier = 50; + # wheel_scroll_multiplier = 50; }; keybindings = { # kitty_mod is ctrl+shift by default diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index ffc0360..db3dfb2 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -57,7 +57,6 @@ gdb fuzzel hugo - ghidra sccache awscli2 p7zip @@ -84,10 +83,10 @@ jujutsu ffmpeg typst + pavucontrol # reversing radare2 - ida-free jadx frida-tools mitmproxy diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 6f73eaf..eeb62c9 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,6 +1,5 @@ { pkgs, - lib, ... }: { @@ -70,7 +69,10 @@ networkmanager.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" ]; + trustedInterfaces = [ + "tailscale0" + "podman1" + ]; allowedTCPPorts = [ 22 80 @@ -79,32 +81,6 @@ allowedUDPPorts = [ 443 ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in - '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off - - # clear existing rules - ${tc} qdisc del dev ens18 root || true - - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 10 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 - - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 - ''; }; interfaces.ens18 = { ipv6.addresses = [ @@ -157,6 +133,7 @@ environment.systemPackages = with pkgs; [ vim + neovim wget curl tree diff --git a/hosts/common.nix b/hosts/common.nix index b1989b1..c125822 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -39,7 +39,7 @@ i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { - firewall.logRefusedConnections = false; + firewall.logRefusedConnections = true; nameservers = [ # quad9 (unfiltered) "2620:fe::10" @@ -56,6 +56,7 @@ "nts.teambelgium.net" "c.st1.ntp.br" ]; + nftables.enable = true; }; services.chrony = { enable = true; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index e59abc3..763c51e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -44,10 +44,11 @@ efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxKernel.packages.linux_zen; + kernelPackages = pkgs.linuxPackages_6_14; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; + kernelModules = [ "8821ce" ]; kernelParams = [ # see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management "pcie_aspm=off" @@ -60,7 +61,10 @@ enable = true; pkiBundle = "/var/lib/sbctl"; }; - kernel.sysctl."kernel.sysrq" = 1; + kernel.sysctl = { + "kernel.sysrq" = 1; + # "net.ipv4.ip_forward" = 1; + }; binfmt.emulatedSystems = [ "aarch64-linux" ]; }; @@ -87,12 +91,12 @@ resolvconf.enable = true; firewall = { enable = true; - trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ]; - # allowedTCPPorts = [ - # 8080 # mitmproxy - # 22000 # syncthing - # 3003 # immich-ml - # ]; + trustedInterfaces = [ + "tailscale0" + ]; + extraInputRules = '' + ip saddr 192.168.100.0/24 tcp dport 9234 accept + ''; }; hosts = { "100.122.132.30" = [ "s3.cy7.sh" ]; @@ -105,8 +109,10 @@ pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; - wireplumber.extraConfig.bluetoothEnhancements = { - # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration + wireplumber.extraConfig."10-bluetooth-enhancements" = { + "wireplumber.settings" = { + "bluetooth.autoswitch-to-headset-profile" = false; + }; "monitor.bluez.properties" = { "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; @@ -114,27 +120,27 @@ "bluez5.roles" = [ "a2dp_sink" "a2dp_source" - "hsp_hs" - "hsp_ag" "hfp_hf" "hfp_ag" ]; }; }; # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters - wireplumber.extraConfig.disableSuspend = { - "monitor.bluez.rules" = { - matches = [ - { - "node.name" = "bluez_output.*"; - } - ]; - }; - actions = { - update-props = { - "session.suspend-timeout-seconds" = 0; - }; - }; + wireplumber.extraConfig."11-disable-suspend" = { + "monitor.bluez.rules" = [ + { + matches = [ + { + "device.name" = "bluez_card.*"; + } + ]; + actions = { + update-props = { + "session.suspend-timeout-seconds" = 0; + }; + }; + } + ]; }; }; @@ -213,10 +219,14 @@ }; fonts = { - packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; + packages = + (with pkgs; [ + ibm-plex + ]) + ++ (with pkgs.nerd-fonts; [ + roboto-mono + jetbrains-mono + ]); enableDefaultPackages = true; }; @@ -267,6 +277,10 @@ enable = true; qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; + # virtualisation.vmware.host = { + # enable = true; + # package = pkgs.vmware-workstation; + # }; programs.virt-manager.enable = true; my.containerization.enable = true; @@ -406,4 +420,12 @@ wl-clipboard ]; }; + + programs.ghidra = { + enable = true; + package = pkgs.ghidra.withExtensions (p: with p; [ + findcrypt + ret-sync + ]); + }; } diff --git a/hosts/ytnix/hardware-configuration.nix b/hosts/ytnix/hardware-configuration.nix index c98a8c5..cd1c283 100644 --- a/hosts/ytnix/hardware-configuration.nix +++ b/hosts/ytnix/hardware-configuration.nix @@ -82,5 +82,5 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault true; } diff --git a/modules/backup.nix b/modules/backup.nix index a07542d..b9d43c1 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -21,7 +21,7 @@ let "/var/lib/docker" "/var/lib/containers" # podman "/var/lib/systemd" - "/var/lib/libvirt" + "/var/lib/libvirt/images" "**/.rustup" "**/.cargo" "**/.docker"