rm ida-free and pin kernel to 6.14

• Updated input 'garage':
    'github:deuxfleurs-org/garage/a2a9e3cec4945c4f6bb93622b860ef696ed3c075' (2025-05-09)
  → 'github:deuxfleurs-org/garage/37e5621dde5c25ccac4f6da4d7c60f45fc71ff88' (2025-05-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/29dda415f5b2178278283856c6f9f7b48a2a4353' (2025-05-20)
  → 'github:nix-community/home-manager/da282034f4d30e787b8a10722431e8b650a907ef' (2025-05-29)
• Updated input 'nix-index-database':
    'github:nix-community/nix-index-database/ec179dd13fb7b4c6844f55be91436f7857226dce' (2025-05-18)
  → 'github:nix-community/nix-index-database/a98adbf54d663395df0b9929f6481d4d80fc8927' (2025-05-25)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043' (2025-05-18)
  → 'github:nixos/nixpkgs/4faa5f5321320e49a78ae7848582f684d64783e9' (2025-05-27)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/3e7b002daad1ff342b223af3a9de7b2a4b6fdc7d' (2025-05-20)
  → 'github:oxalica/rust-overlay/4bf1892eb81113e868efe67982b64f1da15c8c5a' (2025-05-29)
• Updated input 'vscode-extensions':
    'github:nix-community/nix-vscode-extensions/d096058275e83be4133081e53dcd53e029a5ad80' (2025-05-20)
  → 'github:nix-community/nix-vscode-extensions/ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5' (2025-05-28)

flake.lock

@@ -147,11 +147,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1746786847,
-        "narHash": "sha256-QKb+8DHlceK62uPHd+KTI22efwUMJ8zI2eD6HOSw99s=",
+        "lastModified": 1748012719,
+        "narHash": "sha256-s6VG70nqLCzAOLRgZ3oETQ8VJcsrEUol2vjTiYyesK4=",
         "owner": "deuxfleurs-org",
         "repo": "garage",
-        "rev": "a2a9e3cec4945c4f6bb93622b860ef696ed3c075",
+        "rev": "37e5621dde5c25ccac4f6da4d7c60f45fc71ff88",
         "type": "github"
       },
       "original": {
@@ -189,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747155932,
-        "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=",
+        "lastModified": 1748529677,
+        "narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c",
+        "rev": "da282034f4d30e787b8a10722431e8b650a907ef",
         "type": "github"
       },
       "original": {
@@ -257,11 +257,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746934494,
-        "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=",
+        "lastModified": 1748145500,
+        "narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff",
+        "rev": "a98adbf54d663395df0b9929f6481d4d80fc8927",
         "type": "github"
       },
       "original": {
@@ -277,11 +277,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747037786,
-        "narHash": "sha256-nhOupZpHdrUYK2a2y1y238VEPVpUmJw/nEd212wyG0c=",
+        "lastModified": 1747646130,
+        "narHash": "sha256-B4+JyeF6u7FINPD1Fzc7QiDlmG1L06z/34MqMlBfPDQ=",
         "owner": "nix-community",
         "repo": "nix-ld",
-        "rev": "90316ea7ffa3336547b85b3b2827d9d4552a4a79",
+        "rev": "14ad0c0a26dae752c93fa9fa59437bfd2b8aaf69",
         "type": "github"
       },
       "original": {
@@ -292,11 +292,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746904237,
-        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "lastModified": 1748370509,
+        "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
         "type": "github"
       },
       "original": {
@@ -417,11 +417,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747103809,
-        "narHash": "sha256-a3Yk+CoFmNw7V8J/si/AM8WuI/qTxQhiJpuQ7HFl774=",
+        "lastModified": 1748486227,
+        "narHash": "sha256-veMuFa9cq/XgUXp1S57oC8K0TIw3XyZWL2jIyGWlW0c=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "fe36c63649875f391949e8b2ec33949d0cd8aa95",
+        "rev": "4bf1892eb81113e868efe67982b64f1da15c8c5a",
         "type": "github"
       },
       "original": {
@@ -437,11 +437,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746485181,
-        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+        "lastModified": 1747603214,
+        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
         "type": "github"
       },
       "original": {
@@ -503,11 +503,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747101711,
-        "narHash": "sha256-VJ6NkQAIXvNr+THN6TlNqlSY3lB1hv/o4yvfG82sHQI=",
+        "lastModified": 1748397853,
+        "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "1830b606ba0a839ab60f8465c23613620e9982de",
+        "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5",
         "type": "github"
       },
       "original": {

home/kitty.nix

@@ -13,7 +13,7 @@
       # for confirmation
       confirm_os_window_close = 0;
       clear_all_shortcuts = true;
-      background_opacity = 0.85;
+      background_opacity = 0.9;
 
       # will probably lower this later but the max allowed is actually 4GB
       # this is NOT stored in memory and can only be viewed with scrollback_pager
@@ -21,7 +21,7 @@
       # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399
       "scrollback_pager" = "bat --pager='less -FR +G'";
       # "scrollback_lines" = 20000;
-      wheel_scroll_multiplier = 50;
+      # wheel_scroll_multiplier = 50;
     };
     keybindings = {
       # kitty_mod is ctrl+shift by default

home/yt/ytnix.nix

@@ -57,7 +57,6 @@
       gdb
       fuzzel
       hugo
-      ghidra
       sccache
       awscli2
       p7zip
@@ -84,10 +83,10 @@
       jujutsu
       ffmpeg
       typst
+      pavucontrol
 
       # reversing
       radare2
-      ida-free
       jadx
       frida-tools
       mitmproxy

hosts/chunk/default.nix

@@ -1,6 +1,5 @@
 {
   pkgs,
-  lib,
   ...
 }:
 {
@@ -70,7 +69,10 @@
     networkmanager.enable = true;
     firewall = {
       enable = true;
-      trustedInterfaces = [ "tailscale0" ];
+      trustedInterfaces = [
+        "tailscale0"
+        "podman1"
+      ];
       allowedTCPPorts = [
         22
         80
@@ -79,32 +81,6 @@
       allowedUDPPorts = [
         443
       ];
-      extraCommands =
-        let
-          ethtool = lib.getExe pkgs.ethtool;
-          tc = lib.getExe' pkgs.iproute2 "tc";
-        in
-        ''
-          # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
-          ${ethtool} -K ens18 tso off
-
-          # clear existing rules
-          ${tc} qdisc del dev ens18 root || true
-
-          # create HTB hierarchy
-          ${tc} qdisc add dev ens18 root handle 1: htb default 10
-          ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
-          # rest
-          ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100%
-          # caddy
-          ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
-
-          # mark traffic
-          iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3
-
-          # route marked packets
-          ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30
-        '';
     };
     interfaces.ens18 = {
       ipv6.addresses = [
@@ -157,6 +133,7 @@
 
   environment.systemPackages = with pkgs; [
     vim
+    neovim
     wget
     curl
     tree

hosts/common.nix

@@ -39,7 +39,7 @@
   i18n.defaultLocale = "en_US.UTF-8";
   time.timeZone = "America/New_York";
   networking = {
-    firewall.logRefusedConnections = false;
+    firewall.logRefusedConnections = true;
     nameservers = [
       # quad9 (unfiltered)
       "2620:fe::10"
@@ -56,6 +56,7 @@
       "nts.teambelgium.net"
       "c.st1.ntp.br"
     ];
+    nftables.enable = true;
   };
   services.chrony = {
     enable = true;

hosts/ytnix/default.nix

@@ -44,10 +44,11 @@
       efi.canTouchEfiVariables = true;
     };
     tmp.cleanOnBoot = true;
-    kernelPackages = pkgs.linuxKernel.packages.linux_zen;
+    kernelPackages = pkgs.linuxPackages_6_14;
     extraModulePackages = with config.boot.kernelPackages; [
       rtl8821ce
     ];
+    kernelModules = [ "8821ce" ];
     kernelParams = [
       # see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management
       "pcie_aspm=off"
@@ -60,7 +61,10 @@
       enable = true;
       pkiBundle = "/var/lib/sbctl";
     };
-    kernel.sysctl."kernel.sysrq" = 1;
+    kernel.sysctl = {
+      "kernel.sysrq" = 1;
+      # "net.ipv4.ip_forward" = 1;
+    };
     binfmt.emulatedSystems = [ "aarch64-linux" ];
   };
 
@@ -87,12 +91,12 @@
     resolvconf.enable = true;
     firewall = {
       enable = true;
-      trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ];
-      # allowedTCPPorts = [
-      #   8080 # mitmproxy
-      #   22000 # syncthing
-      #   3003 # immich-ml
-      # ];
+      trustedInterfaces = [
+        "tailscale0"
+      ];
+      extraInputRules = ''
+        ip saddr 192.168.100.0/24 tcp dport 9234 accept
+      '';
     };
     hosts = {
       "100.122.132.30" = [ "s3.cy7.sh" ];
@@ -105,8 +109,10 @@
     pulse.enable = true;
     alsa.enable = true;
     alsa.support32Bit = true;
-    wireplumber.extraConfig.bluetoothEnhancements = {
-      # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration
+    wireplumber.extraConfig."10-bluetooth-enhancements" = {
+      "wireplumber.settings" = {
+        "bluetooth.autoswitch-to-headset-profile" = false;
+      };
       "monitor.bluez.properties" = {
         "bluez5.enable-sbc-xq" = true;
         "bluez5.enable-msbc" = true;
@@ -114,27 +120,27 @@
         "bluez5.roles" = [
           "a2dp_sink"
           "a2dp_source"
-          "hsp_hs"
-          "hsp_ag"
           "hfp_hf"
           "hfp_ag"
         ];
       };
     };
     # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters
-    wireplumber.extraConfig.disableSuspend = {
-      "monitor.bluez.rules" = {
-        matches = [
-          {
-            "node.name" = "bluez_output.*";
-          }
-        ];
-      };
-      actions = {
-        update-props = {
-          "session.suspend-timeout-seconds" = 0;
-        };
-      };
+    wireplumber.extraConfig."11-disable-suspend" = {
+      "monitor.bluez.rules" = [
+        {
+          matches = [
+            {
+              "device.name" = "bluez_card.*";
+            }
+          ];
+          actions = {
+            update-props = {
+              "session.suspend-timeout-seconds" = 0;
+            };
+          };
+        }
+      ];
     };
   };
 
@@ -213,10 +219,14 @@
   };
 
   fonts = {
-    packages = with pkgs; [
-      nerd-fonts.roboto-mono
-      ibm-plex
-    ];
+    packages =
+      (with pkgs; [
+        ibm-plex
+      ])
+      ++ (with pkgs.nerd-fonts; [
+        roboto-mono
+        jetbrains-mono
+      ]);
     enableDefaultPackages = true;
   };
 
@@ -267,6 +277,10 @@
     enable = true;
     qemu.vhostUserPackages = with pkgs; [ virtiofsd ];
   };
+  # virtualisation.vmware.host = {
+  #   enable = true;
+  #   package = pkgs.vmware-workstation;
+  # };
   programs.virt-manager.enable = true;
   my.containerization.enable = true;
 
@@ -406,4 +420,12 @@
       wl-clipboard
     ];
   };
+
+  programs.ghidra = {
+    enable = true;
+    package = pkgs.ghidra.withExtensions (p: with p; [
+      findcrypt
+      ret-sync
+    ]);
+  };
 }

hosts/ytnix/hardware-configuration.nix

@@ -82,5 +82,5 @@
   # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault true;
 }

modules/backup.nix

@@ -21,7 +21,7 @@ let
     "/var/lib/docker"
     "/var/lib/containers" # podman
     "/var/lib/systemd"
-    "/var/lib/libvirt"
+    "/var/lib/libvirt/images"
     "**/.rustup"
     "**/.cargo"
     "**/.docker"