2023-03-21 00:27:19 -04:00
|
|
|
{ config, lib, pkgs, inputs, ... }@attrs:
|
2022-09-04 01:59:56 -04:00
|
|
|
with lib; {
|
2023-03-21 00:27:19 -04:00
|
|
|
config = mkMerge [
|
|
|
|
|
(mkIf pkgs.stdenv.isLinux {
|
|
|
|
|
zramSwap = mkIf config.nathan.services.zramSwap {
|
|
|
|
|
enable = true;
|
|
|
|
|
algorithm = "lz4";
|
|
|
|
|
memoryPercent = 25;
|
|
|
|
|
};
|
|
|
|
|
nix = mkIf config.nathan.config.nix.autoGC {
|
|
|
|
|
settings.auto-optimise-store = true;
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
(mkIf config.nathan.config.harden
|
|
|
|
|
(import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
|
|
|
|
|
(mkIf config.nathan.config.harden {
|
2023-05-30 03:15:32 -04:00
|
|
|
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_1_hardened;
|
2023-03-21 00:27:19 -04:00
|
|
|
security = {
|
|
|
|
|
allowSimultaneousMultithreading = true;
|
|
|
|
|
unprivilegedUsernsClone = true;
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
(mkIf ((!config.nathan.config.harden) && config.nathan.config.isDesktop) {
|
|
|
|
|
# Use the zen kernel with muqss turned on
|
|
|
|
|
boot.kernelPackages =
|
|
|
|
|
let unstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
|
|
|
|
|
in unstable.linuxKernel.packages.linux_lqx;
|
|
|
|
|
})
|
2023-06-08 22:05:35 -04:00
|
|
|
(mkIf ((!config.nathan.config.harden) && config.nathan.config.isDesktop
|
|
|
|
|
&& config.nathan.programs.perf) {
|
|
|
|
|
# Install perf and related tools
|
|
|
|
|
environment.systemPackages =
|
|
|
|
|
let unstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
|
|
|
|
|
in [ unstable.linuxKernel.packages.linux_lqx.perf ];
|
|
|
|
|
# Allow users to use it
|
|
|
|
|
boot.kernel.sysctl."kernel.perf_event_paranoid" = -1;
|
|
|
|
|
boot.kernel.sysctl."kernel.kptr_restrict" = lib.mkForce 0;
|
|
|
|
|
})
|
2023-03-21 00:27:19 -04:00
|
|
|
(mkIf config.nathan.config.isDesktop {
|
|
|
|
|
# Setup frequency scaling
|
|
|
|
|
powerManagement = {
|
|
|
|
|
enable = true;
|
|
|
|
|
cpuFreqGovernor = "schedutil";
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
(mkIf (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) {
|
|
|
|
|
# Auto update daily at 2 am
|
|
|
|
|
system.autoUpgrade = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowReboot = true;
|
|
|
|
|
# Update from the flake
|
|
|
|
|
flake = "git+https://git.stranger.systems/nix/System";
|
|
|
|
|
# Attempt to update daily at 2AM
|
|
|
|
|
dates = lib.mkDefault "2:00";
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
# Systemd user service cludge
|
|
|
|
|
{
|
|
|
|
|
systemd.user.extraConfig = ''
|
|
|
|
|
DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin"
|
|
|
|
|
'';
|
|
|
|
|
nix = mkIf config.nathan.config.nix.autoGC {
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
options = "--delete-older-than 7d";
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-06-04 10:34:59 -04:00
|
|
|
}
|
|
|
|
|
# iperf3 configuration
|
|
|
|
|
{
|
|
|
|
|
services.iperf3.enable = true;
|
|
|
|
|
environment.systemPackages = with pkgs; [ iperf ];
|
2023-03-21 00:27:19 -04:00
|
|
|
}
|
2023-06-19 02:43:14 -04:00
|
|
|
# Don't store logs longer than 7 days
|
|
|
|
|
{
|
|
|
|
|
services.journald.extraConfig = ''
|
|
|
|
|
MaxRetentionSec=7day
|
|
|
|
|
'';
|
|
|
|
|
}
|
2023-07-02 02:52:02 -04:00
|
|
|
# Partitioning tools
|
|
|
|
|
(mkIf config.nathan.config.isDesktop {
|
2023-07-02 03:08:05 -04:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
parted
|
|
|
|
|
gparted
|
|
|
|
|
xorg.xhost
|
|
|
|
|
nvme-cli
|
|
|
|
|
];
|
2023-07-02 02:52:02 -04:00
|
|
|
})
|
2023-03-21 00:27:19 -04:00
|
|
|
];
|
2022-06-23 02:57:41 -04:00
|
|
|
}
|
