diff --git a/etc/config.scm b/etc/config.scm index 2513332..582a067 100644 --- a/etc/config.scm +++ b/etc/config.scm @@ -2,11 +2,13 @@ (gnu) (guix store) (guix packages) +(gnu packages databases) (rosenthal packages binaries) (rosenthal packages emacs-xyz) (guix transformations) (gnu packages audio) (gnu packages librewolf) +(gnu packages sqlite) (gnu packages gdb) (gnu packages graphics) (gnu packages java) @@ -61,6 +63,7 @@ commencement) (gnu packages lxqt) (gnu packages file-systems) (gnu services base) +(gnu packages base) (gnu packages xfce) (guix channels) (guix inferior) @@ -129,25 +132,47 @@ commencement) (use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization) (use-package-modules package-management version-control gcc bash certs admin linux) (define my-kernel linux) +(define xmonad-0.18.0 + (package + (inherit xmonad) + (version "0.18.0"))) +(define my-packages + (list + xmonad-0.18.0 + )) (operating-system (kernel my-kernel) - (kernel-arguments '("quiet" - "nvme_core.default_ps_max_latency_us=0" - "noatime" - "zswap.enabled=1" - "zswap.compressor=lz4" - "zswap.max_pool_percent=36" - "elevator=deadline" - "intel_pstate=disable" - "mitigations=auto" - "ksm=1" - "spectre_v2=on" - "nopti" - "rootflags=data=writeback" - "cpufreq.default_governor=performance" - "transparent_hugepage=madvise" - "maxcpus=4")) + (kernel-arguments + '("quiet" ; Reduces boot verbosity + "noatime" ; Disables access time updates for performance + "zswap.enabled=1" ; Enables zswap for compressed caching of swap pages + "zswap.compressor=zstd" ; Sets zswap compressor to zstd for efficiency + "zswap.max_pool_percent=36"; Configures zswap to use up to 36% of RAM + "elevator=deadline" ; Sets the I/O scheduler to deadline for balanced performance + "mitigations=auto" ; Enables CPU mitigations as appropriate (security vs performance) + "ksm=1" ; Allows Kernel Samepage Merging for memory efficiency + "spectre_v2=on" ; Enables Spectre v2 mitigations + "nopti" ; Disables Page Table Isolation for performance (may impact security) + "rootflags=data=writeback" ; Improves performance for writes with writeback caching + "transparent_hugepage=madvise" ; Uses transparent huge pages with advice for allocations + "maxcpus=4" ; Limits CPU cores for the kernel (can be set to auto for all) + "noirqdebug" ; Disables IRQ debugging messages + "watchdog" ; Enables hardware watchdog + "noreplace-smp" ; Avoids replacing the SMP kernel after a panic + "softlockup_panic" ; Causes kernel panic if a soft lockup is detected + "preempt=full" ; Enables full preemptive kernel for better responsiveness + "sysrq_always_enabled=1" ; Keeps SysRq features enabled + "ipv6.disable=1" ; Disables IPv6 support to potentially simplify networking + "oem" ; OEM specific configurations + "amdgpu.ppfeaturemask=0xffffffff" ; Configures all powerplay features for AMD GPU + "amdgpu.dc=1" ; Enable Display Core for better graphics handling + "amdgpu.dpm=1" ; Enable Dynamic Power Management for AMD GPU + "amdgpu.aspm=1" ; Enable Active State Power Management on AMD GPUs + "irqaffinity=1" ; Assign IRQs to CPUs to improve stability + "cpufreq.default_governor=performance"; CPU runs at maximum speed for optimal performance +)) + (initrd microcode-initrd) (firmware (list linux-firmware)) @@ -171,7 +196,9 @@ commencement) (packages (append (list ;emacs-org-roam ;emacs-org-roam-ui - polybar + postgresql + ;foliate + polybar gstreamer gst-plugins-bad gst-plugins-good @@ -186,9 +213,11 @@ commencement) qtsolutions glances zstd - mpv + sqlite + mpv kitty maim + ;; procps scrot mupdf @@ -198,10 +227,11 @@ commencement) go clisp fdm - jami + ;;jami ;navidrome-bin ;mullvad-vpn smartmontools + ;; udevil samba cifs-utils @@ -423,9 +453,12 @@ emacs-latex-preview-pane neofetch kleopatra flatpak - pfetch + fuse + pfetch icecat + qutebrowser ;;mullvadbrowser + nftables git-lfs ghc-git-lfs hashcat @@ -566,13 +599,19 @@ extractpdfmark poppler-qt5 poppler python-pdfminer-six +lz4 +zstd rust + blueman + bluez + bluez-alsa ;goldendict-ng ;suckless-dictpopup ;;rust-version-check ;;rust-deunicode nheko lf + fuse ;; lots of fonts from package xorg.scm font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic @@ -583,7 +622,9 @@ python-pdfminer-six noisetorch linux-firmware nix - (specification->package "i3-wm") + dmidecode + (specification->package "i3-wm") + (specification->package "dmidecode") (specification->package "i3status") (specification->package "dmenu") (specification->package "st") @@ -605,8 +646,8 @@ python-pdfminer-six (specification->package "unrar") (specification->package "nicotine+") (specification->package "icecat") - (specification->package "gimp") - (specification->package "foliate") + (specification->package "qutebrowser") + (specification->package "gimp") (specification->package "tor-client") (specification->package "make") (specification->package "element-desktop") @@ -615,6 +656,10 @@ python-pdfminer-six (specification->package "xmobar") (specification->package "xmodmap") (specification->package "rofi") + (specification->package "bluez-alsa") + (specification->package "bluez") + (specification->package "fuse") + (specification->package "blueman") (specification->package "navidrome-bin")) %base-packages)) @@ -629,38 +674,37 @@ python-pdfminer-six (services (append (list + (service bluetooth-service-type + (bluetooth-configuration + (auto-enable? #t))) (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) - (service iptables-service-type - (iptables-configuration - (ipv4-rules (plain-file "iptables.rules" "*filter + +(service iptables-service-type + (iptables-configuration + (ipv4-rules (plain-file "iptables.rules" "*filter :INPUT DROP -:FORWARD ACCEPT +:FORWARD DROP :OUTPUT ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT --A INPUT -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT --A FORWARD -p tcp -s 127.0.0.1 -j ACCEPT +-A INPUT -p tcp --dport 631 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -p udp --dport 631 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -j REJECT --reject-with icmp-port-unreachable -A FORWARD -m state --state INVALID -j DROP --A OUTPUT -p tcp -s 127.0.0.1 -j ACCEPT --A OUTPUT -m state --state INVALID -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o tun+ -j ACCEPT -A OUTPUT -m owner --gid-owner openvpn -j ACCEPT +-A OUTPUT -m state --state INVALID -j DROP -t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040 -t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53 -t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT -t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT -t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP COMMIT -")) - (ipv6-rules (plain-file "ip6tables.rules" "*filter -:INPUT DROP -:FORWARD DROP -:OUTPUT DROP --A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT --A INPUT -j REJECT --reject-with icmp6-port-unreachable -COMMIT -")))) +")))) + + + (simple-service 'blueman dbus-root-service-type (list blueman)) (simple-service 'my-jp-ime-env session-environment-service-type '(("GTK_IM_MODULE" . "fcitx") ("QT_IM_MODULE" . "fcitx") @@ -718,7 +762,7 @@ COMMIT (targets (list "/dev/nvme0n1")) (theme (grub-theme (resolution '(1920 . 1080)) - (image (local-file "/home/berkeley/Downloads/thebigj2.png")))))) + (image (local-file "/var/cache/wallpaper.png")))))) (swap-devices (list (swap-space (priority 50) (target (uuid @@ -732,25 +776,22 @@ COMMIT (device (uuid "02E2-0AB2" 'fat32)) (type "vfat")) + (file-system (mount-point "/") - (device (uuid - "38467002-a282-4387-8319-cff6d93cd23b" - 'ext4)) - (type "ext4")) - (file-system - (mount-point "/files") - (device (uuid - "7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886" - 'ext4)) - (type "ext4")) - (file-system - (mount-point "/virt") - (device (uuid - "9d009d01-d635-4d56-987a-ffc2699da9fb" - 'ext4)) - (type "ext4")) - + (device (uuid "38467002-a282-4387-8319-cff6d93cd23b" 'ext4)) + (type "ext4")) + + (file-system + (mount-point "/files") + (device (uuid "7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886" 'ext4)) + (type "ext4")) + + (file-system + (mount-point "/var/cache") + (device (uuid "9d009d01-d635-4d56-987a-ffc2699da9fb" 'ext4)) + (type "ext4")) + %base-file-systems)))