Upload files to "etc"

main
berkeley 2024-11-04 16:28:49 +00:00
parent 9508579513
commit bcc6d7475a
1 changed files with 99 additions and 58 deletions

View File

@ -2,11 +2,13 @@
(gnu) (gnu)
(guix store) (guix store)
(guix packages) (guix packages)
(gnu packages databases)
(rosenthal packages binaries) (rosenthal packages binaries)
(rosenthal packages emacs-xyz) (rosenthal packages emacs-xyz)
(guix transformations) (guix transformations)
(gnu packages audio) (gnu packages audio)
(gnu packages librewolf) (gnu packages librewolf)
(gnu packages sqlite)
(gnu packages gdb) (gnu packages gdb)
(gnu packages graphics) (gnu packages graphics)
(gnu packages java) (gnu packages java)
@ -61,6 +63,7 @@ commencement)
(gnu packages lxqt) (gnu packages lxqt)
(gnu packages file-systems) (gnu packages file-systems)
(gnu services base) (gnu services base)
(gnu packages base)
(gnu packages xfce) (gnu packages xfce)
(guix channels) (guix channels)
(guix inferior) (guix inferior)
@ -129,25 +132,47 @@ commencement)
(use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization) (use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization)
(use-package-modules package-management version-control gcc bash certs admin linux) (use-package-modules package-management version-control gcc bash certs admin linux)
(define my-kernel linux) (define my-kernel linux)
(define xmonad-0.18.0
(package
(inherit xmonad)
(version "0.18.0")))
(define my-packages
(list
xmonad-0.18.0
))
(operating-system (operating-system
(kernel my-kernel) (kernel my-kernel)
(kernel-arguments '("quiet" (kernel-arguments
"nvme_core.default_ps_max_latency_us=0" '("quiet" ; Reduces boot verbosity
"noatime" "noatime" ; Disables access time updates for performance
"zswap.enabled=1" "zswap.enabled=1" ; Enables zswap for compressed caching of swap pages
"zswap.compressor=lz4" "zswap.compressor=zstd" ; Sets zswap compressor to zstd for efficiency
"zswap.max_pool_percent=36" "zswap.max_pool_percent=36"; Configures zswap to use up to 36% of RAM
"elevator=deadline" "elevator=deadline" ; Sets the I/O scheduler to deadline for balanced performance
"intel_pstate=disable" "mitigations=auto" ; Enables CPU mitigations as appropriate (security vs performance)
"mitigations=auto" "ksm=1" ; Allows Kernel Samepage Merging for memory efficiency
"ksm=1" "spectre_v2=on" ; Enables Spectre v2 mitigations
"spectre_v2=on" "nopti" ; Disables Page Table Isolation for performance (may impact security)
"nopti" "rootflags=data=writeback" ; Improves performance for writes with writeback caching
"rootflags=data=writeback" "transparent_hugepage=madvise" ; Uses transparent huge pages with advice for allocations
"cpufreq.default_governor=performance" "maxcpus=4" ; Limits CPU cores for the kernel (can be set to auto for all)
"transparent_hugepage=madvise" "noirqdebug" ; Disables IRQ debugging messages
"maxcpus=4")) "watchdog" ; Enables hardware watchdog
"noreplace-smp" ; Avoids replacing the SMP kernel after a panic
"softlockup_panic" ; Causes kernel panic if a soft lockup is detected
"preempt=full" ; Enables full preemptive kernel for better responsiveness
"sysrq_always_enabled=1" ; Keeps SysRq features enabled
"ipv6.disable=1" ; Disables IPv6 support to potentially simplify networking
"oem" ; OEM specific configurations
"amdgpu.ppfeaturemask=0xffffffff" ; Configures all powerplay features for AMD GPU
"amdgpu.dc=1" ; Enable Display Core for better graphics handling
"amdgpu.dpm=1" ; Enable Dynamic Power Management for AMD GPU
"amdgpu.aspm=1" ; Enable Active State Power Management on AMD GPUs
"irqaffinity=1" ; Assign IRQs to CPUs to improve stability
"cpufreq.default_governor=performance"; CPU runs at maximum speed for optimal performance
))
(initrd microcode-initrd) (initrd microcode-initrd)
(firmware (list linux-firmware)) (firmware (list linux-firmware))
@ -171,7 +196,9 @@ commencement)
(packages (append (list (packages (append (list
;emacs-org-roam ;emacs-org-roam
;emacs-org-roam-ui ;emacs-org-roam-ui
polybar postgresql
;foliate
polybar
gstreamer gstreamer
gst-plugins-bad gst-plugins-bad
gst-plugins-good gst-plugins-good
@ -186,9 +213,11 @@ commencement)
qtsolutions qtsolutions
glances glances
zstd zstd
mpv sqlite
mpv
kitty kitty
maim maim
;;
procps procps
scrot scrot
mupdf mupdf
@ -198,10 +227,11 @@ commencement)
go go
clisp clisp
fdm fdm
jami ;;jami
;navidrome-bin ;navidrome-bin
;mullvad-vpn ;mullvad-vpn
smartmontools smartmontools
;;
udevil udevil
samba samba
cifs-utils cifs-utils
@ -423,9 +453,12 @@ emacs-latex-preview-pane
neofetch neofetch
kleopatra kleopatra
flatpak flatpak
pfetch fuse
pfetch
icecat icecat
qutebrowser
;;mullvadbrowser ;;mullvadbrowser
nftables
git-lfs git-lfs
ghc-git-lfs ghc-git-lfs
hashcat hashcat
@ -566,13 +599,19 @@ extractpdfmark
poppler-qt5 poppler-qt5
poppler poppler
python-pdfminer-six python-pdfminer-six
lz4
zstd
rust rust
blueman
bluez
bluez-alsa
;goldendict-ng ;goldendict-ng
;suckless-dictpopup ;suckless-dictpopup
;;rust-version-check ;;rust-version-check
;;rust-deunicode ;;rust-deunicode
nheko nheko
lf lf
fuse
;; lots of fonts from package xorg.scm ;; lots of fonts from package xorg.scm
font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc
font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic
@ -583,7 +622,9 @@ python-pdfminer-six
noisetorch noisetorch
linux-firmware linux-firmware
nix nix
(specification->package "i3-wm") dmidecode
(specification->package "i3-wm")
(specification->package "dmidecode")
(specification->package "i3status") (specification->package "i3status")
(specification->package "dmenu") (specification->package "dmenu")
(specification->package "st") (specification->package "st")
@ -605,8 +646,8 @@ python-pdfminer-six
(specification->package "unrar") (specification->package "unrar")
(specification->package "nicotine+") (specification->package "nicotine+")
(specification->package "icecat") (specification->package "icecat")
(specification->package "gimp") (specification->package "qutebrowser")
(specification->package "foliate") (specification->package "gimp")
(specification->package "tor-client") (specification->package "tor-client")
(specification->package "make") (specification->package "make")
(specification->package "element-desktop") (specification->package "element-desktop")
@ -615,6 +656,10 @@ python-pdfminer-six
(specification->package "xmobar") (specification->package "xmobar")
(specification->package "xmodmap") (specification->package "xmodmap")
(specification->package "rofi") (specification->package "rofi")
(specification->package "bluez-alsa")
(specification->package "bluez")
(specification->package "fuse")
(specification->package "blueman")
(specification->package "navidrome-bin")) (specification->package "navidrome-bin"))
%base-packages)) %base-packages))
@ -629,38 +674,37 @@ python-pdfminer-six
(services (services
(append (list (append (list
(service bluetooth-service-type
(bluetooth-configuration
(auto-enable? #t)))
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev")) (udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
(service iptables-service-type
(iptables-configuration (service iptables-service-type
(ipv4-rules (plain-file "iptables.rules" "*filter (iptables-configuration
(ipv4-rules (plain-file "iptables.rules" "*filter
:INPUT DROP :INPUT DROP
:FORWARD ACCEPT :FORWARD DROP
:OUTPUT ACCEPT :OUTPUT ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -s 127.0.0.1 -j ACCEPT -A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
-A FORWARD -p tcp -s 127.0.0.1 -j ACCEPT -A INPUT -p tcp --dport 631 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p udp --dport 631 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m state --state INVALID -j DROP -A FORWARD -m state --state INVALID -j DROP
-A OUTPUT -p tcp -s 127.0.0.1 -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT -A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT -A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040 -t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53 -t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT -t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT -t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP -t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
COMMIT COMMIT
")) "))))
(ipv6-rules (plain-file "ip6tables.rules" "*filter
:INPUT DROP
:FORWARD DROP (simple-service 'blueman dbus-root-service-type (list blueman))
:OUTPUT DROP
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
COMMIT
"))))
(simple-service 'my-jp-ime-env session-environment-service-type (simple-service 'my-jp-ime-env session-environment-service-type
'(("GTK_IM_MODULE" . "fcitx") '(("GTK_IM_MODULE" . "fcitx")
("QT_IM_MODULE" . "fcitx") ("QT_IM_MODULE" . "fcitx")
@ -718,7 +762,7 @@ COMMIT
(targets (list "/dev/nvme0n1")) (targets (list "/dev/nvme0n1"))
(theme (grub-theme (theme (grub-theme
(resolution '(1920 . 1080)) (resolution '(1920 . 1080))
(image (local-file "/home/berkeley/Downloads/thebigj2.png")))))) (image (local-file "/var/cache/wallpaper.png"))))))
(swap-devices (list (swap-space (swap-devices (list (swap-space
(priority 50) (priority 50)
(target (uuid (target (uuid
@ -732,25 +776,22 @@ COMMIT
(device (uuid "02E2-0AB2" (device (uuid "02E2-0AB2"
'fat32)) 'fat32))
(type "vfat")) (type "vfat"))
(file-system (file-system
(mount-point "/") (mount-point "/")
(device (uuid (device (uuid "38467002-a282-4387-8319-cff6d93cd23b" 'ext4))
"38467002-a282-4387-8319-cff6d93cd23b" (type "ext4"))
'ext4))
(type "ext4")) (file-system
(file-system (mount-point "/files")
(mount-point "/files") (device (uuid "7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886" 'ext4))
(device (uuid (type "ext4"))
"7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886"
'ext4)) (file-system
(type "ext4")) (mount-point "/var/cache")
(file-system (device (uuid "9d009d01-d635-4d56-987a-ffc2699da9fb" 'ext4))
(mount-point "/virt") (type "ext4"))
(device (uuid
"9d009d01-d635-4d56-987a-ffc2699da9fb"
'ext4))
(type "ext4"))
%base-file-systems))) %base-file-systems)))