Upload files to "etc"
parent
9508579513
commit
bcc6d7475a
157
etc/config.scm
157
etc/config.scm
|
@ -2,11 +2,13 @@
|
||||||
(gnu)
|
(gnu)
|
||||||
(guix store)
|
(guix store)
|
||||||
(guix packages)
|
(guix packages)
|
||||||
|
(gnu packages databases)
|
||||||
(rosenthal packages binaries)
|
(rosenthal packages binaries)
|
||||||
(rosenthal packages emacs-xyz)
|
(rosenthal packages emacs-xyz)
|
||||||
(guix transformations)
|
(guix transformations)
|
||||||
(gnu packages audio)
|
(gnu packages audio)
|
||||||
(gnu packages librewolf)
|
(gnu packages librewolf)
|
||||||
|
(gnu packages sqlite)
|
||||||
(gnu packages gdb)
|
(gnu packages gdb)
|
||||||
(gnu packages graphics)
|
(gnu packages graphics)
|
||||||
(gnu packages java)
|
(gnu packages java)
|
||||||
|
@ -61,6 +63,7 @@ commencement)
|
||||||
(gnu packages lxqt)
|
(gnu packages lxqt)
|
||||||
(gnu packages file-systems)
|
(gnu packages file-systems)
|
||||||
(gnu services base)
|
(gnu services base)
|
||||||
|
(gnu packages base)
|
||||||
(gnu packages xfce)
|
(gnu packages xfce)
|
||||||
(guix channels)
|
(guix channels)
|
||||||
(guix inferior)
|
(guix inferior)
|
||||||
|
@ -129,25 +132,47 @@ commencement)
|
||||||
(use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization)
|
(use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization)
|
||||||
(use-package-modules package-management version-control gcc bash certs admin linux)
|
(use-package-modules package-management version-control gcc bash certs admin linux)
|
||||||
(define my-kernel linux)
|
(define my-kernel linux)
|
||||||
|
(define xmonad-0.18.0
|
||||||
|
(package
|
||||||
|
(inherit xmonad)
|
||||||
|
(version "0.18.0")))
|
||||||
|
(define my-packages
|
||||||
|
(list
|
||||||
|
xmonad-0.18.0
|
||||||
|
))
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
(kernel my-kernel)
|
(kernel my-kernel)
|
||||||
(kernel-arguments '("quiet"
|
(kernel-arguments
|
||||||
"nvme_core.default_ps_max_latency_us=0"
|
'("quiet" ; Reduces boot verbosity
|
||||||
"noatime"
|
"noatime" ; Disables access time updates for performance
|
||||||
"zswap.enabled=1"
|
"zswap.enabled=1" ; Enables zswap for compressed caching of swap pages
|
||||||
"zswap.compressor=lz4"
|
"zswap.compressor=zstd" ; Sets zswap compressor to zstd for efficiency
|
||||||
"zswap.max_pool_percent=36"
|
"zswap.max_pool_percent=36"; Configures zswap to use up to 36% of RAM
|
||||||
"elevator=deadline"
|
"elevator=deadline" ; Sets the I/O scheduler to deadline for balanced performance
|
||||||
"intel_pstate=disable"
|
"mitigations=auto" ; Enables CPU mitigations as appropriate (security vs performance)
|
||||||
"mitigations=auto"
|
"ksm=1" ; Allows Kernel Samepage Merging for memory efficiency
|
||||||
"ksm=1"
|
"spectre_v2=on" ; Enables Spectre v2 mitigations
|
||||||
"spectre_v2=on"
|
"nopti" ; Disables Page Table Isolation for performance (may impact security)
|
||||||
"nopti"
|
"rootflags=data=writeback" ; Improves performance for writes with writeback caching
|
||||||
"rootflags=data=writeback"
|
"transparent_hugepage=madvise" ; Uses transparent huge pages with advice for allocations
|
||||||
"cpufreq.default_governor=performance"
|
"maxcpus=4" ; Limits CPU cores for the kernel (can be set to auto for all)
|
||||||
"transparent_hugepage=madvise"
|
"noirqdebug" ; Disables IRQ debugging messages
|
||||||
"maxcpus=4"))
|
"watchdog" ; Enables hardware watchdog
|
||||||
|
"noreplace-smp" ; Avoids replacing the SMP kernel after a panic
|
||||||
|
"softlockup_panic" ; Causes kernel panic if a soft lockup is detected
|
||||||
|
"preempt=full" ; Enables full preemptive kernel for better responsiveness
|
||||||
|
"sysrq_always_enabled=1" ; Keeps SysRq features enabled
|
||||||
|
"ipv6.disable=1" ; Disables IPv6 support to potentially simplify networking
|
||||||
|
"oem" ; OEM specific configurations
|
||||||
|
"amdgpu.ppfeaturemask=0xffffffff" ; Configures all powerplay features for AMD GPU
|
||||||
|
"amdgpu.dc=1" ; Enable Display Core for better graphics handling
|
||||||
|
"amdgpu.dpm=1" ; Enable Dynamic Power Management for AMD GPU
|
||||||
|
"amdgpu.aspm=1" ; Enable Active State Power Management on AMD GPUs
|
||||||
|
"irqaffinity=1" ; Assign IRQs to CPUs to improve stability
|
||||||
|
"cpufreq.default_governor=performance"; CPU runs at maximum speed for optimal performance
|
||||||
|
))
|
||||||
|
|
||||||
(initrd microcode-initrd)
|
(initrd microcode-initrd)
|
||||||
(firmware (list linux-firmware))
|
(firmware (list linux-firmware))
|
||||||
|
|
||||||
|
@ -171,7 +196,9 @@ commencement)
|
||||||
(packages (append (list
|
(packages (append (list
|
||||||
;emacs-org-roam
|
;emacs-org-roam
|
||||||
;emacs-org-roam-ui
|
;emacs-org-roam-ui
|
||||||
polybar
|
postgresql
|
||||||
|
;foliate
|
||||||
|
polybar
|
||||||
gstreamer
|
gstreamer
|
||||||
gst-plugins-bad
|
gst-plugins-bad
|
||||||
gst-plugins-good
|
gst-plugins-good
|
||||||
|
@ -186,9 +213,11 @@ commencement)
|
||||||
qtsolutions
|
qtsolutions
|
||||||
glances
|
glances
|
||||||
zstd
|
zstd
|
||||||
mpv
|
sqlite
|
||||||
|
mpv
|
||||||
kitty
|
kitty
|
||||||
maim
|
maim
|
||||||
|
;;
|
||||||
procps
|
procps
|
||||||
scrot
|
scrot
|
||||||
mupdf
|
mupdf
|
||||||
|
@ -198,10 +227,11 @@ commencement)
|
||||||
go
|
go
|
||||||
clisp
|
clisp
|
||||||
fdm
|
fdm
|
||||||
jami
|
;;jami
|
||||||
;navidrome-bin
|
;navidrome-bin
|
||||||
;mullvad-vpn
|
;mullvad-vpn
|
||||||
smartmontools
|
smartmontools
|
||||||
|
;;
|
||||||
udevil
|
udevil
|
||||||
samba
|
samba
|
||||||
cifs-utils
|
cifs-utils
|
||||||
|
@ -423,9 +453,12 @@ emacs-latex-preview-pane
|
||||||
neofetch
|
neofetch
|
||||||
kleopatra
|
kleopatra
|
||||||
flatpak
|
flatpak
|
||||||
pfetch
|
fuse
|
||||||
|
pfetch
|
||||||
icecat
|
icecat
|
||||||
|
qutebrowser
|
||||||
;;mullvadbrowser
|
;;mullvadbrowser
|
||||||
|
nftables
|
||||||
git-lfs
|
git-lfs
|
||||||
ghc-git-lfs
|
ghc-git-lfs
|
||||||
hashcat
|
hashcat
|
||||||
|
@ -566,13 +599,19 @@ extractpdfmark
|
||||||
poppler-qt5
|
poppler-qt5
|
||||||
poppler
|
poppler
|
||||||
python-pdfminer-six
|
python-pdfminer-six
|
||||||
|
lz4
|
||||||
|
zstd
|
||||||
rust
|
rust
|
||||||
|
blueman
|
||||||
|
bluez
|
||||||
|
bluez-alsa
|
||||||
;goldendict-ng
|
;goldendict-ng
|
||||||
;suckless-dictpopup
|
;suckless-dictpopup
|
||||||
;;rust-version-check
|
;;rust-version-check
|
||||||
;;rust-deunicode
|
;;rust-deunicode
|
||||||
nheko
|
nheko
|
||||||
lf
|
lf
|
||||||
|
fuse
|
||||||
;; lots of fonts from package xorg.scm
|
;; lots of fonts from package xorg.scm
|
||||||
font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc
|
font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc
|
||||||
font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic
|
font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic
|
||||||
|
@ -583,7 +622,9 @@ python-pdfminer-six
|
||||||
noisetorch
|
noisetorch
|
||||||
linux-firmware
|
linux-firmware
|
||||||
nix
|
nix
|
||||||
(specification->package "i3-wm")
|
dmidecode
|
||||||
|
(specification->package "i3-wm")
|
||||||
|
(specification->package "dmidecode")
|
||||||
(specification->package "i3status")
|
(specification->package "i3status")
|
||||||
(specification->package "dmenu")
|
(specification->package "dmenu")
|
||||||
(specification->package "st")
|
(specification->package "st")
|
||||||
|
@ -605,8 +646,8 @@ python-pdfminer-six
|
||||||
(specification->package "unrar")
|
(specification->package "unrar")
|
||||||
(specification->package "nicotine+")
|
(specification->package "nicotine+")
|
||||||
(specification->package "icecat")
|
(specification->package "icecat")
|
||||||
(specification->package "gimp")
|
(specification->package "qutebrowser")
|
||||||
(specification->package "foliate")
|
(specification->package "gimp")
|
||||||
(specification->package "tor-client")
|
(specification->package "tor-client")
|
||||||
(specification->package "make")
|
(specification->package "make")
|
||||||
(specification->package "element-desktop")
|
(specification->package "element-desktop")
|
||||||
|
@ -615,6 +656,10 @@ python-pdfminer-six
|
||||||
(specification->package "xmobar")
|
(specification->package "xmobar")
|
||||||
(specification->package "xmodmap")
|
(specification->package "xmodmap")
|
||||||
(specification->package "rofi")
|
(specification->package "rofi")
|
||||||
|
(specification->package "bluez-alsa")
|
||||||
|
(specification->package "bluez")
|
||||||
|
(specification->package "fuse")
|
||||||
|
(specification->package "blueman")
|
||||||
(specification->package "navidrome-bin"))
|
(specification->package "navidrome-bin"))
|
||||||
%base-packages))
|
%base-packages))
|
||||||
|
|
||||||
|
@ -629,38 +674,37 @@ python-pdfminer-six
|
||||||
|
|
||||||
(services
|
(services
|
||||||
(append (list
|
(append (list
|
||||||
|
(service bluetooth-service-type
|
||||||
|
(bluetooth-configuration
|
||||||
|
(auto-enable? #t)))
|
||||||
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
|
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
|
||||||
(service iptables-service-type
|
|
||||||
(iptables-configuration
|
(service iptables-service-type
|
||||||
(ipv4-rules (plain-file "iptables.rules" "*filter
|
(iptables-configuration
|
||||||
|
(ipv4-rules (plain-file "iptables.rules" "*filter
|
||||||
:INPUT DROP
|
:INPUT DROP
|
||||||
:FORWARD ACCEPT
|
:FORWARD DROP
|
||||||
:OUTPUT ACCEPT
|
:OUTPUT ACCEPT
|
||||||
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||||
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
|
-A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
|
||||||
-A FORWARD -p tcp -s 127.0.0.1 -j ACCEPT
|
-A INPUT -p tcp --dport 631 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A INPUT -p udp --dport 631 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A FORWARD -m state --state INVALID -j DROP
|
-A FORWARD -m state --state INVALID -j DROP
|
||||||
-A OUTPUT -p tcp -s 127.0.0.1 -j ACCEPT
|
|
||||||
-A OUTPUT -m state --state INVALID -j DROP
|
|
||||||
-A OUTPUT -o lo -j ACCEPT
|
-A OUTPUT -o lo -j ACCEPT
|
||||||
-A OUTPUT -o tun+ -j ACCEPT
|
-A OUTPUT -o tun+ -j ACCEPT
|
||||||
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
|
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
|
||||||
|
-A OUTPUT -m state --state INVALID -j DROP
|
||||||
-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
|
-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
|
||||||
-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
|
-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
|
||||||
-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
|
-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
|
||||||
-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
|
-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
|
||||||
-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
|
-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
|
||||||
COMMIT
|
COMMIT
|
||||||
"))
|
"))))
|
||||||
(ipv6-rules (plain-file "ip6tables.rules" "*filter
|
|
||||||
:INPUT DROP
|
|
||||||
:FORWARD DROP
|
(simple-service 'blueman dbus-root-service-type (list blueman))
|
||||||
:OUTPUT DROP
|
|
||||||
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
|
||||||
COMMIT
|
|
||||||
"))))
|
|
||||||
(simple-service 'my-jp-ime-env session-environment-service-type
|
(simple-service 'my-jp-ime-env session-environment-service-type
|
||||||
'(("GTK_IM_MODULE" . "fcitx")
|
'(("GTK_IM_MODULE" . "fcitx")
|
||||||
("QT_IM_MODULE" . "fcitx")
|
("QT_IM_MODULE" . "fcitx")
|
||||||
|
@ -718,7 +762,7 @@ COMMIT
|
||||||
(targets (list "/dev/nvme0n1"))
|
(targets (list "/dev/nvme0n1"))
|
||||||
(theme (grub-theme
|
(theme (grub-theme
|
||||||
(resolution '(1920 . 1080))
|
(resolution '(1920 . 1080))
|
||||||
(image (local-file "/home/berkeley/Downloads/thebigj2.png"))))))
|
(image (local-file "/var/cache/wallpaper.png"))))))
|
||||||
(swap-devices (list (swap-space
|
(swap-devices (list (swap-space
|
||||||
(priority 50)
|
(priority 50)
|
||||||
(target (uuid
|
(target (uuid
|
||||||
|
@ -732,25 +776,22 @@ COMMIT
|
||||||
(device (uuid "02E2-0AB2"
|
(device (uuid "02E2-0AB2"
|
||||||
'fat32))
|
'fat32))
|
||||||
(type "vfat"))
|
(type "vfat"))
|
||||||
|
|
||||||
(file-system
|
(file-system
|
||||||
(mount-point "/")
|
(mount-point "/")
|
||||||
(device (uuid
|
(device (uuid "38467002-a282-4387-8319-cff6d93cd23b" 'ext4))
|
||||||
"38467002-a282-4387-8319-cff6d93cd23b"
|
(type "ext4"))
|
||||||
'ext4))
|
|
||||||
(type "ext4"))
|
(file-system
|
||||||
(file-system
|
(mount-point "/files")
|
||||||
(mount-point "/files")
|
(device (uuid "7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886" 'ext4))
|
||||||
(device (uuid
|
(type "ext4"))
|
||||||
"7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886"
|
|
||||||
'ext4))
|
(file-system
|
||||||
(type "ext4"))
|
(mount-point "/var/cache")
|
||||||
(file-system
|
(device (uuid "9d009d01-d635-4d56-987a-ffc2699da9fb" 'ext4))
|
||||||
(mount-point "/virt")
|
(type "ext4"))
|
||||||
(device (uuid
|
|
||||||
"9d009d01-d635-4d56-987a-ffc2699da9fb"
|
|
||||||
'ext4))
|
|
||||||
(type "ext4"))
|
|
||||||
|
|
||||||
%base-file-systems)))
|
%base-file-systems)))
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue