Upload files to "etc"
berkeley
parent
9508579513
commit
bcc6d7475a
127
etc/config.scm
127
etc/config.scm
|
|
@ -2,11 +2,13 @@
|
|||
(gnu)
|
||||
(guix store)
|
||||
(guix packages)
|
||||
(gnu packages databases)
|
||||
(rosenthal packages binaries)
|
||||
(rosenthal packages emacs-xyz)
|
||||
(guix transformations)
|
||||
(gnu packages audio)
|
||||
(gnu packages librewolf)
|
||||
(gnu packages sqlite)
|
||||
(gnu packages gdb)
|
||||
(gnu packages graphics)
|
||||
(gnu packages java)
|
||||
|
|
@ -61,6 +63,7 @@ commencement)
|
|||
(gnu packages lxqt)
|
||||
(gnu packages file-systems)
|
||||
(gnu services base)
|
||||
(gnu packages base)
|
||||
(gnu packages xfce)
|
||||
(guix channels)
|
||||
(guix inferior)
|
||||
|
|
@ -129,25 +132,47 @@ commencement)
|
|||
(use-service-modules web security base certbot shepherd nix cups desktop networking ssh docker xorg linux virtualization)
|
||||
(use-package-modules package-management version-control gcc bash certs admin linux)
|
||||
(define my-kernel linux)
|
||||
(define xmonad-0.18.0
|
||||
(package
|
||||
(inherit xmonad)
|
||||
(version "0.18.0")))
|
||||
(define my-packages
|
||||
(list
|
||||
xmonad-0.18.0
|
||||
))
|
||||
|
||||
(operating-system
|
||||
(kernel my-kernel)
|
||||
(kernel-arguments '("quiet"
|
||||
"nvme_core.default_ps_max_latency_us=0"
|
||||
"noatime"
|
||||
"zswap.enabled=1"
|
||||
"zswap.compressor=lz4"
|
||||
"zswap.max_pool_percent=36"
|
||||
"elevator=deadline"
|
||||
"intel_pstate=disable"
|
||||
"mitigations=auto"
|
||||
"ksm=1"
|
||||
"spectre_v2=on"
|
||||
"nopti"
|
||||
"rootflags=data=writeback"
|
||||
"cpufreq.default_governor=performance"
|
||||
"transparent_hugepage=madvise"
|
||||
"maxcpus=4"))
|
||||
(kernel-arguments
|
||||
'("quiet" ; Reduces boot verbosity
|
||||
"noatime" ; Disables access time updates for performance
|
||||
"zswap.enabled=1" ; Enables zswap for compressed caching of swap pages
|
||||
"zswap.compressor=zstd" ; Sets zswap compressor to zstd for efficiency
|
||||
"zswap.max_pool_percent=36"; Configures zswap to use up to 36% of RAM
|
||||
"elevator=deadline" ; Sets the I/O scheduler to deadline for balanced performance
|
||||
"mitigations=auto" ; Enables CPU mitigations as appropriate (security vs performance)
|
||||
"ksm=1" ; Allows Kernel Samepage Merging for memory efficiency
|
||||
"spectre_v2=on" ; Enables Spectre v2 mitigations
|
||||
"nopti" ; Disables Page Table Isolation for performance (may impact security)
|
||||
"rootflags=data=writeback" ; Improves performance for writes with writeback caching
|
||||
"transparent_hugepage=madvise" ; Uses transparent huge pages with advice for allocations
|
||||
"maxcpus=4" ; Limits CPU cores for the kernel (can be set to auto for all)
|
||||
"noirqdebug" ; Disables IRQ debugging messages
|
||||
"watchdog" ; Enables hardware watchdog
|
||||
"noreplace-smp" ; Avoids replacing the SMP kernel after a panic
|
||||
"softlockup_panic" ; Causes kernel panic if a soft lockup is detected
|
||||
"preempt=full" ; Enables full preemptive kernel for better responsiveness
|
||||
"sysrq_always_enabled=1" ; Keeps SysRq features enabled
|
||||
"ipv6.disable=1" ; Disables IPv6 support to potentially simplify networking
|
||||
"oem" ; OEM specific configurations
|
||||
"amdgpu.ppfeaturemask=0xffffffff" ; Configures all powerplay features for AMD GPU
|
||||
"amdgpu.dc=1" ; Enable Display Core for better graphics handling
|
||||
"amdgpu.dpm=1" ; Enable Dynamic Power Management for AMD GPU
|
||||
"amdgpu.aspm=1" ; Enable Active State Power Management on AMD GPUs
|
||||
"irqaffinity=1" ; Assign IRQs to CPUs to improve stability
|
||||
"cpufreq.default_governor=performance"; CPU runs at maximum speed for optimal performance
|
||||
))
|
||||
|
||||
(initrd microcode-initrd)
|
||||
(firmware (list linux-firmware))
|
||||
|
||||
|
|
@ -171,6 +196,8 @@ commencement)
|
|||
(packages (append (list
|
||||
;emacs-org-roam
|
||||
;emacs-org-roam-ui
|
||||
postgresql
|
||||
;foliate
|
||||
polybar
|
||||
gstreamer
|
||||
gst-plugins-bad
|
||||
|
|
@ -186,9 +213,11 @@ commencement)
|
|||
qtsolutions
|
||||
glances
|
||||
zstd
|
||||
sqlite
|
||||
mpv
|
||||
kitty
|
||||
maim
|
||||
;;
|
||||
procps
|
||||
scrot
|
||||
mupdf
|
||||
|
|
@ -198,10 +227,11 @@ commencement)
|
|||
go
|
||||
clisp
|
||||
fdm
|
||||
jami
|
||||
;;jami
|
||||
;navidrome-bin
|
||||
;mullvad-vpn
|
||||
smartmontools
|
||||
;;
|
||||
udevil
|
||||
samba
|
||||
cifs-utils
|
||||
|
|
@ -423,9 +453,12 @@ emacs-latex-preview-pane
|
|||
neofetch
|
||||
kleopatra
|
||||
flatpak
|
||||
fuse
|
||||
pfetch
|
||||
icecat
|
||||
qutebrowser
|
||||
;;mullvadbrowser
|
||||
nftables
|
||||
git-lfs
|
||||
ghc-git-lfs
|
||||
hashcat
|
||||
|
|
@ -566,13 +599,19 @@ extractpdfmark
|
|||
poppler-qt5
|
||||
poppler
|
||||
python-pdfminer-six
|
||||
lz4
|
||||
zstd
|
||||
rust
|
||||
blueman
|
||||
bluez
|
||||
bluez-alsa
|
||||
;goldendict-ng
|
||||
;suckless-dictpopup
|
||||
;;rust-version-check
|
||||
;;rust-deunicode
|
||||
nheko
|
||||
lf
|
||||
fuse
|
||||
;; lots of fonts from package xorg.scm
|
||||
font-adobe100dpi font-adobe75dpi font-cronyx-cyrillic font-dec-misc
|
||||
font-isas-misc font-micro-misc font-misc-cyrillic font-misc-ethiopic
|
||||
|
|
@ -583,7 +622,9 @@ python-pdfminer-six
|
|||
noisetorch
|
||||
linux-firmware
|
||||
nix
|
||||
dmidecode
|
||||
(specification->package "i3-wm")
|
||||
(specification->package "dmidecode")
|
||||
(specification->package "i3status")
|
||||
(specification->package "dmenu")
|
||||
(specification->package "st")
|
||||
|
|
@ -605,8 +646,8 @@ python-pdfminer-six
|
|||
(specification->package "unrar")
|
||||
(specification->package "nicotine+")
|
||||
(specification->package "icecat")
|
||||
(specification->package "qutebrowser")
|
||||
(specification->package "gimp")
|
||||
(specification->package "foliate")
|
||||
(specification->package "tor-client")
|
||||
(specification->package "make")
|
||||
(specification->package "element-desktop")
|
||||
|
|
@ -615,6 +656,10 @@ python-pdfminer-six
|
|||
(specification->package "xmobar")
|
||||
(specification->package "xmodmap")
|
||||
(specification->package "rofi")
|
||||
(specification->package "bluez-alsa")
|
||||
(specification->package "bluez")
|
||||
(specification->package "fuse")
|
||||
(specification->package "blueman")
|
||||
(specification->package "navidrome-bin"))
|
||||
%base-packages))
|
||||
|
||||
|
|
@ -629,38 +674,37 @@ python-pdfminer-six
|
|||
|
||||
(services
|
||||
(append (list
|
||||
(service bluetooth-service-type
|
||||
(bluetooth-configuration
|
||||
(auto-enable? #t)))
|
||||
(udev-rules-service 'fido2 libfido2 #:groups '("plugdev"))
|
||||
(service iptables-service-type
|
||||
|
||||
(service iptables-service-type
|
||||
(iptables-configuration
|
||||
(ipv4-rules (plain-file "iptables.rules" "*filter
|
||||
:INPUT DROP
|
||||
:FORWARD ACCEPT
|
||||
:FORWARD DROP
|
||||
:OUTPUT ACCEPT
|
||||
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||
-A INPUT -p tcp -s 127.0.0.1 -j ACCEPT
|
||||
-A FORWARD -p tcp -s 127.0.0.1 -j ACCEPT
|
||||
-A INPUT -p tcp --dport 631 -j REJECT --reject-with icmp-port-unreachable
|
||||
-A INPUT -p udp --dport 631 -j REJECT --reject-with icmp-port-unreachable
|
||||
-A INPUT -j REJECT --reject-with icmp-port-unreachable
|
||||
-A FORWARD -m state --state INVALID -j DROP
|
||||
-A OUTPUT -p tcp -s 127.0.0.1 -j ACCEPT
|
||||
-A OUTPUT -m state --state INVALID -j DROP
|
||||
-A OUTPUT -o lo -j ACCEPT
|
||||
-A OUTPUT -o tun+ -j ACCEPT
|
||||
-A OUTPUT -m owner --gid-owner openvpn -j ACCEPT
|
||||
-A OUTPUT -m state --state INVALID -j DROP
|
||||
-t nat -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp -j REDIRECT --to-ports 9040
|
||||
-t nat -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j REDIRECT --to-ports 53
|
||||
-t filter -A OUTPUT -p tcp -m owner --uid-owner berkeley -m tcp --dport 9040 -j ACCEPT
|
||||
-t filter -A OUTPUT -p udp -m owner --uid-owner berkeley -m udp --dport 53 -j ACCEPT
|
||||
-t filter -A OUTPUT -m owner --uid-owner berkeley -j DROP
|
||||
COMMIT
|
||||
"))
|
||||
(ipv6-rules (plain-file "ip6tables.rules" "*filter
|
||||
:INPUT DROP
|
||||
:FORWARD DROP
|
||||
:OUTPUT DROP
|
||||
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||||
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
|
||||
COMMIT
|
||||
"))))
|
||||
|
||||
|
||||
(simple-service 'blueman dbus-root-service-type (list blueman))
|
||||
(simple-service 'my-jp-ime-env session-environment-service-type
|
||||
'(("GTK_IM_MODULE" . "fcitx")
|
||||
("QT_IM_MODULE" . "fcitx")
|
||||
|
|
@ -718,7 +762,7 @@ COMMIT
|
|||
(targets (list "/dev/nvme0n1"))
|
||||
(theme (grub-theme
|
||||
(resolution '(1920 . 1080))
|
||||
(image (local-file "/home/berkeley/Downloads/thebigj2.png"))))))
|
||||
(image (local-file "/var/cache/wallpaper.png"))))))
|
||||
(swap-devices (list (swap-space
|
||||
(priority 50)
|
||||
(target (uuid
|
||||
|
|
@ -732,23 +776,20 @@ COMMIT
|
|||
(device (uuid "02E2-0AB2"
|
||||
'fat32))
|
||||
(type "vfat"))
|
||||
|
||||
(file-system
|
||||
(mount-point "/")
|
||||
(device (uuid
|
||||
"38467002-a282-4387-8319-cff6d93cd23b"
|
||||
'ext4))
|
||||
(device (uuid "38467002-a282-4387-8319-cff6d93cd23b" 'ext4))
|
||||
(type "ext4"))
|
||||
|
||||
(file-system
|
||||
(mount-point "/files")
|
||||
(device (uuid
|
||||
"7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886"
|
||||
'ext4))
|
||||
(device (uuid "7b2cbf88-bc71-49ad-b2fa-a4bbdb71f886" 'ext4))
|
||||
(type "ext4"))
|
||||
|
||||
(file-system
|
||||
(mount-point "/virt")
|
||||
(device (uuid
|
||||
"9d009d01-d635-4d56-987a-ffc2699da9fb"
|
||||
'ext4))
|
||||
(mount-point "/var/cache")
|
||||
(device (uuid "9d009d01-d635-4d56-987a-ffc2699da9fb" 'ext4))
|
||||
(type "ext4"))
|
||||
|
||||
%base-file-systems)))
|
||||
|
|
|
|||
Loading…
Reference in New Issue