From 1dc168ce637a279e93e7ebe8fca6de377c46cdd0 Mon Sep 17 00:00:00 2001 From: unexplrd Date: Thu, 12 Jun 2025 22:39:29 +0300 Subject: [PATCH] README.md: add GLF OS credits and adapt various config elements from it Signed-off-by: unexplrd --- README.md | 1 + hosts/sarien/configuration.nix | 5 ++--- modules/nixos/config/misc/default.nix | 2 +- modules/nixos/config/misc/zram.nix | 8 ++++++++ modules/nixos/config/nix/common.nix | 5 +++++ modules/nixos/config/security/default.nix | 1 + modules/nixos/config/services.nix | 4 ++++ 7 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 modules/nixos/config/misc/zram.nix diff --git a/README.md b/README.md index cc01e78..543c4e0 100644 --- a/README.md +++ b/README.md @@ -12,5 +12,6 @@ Configurations I took code/ideas from: - [github:TheMaxMur/NixOS-Configuration](https://github.com/TheMaxMur/NixOS-Configuration) - [github:nix-community/srvos](https://github.com/nix-community/srvos) - [github:cloud-gouv/securix](https://github.com/cloud-gouv/securix) +- [GLF OS](https://www.gaminglinux.fr/glf-os/en) Thx a lot <3 diff --git a/hosts/sarien/configuration.nix b/hosts/sarien/configuration.nix index 24e4527..c2c985b 100644 --- a/hosts/sarien/configuration.nix +++ b/hosts/sarien/configuration.nix @@ -1,5 +1,6 @@ { inputs, + lib, pkgs, ... }: { @@ -18,7 +19,6 @@ hostName = "sarien"; }; - boot.loader.systemd-boot.enable = true; environment.memoryAllocator.provider = "mimalloc"; system.stateVersion = "25.11"; time.timeZone = "Europe/Kyiv"; @@ -29,7 +29,6 @@ user = "user"; }; - zramSwap.enable = true; swapDevices = [ { device = "/swap/swapfile"; @@ -39,7 +38,7 @@ { device = "/swap/hibernate"; size = 16 * 1024; - priority = 0; + priority = 1; } ]; diff --git a/modules/nixos/config/misc/default.nix b/modules/nixos/config/misc/default.nix index 8f1c59a..82640cb 100644 --- a/modules/nixos/config/misc/default.nix +++ b/modules/nixos/config/misc/default.nix @@ -1,3 +1,3 @@ { - imports = [./slim.nix]; + imports = [./slim.nix ./zram.nix]; } diff --git a/modules/nixos/config/misc/zram.nix b/modules/nixos/config/misc/zram.nix new file mode 100644 index 0000000..ff44dcc --- /dev/null +++ b/modules/nixos/config/misc/zram.nix @@ -0,0 +1,8 @@ +{ + zramSwap = { + enable = true; + algorithm = "zstd"; + memoryPercent = 25; + priority = 5; + }; +} diff --git a/modules/nixos/config/nix/common.nix b/modules/nixos/config/nix/common.nix index 64784db..88f15b7 100644 --- a/modules/nixos/config/nix/common.nix +++ b/modules/nixos/config/nix/common.nix @@ -7,7 +7,12 @@ package = pkgs.lixPackageSets.latest.lix; channel.enable = false; daemonCPUSchedPolicy = "idle"; + optimise = { + automatic = true; + dates = ["weekly"]; + }; settings = { + auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" diff --git a/modules/nixos/config/security/default.nix b/modules/nixos/config/security/default.nix index 559f12b..4275a90 100644 --- a/modules/nixos/config/security/default.nix +++ b/modules/nixos/config/security/default.nix @@ -56,6 +56,7 @@ in { "fs.protected_regular" = 2; "fs.suid_dumpable" = 0; "kernel.kptr_restrict" = 2; + "kernel_kexec_load_disabled" = 1; # "kernel.modules_disabled" = 1; "kernel.sysrq" = 0; "kernel.unprivileged_bpf_disabled" = 1; diff --git a/modules/nixos/config/services.nix b/modules/nixos/config/services.nix index 0ad6592..115ec2f 100644 --- a/modules/nixos/config/services.nix +++ b/modules/nixos/config/services.nix @@ -16,6 +16,10 @@ bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"]; }; }; + fstrim = { + enable = true; + interval = "daily"; + }; opensnitch = { enable = false; settings = {