diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index e48456e..be021d5 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -42,29 +42,22 @@ # unhook {id = "khncfooichmfjbepaaaebmommgaepoid";} - ] - ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ + # polkadotjs {id = "mopnmbcafieddcagagdcbnhejhlodfdd";} - - # rabby wallet - {id = "acmacodkjbdgmoleebolmdjonilkdbch";} - + ] + ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} # always right {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";} - - # shazam music - {id = "mmioliijnhnoblpgimnlajmefafdfilb";} ]); in { programs.chromium = { enable = true; inherit extensions; - # TODO: extensions currently don't work with ungoogled-chromium - package = pkgs.chromium; + package = pkgs.ungoogled-chromium; }; programs.brave = { @@ -74,4 +67,6 @@ in { && !pkgs.stdenv.targetPlatform.isAarch64; inherit extensions; }; + + programs.browserpass = {browsers = ["chromium" "brave"];}; } diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 0691c01..1486713 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -909,7 +909,7 @@ in { channel = 0; # 0 would mean Automatic Channel Selection settings = { - # TODO: this would be faster but x13s on windows can't connect when it's enabled. + # TODO: with 1 the x13s on windows can't connect, however this slows the AP down. # ieee80211n = 1; # Exclude DFS channels from ACS @@ -921,11 +921,6 @@ in { # indications of connection loss. This depends on the driver capabilities and # may not be available with all drivers. disassoc_low_ack = 0; - - skip_inactivity_poll = 1; - - # TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this. - multicast_to_unicast = 1; }; # use 'iw phy#1 info' to determine your VHT capabilities @@ -1043,8 +1038,7 @@ in { wmm_enabled = 1; # IEEE 802.11i (authentication) related configuration - # Encrypt management frames to protect against deauthentication and similar attacks. - # 0 := disabled; 1 := optional; 2 := required + # Encrypt management frames to protect against deauthentication and similar attacks ieee80211w = 1; # sae_require_mfp = 1; # sae_groups = "19 20 21"; @@ -1052,12 +1046,147 @@ in { # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) tls_flags = "[ENABLE-TLSv1.3]"; - ieee8021x = 0; - eap_server = 0; + ieee8021x = 1; + eap_server = 1; + + multicast_to_unicast = 0; + + skip_inactivity_poll = 0; + disassoc_low_ack = 0; }; }; + + # wlan0-1 = { + # ssid = "mlsia-testing"; + # authentication = { + # mode = "wpa3-sae-transition"; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # wlan0-1 = { + # ssid = "justtestingwifi-wpa3"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + + # Uncomment when needed otherwise remove + # wlan0-1 = { + # ssid = "koteczkowo3"; + # authentication = { + # mode = "none"; # this is overriden by settings + # }; + # managementFrameProtection = "optional"; + # bssid = "e6:02:43:07:00:00"; + # settings = { + # bridge = bridgeInterfaceName; + # wpa = lib.mkForce 2; + # wpa_key_mgmt = "WPA-PSK"; + # wpa_pairwise = "CCMP"; + # wpa_psk_file = config.sops.secrets.legacyWifiPassword.path; + # }; + # }; }; }; + + # wlan1 = { + # band = "5g"; + # # channels with 160 MHz width in Poland: 36, 52, 100 i 116 + # channel = 0; # ACS + # countryCode = "PL"; + + # # use 'iw phy#1 info' to determine your VHT capabilities + # wifi4 = { + # enable = true; + # capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"]; + # }; + # wifi5 = { + # enable = true; + # operatingChannelWidth = "160"; + # capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + # }; + # wifi6 = { + # enable = true; + # singleUserBeamformer = true; + # singleUserBeamformee = true; + # multiUserBeamformer = true; + # operatingChannelWidth = "160"; + # }; + # settings = { + # # these two are mandatory for wifi 5 & 6 to work + # vht_oper_centr_freq_seg0_idx = 50; + # he_oper_centr_freq_seg0_idx = 50; + + # # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for + # # transmitting data packets from the second data queue of a network interface. + # # It determines the number of packets that can be sent in a burst. + # # Adjusting this parameter can impact network throughput and latency. + # tx_queue_data2_burst = 2; + + # # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header. + # # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios. + # # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference. + # he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63 + + # # Magic values that were set by openwrt but I didn't bother inspecting every single one + # he_spr_sr_control = 3; + # he_default_pe_duration = 4; + # he_rts_threshold = 1023; + + # he_mu_edca_qos_info_param_count = 0; + # he_mu_edca_qos_info_q_ack = 0; + # he_mu_edca_qos_info_queue_request = 0; + # he_mu_edca_qos_info_txop_request = 0; + + # # he_mu_edca_ac_be_aci=0; missing in 2.10 + # he_mu_edca_ac_be_aifsn = 8; + # he_mu_edca_ac_be_ecwmin = 9; + # he_mu_edca_ac_be_ecwmax = 10; + # he_mu_edca_ac_be_timer = 255; + + # he_mu_edca_ac_bk_aifsn = 15; + # he_mu_edca_ac_bk_aci = 1; + # he_mu_edca_ac_bk_ecwmin = 9; + # he_mu_edca_ac_bk_ecwmax = 10; + # he_mu_edca_ac_bk_timer = 255; + + # he_mu_edca_ac_vi_ecwmin = 5; + # he_mu_edca_ac_vi_ecwmax = 7; + # he_mu_edca_ac_vi_aifsn = 5; + # he_mu_edca_ac_vi_aci = 2; + # he_mu_edca_ac_vi_timer = 255; + + # he_mu_edca_ac_vo_aifsn = 5; + # he_mu_edca_ac_vo_aci = 3; + # he_mu_edca_ac_vo_ecwmin = 5; + # he_mu_edca_ac_vo_ecwmax = 7; + # he_mu_edca_ac_vo_timer = 255; + # }; + # networks = { + # wlan1 = { + # ssid = "koteczkowo5"; + # authentication = { + # mode = "wpa3-sae"; + # saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible. + # }; + # bssid = "36:b9:02:21:08:a2"; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + # }; + # }; }; }; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 16727f0..5ecc54b 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -156,7 +156,6 @@ ../../snippets/holo-zerotier.nix - # experiment with k3s, nix-snapshotter, and nixos images { # (1) Import nixos module. imports = [ @@ -219,6 +218,8 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; + services.syncthing.enable = lib.mkForce false; + home.sessionVariables = {}; home.packages = with pkgs; [ @@ -226,6 +227,7 @@ # TODO: currently unsupported services.gammastep.enable = lib.mkForce false; + # programs.chromium.enable = lib.mkForce false; }; boot = { @@ -233,6 +235,23 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = ["wwan"]; + + # kernelParams = let + # dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + # in lib.mkForce [ + # # needed to boot + # "dtb=${dtbName}" + + # # jhovold recommended + # "efi=noruntime" + # "clk_ignore_unused" + # "pd_ignore_unused" + # # "regulator_ignore_unused" + # "arm64.nopauth" + + # # blacklist graphics in initrd so the firmware can load from disk + # "rd.driver.blacklist=msm" + # ]; }; hardware.firmware = lib.mkBefore [ diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index dcad237..4cb431c 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1722476845, - "narHash": "sha256-7gZ8uf3qOox8Vrwd+p9EhUHHLhhK8lis/5KcXGmIaow=", + "lastModified": 1721266288, + "narHash": "sha256-MsyTzXu9CJVcBr44ct8ILKF/Ro7VlF+tVZTylzAoXSs=", "owner": "nix-community", "repo": "disko", - "rev": "7e1b215a0a96efb306ad6440bf706d2b307dc267", + "rev": "e8e8d9a3a9c1d0e654ccda7834bf0288a9d15c47", "type": "github" }, "original": { @@ -181,11 +181,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1722056346, - "narHash": "sha256-50fcuCppaLMfSOTFO4IkCBs4folToCwlhTgc6IdZFHg=", + "lastModified": 1721250279, + "narHash": "sha256-S47+MFnArDvR7OFCXU0BQoyLCBwSZws+t+bany7Ol6w=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "717ce90cfadffa449480bae2e155185c651e9993", + "rev": "472073a51745cca03257cf625582252cdd04ec21", "type": "github" }, "original": { @@ -203,11 +203,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1722421086, - "narHash": "sha256-Po8GvfDt4O646w1IDIcRdiRIxnqVLv/OwBhr5nOazLw=", + "lastModified": 1721210676, + "narHash": "sha256-6hwlFcRPbfW+tOrKnnx3AL/yWjXqkXHoiIpbFsPMEAg=", "owner": "threefoldtech", "repo": "mycelium", - "rev": "e4d7be8556b259a2204f19d6a0537da3aa7d7a3e", + "rev": "767060eb8bd5abcc8e375bdb8f0984bcb27936da", "type": "github" }, "original": { @@ -259,11 +259,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1722396240, - "narHash": "sha256-t4C/I1CttOGFLYzzjd6zNOPvPleykqbPwO0YT19S6jI=", + "lastModified": 1721131656, + "narHash": "sha256-0EoouVAaS8GHZJitpzQ9S4s4Gps4hkzr8yQcgYkLxwo=", "ref": "refs/heads/main", - "rev": "a59ae21e47538cecddadc220ea16a7b8e2485f66", - "revCount": 97, + "rev": "f1a2bace41471300aa2b0c5c98e6e37087532e16", + "revCount": 91, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, @@ -302,11 +302,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "type": "github" }, "original": { @@ -334,11 +334,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1722372011, - "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=", + "lastModified": 1720954236, + "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cf05eeada35e122770c5c14add958790fcfcbef5", + "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 4e3f1a9..251ff89 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -9,6 +9,9 @@ disko.inputs.nixpkgs.follows = "nixpkgs"; + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; + home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs";