3 files changed, 42 insertions, 43 deletions

diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 424ec2e..58c7ee9 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -1,15 +1,11 @@
 { config, inputs, outputs, pkgs, ... }: {
   boot = {
-    initrd.kernelModules = [ "amdgpu" "zfs" ];
+    initrd.kernelModules = [ "zfs" ];
     kernel.sysctl = {
       "net.ipv4.ip_forward" = 1;
-      "net.ipv4.conf.all.proxy_arp" = 1;
+      #"net.ipv4.conf.all.proxy_arp" = 1;
     };
     kernelPackages = pkgs.master.linuxPackages_6_14;
-    kernelParams = [
-      "amdgpu.ppfeaturemask=0xfffd3fff"
-      "split_lock_detect=off"
-    ];
     loader = {
       efi = {
         canTouchEfiVariables = true;
@@ -119,20 +115,20 @@
     ./hardware-configuration.nix
     ./services.nix
     ../common/core
-    ../common/optional/adb.nix
-    ../common/optional/db.nix
+    #../common/optional/adb.nix
+    #../common/optional/db.nix
     ../common/optional/dev.nix
-    ../common/optional/ebooks.nix
+    #../common/optional/ebooks.nix
     ../common/optional/games.nix
     ../common/optional/google-authenticator.nix
     ../common/optional/misc.nix
     ../common/optional/multimedia.nix
-    ../common/optional/pipewire.nix
-    ../common/optional/sdr.nix
+    #../common/optional/pipewire.nix
+    #../common/optional/sdr.nix
     ../common/optional/services/chrony.nix
     ../common/optional/services/openssh.nix
-    ../common/optional/services/xorg.nix
-    ../common/optional/sound.nix
+    #../common/optional/services/xorg.nix
+    #../common/optional/sound.nix
     ../common/optional/wdt.nix
     ../common/optional/zfs.nix
     ../common/users/nipsy
@@ -142,13 +138,13 @@
   networking = {
     defaultGateway = {
       address = "192.168.1.1";
-      interface = "wlp5s0";
+      interface = "enp6s0";
     };
     domain = "bitgnome.net";
     hostId = "2ae4c89f";
     hostName = "arrakis";
     interfaces = {
-      wlp5s0 = {
+      enp6s0 = {
         ipv4.addresses = [
           { address = "192.168.1.2"; prefixLength = 24; }
         ];
@@ -230,7 +226,7 @@
     };
     hostPlatform = "x86_64-linux";
     overlays = [
-      #inputs.nvidia-patch.overlays.default
+      inputs.nvidia-patch.overlays.default
       outputs.overlays.additions
       outputs.overlays.modifications
       outputs.overlays.master-packages
@@ -239,9 +235,6 @@
     ];
   };
 
-  services.openssh.settings.X11Forwarding = true;
-  services.xserver.videoDrivers = [ "amdgpu" ];
-
   sops = {
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
     defaultSopsFile = ../secrets/arrakis.yaml;
@@ -303,18 +296,18 @@
     };
 
     "nftables-extra" = let rules_script = ''
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { http, https } counter accept # 80, 443'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport 2049 counter accept'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server'
         ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "veth.host" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play'
-        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 51820 counter accept # WireGuard'
         ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
       ''; in {
         description = "nftables extra firewall rules";
diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix
index 94367e0..c7a6652 100644
--- a/hosts/arrakis/hardware-configuration.nix
+++ b/hosts/arrakis/hardware-configuration.nix
@@ -17,7 +17,7 @@
   };
 
   environment.sessionVariables = {
-    #LIBVA_DRIVER_NAME = "nvidia";
+    LIBVA_DRIVER_NAME = "nvidia";
     MOZ_DISABLE_RDD_SANDBOX = "1";
   };
 
@@ -53,19 +53,19 @@
 
     graphics = {
       enable = true;
-      #extraPackages = with pkgs; [ nvidia-vaapi-driver ];
-      #extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ];
+      extraPackages = [ pkgs.nvidia-vaapi-driver ];
+      extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ];
     };
 
-    #nvidia = let
-    #  betaPkg = config.boot.kernelPackages.nvidiaPackages.beta;
-    #  pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg;
-    #  finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc;
-    #in {
-    #  modesetting.enable = true;
-    #  open = true;
-    #  package = if finalPkg == betaPkg then betaPkg else finalPkg;
-    #};
+    nvidia = let
+      betaPkg = config.boot.kernelPackages.nvidiaPackages.beta;
+      pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg;
+      finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc;
+    in {
+      modesetting.enable = true;
+      open = true;
+      package = if finalPkg == betaPkg then betaPkg else finalPkg;
+    };
 
     printers = let
       brother = "Brother_HL-L2340D";
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix
index 92da6a1..7d589fd 100644
--- a/hosts/arrakis/services.nix
+++ b/hosts/arrakis/services.nix
@@ -104,8 +104,8 @@
                 openFirewall = true;
 
                 settings = {
-                  PasswordAuthentication = false;
                   KbdInteractiveAuthentication = false;
+                  PasswordAuthentication = false;
                 };
               };
 
@@ -224,6 +224,10 @@
       };
     };
 
+    openssh.settings = {
+      StreamLocalBindUnlink = true;
+    };
+
     postfix = let my_email = "nipsy@bitgnome.net"; in {
       enable = true;
       extraAliases = ''
@@ -325,6 +329,8 @@
       pkgs.vial
     ];
 
+    xserver.videoDrivers = [ "nvidia" ];
+
   };
 
   #systemd.services.nginx.serviceConfig.ProtectHome = lib.mkForce false;