feat: yet another huge commit

flake.nix

@@ -27,8 +27,8 @@
     nix-super.url = "github:privatevoid-net/nix-super";
 
     schizofox = {
-      url = "github:schizofox/schizofox/wavefox";
-      # url = "path:/home/sioodmy/dev/schizofox";
+      # url = "github:schizofox/schizofox/wavefox";
+      url = "path:/home/sioodmy/dev/schizofox";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-parts.follows = "flake-parts";

home/cli/zsh/aliases.nix

@@ -27,6 +27,13 @@ with pkgs; {
   la = "${getExe eza} -lah --tree";
   ls = "${getExe eza} -h --git --icons --color=auto --group-directories-first -s extension";
   tree = "${getExe eza} --tree --icons --tree";
+  kys = "shutdown now";
+  gpl = "curl https://www.gnu.org/licenses/gpl-3.0.txt -o LICENSE";
+  agpl = "curl https://www.gnu.org/licenses/agpl-3.0.txt -o LICENSE";
+  g = "git";
+  n = "nix";
+  mnt = "udisksctl mount -b";
+  umnt = "udisksctl unmount -b";
   burn = "pkill -9";
   diff = "diff --color=auto";
   ".." = "cd ..";

home/cli/zsh/default.nix

@@ -32,8 +32,8 @@
         SSH_AUTH_SOCK = "/run/user/1000/keyring/ssh";
       };
       history = {
-        save = 999999999;
-        size = 999999999;
+        save = 2137;
+        size = 2137;
         expireDuplicatesFirst = true;
         ignoreDups = true;
         ignoreSpace = true;
@@ -61,16 +61,6 @@
             sha256 = "149zh2rm59blr2q458a5irkfh82y3dwdich60s9670kl3cl5h2m1";
           };
         }
-        {
-          name = "fast-syntax-highlighting";
-          file = "fast-syntax-highlighting.plugin.zsh";
-          src = pkgs.fetchFromGitHub {
-            owner = "zdharma-continuum";
-            repo = "fast-syntax-highlighting";
-            rev = "cf318e06a9b7c9f2219d78f41b46fa6e06011fd9";
-            sha256 = "sha256-RVX9ZSzjBW3LpFs2W86lKI6vtcvDWP6EPxzeTcRZua4=";
-          };
-        }
       ];
     };
   };

home/misc/schizofox.nix

@@ -1,6 +1,6 @@
 {pkgs, ...}: {
   programs.schizofox = {
-    enable = false;
+    enable = true;
     package = pkgs.firefox-esr-115-unwrapped;
     security = {
       sanitizeOnShutdown = false;

home/packages.nix

@@ -19,5 +19,6 @@
     gimp
     inkscape
     keepassxc
+    dconf
   ];
 }

home/rice/waybar/default.nix

@@ -160,7 +160,7 @@ in {
             critical = 15;
           };
           format = "{icon} {capacity}%";
-          format-charging = "󰂄";
+          format-charging = "󰂄 {capacity}%";
           format-alt = "{icon} {capacity}%";
           format-icons = ["󰂃" "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹"];
         };

hosts/calypso/default.nix

@@ -1,66 +1,87 @@
 {
   pkgs,
+  config,
   lib,
   ...
-}: {
+}: let
+  MHz = x: x * 1000;
+  inherit (lib) mkDefault;
+in {
   imports = [./hardware-configuration.nix];
+  environment.systemPackages = with pkgs; [
+    acpi
+    powertop
+  ];
+
   services = {
     fprintd.enable = true;
     thermald.enable = true;
-    power-profiles-daemon.enable = false; # conflicts with tlp
-    tlp = {
+    power-profiles-daemon.enable = true;
+    undervolt = {
+      enable = true;
+      coreOffset = -100;
+      gpuOffset = -80;
+      tempBat = 65;
+    };
+    # DBus service that provides power management support to applications.
+    upower = {
+      enable = true;
+      percentageLow = 15;
+      percentageCritical = 5;
+      percentageAction = 3;
+      criticalPowerAction = "Hibernate";
+    };
+    # superior power management (brought to you by raf :3)
+    auto-cpufreq = {
       enable = true;
       settings = {
-        DEVICES_TO_DISABLE_ON_STARTUP = "bluetooth";
-        START_CHARGE_THRESH_BAT0 = 75;
-        STOP_CHARGE_THRESH_BAT0 = 90;
-        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
-        ENERGY_PERF_POLICY_ON_BAT = "powersave";
-        CPU_BOOST_ON_AC = 1;
-        CPU_BOOST_ON_BAT = 0;
-        CPU_HWP_DYN_BOOST_ON_AC = 1;
-        CPU_HWP_DYN_BOOST_ON_BAT = 0;
-        SCHED_POWERSAVE_ON_AC = 0;
-        SCHED_POWERSAVE_ON_BAT = 1;
-        NMI_WATCHDOG = 0;
-        PLATFORM_PROFILE_ON_AC = "performance";
-        WOL_DISABLE = "Y";
-        PLATFORM_PROFILE_ON_BAT = "low-power";
-        RUNTIME_PM_ON_AC = "on";
-        RUNTIME_PM_ON_BAT = "auto";
-        USB_AUTOSUSPEND = 1;
-        CPU_MIN_PERF_ON_AC = 0;
-        CPU_MAX_PERF_ON_AC = 100;
-        CPU_MIN_PERF_ON_BAT = 0;
-        CPU_MAX_PERF_ON_BAT = 27;
+        battery = {
+          governor = "powersave";
+          scaling_min_freq = mkDefault (MHz 1800);
+          scaling_max_freq = mkDefault (MHz 3600);
+          turbo = "never";
+        };
+        charger = {
+          governor = "performance";
+          scaling_min_freq = mkDefault (MHz 2000);
+          scaling_max_freq = mkDefault (MHz 4800);
+          turbo = "auto";
+        };
       };
     };
   };
 
-   # https://github.com/NixOS/nixpkgs/issues/211345#issuecomment-1397825573
-   systemd.tmpfiles.rules = map
-        (e:
-          "w /sys/bus/${e}/power/control - - - - auto"
-        ) [
-        "pci/devices/0000:00:01.0" # Renoir PCIe Dummy Host Bridge
-        "pci/devices/0000:00:02.0" # Renoir PCIe Dummy Host Bridge
-        "pci/devices/0000:00:14.0" # FCH SMBus Controller
-        "pci/devices/0000:00:14.3" # FCH LPC bridge
-        "pci/devices/0000:04:00.0" # FCH SATA Controller [AHCI mode]
-        "pci/devices/0000:04:00.1/ata1" # FCH SATA Controller, port 1
-        "pci/devices/0000:04:00.1/ata2" # FCH SATA Controller, port 2
-        "usb/devices/1-3" # USB camera
-      ];
+  # https://github.com/NixOS/nixpkgs/issues/211345#issuecomment-1397825573
+  systemd.tmpfiles.rules =
+    map
+    (
+      e: "w /sys/bus/${e}/power/control - - - - auto"
+    ) [
+      "pci/devices/0000:00:01.0" # Renoir PCIe Dummy Host Bridge
+      "pci/devices/0000:00:02.0" # Renoir PCIe Dummy Host Bridge
+      "pci/devices/0000:00:14.0" # FCH SMBus Controller
+      "pci/devices/0000:00:14.3" # FCH LPC bridge
+      "pci/devices/0000:04:00.0" # FCH SATA Controller [AHCI mode]
+      "pci/devices/0000:04:00.1/ata1" # FCH SATA Controller, port 1
+      "pci/devices/0000:04:00.1/ata2" # FCH SATA Controller, port 2
+      "usb/devices/1-3" # USB camera
+    ];
 
-  powerManagement = {
-    cpuFreqGovernor = "powersave";
-    enable = true;
+  boot = {
+    kernelModules = ["acpi_call"];
+    extraModulePackages = with config.boot.kernelPackages;
+      [
+        acpi_call
+        cpupower
+      ]
+      ++ [pkgs.cpupower-gui];
   };
   security.pam.services.login.fprintAuth = true;
   hardware.trackpoint = {
     enable = true;
     emulateWheel = true;
-    sensitivity = 250;
+    speed = 30;
+    sensitivity = 60;
   };
   hardware.opengl.extraPackages = with pkgs; [vaapiIntel libvdpau-va-gl vaapiVdpau];
 }

hosts/calypso/hardware-configuration.nix

@@ -22,7 +22,6 @@
 
   boot.resumeDevice = "/dev/disk/by-label/swap";
 
-
   boot.initrd.availableKernelModules =
     [
       "xhci_pci"

system/core/bootloader.nix

@@ -12,35 +12,29 @@
     tmp.cleanOnBoot = true;
     # some kernel parameters, i dont remember what half of this shit does but who cares
     kernelParams = [
-      "mem_sleep_default=deep"
+      # increase security of heap
+      "slab_nomerge"
+      # mitigate use-after-free vulnerabilities and erase sensitive information in memory
+      "init_on_alloc=1"
+      "init_on_free=1"
+      # make page allocations less predictable
+      "page_alloc.shuffle=1"
+      # prevent meltdown
       "pti=on"
+      # CVE-2019-18683
       "randomize_kstack_offset=on"
+      # disable obsolete vsyscalls
       "vsyscall=none"
-      "acpi_call"
-      "processor.max_cstate=5"
-      "slab_nomerge"
-      "debugfs=off"
-      "module.sig_enforce=1"
-      "lockdown=confidentiality"
-      "page_poison=1"
-      "page_alloc.shuffle=1"
-      "slub_debug=FZP"
-      "sysrq_always_enabled=1"
-      "processor.max_cstate=5"
-      "idle=nomwait"
-      "rootflags=noatime"
-      "iommu=pt"
-      "usbcore.autosuspend=-1"
-      "sysrq_always_enabled=1"
+
+      "loglevel=6"
+      # security
       "lsm=landlock,lockdown,yama,apparmor,bpf"
-      "loglevel=7"
-      "rd.udev.log_priority=3"
-      "noresume"
-      "logo.nologo"
-      "rd.systemd.show_status=auto"
-      "rd.udev.log_level=3"
-      "vt.global_cursor_default=0"
-      "fbcon=nodefer"
+      # disable noisy audit log
+      "audit=0"
+      # i dont use it
+      "ipv6.disable=1"
+      # passthrough
+      "iommu=pt"
     ];
     initrd.verbose = false;
     # switch from old ass lts kernel

system/core/nix.nix

@@ -60,9 +60,6 @@
           "spotify"
           "nvidia-x11"
           "nvidia-settings"
-          "intel-ocl"
-          # they got fossed recently so idk
-          "Anytype-0.35.25-beta"
         ];
       overlays = [
         inputs.nixpkgs-wayland.overlay
@@ -137,14 +134,14 @@
         "https://cache.nixos.org"
         "https://nix-community.cachix.org"
         "https://nixpkgs-unfree.cachix.org"
-         "https://anyrun.cachix.org" 
+        "https://anyrun.cachix.org"
       ];
 
       trusted-public-keys = [
         "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
-         "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" 
+        "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
       ];
     };
   };