desktop-2024-10-31-13-41-42

configs/borg-exclude.nix

@@ -1,8 +1,11 @@
 {
   borg-exclude = [
     ".cache"
+    ".config/Nextcloud/logs"
+    ".local/share/baloo"
+
+    # ".local/share/libvirt/images"
 
-    ".local/share/libvirt/images"
     ".local/share/Steam"
     ".local/share/Trash"
 

configs/common.nix

@@ -49,6 +49,7 @@
       iotop
       nmap
       nmon
+      bandwhich
 
       gnupg
       gocryptfs

configs/games.nix

@@ -1,5 +1,7 @@
 { config, pkgs, lib, outputs, ... }:
 {
+  users.extraGroups.gamemode.members = [ "alex" ];
+
   programs = {
     gamescope = {
       enable = true;

configs/user.nix

@@ -1,4 +1,18 @@
 { config, pkgs, lib, inputs, ... }:
+let
+  serviceConfig = {
+    MountAPIVFS = true;
+    PrivateTmp = true;
+    PrivateUsers = true;
+    ProtectKernelModules = true;
+    PrivateDevices = true;
+    ProtectControlGroups = true;
+    ProtectHome = true;
+    ProtectKernelTunables = true;
+    ProtectSystem = "full";
+    RestrictSUIDSGID = true;
+  };
+in
 {
   imports = [
     inputs.home-manager.nixosModules.home-manager
@@ -15,6 +29,7 @@
 
     users.alex = {
       isNormalUser = true;
+      uid = 1000;
       # hashedPassword = secrets.hashedPassword;
       hashedPasswordFile = config.sops.secrets.hashedPassword.path;
       extraGroups = [
@@ -36,6 +51,11 @@
     };
   };
 
+  systemd.services = {
+    alex.serviceConfig = serviceConfig;
+    root.serviceConfig = serviceConfig;
+  };
+
   programs = {
     zsh.enable = true;
     nix-ld.enable = true;

configs/virtualisation.nix

@@ -7,11 +7,13 @@
   # "kvm"
 
   virtualisation = {
-    virtualbox.host ={
+    virtualbox.host = {
       enable = true;
       enableExtensionPack = true;
     };
 
+    vmware.host.enable = true;
+
     # libvirtd = {
     #   enable = true;
     #   qemu = {