upgrade to 25.05

apps/firefox.nix

@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+let
+  lock-false = {
+    Value = false;
+    Status = "locked";
+  };
+  lock-true = {
+    Value = true;
+    Status = "locked";
+  };
+in
+{
+  programs.firefox = {
+    enable = true;
+    policies = {
+      Preferences = {
+        "widget.wayland.vsync.enabled" = lock-false;
+        "widget.wayland.opaque-region.enabled" = lock-false;
+        "media.ffmpeg.vaapi.enabled" = lock-true;
+        "media.hardware-video-decoding.force-enabled" = lock-true;
+      };
+    };
+  };
+}

configuration.nix

@@ -9,14 +9,36 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./nix-alien.nix
+      ./wireguard.nix
+      ./apps/firefox.nix
     ];
 
   # Bootloader.
-  boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader = {
+    grub = {
+      enable = true;
+      useOSProber = true;
+      efiSupport = true;
+      device = "nodev";
+      gfxmodeEfi = "3440x1440";
+      # font = "${pkgs.ubuntu_font_family}/share/fonts/ubuntu/UbuntuMono-R.ttf";
+      font = "${pkgs.hack-font}/share/fonts/truetype/Hack-Regular.ttf";
+      fontSize = 36;
+    };
+  };
 
-  boot.kernelPackages = pkgs.linuxPackages_6_8;
+  boot.kernelPackages = pkgs.linuxPackages_6_12;
-  boot.kernelParams = ["amd_pstate=active"];
+  # boot.kernelPatches = [
+  #   {
+  #     name = "amd-drm-glitch-fix";
+  #     patch = (pkgs.fetchurl {
+  #       url = "https://patchwork.freedesktop.org/patch/605900/raw/";
+  #       hash = "sha256-WR537QGQak5pwm4BnLiQ/pc7gAkn2SdI3QRvGTRZSFE=";
+  #     });
+  #   }
+  # ];
+  boot.kernelParams = ["amd_pstate=active" "iommu=relaxed"];
   boot.supportedFilesystems = ["ntfs"];
 
   networking.hostName = "nixos"; # Define your hostname.
@@ -56,10 +78,14 @@
   services.xserver.enable = true;
 
   # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.displayManager.gdm = {
+    enable = true;
+    wayland = true;
+  };
+
   services.xserver.desktopManager.gnome = {
     enable = true;
-    extraGSettingsOverridePackages = [ pkgs.gnome.mutter ];
+    extraGSettingsOverridePackages = [ pkgs.mutter ];
     extraGSettingsOverrides = ''
       [org.gnome.mutter]
       experimental-features=['scale-monitor-framebuffer']
@@ -67,17 +93,16 @@
   };
 
   # Configure keymap in X11
-  services.xserver = {
+  services.xserver.xkb = {
     layout = "us";
-    xkbVariant = "";
+    variant = "";
   };
 
   # Enable CUPS to print documents.
   services.printing.enable = true;
 
   # Enable sound with pipewire.
-  sound.enable = true;
+  services.pulseaudio.enable = false;
-  hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;
@@ -93,9 +118,29 @@
   };
 
   services.cpupower-gui.enable = true;
+  services.power-profiles-daemon.enable = false;
+  services.tlp = {
+    enable = true;
+    settings = {
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
 
-  # Enable touchpad support (enabled default in most desktopManager).
+      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
-  # services.xserver.libinput.enable = true;
+      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+
+      CPU_MIN_PERF_ON_AC = 0;
+      CPU_MAX_PERF_ON_AC = 100;
+      CPU_MIN_PERF_ON_BAT = 0;
+      CPU_MAX_PERF_ON_BAT = 20;
+
+      USB_EXCLUDE_BTUSB = 1;
+
+      #Optional helps save long term battery health
+      START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
+      STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
+
+    };
+  };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.venya = {
@@ -103,12 +148,10 @@
     description = "Dmitry Chumak";
     extraGroups = [ "networkmanager" "wheel" ];
     packages = with pkgs; [
-    #  thunderbird
     ];
   };
 
   # Install firefox.
-  programs.firefox.enable = true;
 
   programs.nix-ld.enable = true;
 
@@ -124,34 +167,97 @@
   services.flatpak.enable = true;
   # List packages installed in system profile. To search, run:
   # $ nix search wget
+
+  services.syncthing = {
+    enable = true;
+    user = "venya";
+    dataDir = "/home/venya/Documents";    # Default folder for new synced folders
+    configDir = "/home/venya/.config/syncthing";   # Folder for Syncthing's settings and keys
+  };
+
   environment.systemPackages = with pkgs; [
+    nix-search-cli
     alacritty
     vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    neovim
+    ripgrep
+    gnumake
+    dconf-editor
     git
+    pstree
+    jq
+    nixd
+    nixpkgs-fmt
+    bfg-repo-cleaner
+    lazygit
     tmux
     ripgrep
     dig
     xclip
     wget
+    nekoray
+    nix-index
+    inetutils
+    pciutils
+    tcpdump
     gparted
     inkscape
+    flameshot
+    thunderbird-128
     cpupower-gui
     ryzenadj
     powertop
+    gcc
     python312
+    python312Packages.nsz
+    python312Packages.detect-secrets
     nodejs_20
-    cascadia-code
+    go_1_23
-    linuxKernel.packages.linux_6_8.cpupower
+    jdk
+    linuxKernel.packages.linux_6_12.cpupower
+    linuxKernel.packages.linux_6_12.ryzen-smu
+    appimage-run
+    desktop-file-utils
     vimix-cursors
     vimix-icon-theme
     vimix-gtk-themes
   ];
 
-  fonts.packages = with pkgs; [
-    iosevka
-    ubuntu_font_family
-  ];
 
+  fonts = {
+    # https://www.programmingfonts.org/#roboto to check fonts visually
+    fontDir = {
+      enable = true;
+    };
+    fontconfig = {
+      defaultFonts = {
+        monospace = [
+	  "RecMonoLinear Nerd Font Mono"
+	  "Ubuntu Mono"
+	];
+      };
+      localConf = ''
+        <alias>
+          <family>RecMonoLinear Nerd Font Mono</family>
+          <prefer>
+            <family>Roboto Mono</family>
+          </prefer>
+        </alias>
+      '';
+    };
+    packages = with pkgs; [
+      iosevka
+      ubuntu_font_family
+      hack-font
+      cascadia-code
+      roboto-mono
+      nerd-fonts.fira-code
+      nerd-fonts.recursive-mono
+      nerd-fonts.iosevka
+      nerd-fonts.symbols-only
+    ];
+
+  };
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.

hardware-configuration.nix

@@ -35,4 +35,8 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.amd.ryzen-smu.enable = true;
+
+  # to enable gamepads
+  hardware.steam-hardware.enable = true;
 }

wireguard.nix

@@ -0,0 +1,18 @@
+# { config, pkgs, lib, ... }:{
+#   networking.firewall.checkReversePath = "loose"; 
+# }
+{ config, pkgs, lib, ... }:{
+  networking.firewall = {
+   # if packets are still dropped, they will show up in dmesg
+   logReversePathDrops = true;
+   # wireguard trips rpfilter up
+   extraCommands = ''
+     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 16632 -j RETURN
+     ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 16632 -j RETURN
+   '';
+   extraStopCommands = ''
+     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 16632 -j RETURN || true
+     ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 16632 -j RETURN || true
+   '';
+  };
+}