end of semester update

application-configuration.nix

@@ -18,10 +18,9 @@
         tor-browser-bundle-bin
         yubikey-manager-qt
         libsForQt5.kdeconnect-kde
-        obsidian
 
         # virtualisation
-        podman-compose
+        docker-compose
       ];
   };
 
@@ -46,14 +45,10 @@
   # yubikey
   services.pcscd.enable = true;
 
-  # podman and libvirt
+  # docker and libvirt
   programs.virt-manager.enable = true;
   virtualisation = {
-    podman = {
+    docker.enable = true;
-      enable = true;
-      dockerCompat = true;
-      defaultNetwork.settings.dns_enabled = true;
-    };
 
     # enable libvirt
     spiceUSBRedirection.enable = true;
@@ -75,5 +70,5 @@
       };
     };
   };
-  users.users.caleb.extraGroups = [ "libvirtd" ];
+  users.users.caleb.extraGroups = [ "libvirtd" "docker" ];
 }

configuration.nix

@@ -8,7 +8,6 @@
       ./networking-configuration.nix
       ./application-configuration.nix
       ./software-development-configuration.nix
-      ./school-configuration.nix
       ./faf-linux.nix
     ];
 
@@ -37,11 +36,6 @@
     driSupport32Bit = true;
   };
 
-  # Allow unfree and insecure packages
-  nixpkgs.config.permittedInsecurePackages = [
-    "electron-25.9.0"
-  ];
-
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
     "vista-fonts"
     "corefonts"
@@ -58,8 +52,6 @@
 
     "vscode"
     "code"
-
-    "obsidian"
   ];
 
   # Enable the X11 windowing system.
@@ -74,7 +66,7 @@
   fonts.packages = with pkgs; [
     vistafonts
     corefonts
-    nerdfonts # nvcahd dependency
+    nerdfonts # nvchad dependency
   ];
 
   # Enable sound with pipewire.
@@ -88,7 +80,7 @@
     pulse.enable = true;
   };
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # Define a user account.
   users.users.caleb = {
     isNormalUser = true;
     description = "caleb";
@@ -144,7 +136,7 @@
       hostName = "talos";
       system = "x86_64-linux";
       protocol = "ssh-ng";
-      speedFactor = 3;
+      speedFactor = 2;
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       mandatoryFeatures = [ ];
     }
@@ -152,18 +144,10 @@
       hostName = "january";
       system = "x86_64-linux";
       protocol = "ssh-ng";
-      speedFactor = 4;
+      speedFactor = 3;
       supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
       mandatoryFeatures = [ ];
     }
-    /* {
-      hostName = "pubnix";
-      system = "x86_64-linux";
-      protocol = "ssh-ng";
-      speedFactor = 2;
-      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      mandatoryFeatures = [ ];
-    } */
   ];
   nix.distributedBuilds = true;
   # optional, useful when the builder has a faster internet connection than yours

networking-configuration.nix

@@ -25,19 +25,18 @@
 
   # Enable mullvad vpn
   services.mullvad-vpn.package = pkgs.mullvad-vpn;
-  #services.resolved.enable = true;
-  #networking.resolvconf.enable = false;
   services.mullvad-vpn.enable = true;
 
   # Enable tailscale
   services.tailscale.enable = true;
 
   # exclude tailscale IPs from mullvad routing
- /*  networking.nftables = {
+  networking.nftables = {
     enable = true;
     ruleset = ''
       define TAILNET_DNS = {
-        100.100.100.100
+        100.100.100.100,
+        9.9.9.9
       }
       define TAILNET_IPV4 = {
         100.64.0.0/10
@@ -52,13 +51,6 @@
           ip daddr $TAILNET_DNS tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
         }
       }
-      table inet excludeTraffic {
-        chain excludeOutgoing {
-          type route hook output priority 0; policy accept;
-          ip daddr $TAILNET_IPV4 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
-          ip6 daddr $TAILNET_IPV6 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
-        }
-      }
     '';
-  }; */
+  };
 }

school-configuration.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    nmap
-    wireshark
-    libstdcxx5
-  ];
-
-  users.users.caleb.packages = with pkgs; [
-    python311Packages.pygame
-  ];
-
-  #virtualisation.virtualbox.host.enable = true;
-  #users.extraGroups.vboxusers.members = [ "caleb" ];
-}

surfacebook-configuration.nix

@@ -1,15 +1,4 @@
 { config, lib, pkgs, ... }:
-
-# nvidia-offload script
-let
-  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
-    export __NV_PRIME_RENDER_OFFLOAD=1
-    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
-    export __GLX_VENDOR_LIBRARY_NAME=nvidia
-    export __VK_LAYER_NV_optimus=NVIDIA_only
-    exec "$@"
-  '';
-in
 {
   imports =
     [
@@ -25,7 +14,7 @@ in
   # Nvidia driver setup
   hardware.nvidia = {
     modesetting.enable = true;
-    package = config.boot.kernelPackages.nvidiaPackages.latest;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
     nvidiaSettings = true;
     powerManagement = {
       enable = true;