Browse Source

resistFingerprinting is a wet dream coming true omg

rework-profiles
parent
commit
f3fff0078f
Signed by: govanify GPG Key ID: DE62E1E2A6145556
5 changed files with 17 additions and 11 deletions
  1. +3
    -3
      common/gaming.nix
  2. +10
    -6
      common/graphical.nix
  3. +2
    -0
      common/security.nix
  4. +1
    -1
      common/users.nix
  5. +1
    -1
      machines/xanadu/hardware.nix

+ 3
- 3
common/gaming.nix View File

@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }: {
#hardware.opengl.driSupport32Bit = true;
#hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
#hardware.pulseaudio.support32Bit = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
hardware.pulseaudio.support32Bit = true;
environment.systemPackages = with pkgs; [


+ 10
- 6
common/graphical.nix View File

@ -8,7 +8,9 @@
extraPackages = with pkgs; [
swaylock # lockscreen
swayidle
xwayland # for legacy apps
# legacy apps
xwayland
wineWowPackages.full
kanshi # autorandr
# misc wayland utils
wofi grim wl-clipboard slurp
@ -23,13 +25,15 @@
# art
blender krita kdenlive ardour
# stem
freecad kicad wireshark
freecad kicad
#ghidra in the future when it is actually updated
# themes
breeze-gtk breeze-qt5 breeze-icons
];
};
programs.wireshark.enable = true;
# firefox security notes:
#
# firefox should sync to your own server whatever you care(it's E2EE,
@ -45,12 +49,12 @@
# * Privacy Badger |
# |--> not necessary with noScript but sane defaults
# * uBlock origin |
# * user agent switcher with random switch enabled
# 3. Make sure to use those settings in about:config:
# * privacy.resistFingerprinting = true
#
# this way the only identifiable information websites should be able to gather
# is the one you give to them by, ie, logging in, as the only identifiable and
# non randomized string left is your accept_html, which gives out your
# language basically, everything else is randomized assuming noScript is
# is the one you give to them by, ie, logging in, as everything else
# is non unique assuming noScript is
# enabled and tor runs, so your tracking ID should change.
#
# also simple tab groups and stylus are nice cosmetic additions


+ 2
- 0
common/security.nix View File

@ -9,6 +9,8 @@ in {
<nixpkgs/nixos/modules/profiles/hardened.nix>
];
# Use the hardened kernel but keep IA32 emulation.
boot.kernelPackages = kernelPackages;
boot.kernelPatches = [{
name = "keep-ia32";
patch = null;


+ 1
- 1
common/users.nix View File

@ -6,7 +6,7 @@
users.users.govanify = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" ];
extraGroups = [ "wheel" "networkmanager" "audio" "wireshark"];
};
home-manager.users.govanify = {


+ 1
- 1
machines/xanadu/hardware.nix View File

@ -41,6 +41,6 @@
# i915 is a bitch
boot.kernelParams = [ "i915.enable_psr=0" ];
# boot.kernelParams = [ "i915.enable_psr=0" ];
}

Loading…
Cancel
Save