From 7b2e6e1fd22acfecb7cf1039d0c77705181d9033 Mon Sep 17 00:00:00 2001 From: sam rolfe Date: Sun, 8 Feb 2026 14:00:03 +1100 Subject: [PATCH] chore: document non-target disks and harden NixOS base config Co-authored-by: aider (openrouter/openai/gpt-5.2) --- docs/nixos_build_spec.md | 6 ++++++ hosts/sam-4screen-desktop/configuration.nix | 19 ++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/nixos_build_spec.md b/docs/nixos_build_spec.md index 268a76f..08f3aa9 100644 --- a/docs/nixos_build_spec.md +++ b/docs/nixos_build_spec.md @@ -12,6 +12,12 @@ KEEP (do not format): WIPE + install NixOS here: - /dev/nvme0n1p5 (currently Ubuntu ext4 /) UUID=4e99904c-ce6f-4c3c-898a-e29cfc373489 +## Other attached disks (DO NOT FORMAT) +- /dev/sda (240GB Patriot Burst) contains NTFS label "Back Up" (keep) +- /dev/sdb (500GB) ext4 label "TempBackup" (keep) +- /dev/sdc (320GB) ext4 label "Integral300" UUID=27febd74-20aa-4a3a-92c1-6fdd1ad7e88e (mount at /data) +- /dev/sde (160GB) ext4 label "XPSystemDrive" (keep) + Bootloader: - systemd-boot, using the existing EFI partition (/dev/nvme0n1p1) diff --git a/hosts/sam-4screen-desktop/configuration.nix b/hosts/sam-4screen-desktop/configuration.nix index 86f9a9d..71d0e25 100644 --- a/hosts/sam-4screen-desktop/configuration.nix +++ b/hosts/sam-4screen-desktop/configuration.nix @@ -75,11 +75,24 @@ # flip this to true. services.openssh.settings.PasswordAuthentication = false; + # Explicitly enable firewall (keep SSH as the only opened port via openFirewall above). + networking.firewall.enable = true; + # --- # dconf (helps portals/GTK apps) # --- programs.dconf.enable = true; + # Polkit is commonly required for a smooth experience with portals and desktop actions, + # especially in minimal Wayland sessions. + security.polkit.enable = true; + + # --- + # Firmware / microcode (stability) + # --- + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + # --- # OpenGL (important for NVIDIA Wayland apps) # --- @@ -134,7 +147,10 @@ # Wayland portals (refine later if screencast needs a different backend) xdg.portal = { enable = true; - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + extraPortals = [ + pkgs.xdg-desktop-portal-gtk + pkgs.xdg-desktop-portal-gnome + ]; }; # Minimal system packages needed for the session and core usability @@ -153,6 +169,7 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.modesetting.enable = true; hardware.nvidia.nvidiaSettings = true; + hardware.nvidia.nvidiaPersistenced = true; # --- # NixOS release compatibility