chore: document non-target disks and harden NixOS base config

Co-authored-by: aider (openrouter/openai/gpt-5.2) <aider@aider.chat>
2026-02-08 14:00:03 +11:00
parent 73bae4f9b9
commit 7b2e6e1fd2
2 changed files with 24 additions and 1 deletions
--- a/hosts/sam-4screen-desktop/configuration.nix
+++ b/hosts/sam-4screen-desktop/configuration.nix
@@ -75,11 +75,24 @@
  # flip this to true.
  services.openssh.settings.PasswordAuthentication = false;

+  # Explicitly enable firewall (keep SSH as the only opened port via openFirewall above).
+  networking.firewall.enable = true;
+
  # ---
  # dconf (helps portals/GTK apps)
  # ---
  programs.dconf.enable = true;

+  # Polkit is commonly required for a smooth experience with portals and desktop actions,
+  # especially in minimal Wayland sessions.
+  security.polkit.enable = true;
+
+  # ---
+  # Firmware / microcode (stability)
+  # ---
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.intel.updateMicrocode = true;
+
  # ---
  # OpenGL (important for NVIDIA Wayland apps)
  # ---
@@ -134,7 +147,10 @@
  # Wayland portals (refine later if screencast needs a different backend)
  xdg.portal = {
    enable = true;
-    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+    extraPortals = [
+      pkgs.xdg-desktop-portal-gtk
+      pkgs.xdg-desktop-portal-gnome
+    ];
  };

  # Minimal system packages needed for the session and core usability
@@ -153,6 +169,7 @@
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.nvidia.modesetting.enable = true;
  hardware.nvidia.nvidiaSettings = true;
+  hardware.nvidia.nvidiaPersistenced = true;

  # ---
  # NixOS release compatibility