From c1d4fa52554f203d3dc71cff594e55ef6f8e08a6 Mon Sep 17 00:00:00 2001 From: jasmine Date: Wed, 12 Nov 2025 14:40:49 +0800 Subject: [PATCH] refactor(fuchsia): reorganize audio and bluetooth configuration Separated PipeWire audio configuration from bluetooth hardware settings for better logical organization. Moved bluetooth config to hardware-configuration.nix alongside kernel module workarounds (disable_ertm, iwlwifi power_save). Also added documentation for permittedInsecurePackages in global config and updated flake dependencies. --- flake.lock | 54 +++++++++---------- .../features/editors/claude-settings.json | 1 - nixos/common/global/default.nix | 6 +++ nixos/fuchsia/hardware-configuration.nix | 16 ++++++ .../services/{pipewire => audio}/default.nix | 9 ++-- nixos/fuchsia/services/default.nix | 2 +- 6 files changed, 55 insertions(+), 33 deletions(-) rename nixos/fuchsia/services/{pipewire => audio}/default.nix (54%) diff --git a/flake.lock b/flake.lock index 3857477..1613641 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -32,11 +32,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1759255832, - "narHash": "sha256-+8RmfVC7+9bYwUnodGSbRaSGyvkGB/lkFe03xvyvu38=", + "lastModified": 1759699908, + "narHash": "sha256-kYVGY8sAfqwpNch706Fy2+/b+xbtfidhXSnzvthAhIQ=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "cdf62e6ee25c0bba7bf391dace328346a7c27609", + "rev": "42362b12f59978aabf3ec3334834ce2f3662013d", "type": "github" }, "original": { @@ -51,11 +51,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1759622618, - "narHash": "sha256-Q46aXz+Vqb1rOUVA2MO46j+KWeR7AL9qPEMU5nnHX0g=", + "lastModified": 1762466517, + "narHash": "sha256-sFlWhpLBmORSIwdhIinu2nos0xhQkUzFkO3AOHRolps=", "owner": "sadjow", "repo": "claude-code-nix", - "rev": "730bcc4254f1c72fea59500ab8b25570de757090", + "rev": "c75a19ff3b5de3edc68512b31c406338c3c3ce65", "type": "github" }, "original": { @@ -552,11 +552,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1759560900, - "narHash": "sha256-wQiannciIXFWVzoVUpP7TOB3Ajo+EYbrWje2EBfFRhU=", + "lastModified": 1761996900, + "narHash": "sha256-1XURw0oFac/jDYP/TjxOOO5DWABOQ6HOuAnXS7GGP5k=", "owner": "theCapypara", "repo": "nix-jetbrains-plugins", - "rev": "58500142f3281d6dcfd503ad108705b54f1d0e3c", + "rev": "5a03f5a3d0ab9b465cdab58dc03da2a7b473bc8c", "type": "github" }, "original": { @@ -572,11 +572,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1758765258, - "narHash": "sha256-orU21BYUJn/7zMhIYbY7T5EDqZ8NtRMSH/f8Qtu047Q=", + "lastModified": 1762480864, + "narHash": "sha256-OD3/2nATIXFEyTq3cxGUjZyBf8YlCSpIX/iJzSJbWag=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "5a6c66b90ab4519b7578b54300abc308008c544e", + "rev": "4f3414fdfce0ddf85c35e95d07809aeb93d2f0ad", "type": "github" }, "original": { @@ -633,11 +633,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -681,11 +681,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759536663, - "narHash": "sha256-hhM8SUI6kQMei5TImFdNQy9EDT8g2hAD161DUtbfAy0=", + "lastModified": 1762361079, + "narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27ac93958969b5f3dccd654b402599cf3de633ac", + "rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5", "type": "github" }, "original": { @@ -744,11 +744,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1759580034, - "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=", + "lastModified": 1762233356, + "narHash": "sha256-cGS3lLTYusbEP/IJIWGgnkzIl+FA5xDvtiHyjalGr4k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318", + "rev": "ca534a76c4afb2bdc07b681dbc11b453bab21af8", "type": "github" }, "original": { @@ -923,11 +923,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1758470149, - "narHash": "sha256-rT1T1dp9mv0dXsEyeIZoR0ssSP99u7t9WuU/paT7tSM=", + "lastModified": 1760908465, + "narHash": "sha256-ZdyNTh/O7W7ZJJr8bAeG2kQBFREZGTQ2wXCyzr9z+RQ=", "owner": "Scrybbling-together", "repo": "remarks", - "rev": "88ae4ec51508e9111820ff2a06af30e24712f34e", + "rev": "b8bfd751cf82a47ce24763c5b220a1f4f5ab90a6", "type": "github" }, "original": { diff --git a/home-manager/sajenim/features/editors/claude-settings.json b/home-manager/sajenim/features/editors/claude-settings.json index 01851e2..bcf43f6 100644 --- a/home-manager/sajenim/features/editors/claude-settings.json +++ b/home-manager/sajenim/features/editors/claude-settings.json @@ -1,4 +1,3 @@ { - "outputStyle": "Explanatory", "includeCoAuthoredBy": false } diff --git a/nixos/common/global/default.nix b/nixos/common/global/default.nix index 4e72382..6dc6506 100644 --- a/nixos/common/global/default.nix +++ b/nixos/common/global/default.nix @@ -35,6 +35,12 @@ # Services "minecraft-server" ]; + + # Allow specific packages with known CVEs when required by dependencies. + # Only add packages here when no secure alternative exists. + permittedInsecurePackages = [ + "mbedtls-2.28.10" # required for orca-slicer + ]; }; }; diff --git a/nixos/fuchsia/hardware-configuration.nix b/nixos/fuchsia/hardware-configuration.nix index 1d11aae..328b04a 100644 --- a/nixos/fuchsia/hardware-configuration.nix +++ b/nixos/fuchsia/hardware-configuration.nix @@ -29,6 +29,14 @@ # The set of kernel modules to be loaded in the second stage of the boot process. kernelModules = ["i2c-dev" "i2c-piix4"]; + # Hardware-specific kernel module workarounds + extraModprobeConfig = '' + # Disable Bluetooth Enhanced Retransmission Mode to fix connectivity issues + options bluetooth disable_ertm=1 + # Disable WiFi power saving to prevent connection drops + options iwlwifi power_save=0 + ''; + # Our boot loader configuration loader = { efi = { @@ -47,6 +55,14 @@ bluetooth = { enable = true; powerOnBoot = true; + settings = { + General = { + ControllerMode = "dual"; + FastConnectable = true; + Experimental = true; + MultiProfile = "multiple"; + }; + }; }; graphics = { enable = true; diff --git a/nixos/fuchsia/services/pipewire/default.nix b/nixos/fuchsia/services/audio/default.nix similarity index 54% rename from nixos/fuchsia/services/pipewire/default.nix rename to nixos/fuchsia/services/audio/default.nix index f448b2f..0dfa987 100644 --- a/nixos/fuchsia/services/pipewire/default.nix +++ b/nixos/fuchsia/services/audio/default.nix @@ -1,18 +1,19 @@ { pkgs, ... }: { - # Realtime scheduler + # Realtime scheduler for low-latency audio security.rtkit.enable = true; - # Sound server + # PipeWire sound server services.pipewire = { enable = true; - # Enable components + # Enable ALSA, PulseAudio compatibility, and WirePlumber session manager alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + wireplumber.enable = true; }; - # Sound mixer + # Audio control utilities environment.systemPackages = with pkgs; [ pulsemixer ]; diff --git a/nixos/fuchsia/services/default.nix b/nixos/fuchsia/services/default.nix index 28685fc..148168c 100644 --- a/nixos/fuchsia/services/default.nix +++ b/nixos/fuchsia/services/default.nix @@ -1,11 +1,11 @@ {...}: { imports = [ ./amdgpu-clocks + ./audio ./borgbackup ./flatpak ./internet-sharing ./libinput - ./pipewire ./printing ./snapper ./ssh