change tpm settings
This commit is contained in:
Dmitriy Kholkin
parent
7078610410
commit
b22a8f60d0
@ -52,6 +52,8 @@ with config.deviceSpecific; {
|
||||
services.tlp = {
|
||||
enable = isLaptop;
|
||||
settings = {
|
||||
TLP_DEFAULT_MODE = "BAT";
|
||||
TLP_PERSISTENT_DEFAULT = 1;
|
||||
CPU_SCALING_GOVERNOR_ON_AC = "powersave";
|
||||
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
|
||||
CPU_HWP_ON_AC = "balance_performance";
|
||||
@ -70,11 +72,11 @@ with config.deviceSpecific; {
|
||||
};
|
||||
};
|
||||
|
||||
# services.undervolt = lib.mkIf (config.device == "Dell-Laptop") {
|
||||
# enable = true;
|
||||
# coreOffset = -110; # -120
|
||||
# gpuOffset = -46; # -54
|
||||
# };
|
||||
services.undervolt = lib.mkIf (config.device == "Dell-Laptop") {
|
||||
enable = true;
|
||||
coreOffset = -108; # -120
|
||||
gpuOffset = -48; # -54
|
||||
};
|
||||
|
||||
services.thermald.enable = isLaptop;
|
||||
}
|
||||
|
||||
@ -4,51 +4,6 @@ let
|
||||
cfg = config.deviceSpecific.wireguard;
|
||||
kernel = config.boot.kernelPackages;
|
||||
in {
|
||||
# config = mkIf cfg.enable {
|
||||
# boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
|
||||
# environment.systemPackages = [ pkgs.wireguard-tools ];
|
||||
# networking.firewall.checkReversePath = false;
|
||||
|
||||
# systemd.services."wg-quick-wg0" = {
|
||||
# description = "wg-quick WireGuard Tunnel - wg0";
|
||||
# requires = [ "network-online.target" ];
|
||||
# after = [ "network.target" "network-online.target" ];
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# environment.DEVICE = "wg0";
|
||||
# path = [ pkgs.kmod pkgs.wireguard-tools pkgs.iptables pkgs.iproute ];
|
||||
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# RemainAfterExit = true;
|
||||
# };
|
||||
|
||||
# unitConfig = {
|
||||
# ConditionPathExists = "/root/wg0.conf";
|
||||
# };
|
||||
|
||||
# script = ''
|
||||
# ${strings.optionalString (!config.boot.isContainer) "modprobe wireguard"}
|
||||
# wg-quick up /root/wg0.conf
|
||||
# '';
|
||||
|
||||
# postStart = mkIf cfg.killswitch ''
|
||||
# iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
|
||||
# # Allow IPv4 private ip addresses
|
||||
# iptables -I OUTPUT -s 192.168.0.0/16 -j ACCEPT && iptables -I OUTPUT -s 172.16.0.0/12 -j ACCEPT
|
||||
# '';
|
||||
|
||||
# preStop = ''
|
||||
# ${strings.optionalString (cfg.killswitch) "iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT"}
|
||||
# # Delete rule thats allow IPv4 private ip addresses
|
||||
# ${strings.optionalString (cfg.killswitch) "iptables -D OUTPUT -s 192.168.0.0/16 && iptables -D OUTPUT -s 172.16.0.0/12"}
|
||||
# wg-quick down /root/wg0.conf
|
||||
# '';
|
||||
|
||||
# postStop = ''
|
||||
# ip link delete wg0
|
||||
# '';
|
||||
# };
|
||||
# };
|
||||
config = mkIf cfg.enable {
|
||||
boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
|
||||
networking.firewall.checkReversePath = "loose";
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user