From b22a8f60d03e799fae9d6ec8c18e651cd9fd0f8c Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Tue, 7 Sep 2021 09:51:13 +0300 Subject: [PATCH] change tpm settings --- modules/services.nix | 12 +++++++----- modules/wireguard.nix | 45 ------------------------------------------- 2 files changed, 7 insertions(+), 50 deletions(-) diff --git a/modules/services.nix b/modules/services.nix index bd9e6b8..1d7d6d8 100644 --- a/modules/services.nix +++ b/modules/services.nix @@ -52,6 +52,8 @@ with config.deviceSpecific; { services.tlp = { enable = isLaptop; settings = { + TLP_DEFAULT_MODE = "BAT"; + TLP_PERSISTENT_DEFAULT = 1; CPU_SCALING_GOVERNOR_ON_AC = "powersave"; CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; CPU_HWP_ON_AC = "balance_performance"; @@ -70,11 +72,11 @@ with config.deviceSpecific; { }; }; - # services.undervolt = lib.mkIf (config.device == "Dell-Laptop") { - # enable = true; - # coreOffset = -110; # -120 - # gpuOffset = -46; # -54 - # }; + services.undervolt = lib.mkIf (config.device == "Dell-Laptop") { + enable = true; + coreOffset = -108; # -120 + gpuOffset = -48; # -54 + }; services.thermald.enable = isLaptop; } diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 811ba5f..b42ec90 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -4,51 +4,6 @@ let cfg = config.deviceSpecific.wireguard; kernel = config.boot.kernelPackages; in { - # config = mkIf cfg.enable { - # boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; - # environment.systemPackages = [ pkgs.wireguard-tools ]; - # networking.firewall.checkReversePath = false; - - # systemd.services."wg-quick-wg0" = { - # description = "wg-quick WireGuard Tunnel - wg0"; - # requires = [ "network-online.target" ]; - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # environment.DEVICE = "wg0"; - # path = [ pkgs.kmod pkgs.wireguard-tools pkgs.iptables pkgs.iproute ]; - - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # }; - - # unitConfig = { - # ConditionPathExists = "/root/wg0.conf"; - # }; - - # script = '' - # ${strings.optionalString (!config.boot.isContainer) "modprobe wireguard"} - # wg-quick up /root/wg0.conf - # ''; - - # postStart = mkIf cfg.killswitch '' - # iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT - # # Allow IPv4 private ip addresses - # iptables -I OUTPUT -s 192.168.0.0/16 -j ACCEPT && iptables -I OUTPUT -s 172.16.0.0/12 -j ACCEPT - # ''; - - # preStop = '' - # ${strings.optionalString (cfg.killswitch) "iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT"} - # # Delete rule thats allow IPv4 private ip addresses - # ${strings.optionalString (cfg.killswitch) "iptables -D OUTPUT -s 192.168.0.0/16 && iptables -D OUTPUT -s 172.16.0.0/12"} - # wg-quick down /root/wg0.conf - # ''; - - # postStop = '' - # ip link delete wg0 - # ''; - # }; - # }; config = mkIf cfg.enable { boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; networking.firewall.checkReversePath = "loose";