updated - clamav, tpm2, mesa, flake.lock

README.md

@@ -6,14 +6,15 @@
 
 - NixOS 23.05 (Stoat - Unstable)
 - Home Manager
-- Linux Kernel 6.1.6-zen1
+- Linux Kernel 6.2.9-zen1
+- Mesa 23.0.1
 - LightDM (Display Manager)
 - Pantheon Deskop Environment
 - Nushell
 - Starship Prompt
 - Nano CLI Editor
 - Visual Studio Code
-- Netbird
+- Adguard Home
 - Opensnitch
 - Firejail
 - Steam
@@ -28,14 +29,15 @@ System applications and their platform support comparison table:
 |-----------------------|---------------------------|---------------------------|
 | Beekeeper Studio      | ✅ Working                | ❓ Unknown Status         |
 | Bitwarden             | ✅ Working                | ❓ Unknown Status         |
+| Brave                 | ✅ Working                | ❓ Unknown Status         |
 | DBeaver CE            | ✅ Working                | ✅ Working                |
 | Discord               | ✅ Working                | ❓ Unknown Status         |
 | Docker                | ✅ Working                | ⚡ WIP                    |
-| Firefox               | ✅ Working                | ⚡ WIP                    |
 | Google Chrome (Stable)| ✅ Working                | ❓ Unknown Status         |
 | GIMP                  | ✅ Working                | ✅ Working                |
 | GIT                   | ✅ Working                | ✅ Working                |
 | Libre Office          | ✅ Working                | ✅ Working                |
+| LibreWolf             | ✅ Working                | ❓ Unknown Status         |
 | Mailspring            | ✅ Working                | ❓ Unknown Status         |
 | Nano                  | ✅ Working                | ✅ Working                |
 | Netbird               | ✅ Working                | ✅ Working                |

hosts/desktop/default.nix

@@ -134,6 +134,7 @@
       # Applications - GUI
       beekeeper-studio
       bitwarden
+      brave
       dbeaver
       dconf
       discord

hosts/desktop/hardware.nix

@@ -207,11 +207,15 @@
       driSupport = true;
       driSupport32Bit = true;
 
+      # Hardware - OpenGL - Mesa Package
+      # https://search.nixos.org/options?channel=unstable&show=hardware.opengl.mesaPackage
+      mesaPackage = pkgs.mesa_23;
+      mesaPackage32 = pkgs.pkgsi686Linux.mesa_23;
+
       # Hardware - OpenGL - Additional packages to add to OpenGL drivers.
       # https://search.nixos.org/options?channel=unstable&show=hardware.opengl.extraPackages
       extraPackages = with pkgs; [
         glxinfo
-        mesa
         rocm-opencl-icd
         rocm-opencl-runtime
         libva
@@ -223,7 +227,6 @@
       # https://search.nixos.org/packages?channel=unstable&show=driversi686Linux
       extraPackages32 = with pkgs.driversi686Linux; [
         glxinfo
-        mesa
       ];
     };
 

modules/networking.nix

@@ -92,6 +92,10 @@
       # DNS options: [ "default", "dnsmasq", "unbound", "systemd-resolved", "none" ]
       # https://search.nixos.org/options?channel=unstable&show=networking.networkmanager.dns
       # dns = "default";
+
+      # Networking - Network Manager - Firewall Backend
+      # https://search.nixos.org/options?channel=unstable&show=networking.networkmanager.firewallBackend
+      firewallBackend = "nftables";
     };
 
     # Networking - Resolvconf
@@ -108,7 +112,7 @@
 
       # Networking - Resolvconf - DNS Single Request
       # https://search.nixos.org/options?channel=unstable&show=networking.resolvconf.dnsExtensionMechanism
-      dnsExtensionMechanism = false;
+      dnsExtensionMechanism = true;
     };
   };
 }

modules/pantheon.nix

@@ -140,8 +140,12 @@
     flatpak.enable = true;
 
     # Touchegg
-    # https://search.nixos.org/options?channel=unstable&show=services.touchegg
-    touchegg.enable = false;
+    # https://search.nixos.org/options?channel=unstable&show=services.touchegg.enable
+    touchegg.enable = true;
+
+    # UPower
+    # https://search.nixos.org/options?channel=unstable&show=services.upower.enable
+    upower.enable = true;
   };
 
   # Programs

modules/security.nix

@@ -53,6 +53,10 @@
     # Security - Rootkit
     # https://search.nixos.org/options?channel=unstable&show=security.rtkit
     rtkit.enable = true;
+
+    # Security - TPM2
+    # https://search.nixos.org/options?channel=unstable&show=security.tpm2
+    tpm2.enable = true;
   };
 
   # Networking
@@ -101,6 +105,24 @@
   # https://search.nixos.org/options?channel=unstable&show=services
   services = {
 
+    # Services - ClamAV
+    # https://search.nixos.org/options?channel=unstable&show=services.clamav
+    clamav = {
+      # Note: Download / Update ClamAV database if service fails to start
+      # https://discourse.nixos.org/t/how-to-use-clamav-in-nixos/19782/
+
+      # Services - ClamAV - Deamon
+      # https://search.nixos.org/options?channel=unstable&show=services.clamav.daemon
+      daemon.enable = true;
+
+      # Services - ClamAV - Updater
+      # https://search.nixos.org/options?channel=unstable&show=services.clamav.updater
+      updater = {
+        enable = true;
+        interval = "daily";
+      };
+    };
+
     # Services - Opensnitch
     # https://search.nixos.org/options?channel=unstable&show=services.opensnitch
     opensnitch = {
@@ -114,6 +136,7 @@
       settings = {
         DefaultAction     = "deny";
         DefaultDuration   = "until restart";
+        Firewall          = "nftables";
         LogLevel          = 2;
         ProcMonitorMethod = "ebpf";
         Stats = {