3 files changed, 74 insertions, 24 deletions

diff --git a/configuration.nix b/configuration.nix
index 1b1637e..9cb9306 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -27,6 +27,7 @@
   hardware.bluetooth.powerOnBoot = true;
   services.blueman.enable = true;
 
+  virtualisation.docker.enable = true;
   services.xserver = {
     layout = "us";
     xkbVariant = "";
@@ -65,7 +66,6 @@
 
   programs.zsh.enable = true;
 
-
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
   ];
@@ -73,7 +73,7 @@
   users.users.preston = {
     isNormalUser = true;
     description = "Preston Pan";
-    extraGroups = [ "networkmanager" "wheel" "video" ];
+    extraGroups = [ "networkmanager" "wheel" "video" "docker" ];
     shell = pkgs.zsh;
     packages = with pkgs; [
     ];
@@ -86,6 +86,7 @@
     rnix-lsp
     curl
     git
+    groff
   ];
 
   programs.light.enable = true;
@@ -96,8 +97,52 @@
     extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal-kde ];
     config.common.default = "*";
   };
+
   system.stateVersion = "23.11";
   nixpkgs.config.permittedInsecurePackages = [
     "nix-2.15.3"
   ];
+
+  services.udev.packages = [ 
+    pkgs.platformio-core
+    pkgs.platformio-core.udev
+    pkgs.openocd
+  ];
+
+  # security.apparmor.enable =  true;
+  # security.apparmor.policies = pkgs.apparmor-profiles;
+  # security.apparmor.killUnconfinedConfinables = true;
+#  boot.kernelParams = [
+    # Slab/slub sanity checks, redzoning, and poisoning
+#    "slub_debug=FZP"
+
+    # Overwrite free'd memory
+#    "page_poison=1"
+
+    # Enable page allocator randomization
+#    "page_alloc.shuffle=1"
+#  ];
+
+  # Disable bpf() JIT (to eliminate spray attacks)
+#  boot.kernel.sysctl."net.core.bpf_jit_enable" =  false;
+
+  # Disable ftrace debugging
+#  boot.kernel.sysctl."kernel.ftrace_enabled" =  false;
+
+  # boot.kernel.sysctl."net.ipv4.conf.all.log_martians" =  true;
+  # boot.kernel.sysctl."net.ipv4.conf.all.rp_filter" =  "1";
+  # boot.kernel.sysctl."net.ipv4.conf.default.log_martians" =  true;
+  # boot.kernel.sysctl."net.ipv4.conf.default.rp_filter" =  "1";
+
+  # boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" =  true;
+
+  # boot.kernel.sysctl."net.ipv4.conf.all.accept_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv4.conf.all.secure_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv4.conf.default.accept_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv4.conf.default.secure_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv6.conf.all.accept_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv6.conf.default.accept_redirects" =  false;
+
+  # boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = false;
+  # boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = false;
 }
diff --git a/flake.lock b/flake.lock
index b1b421b..ad9d6b9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710119954,
-        "narHash": "sha256-e7AMYtBQgRzeRtn//k1dXu22xeiav+G0cQjm3gEky7o=",
+        "lastModified": 1715563999,
+        "narHash": "sha256-DDXZOKK0C5YeZ/GTUj7HiT+oqYIt8+qTsldaDvhWHFc=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "d389901567d9ceda5a1a833fbf8e8e254e18eb0a",
+        "rev": "e972a78f4a49cd92075d64b6feeef64d26bf2996",
         "type": "github"
       },
       "original": {
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706981411,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "lastModified": 1715381426,
+        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1710021367,
-        "narHash": "sha256-FuMVdWqXMT38u1lcySYyv93A7B8wU0EGzUr4t4jQu8g=",
+        "lastModified": 1715542476,
+        "narHash": "sha256-FF593AtlzQqa8JpzrXyRws4CeKbc5W86o8tHt4nRfIg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d",
+        "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19",
         "type": "github"
       },
       "original": {
@@ -59,11 +59,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1710033658,
-        "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
+        "lastModified": 1715458492,
+        "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
+        "rev": "8e47858badee5594292921c2668c11004c3b0142",
         "type": "github"
       },
       "original": {
@@ -75,11 +75,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1709968316,
-        "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=",
+        "lastModified": 1715413075,
+        "narHash": "sha256-FCi3R1MeS5bVp0M0xTheveP6hhcCYfW/aghSTPebYL4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0e7f98a5f30166cbed344569426850b21e4091d4",
+        "rev": "e4e7a43a9db7e22613accfeb1005cca1b2b1ee0d",
         "type": "github"
       },
       "original": {
@@ -91,11 +91,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1710139026,
-        "narHash": "sha256-1dDwfcJ7JeLq1Q47ftS6aAKOhf1exXiph4Te4O2P5Lk=",
+        "lastModified": 1715640329,
+        "narHash": "sha256-63UqbFOGu3TuYs2cfFElcmAYIQXZG5mfUNwZ2mRK0xs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "4ee463208e545d6a1cba7b970c6da9fc08b4fa88",
+        "rev": "12c94e6547b7432466087c3698795dcea329dfdb",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1710039806,
-        "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=",
+        "lastModified": 1715482972,
+        "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4",
+        "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
         "type": "github"
       },
       "original": {
diff --git a/home.nix b/home.nix
index ecd1d30..96c0d46 100644
--- a/home.nix
+++ b/home.nix
@@ -56,12 +56,15 @@
     veracrypt
     imagemagick
     tor-browser
+    qsynth
+    poetry
     (nerdfonts.override { fonts = [ "Iosevka" ]; })
     (discord.override {
       withOpenASAR = true;
       withVencord = true;
     })
-    ungoogled-chromium
+    chromium
+    python311Packages.python-lsp-server
   ];
   fonts.fontconfig.enable = true;
   xsession.enable = true;
@@ -1023,6 +1026,7 @@
       windowrule = [
         "workspace 1, ^(.*emacs.*)$"
         "workspace 2, ^(.*firefox.*)$"
+        "workspace 2, ^(.*chromium-browser.*)$"
         "workspace 3, ^(.*discord.*)$"
         "workspace 3, ^(.*fluffychat.*)$"
         "workspace 3, ^(.*element-desktop.*)$"
@@ -1032,6 +1036,7 @@
       ];
       bind = [
         "$mod, F, exec, firefox"
+        "$mod, W, exec, chromium-browser"
         "$mod, Return, exec, kitty"
         "$mod, E, exec, emacs"
         "$mod, B, exec, electrum"