1 files changed, 47 insertions, 2 deletions

diff --git a/configuration.nix b/configuration.nix
index 1b1637e..9cb9306 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -27,6 +27,7 @@
   hardware.bluetooth.powerOnBoot = true;
   services.blueman.enable = true;
 
+  virtualisation.docker.enable = true;
   services.xserver = {
     layout = "us";
     xkbVariant = "";
@@ -65,7 +66,6 @@
 
   programs.zsh.enable = true;
 
-
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSshvS1N/42pH9Unp3Zj4gjqs9BXoin99oaFWYHXZDJ preston@preston-arch"
   ];
@@ -73,7 +73,7 @@
   users.users.preston = {
     isNormalUser = true;
     description = "Preston Pan";
-    extraGroups = [ "networkmanager" "wheel" "video" ];
+    extraGroups = [ "networkmanager" "wheel" "video" "docker" ];
     shell = pkgs.zsh;
     packages = with pkgs; [
     ];
@@ -86,6 +86,7 @@
     rnix-lsp
     curl
     git
+    groff
   ];
 
   programs.light.enable = true;
@@ -96,8 +97,52 @@
     extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal-kde ];
     config.common.default = "*";
   };
+
   system.stateVersion = "23.11";
   nixpkgs.config.permittedInsecurePackages = [
     "nix-2.15.3"
   ];
+
+  services.udev.packages = [ 
+    pkgs.platformio-core
+    pkgs.platformio-core.udev
+    pkgs.openocd
+  ];
+
+  # security.apparmor.enable =  true;
+  # security.apparmor.policies = pkgs.apparmor-profiles;
+  # security.apparmor.killUnconfinedConfinables = true;
+#  boot.kernelParams = [
+    # Slab/slub sanity checks, redzoning, and poisoning
+#    "slub_debug=FZP"
+
+    # Overwrite free'd memory
+#    "page_poison=1"
+
+    # Enable page allocator randomization
+#    "page_alloc.shuffle=1"
+#  ];
+
+  # Disable bpf() JIT (to eliminate spray attacks)
+#  boot.kernel.sysctl."net.core.bpf_jit_enable" =  false;
+
+  # Disable ftrace debugging
+#  boot.kernel.sysctl."kernel.ftrace_enabled" =  false;
+
+  # boot.kernel.sysctl."net.ipv4.conf.all.log_martians" =  true;
+  # boot.kernel.sysctl."net.ipv4.conf.all.rp_filter" =  "1";
+  # boot.kernel.sysctl."net.ipv4.conf.default.log_martians" =  true;
+  # boot.kernel.sysctl."net.ipv4.conf.default.rp_filter" =  "1";
+
+  # boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" =  true;
+
+  # boot.kernel.sysctl."net.ipv4.conf.all.accept_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv4.conf.all.secure_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv4.conf.default.accept_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv4.conf.default.secure_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv6.conf.all.accept_redirects" =  false;
+  # boot.kernel.sysctl."net.ipv6.conf.default.accept_redirects" =  false;
+
+  # boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = false;
+  # boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = false;
 }