Address PR review feedback: security, documentation, and configuration improvements

Co-authored-by: ragusa-it <196988693+ragusa-it@users.noreply.github.com>
2026-02-01 19:50:18 +00:00
parent 41de438583
commit df02e01ce8
6 changed files with 84 additions and 42 deletions
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -21,8 +21,8 @@
  # AMD GPU - RDNA 4 (RX 9060 XT) + Zen 3 CPU (5700G)
  # --------------------------------------------------------------------------
  
-  # CRITICAL: RDNA 4 requires navi44 firmware blobs
-  hardware.enableAllFirmware = true;
+  # RDNA 4 requires navi44 firmware blobs (included in redistributable firmware)
+  hardware.enableRedistributableFirmware = true;
  
  # Use the modern amdgpu NixOS module (cleaner than manual initrd config)
  hardware.amdgpu.initrd.enable = true;
@@ -69,6 +69,16 @@
  # Enable seatd for session management
  services.seatd.enable = true;

+  # Use greetd to automatically start a MangoWC session on login
+  services.greetd = {
+    enable = true;
+    settings.default_session = {
+      command = "mango";
+      # IMPORTANT: Replace <username> with actual username
+      user = "<username>";
+    };
+  };
+
  # --------------------------------------------------------------------------
  # USER ACCOUNT
  # --------------------------------------------------------------------------
@@ -76,8 +86,9 @@
  users.users.<username> = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "video" "seat" ];
-    # Set initial password or use hashedPassword
-    initialPassword = "changeme";
+    # IMPORTANT: Generate a password hash with: mkpasswd -m sha-512
+    # Then replace the placeholder below with the generated hash
+    hashedPassword = "<replace-with-password-hash>";
    packages = with pkgs; [
      # -- Noctalia Shell --
      inputs.quickshell.packages.${system}.default
@@ -121,9 +132,9 @@
  # FONTS
  # --------------------------------------------------------------------------
  fonts.packages = with pkgs; [
-    # Nerd fonts - syntax changed in nixpkgs after 24.05
-    # If using older nixpkgs: (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
-    # Current nixpkgs-unstable uses individual packages:
+    # Nerd fonts: current syntax for nixos-unstable and NixOS >= 24.05
+    # For older nixpkgs (before this change), use:
+    #   (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
    nerd-fonts.jetbrains-mono
    
    # Other fonts
@@ -166,5 +177,5 @@
  # IMPORTANT: Set to the NixOS version of your install media
  # Check with: nixos-version
  # Do NOT change this after initial install
-  system.stateVersion = "25.05";
+  system.stateVersion = "24.11";
 }
--- a/modules/dev.nix
+++ b/modules/dev.nix
@@ -23,6 +23,8 @@
  };

  # IMPORTANT: Replace <username> with actual username
+  # NOTE: After first enabling/applying this dev profile, you must log out and
+  # log back in (or reboot) for the docker group membership to take effect.
  users.users.<username>.extraGroups = [ "docker" ];

  # --------------------------------------------------------------------------
--- a/modules/gaming.nix
+++ b/modules/gaming.nix
@@ -27,7 +27,7 @@
    enableRenice = true;
    settings = {
      general = {
-        renice = 10;
+        renice = -10;  # Negative value = higher priority for games
      };
      gpu = {
        apply_gpu_optimisations = "accept-responsibility";
@@ -48,6 +48,11 @@
    };
  };

+  # NOTE: Profile-specific group membership
+  # The user must be in the "corectrl" and "gamemode" groups for these
+  # programs to function correctly. These groups are only added when using
+  # the gaming profile. If you need consistent group membership across
+  # both profiles, add these groups to common.nix instead.
  # IMPORTANT: Replace <username> with actual username
  users.users.<username>.extraGroups = [ "corectrl" "gamemode" ];

@@ -91,11 +96,4 @@
    # may crash without this setting due to high mmap requirements.
    "vm.max_map_count" = 2147483642;
  };
-
-  # Additional kernel params for gaming (appends to common.nix params)
-  boot.kernelParams = [
-    "amd_pstate=active"       # Inherited from common, but explicit for clarity
-    "mitigations=off"         # Optional: Disable CPU mitigations for ~5% perf gain
-                              # Remove this line if security is a concern
-  ];
 }