From 416fa45a8c3a3a873f8104b119fdf88905e31922 Mon Sep 17 00:00:00 2001
From: Stu Small <stuart.alan.small@gmail.com>
Date: Fri, 2 Aug 2024 15:32:03 -0600
Subject: [PATCH] Remove pinning of DoH, remove packages/unstable, use zram

---
 base.nix                  |  6 +++---
 home.nix                  |  1 -
 modules/encrypted-dns.nix | 13 -------------
 modules/jetbrains.nix     |  7 ++-----
 4 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/base.nix b/base.nix
index 4894728..93fc14f 100644
--- a/base.nix
+++ b/base.nix
@@ -46,9 +46,6 @@
   # Enable the X11 windowing system.
   services.xserver.enable = true;
 
-  # Needed for smartcard management and the yubikey rust crate
-  services.pcscd.enable = true;
-
   # Configure keymap in X11
   services.xserver.xkb = {
     layout = "us";
@@ -120,6 +117,9 @@
   # This is the service that lets you pick power profiles in the gnome UI.  It conflicts with auto-cpufreq
   services.power-profiles-daemon.enable = false;
 
+  # Enable zram
+  zramSwap.enable = true;
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/home.nix b/home.nix
index 3bdcf7b..ad0eb91 100644
--- a/home.nix
+++ b/home.nix
@@ -138,7 +138,6 @@
         "Alacritty.desktop"
         "firefox.desktop"
         "rust-rover.desktop"
-        "pycharm-professional.desktop"
         "signal-desktop.desktop"
       ];
     };
diff --git a/modules/encrypted-dns.nix b/modules/encrypted-dns.nix
index 82e7b52..3d90ea5 100644
--- a/modules/encrypted-dns.nix
+++ b/modules/encrypted-dns.nix
@@ -8,29 +8,16 @@
 
   # Enabled DoH
   # pkgs.stubby.passthru.settingsExample is the example toml from the root of the github repo.  It has a series of opinionated, safe defaults
-  # If the TLS keys change at some point we can get the new sha256 hashes with the following command:
-  #
-  # nix-shell -p knot-dns --command "kdig -d @1.0.0.2 +tls-ca +tls-host=cloudflare-dns.com example.com"
-  #
-  # TODO: Eventually it would be nice to replace this with trust-dns
   services.stubby = {
     enable = true;
     settings = pkgs.stubby.passthru.settingsExample // {
       upstream_recursive_servers = [{
         address_data = "1.0.0.2";
         tls_auth_name = "security.cloudflare-dns.com";
-        tls_pubkey_pinset = [{
-          digest = "sha256";
-          value = "HdDBgtnj07/NrKNmLCbg5rxK78ZehdHZ/Uoutx4iHzY=";
-        }];
       }
         {
           address_data = "1.1.1.2";
           tls_auth_name = "security.cloudflare-dns.com";
-          tls_pubkey_pinset = [{
-            digest = "sha256";
-            value = "HdDBgtnj07/NrKNmLCbg5rxK78ZehdHZ/Uoutx4iHzY=";
-          }];
         }];
     };
   };
diff --git a/modules/jetbrains.nix b/modules/jetbrains.nix
index 62782e7..3a21377 100644
--- a/modules/jetbrains.nix
+++ b/modules/jetbrains.nix
@@ -1,11 +1,8 @@
 { pkgs, lib, ... }:
-let
-  unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
-in
 {
   environment.systemPackages = with pkgs.jetbrains; [
     pycharm-professional
-    unstable.jetbrains.rust-rover
+    rust-rover
   ];
 
   services.opensnitch.rules = {
@@ -22,7 +19,7 @@ in
             type = "regexp";
             sensitive = false;
             operand = "process.path";
-            data = "^((${lib.getBin pkgs.jetbrains.jdk})|(${lib.getBin unstable.jetbrains.jdk}))/lib/openjdk/bin/java$";
+            data = "^(${lib.getBin pkgs.jetbrains.jdk})/lib/openjdk/bin/java$";
           }
           {
             type = "regexp";