2022-11-26 03:23:53 +00:00
|
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
self,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
with lib; let
|
2021-06-14 19:44:38 +00:00
|
|
|
|
psCfg = config.pub-solar;
|
|
|
|
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
2022-11-26 03:23:53 +00:00
|
|
|
|
in {
|
2021-06-14 19:44:38 +00:00
|
|
|
|
imports = [
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
config = {
|
2021-10-23 23:14:04 +00:00
|
|
|
|
age.secrets.environment-secrets = {
|
|
|
|
|
file = "${self}/secrets/environment-secrets.age";
|
|
|
|
|
mode = "700";
|
|
|
|
|
owner = "teutat3s";
|
|
|
|
|
};
|
|
|
|
|
|
2022-09-06 09:32:29 +00:00
|
|
|
|
pub-solar = {
|
|
|
|
|
audio.mopidy.enable = lib.mkForce false;
|
|
|
|
|
core.hibernation = {
|
|
|
|
|
enable = true;
|
|
|
|
|
resumeDevice = "/dev/mapper/cryptroot";
|
|
|
|
|
resumeOffset = 47366144;
|
|
|
|
|
};
|
|
|
|
|
virtualisation.enable = true;
|
|
|
|
|
};
|
2021-06-14 19:44:38 +00:00
|
|
|
|
|
2022-01-19 00:13:15 +00:00
|
|
|
|
# fix backlight for keyboard and brightness, adjust function key binding,
|
|
|
|
|
# intel_pstate for cpu schedutil, resume offset for swapfile, disable amdgpu driver
|
2022-11-26 03:23:53 +00:00
|
|
|
|
boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive"];
|
2021-06-14 19:44:38 +00:00
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
2022-09-06 09:32:29 +00:00
|
|
|
|
#boot.resumeDevice = "/dev/mapper/cryptroot";
|
2022-01-05 22:16:35 +00:00
|
|
|
|
|
2022-11-26 03:23:53 +00:00
|
|
|
|
# fix for Error switching console mode to 1: unsupported on startup
|
|
|
|
|
boot.loader.systemd-boot.consoleMode = mkForce "0";
|
|
|
|
|
|
|
|
|
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
2022-01-19 00:13:15 +00:00
|
|
|
|
|
2022-01-05 22:16:35 +00:00
|
|
|
|
systemd.sleep.extraConfig = ''
|
|
|
|
|
HibernateMode=shutdown
|
|
|
|
|
'';
|
2021-06-14 19:44:38 +00:00
|
|
|
|
|
|
|
|
|
hardware = {
|
|
|
|
|
cpu.intel.updateMicrocode = true;
|
|
|
|
|
facetimehd.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2022-06-02 08:51:32 +00:00
|
|
|
|
services.resolved = {
|
|
|
|
|
enable = true;
|
2022-08-02 13:30:22 +00:00
|
|
|
|
# DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
|
|
|
|
|
# when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
|
2023-02-02 16:23:50 +00:00
|
|
|
|
#extraConfig = ''
|
|
|
|
|
# DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net
|
|
|
|
|
# FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
|
|
|
|
# Domains=~.
|
|
|
|
|
# DNSOverTLS=yes
|
|
|
|
|
# DNSSEC=false
|
|
|
|
|
#'';
|
2022-06-02 08:51:32 +00:00
|
|
|
|
};
|
|
|
|
|
services.mozillavpn.enable = true;
|
2021-06-14 19:44:38 +00:00
|
|
|
|
networking = import ./networking.nix;
|
|
|
|
|
|
2022-11-26 03:23:53 +00:00
|
|
|
|
security.pki.certificateFiles = [./consul-agent-ca.pem];
|
2021-06-14 19:44:38 +00:00
|
|
|
|
|
|
|
|
|
services.unbound = import ./unbound.nix;
|
|
|
|
|
|
2022-01-05 22:16:35 +00:00
|
|
|
|
# Disable dedicated GPU, use integrated Intel GPU to save battery
|
|
|
|
|
# Set default brightness to 50%
|
|
|
|
|
# https://ubuntuforums.org/showthread.php?t=2409856
|
|
|
|
|
services.cron.systemCronJobs = [
|
|
|
|
|
"@reboot root ${pkgs.util-linux}/bin/rfkill block bluetooth"
|
2022-01-19 00:13:15 +00:00
|
|
|
|
"@reboot root ${pkgs.coreutils}/bin/sleep 10; ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch"
|
|
|
|
|
"@reboot root ${pkgs.coreutils}/bin/sleep 11; ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness"
|
2022-01-05 22:16:35 +00:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Increase console font size for HiDPI display
|
|
|
|
|
console = {
|
|
|
|
|
earlySetup = true;
|
|
|
|
|
font = lib.mkForce "ter-i32b";
|
2022-11-26 03:23:53 +00:00
|
|
|
|
packages = [pkgs.terminus_font];
|
2022-01-05 22:16:35 +00:00
|
|
|
|
};
|
2021-06-14 19:44:38 +00:00
|
|
|
|
|
|
|
|
|
# Thunderbolt tools
|
|
|
|
|
services.hardware.bolt.enable = true;
|
|
|
|
|
|
2022-01-05 22:16:35 +00:00
|
|
|
|
powerManagement = {
|
|
|
|
|
# Use new schedutil govenor
|
|
|
|
|
# https://github.com/NixOS/nixpkgs/pull/42330
|
|
|
|
|
# https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil
|
|
|
|
|
cpuFreqGovernor = lib.mkDefault "schedutil";
|
|
|
|
|
|
|
|
|
|
# brcmfmac being loaded during hibernation would inhibit a successful resume
|
|
|
|
|
# https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116.
|
|
|
|
|
# Also brcmfmac could randomly crash on resume from sleep.
|
|
|
|
|
powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac";
|
|
|
|
|
powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# change lid switch behaviour
|
|
|
|
|
#services.logind.lidSwitch = "hibernate";
|
|
|
|
|
|
2021-06-20 13:38:01 +00:00
|
|
|
|
# TLP for power management
|
|
|
|
|
services.tlp = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
2022-01-05 22:16:35 +00:00
|
|
|
|
CPU_SCALING_GOVERNOR_ON_BAT = "schedutil";
|
2021-06-20 13:38:01 +00:00
|
|
|
|
CPU_BOOST_ON_AC = 1;
|
|
|
|
|
CPU_BOOST_ON_BAT = 0;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2021-06-14 19:44:38 +00:00
|
|
|
|
services.udev.extraRules =
|
|
|
|
|
# Disable XHC1 wakeup signal to avoid resume getting triggered some time
|
|
|
|
|
# after suspend. Reboot required for this to take effect.
|
2022-01-05 22:16:35 +00:00
|
|
|
|
lib.optionalString
|
2022-11-26 03:23:53 +00:00
|
|
|
|
(lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
|
|
|
|
|
''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
|
2021-06-14 19:44:38 +00:00
|
|
|
|
|
|
|
|
|
services.printing.enable = true;
|
2022-11-26 03:23:53 +00:00
|
|
|
|
services.printing.drivers = [pkgs.brlaser];
|
2021-06-14 19:44:38 +00:00
|
|
|
|
|
2022-11-26 03:23:53 +00:00
|
|
|
|
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
2021-06-14 19:44:38 +00:00
|
|
|
|
# Custom device sway configs
|
|
|
|
|
xdg.configFile = mkIf psCfg.sway.enable {
|
|
|
|
|
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
|
|
|
|
|
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
|
|
|
|
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
|
|
|
|
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
|
|
|
|
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users.teutat3s = {
|
2022-11-26 03:23:53 +00:00
|
|
|
|
extraGroups = ["unbound"];
|
2021-06-14 19:44:38 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# WLAN frequency compliance (e.g. check for radar with DFS)
|
2022-01-05 22:16:35 +00:00
|
|
|
|
#
|
|
|
|
|
# Radeon driver seems to work better than amdgpu with Radeon R9 M370X
|
2022-11-26 03:23:53 +00:00
|
|
|
|
hardware.firmware = with pkgs; [wireless-regdb];
|
2021-06-14 19:44:38 +00:00
|
|
|
|
boot.extraModprobeConfig = ''
|
|
|
|
|
options cfg80211 ieee80211_regdom="DE"
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# This value determines the NixOS release from which the default
|
|
|
|
|
# settings for stateful data, like file locations and database versions
|
|
|
|
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
|
|
|
# this value at the release version of the first install of this system.
|
|
|
|
|
# Before changing this value read the documentation for this option
|
|
|
|
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
|
|
|
system.stateVersion = "21.05"; # Did you read the comment?
|
|
|
|
|
};
|
|
|
|
|
}
|