os/hosts/dumpyourvms/dumpyourvms.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
  pub-solar = {
    terminal-life.full = true;
    core.hibernation = {
      enable = true;
      resumeDevice = "/dev/mapper/cryptroot";
      resumeOffset = 47366144;
    };
  };

  # Fix backlight for keyboard and brightness, adjust function key binding,
  # intel_pstate for cpu schedutil
  # For now, the radeon driver seems to work better than amdgpu with Radeon R9 M370X
  # Explicitly set amdgpu support in place of radeon
  # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix
  # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands
  boot.kernelParams = [
    "acpi_backlight=video"
    "hid_apple.fnmode=2"
    "intel_pstate=active"
    "radeon.si_support=0"
    "amdgpu.si_support=1"
  ];
  boot.loader.efi.canTouchEfiVariables = true;

  # Fix for Error switching console mode to 1: unsupported on startup
  boot.loader.systemd-boot.consoleMode = lib.mkForce "0";

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  systemd.sleep.extraConfig = ''
    HibernateMode=shutdown
  '';

  hardware = {
    cpu.intel.updateMicrocode = true;
    facetimehd.enable = true;
    graphics = {
      extraPackages = with pkgs; [ intel-vaapi-driver ]; # i7-4870HQ older hardware like haswell (crystall well)
      extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ];
    };
  };

  services.fstrim.enable = true;

  networking.hostName = "dumpyourvms";

  services.resolved = {
    enable = true;
    extraConfig = ''
      DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a04:b900:0:100::38#getdnsapi.net
      FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
      Domains=~.
      DNSOverTLS=yes
    '';
  };
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "client";
  };
  services.usbmuxd.enable = true;

  #programs.droidcam.enable = true;
  #services.mozillavpn.enable = true;

  security.pki.certificateFiles = [ ./consul-agent-ca.pem ];

  # Power off dedicated GPU, use only integrated Intel GPU to save battery
  # https://github.com/NixOS/nixpkgs/pull/33915
  # https://ubuntuforums.org/showthread.php?t=2409856
  systemd.services."amd-hybrid-graphics-power-save" = {
    path = [ pkgs.bash ];
    description = "Power Off dedicated AMD Card to reduce power usage";
    requires = [ "sys-kernel-debug.mount" ];
    enable = true;
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'";
      ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'";
    };
    wantedBy = [ "multi-user.target" ];
  };

  # Increase console font size for HiDPI display
  console = {
    earlySetup = true;
    font = lib.mkForce "ter-i32b";
    packages = [ pkgs.terminus_font ];
  };

  # Thunderbolt tools
  services.hardware.bolt.enable = true;

  # Enable udev rules for gnupg smart cards
  hardware.gpgSmartcards.enable = true;

  hardware.keyboard.uhk.enable = true;

  powerManagement = {
    # brcmfmac being loaded during hibernation would inhibit a successful resume
    # https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116.
    # Also brcmfmac could randomly crash on resume from sleep.
    # To hibernate successfully using the amdgpu driver, the dedicated GPU needs
    # to be powered on.
    powerUpCommands = lib.mkBefore (
      "${pkgs.kmod}/bin/modprobe brcmfmac"
      + lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc"
    );
    powerDownCommands = lib.mkBefore (
      lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n"
      + ''
        ${pkgs.kmod}/bin/rmmod brcmfmac
        ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service
      ''
    );
    resumeCommands =
      if config.systemd.services."amd-hybrid-graphics-power-save".enable == true then
        ''
          ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service
        ''
      else
        "";
  };

  # Change lid switch behaviour
  services.logind.lidSwitch = "hibernate";

  # Power management
  services.power-profiles-daemon.enable = true;

  services.udev.extraRules =
    # Disable XHC1 wakeup signal to avoid resume getting triggered some time
    # after suspend. Reboot required for this to take effect.
    lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
      ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';

  home-manager =
    pkgs.lib.setAttrByPath
      [
        "users"
        psCfg.user.name
      ]
      {
        # Custom device sway configs
        xdg.configFile = {
          "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
          "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
          "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
          "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
          "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
        };
      };

  # WLAN frequency compliance (e.g. check for radar with DFS)
  hardware.firmware = with pkgs; [ wireless-regdb ];
  boot.extraModprobeConfig = ''
    options cfg80211 ieee80211_regdom="DE"

    # Enable the integrated GPU (iGPU) Intel i915 by default if present
    options apple-gmux force_igd=y

    # Enable HD-Audio Codec-Specific Models
    # https://www.kernel.org/doc/html/latest/sound/hd-audio/models.html
    options snd-hda-intel model=mbp11

    # https://bbs.archlinux.org/viewtopic.php?pid=1445636#p1445636
    #
    options snd-hda-intel index=1
  '';

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.05"; # Did you read the comment?
}