forked from pub-solar/os
134 lines
4.8 KiB
Nix
134 lines
4.8 KiB
Nix
{ config, pkgs, lib, self, ... }:
|
||
with lib;
|
||
let
|
||
psCfg = config.pub-solar;
|
||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||
in
|
||
{
|
||
imports = [
|
||
./hardware-configuration.nix
|
||
];
|
||
|
||
config = {
|
||
age.secrets.environment-secrets = {
|
||
file = "${self}/secrets/environment-secrets.age";
|
||
mode = "700";
|
||
owner = "teutat3s";
|
||
};
|
||
|
||
pub-solar.virtualisation.enable = true;
|
||
|
||
# fix backlight for keyboard and brightness, adjust function key binding,
|
||
# intel_pstate for cpu schedutil, resume offset for swapfile, disable amdgpu driver
|
||
boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "resume_offset=47366144" ];
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
boot.resumeDevice = "/dev/mapper/cryptroot";
|
||
|
||
boot.kernelPackages = pkgs.linuxPackages_5_15;
|
||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||
|
||
systemd.sleep.extraConfig = ''
|
||
HibernateMode=shutdown
|
||
'';
|
||
|
||
hardware = {
|
||
cpu.intel.updateMicrocode = true;
|
||
facetimehd.enable = true;
|
||
};
|
||
|
||
networking = import ./networking.nix;
|
||
|
||
security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
|
||
|
||
services.unbound = import ./unbound.nix;
|
||
|
||
# Disable dedicated GPU, use integrated Intel GPU to save battery
|
||
# Set default brightness to 50%
|
||
# https://ubuntuforums.org/showthread.php?t=2409856
|
||
services.cron.systemCronJobs = [
|
||
"@reboot root ${pkgs.util-linux}/bin/rfkill block bluetooth"
|
||
"@reboot root ${pkgs.coreutils}/bin/sleep 10; ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch"
|
||
"@reboot root ${pkgs.coreutils}/bin/sleep 11; ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness"
|
||
];
|
||
|
||
# Increase console font size for HiDPI display
|
||
console = {
|
||
earlySetup = true;
|
||
font = lib.mkForce "ter-i32b";
|
||
packages = [ pkgs.terminus_font ];
|
||
};
|
||
|
||
# Thunderbolt tools
|
||
services.hardware.bolt.enable = true;
|
||
|
||
powerManagement = {
|
||
# Use new schedutil govenor
|
||
# https://github.com/NixOS/nixpkgs/pull/42330
|
||
# https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil
|
||
cpuFreqGovernor = lib.mkDefault "schedutil";
|
||
|
||
# brcmfmac being loaded during hibernation would inhibit a successful resume
|
||
# https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116.
|
||
# Also brcmfmac could randomly crash on resume from sleep.
|
||
powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac";
|
||
powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac";
|
||
};
|
||
|
||
# change lid switch behaviour
|
||
#services.logind.lidSwitch = "hibernate";
|
||
|
||
# TLP for power management
|
||
services.tlp = {
|
||
enable = true;
|
||
settings = {
|
||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||
CPU_SCALING_GOVERNOR_ON_BAT = "schedutil";
|
||
CPU_BOOST_ON_AC = 1;
|
||
CPU_BOOST_ON_BAT = 0;
|
||
};
|
||
};
|
||
|
||
services.udev.extraRules =
|
||
# Disable XHC1 wakeup signal to avoid resume getting triggered some time
|
||
# after suspend. Reboot required for this to take effect.
|
||
lib.optionalString
|
||
(lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13")
|
||
''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
|
||
|
||
services.printing.enable = true;
|
||
services.printing.drivers = [ pkgs.brlaser ];
|
||
|
||
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||
# Custom device sway configs
|
||
xdg.configFile = mkIf psCfg.sway.enable {
|
||
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
|
||
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
||
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||
};
|
||
};
|
||
|
||
users.users.teutat3s = {
|
||
extraGroups = [ "unbound" ];
|
||
};
|
||
|
||
|
||
# WLAN frequency compliance (e.g. check for radar with DFS)
|
||
#
|
||
# Radeon driver seems to work better than amdgpu with Radeon R9 M370X
|
||
hardware.firmware = with pkgs; [ wireless-regdb ];
|
||
boot.extraModprobeConfig = ''
|
||
options cfg80211 ieee80211_regdom="DE"
|
||
'';
|
||
|
||
# This value determines the NixOS release from which the default
|
||
# settings for stateful data, like file locations and database versions
|
||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||
# this value at the release version of the first install of this system.
|
||
# Before changing this value read the documentation for this option
|
||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||
system.stateVersion = "21.05"; # Did you read the comment?
|
||
};
|
||
}
|