diff options
-rw-r--r-- | configurations/default.nix | 1 | ||||
-rw-r--r-- | configurations/ilmare/acpi.cpio | bin | 0 -> 326656 bytes | |||
-rw-r--r-- | configurations/ilmare/default.nix | 121 | ||||
-rw-r--r-- | configurations/melian/default.nix | 102 | ||||
-rw-r--r-- | flake.lock | 21 | ||||
-rw-r--r-- | flake.nix | 7 | ||||
-rw-r--r-- | modules/common/kernel.nix | 56 | ||||
-rw-r--r-- | modules/common/nix.nix | 3 | ||||
-rw-r--r-- | modules/common/users.nix | 5 | ||||
-rw-r--r-- | modules/emacs/default.nix | 2 | ||||
-rw-r--r-- | modules/emacs/doom/init.el | 2 | ||||
-rw-r--r-- | modules/games/steam-run.nix | 13 | ||||
-rw-r--r-- | modules/games/steam.nix | 1 | ||||
-rw-r--r-- | modules/profiles/default.nix | 1 | ||||
-rw-r--r-- | modules/profiles/headful.nix | 3 |
15 files changed, 184 insertions, 154 deletions
diff --git a/configurations/default.nix b/configurations/default.nix index 7e2f6d7..1f43cb7 100644 --- a/configurations/default.nix +++ b/configurations/default.nix @@ -67,6 +67,7 @@ mapAttrs' mkConfiguration ( ]; ilmare.modules = with inputs; [ + disko.nixosModules.disko nixos-hardware.nixosModules.lenovo-thinkpad-x1-nano nixpkgs.nixosModules.notDetected srvos.nixosModules.common diff --git a/configurations/ilmare/acpi.cpio b/configurations/ilmare/acpi.cpio new file mode 100644 index 0000000..c4327e5 --- /dev/null +++ b/configurations/ilmare/acpi.cpio Binary files differdiff --git a/configurations/ilmare/default.nix b/configurations/ilmare/default.nix new file mode 100644 index 0000000..8daa584 --- /dev/null +++ b/configurations/ilmare/default.nix @@ -0,0 +1,121 @@ +_: { + nixfiles.modules = { + wireguard.client.enable = true; + + syncthing.enable = true; + + android.enable = true; + bluetooth.enable = true; + }; + + hardware.trackpoint = { + enable = true; + speed = 500; + sensitivity = 250; + }; + + services = { + thinkfan = { + enable = true; + settings = { + sensors = [ + { + hwmon = "/sys/class/hwmon"; + name = "coretemp"; + indices = [ 1 ]; + } + ]; + fans = [ { tpacpi = "/proc/acpi/ibm/fan"; } ]; + levels = [ + [ + "level auto" + 0 + 50 + ] + [ + "level disengaged" + 50 + 32767 + ] + ]; + }; + }; + + fprintd.enable = true; + + fwupd.enable = true; + }; + + boot = { + kernelParams = [ "mem_sleep_default=deep" ]; + initrd.prepend = [ "${./acpi.cpio}" ]; + }; + + disko.devices.disk.one = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + LUKS = { + size = "100%"; + content = { + type = "luks"; + name = "cryptos"; + settings = { + allowDiscards = true; + bypassWorkqueues = true; + }; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "16G"; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/home".neededForBoot = true; + + zramSwap = { + enable = true; + memoryPercent = 100; + }; +} diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix deleted file mode 100644 index 0d50f9f..0000000 --- a/configurations/melian/default.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ lib, pkgs, ... }: -with lib; -{ - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - android.enable = true; - bluetooth.enable = true; - throttled.enable = true; - }; - - hardware.trackpoint = { - enable = true; - speed = 500; - sensitivity = 250; - }; - - powerManagement = - let - modprobe = getExe' pkgs.kmod "modprobe"; - in - { - enable = true; - - # This fixes an issue with not being able to suspend or wake up from - # suspend due to a kernel bug[1] which is still not fixed. - # - # I guess this can also be fixed differently[2], which does look a lot nicer - # but I'm just too lazy. - # - # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 - # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 - # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 - # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 - # [2]: https://linrunner.de/tlp/settings/runtimepm.html - powerDownCommands = "${modprobe} -r xhci_pci"; - powerUpCommands = "${modprobe} xhci_pci"; - }; - - services = { - thinkfan = { - enable = true; - settings = { - sensors = [ - { - hwmon = "/sys/class/hwmon"; - name = "coretemp"; - indices = [ 1 ]; - } - ]; - fans = [ { tpacpi = "/proc/acpi/ibm/fan"; } ]; - levels = [ - [ - "level auto" - 0 - 50 - ] - [ - "level disengaged" - 50 - 32767 - ] - ]; - }; - }; - - fwupd.enable = true; - }; - - boot.initrd.luks.devices."root" = { - device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; - allowDiscards = true; - bypassWorkqueues = true; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/1083-C8A0"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 8 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; -} diff --git a/flake.lock b/flake.lock index 67beb64..802fa85 100644 --- a/flake.lock +++ b/flake.lock @@ -271,6 +271,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719236180, + "narHash": "sha256-VZAfBk2Lo8hQy/NQ4XVSpTICT0ownXBUi1QvGfdlxaM=", + "owner": "nix-community", + "repo": "disko", + "rev": "dd4d1663ccf7fbdb32361b9afe9e71206584cd4c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "dns": { "inputs": { "flake-utils": [ @@ -691,6 +711,7 @@ "alertmanager-ntfy": "alertmanager-ntfy", "arkenfox": "arkenfox", "azahi-cc": "azahi-cc", + "disko": "disko", "dns": "dns", "flake-compat": "flake-compat", "flake-utils": "flake-utils", diff --git a/flake.nix b/flake.nix index 727ba2f..652f0f2 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + srvos = { url = "github:nix-community/srvos"; inputs.nixpkgs.follows = "nixpkgs"; @@ -196,7 +201,7 @@ checks.${system} = import ./checks.nix { inherit inputs pkgs system; }; - nixosModules.nixfiles = + nixosModules.default = _: with lib; { imports = attrValues (modulesIn ./modules); }; diff --git a/modules/common/kernel.nix b/modules/common/kernel.nix index 5c45b5d..ddc4f62 100644 --- a/modules/common/kernel.nix +++ b/modules/common/kernel.nix @@ -1,38 +1,30 @@ { lib, ... }: with lib; { - boot = { - # I don't use it even on laptops. It's also /required/ to disable it for - # ZFS[1]. - # [1]: https://github.com/openzfs/zfs/issues/260 - # [1]: https://github.com/openzfs/zfs/issues/12842 - kernelParams = [ "hibernate=no" ]; - - kernel.sysctl = { - "fs.file-max" = pow 2 17; - "fs.inotify.max_user_watches" = pow 2 19; - "fs.suid_dumpable" = 0; - "kernel.core_uses_pid" = 1; - "kernel.exec-shield" = 1; - "kernel.kptr_restrict" = 1; - "kernel.maps_protect" = 1; - "kernel.msgmax" = pow 2 16; - "kernel.msgmnb" = pow 2 16; - "kernel.pid_max" = pow 2 16; - "kernel.randomize_va_space" = 2; - "kernel.shmall" = pow 2 28; - "kernel.shmmax" = pow 2 28; - "kernel.sysrq" = 0; - "vm.dirty_background_bytes" = pow 2 22; - "vm.dirty_background_ratio" = 5; - "vm.dirty_bytes" = pow 2 22; - "vm.dirty_ratio" = 30; - "vm.min_free_kbytes" = pow 2 16; - "vm.mmap_min_addr" = pow 2 12; - "vm.overcommit_memory" = mkDefault 0; - "vm.overcommit_ratio" = mkDefault 50; - "vm.vfs_cache_pressure" = 50; - }; + boot.kernel.sysctl = { + "fs.file-max" = pow 2 17; + "fs.inotify.max_user_watches" = pow 2 19; + "fs.suid_dumpable" = 0; + "kernel.core_uses_pid" = 1; + "kernel.exec-shield" = 1; + "kernel.kptr_restrict" = 1; + "kernel.maps_protect" = 1; + "kernel.msgmax" = pow 2 16; + "kernel.msgmnb" = pow 2 16; + "kernel.pid_max" = pow 2 16; + "kernel.randomize_va_space" = 2; + "kernel.shmall" = pow 2 28; + "kernel.shmmax" = pow 2 28; + "kernel.sysrq" = 0; + "vm.dirty_background_bytes" = pow 2 22; + "vm.dirty_background_ratio" = 5; + "vm.dirty_bytes" = pow 2 22; + "vm.dirty_ratio" = 30; + "vm.min_free_kbytes" = pow 2 16; + "vm.mmap_min_addr" = pow 2 12; + "vm.overcommit_memory" = mkDefault 0; + "vm.overcommit_ratio" = mkDefault 50; + "vm.vfs_cache_pressure" = 50; }; # https://docs.kernel.org/admin-guide/mm/ksm.html diff --git a/modules/common/nix.nix b/modules/common/nix.nix index 3342113..aad7106 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -141,7 +141,6 @@ in }; environment = { - localBinInPath = true; defaultPackages = [ ]; systemPackages = with pkgs; @@ -150,7 +149,7 @@ in nixfiles ]; variables = { - NIXFILES = "${config.my.home}/src/nixfiles"; + NIXFILES = optionalString this.isHeadful "${config.my.home}/src/nixfiles"; NIX_SHELL_PRESERVE_PROMPT = "1"; }; }; diff --git a/modules/common/users.nix b/modules/common/users.nix index ba1a89b..b8aca28 100644 --- a/modules/common/users.nix +++ b/modules/common/users.nix @@ -18,7 +18,10 @@ in mutableUsers = false; users = { - root.hashedPassword = "@HASHED_PASSWORD@"; + root = { + hashedPassword = null; + password = null; + }; ${my.username} = { isNormalUser = true; diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index 8a6707c..b466b64 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -249,7 +249,7 @@ in programs = { emacs = { enable = true; - package = pkgs.emacs29; + package = pkgs.emacs29-pgtk; }; bash.initExtra = mkAfter '' diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index ac4a687..ed0e048 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -45,7 +45,7 @@ grammar :tools - ansible + ;; ansible (debugger +lsp) direnv (docker +lsp) diff --git a/modules/games/steam-run.nix b/modules/games/steam-run.nix index cfee8ae..f6902c0 100644 --- a/modules/games/steam-run.nix +++ b/modules/games/steam-run.nix @@ -20,18 +20,7 @@ in }; config = mkIf cfg.enable { - nixfiles.modules = { - common.nix.allowedUnfreePackages = [ - "steam" - "steam-run" - ]; - - games = { - enable32BitSupport = true; - gamemode.enable = true; - mangohud.enable = true; - }; - }; + nixfiles.modules.games.steam.enable = true; hm.home.packages = with pkgs; [ (steam.override { diff --git a/modules/games/steam.nix b/modules/games/steam.nix index 5883b0e..23b4f14 100644 --- a/modules/games/steam.nix +++ b/modules/games/steam.nix @@ -16,6 +16,7 @@ in common.nix.allowedUnfreePackages = [ "steam" "steam-original" + "steam-run" ]; games = { diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index 61f93b9..5265fda 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -55,6 +55,7 @@ in lsof pciutils psmisc + rsync smartmontools sysstat tree diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index 8951d83..d58eed0 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -89,11 +89,10 @@ in systemd-boot = { enable = true; + editor = false; configurationLimit = 10; }; }; - - consoleLogLevel = 3; }; hardware.graphics.enable = true; |