From 8f137c28230623259a964484adcf31fe00756594 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Sat, 17 Dec 2022 16:39:09 +0300
Subject: 2022-12-17

---
 modules/nixos/profiles/headful.nix | 88 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 modules/nixos/profiles/headful.nix

(limited to 'modules/nixos/profiles/headful.nix')

diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
new file mode 100644
index 0000000..01c442e
--- /dev/null
+++ b/modules/nixos/profiles/headful.nix
@@ -0,0 +1,88 @@
+{
+  config,
+  lib,
+  pkgs,
+  this,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.profiles.headful;
+in {
+  config = mkIf cfg.enable {
+    nixfiles.modules = {
+      chromium.enable = true;
+      firefox.enable = true;
+      sound.enable = true;
+      x11.enable = true;
+
+      dwm.enable = mkDefault false;
+      kde.enable = mkDefault true;
+      xmonad.enable = mkDefault false;
+    };
+
+    hm = {
+      home.packages = with pkgs; [
+        calibre
+        imv
+        neochat
+        tdesktop
+        tor-browser
+      ];
+
+      programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open";
+    };
+
+    boot = {
+      # Pretty much placebo but has some nice patches for `-march=native`
+      # optimisations, P-State Zen4 support and Fsync for Wine.
+      kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest;
+
+      # There are (arguably) not a lot of reasons to keep mitigations enabled
+      # for on machine that is not web-facing. First of all, to completely
+      # mitigate any possible Spectre holes one would need to disable
+      # Hyperthreading altogether which will essentially put one's computer into
+      # the stone age by not being able to to effectively utilise multi-core its
+      # multicore capabilities. Secondly, by enabling mitigations, we introduce
+      # a plethora of performace overheads[1], which, albeit small, but still
+      # contribute to the overall speed of things. This is however still poses a
+      # security risk, which I am willing to take.
+      #
+      # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
+      kernelParams = ["mitigations=off"];
+
+      loader = {
+        efi.canTouchEfiVariables = true;
+
+        systemd-boot = {
+          enable = true;
+          configurationLimit = 10;
+        };
+      };
+    };
+
+    hardware.opengl = {
+      enable = true;
+      driSupport = true;
+    };
+
+    programs = {
+      iftop.enable = true;
+      mtr.enable = true;
+      traceroute.enable = true;
+    };
+
+    services = {
+      # https://github.com/NixOS/nixpkgs/issues/135888
+      upower.enable = true;
+
+      psd.enable = true;
+    };
+
+    environment.systemPackages = with pkgs; [
+      ethtool
+      nethogs
+    ];
+
+    my.extraGroups = ["audio" "video" "input"];
+  };
+}
-- 
cgit v1.2.3