{ config, inputs, lib, pkgs, ... }: with lib; { secrets = { wireguard-private-key-melian.file = "${inputs.self}/secrets/wireguard-private-key-melian"; syncthing-cert-melian = with config.services.syncthing; { file = "${inputs.self}/secrets/syncthing-cert-melian"; owner = user; inherit group; }; syncthing-key-melian = with config.services.syncthing; { file = "${inputs.self}/secrets/syncthing-key-melian"; owner = user; inherit group; }; }; nixfiles.modules = { profiles.dev = { containers.enable = true; sql.enable = true; }; games = { lutris.enable = true; steam.enable = true; }; wireguard = { privateKeyFile = config.secrets.wireguard-private-key-melian.path; client.enable = true; }; syncthing = with config.secrets; { enable = true; key = syncthing-key-melian.path; cert = syncthing-cert-melian.path; }; beets.enable = true; bluetooth.enable = true; chromium.enable = true; libvirtd.enable = true; mpd.enable = true; qutebrowser.enable = true; throttled.enable = true; }; # TODO Move to a separate module so that it could be reused on other desktops # in the future. hm = { home.packages = with pkgs; [ (aspellWithDicts (p: with p; [en ru])) calibre iaito kotatogram-desktop nheko tor-browser ]; accounts.email = { maildirBasePath = "${config.my.home}/mail"; accounts = let base = { mbsync = { enable = true; create = "both"; expunge = "both"; patterns = ["*"]; }; msmtp.enable = true; mu.enable = true; }; pass = path: "${pkgs.pass}/bin/pass show ${path}"; in { shire = base // { address = my.email; gpg = { inherit (my.pgp) key; signByDefault = true; encryptByDefault = false; }; primary = true; imap.host = "shire.me"; smtp.host = "shire.me"; userName = "azahi@shire.me"; passwordCommand = pass "email/shire.me/azahi"; }; yahoo = base // { address = "a.gondor@yahoo.com"; imap.host = "imap.yahoo.com"; smtp.host = "smtp.yahoo.com"; userName = "a.gondor@yahoo.com"; passwordCommand = pass "email/yahoo.com/a.gondor"; }; }; }; programs = { mbsync.enable = true; msmtp.enable = true; mu.enable = true; ssh.matchBlocks = let mkBlock = { hostname, port ? 22022, user ? "azahi", }: { inherit hostname port user; identityFile = "${config.my.home}/.ssh/id_ed25519"; }; mkInternalHostname = hostname: "${hostname}.${my.domain.shire}"; in with my.configurations; { # TODO Wrap this. manwe = mkBlock {hostname = mkInternalHostname "manwe";}; manwe-init = mkBlock {hostname = manwe.ipv4.address;}; varda = mkBlock {hostname = mkInternalHostname "varda";}; varda-init = mkBlock {hostname = varda.ipv4.address;}; yavanna = mkBlock {hostname = mkInternalHostname "yavanna";}; yavanna-init = mkBlock {hostname = yavanna.ipv4.address;}; }; }; }; networking = { interfaces = { eth0.useDHCP = true; wlan0.useDHCP = true; }; wireless = { enable = false; iwd.enable = true; userControlled.enable = true; allowAuxiliaryImperativeNetworks = true; }; }; fileSystems = { "/" = { device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; fsType = "xfs"; options = ["noatime"]; }; "/boot" = { device = "/dev/disk/by-uuid/1083-C8A0"; fsType = "vfat"; }; }; # NOTE This will make hibernation extremely hard if on an encrypted partition. # This also could not work on ZFS or Btrfs. swapDevices = [ { device = "/swapfile"; size = 8 * 1024; } ]; boot = { kernelPackages = mkForce pkgs.linuxPackages_xanmod_latest; # Speeding Wi-Fi a bit. extraModprobeConfig = '' options iwlwifi 11n_disable=1 ''; initrd = { kernelModules = []; availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; luks.devices."root" = { device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; allowDiscards = true; bypassWorkqueues = true; }; }; kernelModules = ["kvm-intel"]; loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 10; }; }; }; hardware = { trackpoint = { enable = true; speed = 500; sensitivity = 250; }; opengl.extraPackages = with pkgs; [ intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau ]; }; powerManagement = let modprobe = "${pkgs.kmod}/bin/modprobe"; in { enable = true; # This fixes an issue with not being able to suspend or wake up from suspend # due to a kernel bug[1]. # # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 powerDownCommands = "${modprobe} -r xhci_pci"; powerUpCommands = "${modprobe} xhci_pci"; }; services = { tlp = { enable = false; # TODO Test this again. settings = { START_CHARGE_THRESH_BAT0 = 75; STOP_CHARGE_THRESH_BAT0 = 80; RESTORE_THRESHOLDS_ON_BAT = 1; }; }; throttled.enable = mkForce false; thinkfan = { enable = true; # Old-style configuration should be nullified because it does not support # hwmon search and appends to valid configuration resulting in conflicts # and crash. I probably should make a PR to remove what was introduced[1] # before. # # [1]: https://github.com/NixOS/nixpkgs/commit/02b872310d6a6503639f5a71a14f00441f961bc9 sensors = mkForce null; fans = mkForce null; levels = mkForce null; settings = { sensors = [ { hwmon = "/sys/class/hwmon"; name = "coretemp"; indices = [1]; } ]; fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; levels = [["level auto" 0 50] ["level disengaged" 50 32767]]; }; }; xserver.videoDrivers = ["intel" "modesetting"]; }; # TODO This should be applied globally to all machines. system.stateVersion = "22.05"; }