diff --git a/nixos-configurations/ochsenchopf/default.nix b/nixos-configurations/ochsenchopf/default.nix index 8b43aaa..23a3485 100644 --- a/nixos-configurations/ochsenchopf/default.nix +++ b/nixos-configurations/ochsenchopf/default.nix @@ -6,6 +6,7 @@ ./networking.nix ]; facter.reportPath = ./facter.json; # TODO: Update + dotfiles.hardware.thinkpad-x1-gen9.enable = true; # This value determines the NixOS release from which the default # settings for stateful data, like fi:le locations and database versions diff --git a/nixos-configurations/speer/default.nix b/nixos-configurations/speer/default.nix index 2a27575..bd775c5 100644 --- a/nixos-configurations/speer/default.nix +++ b/nixos-configurations/speer/default.nix @@ -7,6 +7,7 @@ ./disko-config.nix ]; facter.reportPath = ./facter.json; + dotfiles.hardware.amd-desktop.enable = true; # Set your time zone. time.timeZone = "Europe/Tallinn"; diff --git a/nixos-modules/base-system/default.nix b/nixos-modules/base-system/default.nix deleted file mode 100644 index e65ab74..0000000 --- a/nixos-modules/base-system/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - inputs, - pkgs, - lib, - ... -}: -{ - imports = [ inputs.lanzaboote.nixosModules.lanzaboote ]; - - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; - - boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.systemd.enable = true; - - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; -} diff --git a/nixos-modules/base/applications.nix b/nixos-modules/base/applications.nix index a179a32..25d13cc 100644 --- a/nixos-modules/base/applications.nix +++ b/nixos-modules/base/applications.nix @@ -4,6 +4,18 @@ }: { + + environment.etc = { + gitconfig.source = ./etc/gitconfig; + vimrc.source = ./etc/vimrc; + }; + + programs.autojump.enable = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; + environment.systemPackages = with pkgs; [ @@ -33,6 +45,7 @@ nix-diff nixpkgs-review nixos-option + comma ] ++ [ autojump @@ -53,20 +66,6 @@ git git-lfs ] - ++ [ - # Filesystem & Disk Utilities - exfat - samba - cifs-utils - keyutils # required for cifs kerberos auth - sshfs-fuse - hdparm - mtpfs - ntfs3g - smartmontools - parted - usbutils - ] ++ [ # Networking Utilities nmap diff --git a/nixos-modules/base/boot.nix b/nixos-modules/base/boot.nix new file mode 100644 index 0000000..2814bc7 --- /dev/null +++ b/nixos-modules/base/boot.nix @@ -0,0 +1,34 @@ +{ + inputs, + pkgs, + lib, + ... +}: +{ + imports = [ inputs.lanzaboote.nixosModules.lanzaboote ]; + + environment.systemPackages = [ + pkgs.sbctl + ]; + + boot = { + loader.timeout = 2; + tmp.useTmpfs = true; + kernelPackages = pkgs.linuxPackages_latest; + bootspec.enable = true; + + loader.efi.canTouchEfiVariables = true; + initrd.systemd.enable = true; + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + loader.systemd-boot.enable = lib.mkForce false; + + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + }; +} diff --git a/nixos-modules/base/default.nix b/nixos-modules/base/default.nix index c25126f..790a0f6 100644 --- a/nixos-modules/base/default.nix +++ b/nixos-modules/base/default.nix @@ -1,65 +1,19 @@ { - lib, pkgs, - inputs, ... }: -let - users = { - fhauser = { - uid = 1000; - isNormalUser = true; - description = "Fabian Hauser"; - group = "fhauser"; - extraGroups = [ - "wheel" - "video" - "docker" - "networkmanager" - "libvirtd" - "adbusers" - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108" - ]; - }; - }; -in { imports = [ - inputs.private.nixosModules.users # Contains hashedPasswords for users. - ./unfree.nix ./applications.nix + ./boot.nix + ./unfree.nix + ./users.nix ]; - boot.loader.timeout = 2; - boot.tmp.useTmpfs = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.bootspec.enable = true; - - catppuccin = { - flavor = "mocha"; - tty.enable = true; - }; - console.keyMap = "de_CH-latin1"; i18n.defaultLocale = "en_US.UTF-8"; - users.mutableUsers = false; - users.groups = { - fhauser.gid = 1000; - }; - users.users = users // { - root.openssh.authorizedKeys.keys = - with lib; - concatLists ( - mapAttrsToList ( - _name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] - ) users - ); - }; - # Package management nix = { settings.trusted-users = [ @@ -69,7 +23,7 @@ in optimise.automatic = true; gc = { automatic = true; - dates = "weekly"; + dates = "monthly"; options = "--delete-older-than 60d"; }; package = pkgs.nixVersions.stable; @@ -78,10 +32,6 @@ in ''; }; - # System Services - services.btrfs.autoScrub.enable = true; - services.fwupd.enable = true; - # Network services networking.networkmanager.enable = true; networking.firewall = { @@ -95,18 +45,5 @@ in settings.PasswordAuthentication = false; }; - # Default Settings - environment.etc = { - gitconfig.source = ./etc/gitconfig; - vimrc.source = ./etc/vimrc; - }; - - programs.autojump.enable = true; - programs.vim = { - enable = true; - defaultEditor = true; - }; - environment.systemPackages = [ pkgs.comma ]; - services.dbus.implementation = "broker"; } diff --git a/nixos-modules/base/users.nix b/nixos-modules/base/users.nix new file mode 100644 index 0000000..c8871de --- /dev/null +++ b/nixos-modules/base/users.nix @@ -0,0 +1,48 @@ +{ + lib, + inputs, + ... +}: + +let + users = { + fhauser = { + uid = 1000; + isNormalUser = true; + description = "Fabian Hauser"; + group = "fhauser"; + extraGroups = [ + "wheel" + "video" + "docker" + "networkmanager" + "libvirtd" + "adbusers" + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108" + ]; + }; + }; +in +{ + imports = [ + inputs.private.nixosModules.users # Contains hashedPasswords for users. + ]; + + users = { + mutableUsers = false; + groups = { + fhauser.gid = 1000; + }; + users = users // { + root.openssh.authorizedKeys.keys = + with lib; + concatLists ( + mapAttrsToList ( + _name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] + ) users + ); + }; + }; +} diff --git a/nixos-modules/default.nix b/nixos-modules/default.nix index 344d556..a0dbd86 100644 --- a/nixos-modules/default.nix +++ b/nixos-modules/default.nix @@ -2,12 +2,10 @@ { imports = [ ./base - ./base-system ./desktop ./filesystems ./hardware ./home-manager - ./printing ./theme ./virtualisation ]; diff --git a/nixos-modules/desktop/default.nix b/nixos-modules/desktop/default.nix index cd2c88a..1133d74 100644 --- a/nixos-modules/desktop/default.nix +++ b/nixos-modules/desktop/default.nix @@ -6,7 +6,6 @@ imports = [ ./desktop-environment.nix ./greeter.nix - ./hardware.nix ./office-suite.nix ./security.nix ./video.nix diff --git a/nixos-modules/desktop/greeter.nix b/nixos-modules/desktop/greeter.nix index bb57bf0..4d24547 100644 --- a/nixos-modules/desktop/greeter.nix +++ b/nixos-modules/desktop/greeter.nix @@ -9,9 +9,6 @@ defaultSession = "sway"; }; - # Enable touchpad support. - services.libinput.enable = true; - services.xserver = { enable = true; desktopManager.xterm.enable = false; diff --git a/nixos-modules/desktop/hardware.nix b/nixos-modules/desktop/hardware.nix deleted file mode 100644 index 200e367..0000000 --- a/nixos-modules/desktop/hardware.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - ... -}: - -{ - - services.blueman.enable = true; - - # Enable sound. - nixpkgs.config.pulseaudio = true; - - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; - }; - security.rtkit.enable = true; - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - intel-compute-runtime - intel-media-driver - libvdpau-va-gl - vaapiVdpau - ]; - - }; - acpilight.enable = true; - bluetooth = { - enable = true; - package = pkgs.bluez; - }; - logitech.wireless = { - enable = true; - enableGraphical = true; - }; - }; - - services.hardware.bolt.enable = true; - services.udisks2.enable = true; - services.upower.enable = config.powerManagement.enable; - - programs.light.enable = true; - programs.adb.enable = true; - - services.fprintd = { - enable = true; - package = pkgs.fprintd-tod; - tod = { - enable = true; - driver = pkgs.libfprint-2-tod1-vfs0090; - }; - }; -} diff --git a/nixos-modules/desktop/security.nix b/nixos-modules/desktop/security.nix index 0e6c7e1..95e1888 100644 --- a/nixos-modules/desktop/security.nix +++ b/nixos-modules/desktop/security.nix @@ -1,4 +1,6 @@ { + config, + lib, ... }: @@ -6,7 +8,7 @@ services.pcscd.enable = true; # Make pam accept both password and fingerprint - security.pam.services.swaylock.rules.auth = { + security.pam.services.swaylock.rules.auth = lib.mkIf config.services.fprintd.enable { fprintd.order = 11601; unix.args = [ "nullok" ]; }; diff --git a/nixos-modules/filesystems/default.nix b/nixos-modules/filesystems/default.nix index 3dbd19b..d2209fb 100644 --- a/nixos-modules/filesystems/default.nix +++ b/nixos-modules/filesystems/default.nix @@ -1,4 +1,21 @@ -{ inputs, ... }: +{ inputs, pkgs, ... }: { imports = [ inputs.disko.nixosModules.disko ]; + + services.btrfs.autoScrub.enable = true; + + environment.systemPackages = with pkgs; [ + # Filesystem & Disk Utilities + exfat + samba + cifs-utils + keyutils # required for cifs kerberos auth + sshfs-fuse + hdparm + mtpfs + ntfs3g + smartmontools + parted + usbutils + ]; } diff --git a/nixos-modules/hardware/amd-board.nix b/nixos-modules/hardware/amd-desktop.nix similarity index 60% rename from nixos-modules/hardware/amd-board.nix rename to nixos-modules/hardware/amd-desktop.nix index 2fa3bd0..5a5ee88 100644 --- a/nixos-modules/hardware/amd-board.nix +++ b/nixos-modules/hardware/amd-desktop.nix @@ -1,7 +1,7 @@ { lib, + config, pkgs, - modulesPath, ... }: let @@ -40,30 +40,20 @@ let ''; in { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + options.dotfiles.hardware.amd-desktop.enable = + lib.mkEnableOption "Enable AMD Desktop Setup Support"; - boot.initrd.availableKernelModules = [ - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - "xhci_pci" - "ahci" - "virtio-pci" - "igb" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ - "kvm-amd" - "uhid" - ]; - boot.extraModulePackages = [ ]; - boot.kernelParams = [ "acpi_enforce_resources=lax" ]; + config = lib.mkIf config.dotfiles.hardware.amd-desktop.enable { - environment.systemPackages = [ thunderboltDockRestart ]; + dotfiles.hardware.ecc-memory.enable = true; - hardware.cpu.amd.updateMicrocode = true; - nix.settings.max-jobs = lib.mkDefault 24; + boot.kernelParams = [ "acpi_enforce_resources=lax" ]; - powerManagement.powerUpCommands = "${forceThunderboltOnScript}/bin/force-thunderbolt-power-on"; + # The Thunderbolt card in combination with a Thinkpad Dock has power issues after suspend and boot. + # These scripts help with some cases. + environment.systemPackages = [ thunderboltDockRestart ]; + powerManagement.powerUpCommands = "${forceThunderboltOnScript}/bin/force-thunderbolt-power-on"; + + nix.settings.max-jobs = lib.mkDefault 24; + }; } diff --git a/nixos-modules/hardware/default.nix b/nixos-modules/hardware/default.nix index 6f29868..6fe7441 100644 --- a/nixos-modules/hardware/default.nix +++ b/nixos-modules/hardware/default.nix @@ -1,7 +1,75 @@ { + config, inputs, + lib, + pkgs, ... }: { - imports = [ inputs.nixos-facter-modules.nixosModules.facter ]; + + imports = [ + inputs.nixos-facter-modules.nixosModules.facter + ./ecc-memory.nix + ./amd-desktop.nix + ./modem-em120r-gl.nix + ./thinkpad-x1-gen9.nix + ./printing.nix + ]; + + # Enable touchpad support. + services.libinput.enable = true; + + services.fwupd.enable = true; + + services.blueman.enable = true; + + # Enable sound. + nixpkgs.config.pulseaudio = true; + + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + intel-compute-runtime + intel-media-driver + libvdpau-va-gl + vaapiVdpau + ]; + + }; + acpilight.enable = true; + bluetooth = { + enable = true; + package = pkgs.bluez; + }; + logitech.wireless = { + enable = true; + enableGraphical = true; + }; + }; + + services.hardware.bolt.enable = true; + services.udisks2.enable = true; + services.upower.enable = config.powerManagement.enable; + + programs.light.enable = true; + programs.adb.enable = true; + + services.fprintd = lib.mkIf config.facter.detected.fingerprint.enable { + enable = true; + package = pkgs.fprintd-tod; + tod = { + enable = true; + driver = pkgs.libfprint-2-tod1-vfs0090; + }; + }; } diff --git a/nixos-modules/hardware/ecc-memory.nix b/nixos-modules/hardware/ecc-memory.nix index 5ef1eb6..a57f05e 100644 --- a/nixos-modules/hardware/ecc-memory.nix +++ b/nixos-modules/hardware/ecc-memory.nix @@ -1,8 +1,13 @@ { + config, + lib, ... }: { - hardware.rasdaemon = { - enable = true; + options.dotfiles.hardware.ecc-memory.enable = lib.mkEnableOption "Enable ECC Memory Support"; + + config = lib.mkIf config.dotfiles.hardware.ecc-memory.enable { + + hardware.rasdaemon.enable = true; }; } diff --git a/nixos-modules/hardware/modem-em120r-gl.nix b/nixos-modules/hardware/modem-em120r-gl.nix new file mode 100644 index 0000000..c1f8f0c --- /dev/null +++ b/nixos-modules/hardware/modem-em120r-gl.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + inputs, + ... +}: +{ + + options.dotfiles.hardware.modem-em120r-gl.enable = lib.mkEnableOption "Enable EM120R GL Support"; + + config = lib.mkIf config.dotfiles.hardware.modem-em120r-gl.enable { + environment.systemPackages = with pkgs; [ + modemmanager + libmbim + ]; + + environment.etc."ModemManager/fcc-unlock.d/1eac:1001".source = + let + package = inputs.fcc-unlock.packages.${config.nixpkgs.hostPlatform.system}.default; + in + "${package}/bin/fcc-unlock"; + }; +} diff --git a/nixos-modules/printing/default.nix b/nixos-modules/hardware/printing.nix similarity index 89% rename from nixos-modules/printing/default.nix rename to nixos-modules/hardware/printing.nix index f3d9471..bd50e88 100644 --- a/nixos-modules/printing/default.nix +++ b/nixos-modules/hardware/printing.nix @@ -3,6 +3,7 @@ }: { + # TODO: Revive when needed. #services.printing = { # enable = true; # drivers = with pkgs; [ diff --git a/nixos-modules/hardware/thinkpad-x1-gen9.nix b/nixos-modules/hardware/thinkpad-x1-gen9.nix index d6bc106..3de4173 100644 --- a/nixos-modules/hardware/thinkpad-x1-gen9.nix +++ b/nixos-modules/hardware/thinkpad-x1-gen9.nix @@ -1,42 +1,19 @@ { lib, - pkgs, - modulesPath, - hardwareModules, - pkgFccUnlock, + config, ... }: { - imports = with hardwareModules; [ - (modulesPath + "/installer/scan/not-detected.nix") - hardwareModules.lenovo-thinkpad-x1-9th-gen - ]; + options.dotfiles.hardware.thinkpad-x1-gen9.enable = + lib.mkEnableOption "Enable ThinkPad X1 Gen9 Support"; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "thunderbolt" - "nvme" - "usb_storage" - "sd_mod" - "ahci" - "usbhid" - ]; - boot.kernelModules = [ "kvm-intel" ]; + config = lib.mkIf config.dotfiles.hardware.thinkpad-x1-gen9.enable { - boot.initrd.kernelModules = [ "dm-snapshot" ]; # TODO: This should be moved to defaults + dotfiles.hardware.modem-em120r-gl.enable = true; - environment.systemPackages = with pkgs; [ - modemmanager - libmbim - ]; - - environment.etc."ModemManager/fcc-unlock.d/1eac:1001" = { - source = "${pkgFccUnlock}/bin/fcc-unlock"; + # CPU Configuration + services.throttled.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; }; - - # CPU Configuration - hardware.cpu.intel.updateMicrocode = true; - services.throttled.enable = true; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; } diff --git a/nixos-modules/theme/default.nix b/nixos-modules/theme/default.nix index b71b9df..ba748d4 100644 --- a/nixos-modules/theme/default.nix +++ b/nixos-modules/theme/default.nix @@ -3,4 +3,9 @@ { imports = [ inputs.catppuccin.nixosModules.catppuccin ]; + catppuccin = { + flavor = "mocha"; + tty.enable = true; + }; + } diff --git a/nixos-modules/virtualisation/default.nix b/nixos-modules/virtualisation/default.nix index d5d9392..d55f6ce 100644 --- a/nixos-modules/virtualisation/default.nix +++ b/nixos-modules/virtualisation/default.nix @@ -1,7 +1,6 @@ -{ ... }: +{ config, ... }: { virtualisation = { - # TODO: This should probably be somewhere else. docker = { enable = true; enableOnBoot = false; @@ -10,9 +9,24 @@ spiceUSBRedirection.enable = true; }; - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - options kvm_intel emulate_invalid_guest_state=0 - options kvm ignore_msrs=1 - ''; + boot.extraModprobeConfig = + let + isIntel = config.hardware.cpu.intel.updateMicrocode; + isAmd = config.hardware.cpu.amd.updateMicrocode; + procName = + if isIntel then + "intel" + else if isAmd then + "amd" + else + ""; + in + if isIntel || isAmd then + '' + options kvm_${procName} nested=1 + options kvm_${procName} emulate_invalid_guest_state=0 + options kvm ignore_msrs=1 + '' + else + ""; }