diff --git a/README.md b/README.md index 189b685..77452d7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,18 @@ # nix-flake +rewrite of my nixos flake with hopefully better structuring and modularity -rewrite of my nixos flake with hopefully better structuring and modularity \ No newline at end of file +# todo +- (progress) migrate files to this repository in the modules folder +- split the files into little chunks for 1 specific purposes per file + +# todo: migrate files below +[X] flake stuff (flake.nix & flake.lock) + +[X] hardware configs (hardware/scans) +[X] nixos system +[X] base nix configs +[X] apps list +[ ] user config (not hm) + +[ ] home manager config +[ ] rice config (everything in /rice) diff --git a/host/thinkpad/config.nix b/host/thinkpad/config.nix index e69de29..730a098 100644 --- a/host/thinkpad/config.nix +++ b/host/thinkpad/config.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports = [ + ../../modules/hardware/thinkpad.nix + ../../modules/scans/thinkpad.nix + + ]; +} \ No newline at end of file diff --git a/host/thinkpad/home.nix b/host/thinkpad/home.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/hardware/thinkpad.nix b/modules/hardware/thinkpad.nix index e69de29..7324286 100644 --- a/modules/hardware/thinkpad.nix +++ b/modules/hardware/thinkpad.nix @@ -0,0 +1,100 @@ +{ pkgs, lib, resume-dev, ... }: { + time.timeZone = lib.mkForce null; + powerManagement = { + enable = true; + powertop.enable = true; + }; + security = { + protectKernelImage = false; # https://discourse.nixos.org/t/hibernate-doesnt-work-anymore/24673/7 + tpm2 = { + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; + }; + }; + hardware = { + enableRedistributableFirmware = true; # T480 WiFi firmware fix + bluetooth = { + enable = true; + powerOnBoot = true; + }; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-compute-runtime + libva-vdpau-driver + libvdpau-va-gl + ]; + }; + }; + boot = { + kernelParams = if resume-dev == "" then [] else ["resume=${resume-dev}"]; + resumeDevice = "${resume-dev}"; + + kernelPackages = pkgs.linuxPackages; + kernel.sysctl."vm.laptop_mode" = 5; + initrd.availableKernelModules = [ "thinkpad_acpi" ]; + }; + services = { + logind.settings.Login = { + HandleLidSwitch = "suspend"; + HandlePowerKey = "ignore"; + }; + fstrim.enable = true; + thermald.enable = true; + throttled.enable = true; + fwupd.enable = true; + udev.extraRules = '' + #ACTION=="add", SUBSYSTEM=="usb", TEST=="power/control", ATTR{power/control}="auto" + ACTION=="add", SUBSYSTEM=="pci", TEST=="power/control", ATTR{power/control}="auto" + SUBSYSTEM=="power_supply", ACTION=="change", RUN+="${pkgs.writeShellScript "battery-thresholds" '' + echo 80 > /sys/class/power_supply/BAT1/charge_control_start_threshold || true + echo 85 > /sys/class/power_supply/BAT1/charge_control_end_threshold || true + ''}" + ''; + tzupdate = { + enable = true; + timer.enable = true; + }; + upower = { + enable = true; + percentageCritical = 15; + percentageAction = 10; + usePercentageForPolicy = true; + allowRiskyCriticalPowerAction = true; + criticalPowerAction = "HybridSleep"; + }; + auto-cpufreq = { + enable = true; + settings = { + charger = { + governor = "performance"; + energy_performance_preference = "balance_performance"; + turbo = "auto"; + }; + battery = { + governor = "powersave"; + energy_performance_preference = "balance_power"; + turbo = "never"; + enable_thresholds = "true"; + start_threshold = "80"; + stop_threshold = "85"; + }; + }; + }; + thinkfan = { + enable = true; + levels = [ + [ "level auto" 0 55 ] + [ 3 55 65 ] + [ 7 65 75 ] + [ "level full-speed" 75 100 ] + ]; + # sensors = [ + # { type = "hwmon"; query = "/sys/devices/platform/coretemp.0/hwmon"; } + # ]; + }; + }; +} \ No newline at end of file diff --git a/modules/scans/thinkpad.nix b/modules/scans/thinkpad.nix new file mode 100644 index 0000000..cd20efd --- /dev/null +++ b/modules/scans/thinkpad.nix @@ -0,0 +1,45 @@ + +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/756146e4-1b32-4f58-a3a3-6506f34bb89c"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A05E-E94D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.virbr0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/system/apps.nix b/modules/system/apps.nix new file mode 100644 index 0000000..796de96 --- /dev/null +++ b/modules/system/apps.nix @@ -0,0 +1,64 @@ +{ pkgs, ... }: { + nixpkgs.config.permittedInsecurePackages = [ + "ventoy-qt5-1.1.10" + ]; + + environment.systemPackages = with pkgs; [ + baobab + file-roller + gnome-network-displays + gnome-disk-utility + + smartmontools + lm_sensors + ntfs3g + virt-viewer + dconf2nix + pciutils + gparted + exfatprogs + pavucontrol + jq + powertop + smartmontools + fastfetch + ethtool + dig + dnslookup + lsof + gucharmap + ncdu + zip + blueman + shared-mime-info + usbutils + + android-tools + scrcpy + distrobox + + ventoy-full-qt + home-manager + vim + wget + curl + openssl_3 + htop + nmap + sysstat + netcat + p7zip + stress + wakeonlan + coreutils-full + traceroute + lxappearance + freerdp + + nix-index + nixd + nil + nh + git + ]; +} diff --git a/modules/system/base.nix b/modules/system/base.nix new file mode 100644 index 0000000..c9aa53b --- /dev/null +++ b/modules/system/base.nix @@ -0,0 +1,25 @@ +{ hostname, timezone, ... }: { + system.stateVersion = "24.11"; + imports = [ ./apps.nix ]; + + nixpkgs.config.allowUnfree = true; + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d -d"; + }; + optimise.automatic = true; + }; + + networking.hostName = "${hostname}"; + time.timeZone = timezone; + services = { + openssh.enable = true; + tailscale.enable = true; + }; +} \ No newline at end of file diff --git a/modules/system/default.nix b/modules/system/default.nix new file mode 100644 index 0000000..bab73ab --- /dev/null +++ b/modules/system/default.nix @@ -0,0 +1,169 @@ +{ pkgs, config, swapfile, locale, legacy-boot, wol, enable-dm, zerotier, ... }: { + imports = [ + ../hardware/scan.nix + ../rice/system.nix + ./base.nix + ]; + + boot = { + kernelModules = [ "rndis_host" "cdc_ether" ]; + supportedFilesystems = [ "ext4" "btrfs" "vfat" "ntfs" "exfat" ]; + plymouth.enable = true; + kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = !legacy-boot; + configurationLimit = 3; + sortKey = "z-nixos"; + editor = false; + }; + grub = { + enable = legacy-boot; #true; + device = "/dev/sda"; + useOSProber = true; + default = "saved"; + theme = "${pkgs.libsForQt5.breeze-grub}/grub/themes/breeze"; + }; + }; + kernelParams = [ + #"quiet" + "boot.shell_on_fail" + "loglevel=3" + "rd.systemd.show_status=true" + #"rd.udev.log_level=3" + "udev.log_priority=3" + ]; + }; + swapDevices = if swapfile == 0 then [] else [ + { + device = "/swapfile"; + size = swapfile; + } + ]; + + virtualisation = { + # waydroid.enable = true; + docker.enable = true; + # libvirtd = { + # enable = true; + # qemu = { + # package = pkgs.qemu_kvm; + # swtpm.enable = true; + # runAsRoot = false; + # ovmf = { + # enable = false; + # packages = [(pkgs.OVMF.override { + # secureBoot = true; + # tpmSupport = true; + # }).fd]; + # }; + # }; + # }; + }; + + networking = { + networkmanager.enable = true; + firewall.enable = false; + nameservers = ["1.1.1.1" "1.0.0.1"]; + }; + + hardware.graphics = { + enable = true; + extraPackages = [ pkgs.libva-vdpau-driver ]; + }; + i18n.defaultLocale = locale; + environment.localBinInPath = true; + + systemd.services."wol" = { + enable = wol != ""; + description = "Wake-on-LAN for ${wol}"; + requires = [ "network.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${wol} wol g"; + Type = "oneshot"; + }; + wantedBy = [ # just in case + "multi-user.target" + "sleep.target" + "suspend.target" + "hibernate.target" + "hybrid-sleep.target" + "shutdown.target" + "reboot.target" + "halt.target" + ]; + }; + + services = { + displayManager.gdm.enable = enable-dm; + xserver = { + enable = true; + xkb = { + layout = "us"; + variant = ""; + }; + }; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + sunshine = { + enable = true; + autoStart = true; + capSysAdmin = true; + openFirewall = true; + }; + avahi = { + enable = true; + nssmdns4 = true; + }; + printing = { + enable = true; + drivers = with pkgs; [ hplip ]; + }; + zerotierone = { + enable = true; + joinNetworks = zerotier.networks; + }; + cloudflare-warp.enable = true; + gnome.gnome-keyring.enable = true; + gvfs.enable = true; + blueman.enable = true; + pulseaudio.enable = false; + resolved.enable = true; + }; + + security = { + rtkit.enable = true; + sudo.configFile = '' + Defaults insults + Defaults passwd_tries = 5 + ''; + }; + + fonts.packages = with pkgs; [ + corefonts + ]; + + programs = { + gdk-pixbuf.modulePackages = [ pkgs.librsvg ]; + zsh.enable = true; + nix-ld.enable = true; + steam.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + kdeconnect = { + enable = true; + }; + }; +}