migrate most of the nixos system

README.md

@@ -1,3 +1,18 @@
 # nix-flake
+rewrite of my nixos flake with hopefully better structuring and modularity
 
-rewrite of my nixos flake with hopefully better structuring and modularity
+# todo
+- (progress) migrate files to this repository in the modules folder
+- split the files into little chunks for 1 specific purposes per file
+
+# todo: migrate files below
+[X] flake stuff (flake.nix & flake.lock)
+
+[X] hardware configs (hardware/scans)
+[X] nixos system
+[X] base nix configs
+[X] apps list
+[ ] user config (not hm)
+
+[ ] home manager config
+[ ] rice config (everything in /rice)

host/thinkpad/config.nix

@@ -0,0 +1,7 @@
+{ ... }: {
+  imports = [
+    ../../modules/hardware/thinkpad.nix
+    ../../modules/scans/thinkpad.nix
+    
+  ];
+}

modules/hardware/thinkpad.nix

@@ -0,0 +1,100 @@
+{ pkgs, lib, resume-dev, ... }: {
+  time.timeZone = lib.mkForce null;
+  powerManagement = {
+    enable = true;
+    powertop.enable = true;
+  };
+  security = {
+    protectKernelImage = false; # https://discourse.nixos.org/t/hibernate-doesnt-work-anymore/24673/7
+    tpm2 = {
+      enable = true;
+      pkcs11.enable = true;
+      tctiEnvironment.enable = true;
+    };
+  };
+  hardware = {
+    enableRedistributableFirmware = true; # T480 WiFi firmware fix
+    bluetooth = {
+      enable = true;
+      powerOnBoot = true;
+    };
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        intel-compute-runtime
+        libva-vdpau-driver
+        libvdpau-va-gl 
+      ];
+    };
+  };
+  boot = {
+    kernelParams = if resume-dev == "" then [] else ["resume=${resume-dev}"];
+    resumeDevice = "${resume-dev}";
+
+    kernelPackages = pkgs.linuxPackages;
+    kernel.sysctl."vm.laptop_mode" = 5;
+    initrd.availableKernelModules = [ "thinkpad_acpi" ];
+  };
+  services = {
+    logind.settings.Login = {
+      HandleLidSwitch = "suspend";
+      HandlePowerKey = "ignore";
+    };
+    fstrim.enable = true;
+    thermald.enable = true;
+    throttled.enable = true;
+    fwupd.enable = true;
+    udev.extraRules = ''
+      #ACTION=="add", SUBSYSTEM=="usb", TEST=="power/control", ATTR{power/control}="auto"
+      ACTION=="add", SUBSYSTEM=="pci", TEST=="power/control", ATTR{power/control}="auto"
+      SUBSYSTEM=="power_supply", ACTION=="change", RUN+="${pkgs.writeShellScript "battery-thresholds" ''
+        echo 80 > /sys/class/power_supply/BAT1/charge_control_start_threshold || true
+        echo 85 > /sys/class/power_supply/BAT1/charge_control_end_threshold || true
+      ''}"
+    '';
+    tzupdate = {
+      enable = true;
+      timer.enable = true;
+    };
+    upower = {
+      enable = true;
+      percentageCritical = 15;
+      percentageAction = 10;
+      usePercentageForPolicy = true;
+      allowRiskyCriticalPowerAction = true;
+      criticalPowerAction = "HybridSleep";
+    };
+    auto-cpufreq = {
+      enable = true;
+      settings = {
+        charger = {
+          governor = "performance";
+          energy_performance_preference = "balance_performance";
+          turbo = "auto";
+        };
+        battery = {
+          governor = "powersave";
+          energy_performance_preference = "balance_power";
+          turbo = "never";
+          enable_thresholds = "true";
+          start_threshold = "80";
+          stop_threshold = "85";
+        };
+      };
+    };
+    thinkfan = {
+      enable = true;
+      levels = [
+        [ "level auto"        0  55  ]
+        [ 3                  55  65  ]
+        [ 7                  65  75  ]
+        [ "level full-speed" 75  100 ]
+      ];
+      # sensors = [
+      #   { type = "hwmon"; query = "/sys/devices/platform/coretemp.0/hwmon"; }
+      # ];
+    };
+  };
+}

modules/scans/thinkpad.nix

@@ -0,0 +1,45 @@
+
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/756146e4-1b32-4f58-a3a3-6506f34bb89c";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/A05E-E94D";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

modules/system/apps.nix

@@ -0,0 +1,64 @@
+{ pkgs, ... }: {
+  nixpkgs.config.permittedInsecurePackages = [
+    "ventoy-qt5-1.1.10"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    baobab
+    file-roller
+    gnome-network-displays
+    gnome-disk-utility
+    
+    smartmontools
+    lm_sensors
+    ntfs3g
+    virt-viewer
+    dconf2nix
+    pciutils
+    gparted
+    exfatprogs
+    pavucontrol
+    jq
+    powertop
+    smartmontools
+    fastfetch
+    ethtool
+    dig
+    dnslookup
+    lsof
+    gucharmap
+    ncdu
+    zip
+    blueman
+    shared-mime-info
+    usbutils
+
+    android-tools
+    scrcpy
+    distrobox
+
+    ventoy-full-qt
+    home-manager
+    vim
+    wget
+    curl
+    openssl_3
+    htop
+    nmap
+    sysstat
+    netcat
+    p7zip
+    stress
+    wakeonlan
+    coreutils-full
+    traceroute
+    lxappearance
+    freerdp
+
+    nix-index
+    nixd
+    nil
+    nh
+    git
+  ];
+}

modules/system/base.nix

@@ -0,0 +1,25 @@
+{ hostname, timezone, ... }: {
+  system.stateVersion = "24.11";
+  imports = [ ./apps.nix ];
+
+  nixpkgs.config.allowUnfree = true;
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d -d";
+    };
+    optimise.automatic = true;
+  };
+
+  networking.hostName = "${hostname}";
+  time.timeZone = timezone;
+  services = {
+    openssh.enable = true;
+    tailscale.enable = true;
+  };
+}

modules/system/default.nix

@@ -0,0 +1,169 @@
+{ pkgs, config, swapfile, locale, legacy-boot, wol, enable-dm, zerotier, ... }: {
+  imports = [
+    ../hardware/scan.nix
+    ../rice/system.nix
+    ./base.nix
+  ];
+
+  boot = {
+    kernelModules = [ "rndis_host" "cdc_ether" ];
+    supportedFilesystems = [ "ext4" "btrfs" "vfat" "ntfs" "exfat" ];
+    plymouth.enable = true;
+    kernel.sysctl = {
+      "net.ipv4.ip_forward" = 1;
+      "net.ipv6.conf.all.forwarding" = 1;
+    };
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot = {
+        enable = !legacy-boot;
+        configurationLimit = 3;
+        sortKey = "z-nixos";
+        editor = false;
+      };
+      grub = {
+        enable = legacy-boot; #true;
+        device = "/dev/sda";
+        useOSProber = true;
+        default = "saved";
+        theme = "${pkgs.libsForQt5.breeze-grub}/grub/themes/breeze";
+      };
+    };
+    kernelParams = [
+      #"quiet"
+      "boot.shell_on_fail"
+      "loglevel=3"
+      "rd.systemd.show_status=true"
+      #"rd.udev.log_level=3"
+      "udev.log_priority=3"
+    ];
+  };
+  swapDevices = if swapfile == 0 then [] else [
+    {
+      device = "/swapfile";
+      size = swapfile;
+    }
+  ];
+
+  virtualisation = {
+    # waydroid.enable = true;
+    docker.enable = true;
+    # libvirtd = {
+    #   enable = true;
+    #   qemu = {
+    #     package = pkgs.qemu_kvm;
+    #     swtpm.enable = true;
+    #     runAsRoot = false;
+    #     ovmf = {
+    #       enable = false;
+    #       packages = [(pkgs.OVMF.override {
+    #         secureBoot = true;
+    #         tpmSupport = true;
+    #       }).fd];
+    #     };
+    #   };
+    # };
+  };
+
+  networking = {
+    networkmanager.enable = true;
+    firewall.enable = false;
+    nameservers = ["1.1.1.1" "1.0.0.1"];
+  };
+
+  hardware.graphics = {
+    enable = true;
+    extraPackages = [ pkgs.libva-vdpau-driver ];
+  };
+  i18n.defaultLocale = locale;
+  environment.localBinInPath = true;
+
+  systemd.services."wol" = {
+    enable = wol != "";
+    description = "Wake-on-LAN for ${wol}";
+    requires = [ "network.target" ];
+    after = [ "network.target" ];
+    serviceConfig = {
+      ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${wol} wol g";
+      Type = "oneshot";
+    };
+    wantedBy = [ # just in case 
+      "multi-user.target"
+      "sleep.target"
+      "suspend.target"
+      "hibernate.target"
+      "hybrid-sleep.target"
+      "shutdown.target"
+      "reboot.target"
+      "halt.target"
+    ];
+  };
+
+  services = {
+    displayManager.gdm.enable = enable-dm;
+    xserver = {
+      enable = true;
+      xkb = {
+        layout = "us";
+        variant = "";
+      };
+    };
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      jack.enable = true;
+    };
+    sunshine = {
+      enable = true;
+      autoStart = true;
+      capSysAdmin = true;
+      openFirewall = true;
+    };
+    avahi = {
+      enable = true;
+      nssmdns4 = true;
+    };
+    printing = {
+      enable = true;
+      drivers = with pkgs; [ hplip ];
+    };
+    zerotierone = {
+      enable = true;
+      joinNetworks = zerotier.networks;
+    };
+    cloudflare-warp.enable = true;
+    gnome.gnome-keyring.enable = true;
+    gvfs.enable = true;
+    blueman.enable = true;
+    pulseaudio.enable = false;
+    resolved.enable = true;
+  };
+
+  security = {
+    rtkit.enable = true;
+    sudo.configFile = ''
+      Defaults insults
+      Defaults passwd_tries = 5
+    '';
+  };
+
+  fonts.packages = with pkgs; [
+    corefonts
+  ];
+
+  programs = {
+    gdk-pixbuf.modulePackages = [ pkgs.librsvg ];
+    zsh.enable = true;
+    nix-ld.enable = true;
+    steam.enable = true;
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+    kdeconnect = {
+      enable = true;
+    };
+  };
+}