cleanup

etcnixos/common.nix

@@ -20,8 +20,14 @@
     inputs.nixos-hardware.nixosModules.common-pc-ssd
     inputs.chaotic.nixosModules.default
     inputs.disko.nixosModules.disko
+    inputs.lanzaboote.nixosModules.lanzaboote
   ];
 
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  swapDevices = [ ];
+
   nix = {
     # optimize the store
     optimise.automatic = true;
@@ -33,30 +39,58 @@
     ];
   };
 
+  system.activationScripts = {
+    # extract all my secureboot keys
+    # TODO! proper secrets management
+    "secureboot-keys".text = ''
+      #!/bin/sh
+      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
+      mkdir -p ${config.boot.lanzaboote.pkiBundle}
+      ${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
+      chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
+      chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
+    '';
+  };
+
   # kernel options
   boot = {
     kernelPackages = pkgs.linuxPackages_cachyos-lto;
     # kernelPackages = pkgs.linuxPackages_latest;
     # kernelPackages = pkgs.linuxPackages;
 
-    kernel.sysctl = {
-      # dmesg shushhhhh
-      "kernel.printk" = "2 4 1 7";
+    lanzaboote = {
+      enable = true;
+      # TODO: proper secrets management so this is not stored in nix store
+      pkiBundle = "/var/lib/sbctl";
     };
 
     # Bootloader.
     loader = {
-      systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
 
       timeout = 1;
+      /*
+        Lanzaboote currently replaces the systemd-boot module.
+        This setting is usually set to true in configuration.nix
+        generated at installation time. So we force it to false
+        for now.
+      */
+      systemd-boot.enable = lib.mkForce false;
+
     };
 
     initrd = {
       compressor = "zstd";
+      availableKernelModules = [
+        "xhci_pci"
+        "thunderbolt"
+        "nvme"
+        "usbhid"
+      ];
     };
 
     kernelModules = [
+      "kvm-amd"
       "ip_tables"
       "iptable_nat"
       "msr"
@@ -95,7 +129,7 @@
     mullvad-vpn.enable = true;
   };
 
-  # Set your time zone.
+  # EST
   time.timeZone = "America/New_York";
 
   security = {
@@ -117,18 +151,6 @@
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
 
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
-  };
-
   # Enable Bluetooth
   hardware.bluetooth = {
     enable = true;
@@ -218,6 +240,7 @@
   };
 
   system.stateVersion = "24.11";
+  nixpkgs.hostPlatform = "x86_64-linux";
 
   documentation.enable = true;
   documentation.man.enable = true;

etcnixos/hardware_desktop.nix

@@ -1,6 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 {
   config,
   lib,
@@ -8,22 +5,7 @@
   modulesPath,
   ...
 }:
-
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "xhci_pci"
-    "ahci"
-    "usb_storage"
-    "usbhid"
-    "sd_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/ff51be5a-b87b-4e6a-9c1d-796ceeaca153";
     fsType = "ext4";
@@ -44,16 +26,4 @@
     options = [ "nofail" ];
   };
 
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

etcnixos/hardware_laptop.nix

@@ -6,15 +6,6 @@
   ...
 }:
 {
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "thunderbolt"
-    "nvme"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
   disko.devices = {
     disk = {
       main = {
@@ -59,17 +50,4 @@
     };
   };
 
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-  hardware.enableRedistributableFirmware = true;
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

etcnixos/system-mreow.nix

@@ -12,7 +12,6 @@
     ./hardware_laptop.nix
 
     inputs.nixos-hardware.nixosModules.framework-amd-ai-300-series
-    inputs.lanzaboote.nixosModules.lanzaboote
   ];
 
   # completely and utterly broken
@@ -38,38 +37,6 @@
     };
   };
 
-  boot = {
-    lanzaboote = {
-      enable = true;
-      # TODO: proper secrets management so this is not stored in nix store
-      pkiBundle = "/var/lib/sbctl";
-    };
-
-    # Bootloader.
-    loader = {
-      /*
-        Lanzaboote currently replaces the systemd-boot module.
-        This setting is usually set to true in configuration.nix
-        generated at installation time. So we force it to false
-        for now.
-      */
-      systemd-boot.enable = lib.mkForce false;
-    };
-  };
-
-  system.activationScripts = {
-    # extract all my secureboot keys
-    # TODO! proper secrets management
-    "secureboot-keys".text = ''
-      #!/bin/sh
-      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
-      mkdir -p ${config.boot.lanzaboote.pkiBundle}
-      ${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
-      chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
-      chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
-    '';
-  };
-
   programs.gamescope = {
     enable = true;
     capSysNice = true;
@@ -79,21 +46,6 @@
     gamescopeSession.enable = true;
   };
 
-  # this is a life saver.
-  # literally no documentation about this anywhere.
-  # might be good to write about this...
-  # https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
-  systemd.services.greetd.serviceConfig = {
-    Type = "idle";
-    StandardInput = "tty";
-    StandardOutput = "tty";
-    StandardError = "journal"; # Without this errors will spam on screen
-    # Without these bootlogs will spam on screen
-    TTYReset = true;
-    TTYVHangup = true;
-    TTYVTDisallocate = true;
-  };
-
   system.activationScripts = {
     # FIX: https://github.com/NixOS/nix/issues/2982
     "profile-channel-dummy".text = ''

etcnixos/system-yarn.nix

@@ -20,9 +20,6 @@
 
   networking.hostId = "abf570f9";
   boot = {
-    # fixes zenpower driver issue
-    kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
-
     kernelParams = [
       # allow overclocking (I actually underclock but lol)
       "amdgpu.ppfeaturemask=0xFFF7FFFF"