move some stuff around
This commit is contained in:
125
etcnixos/system-mreow.nix
Normal file
125
etcnixos/system-mreow.nix
Normal file
@@ -0,0 +1,125 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
username,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
./hardware_laptop.nix
|
||||
];
|
||||
|
||||
services.tlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
|
||||
|
||||
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
|
||||
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
|
||||
|
||||
CPU_MIN_PERF_ON_AC = 0;
|
||||
CPU_MAX_PERF_ON_AC = 100;
|
||||
CPU_MIN_PERF_ON_BAT = 0;
|
||||
CPU_MAX_PERF_ON_BAT = 60;
|
||||
|
||||
CPU_BOOST_ON_BAT = 0;
|
||||
START_CHARGE_THRESH_BAT0 = 90;
|
||||
STOP_CHARGE_THRESH_BAT0 = 95;
|
||||
RUNTIME_PM_ON_BAT = "auto";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
#using btrfs, so lets scrub!
|
||||
btrfs.autoScrub = {
|
||||
enable = true;
|
||||
interval = "weekly";
|
||||
fileSystems = [ "/" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
default_session = {
|
||||
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.niri}/bin/niri-session";
|
||||
user = "${username}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
enableContainers = true;
|
||||
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
|
||||
# Bootloader.
|
||||
loader = {
|
||||
/*
|
||||
Lanzaboote currently replaces the systemd-boot module.
|
||||
This setting is usually set to true in configuration.nix
|
||||
generated at installation time. So we force it to false
|
||||
for now.
|
||||
*/
|
||||
systemd-boot.enable = lib.mkForce false;
|
||||
};
|
||||
|
||||
kernelParams = [
|
||||
"mitigations=off"
|
||||
];
|
||||
};
|
||||
|
||||
# this is a life saver.
|
||||
# literally no documentation about this anywhere.
|
||||
# might be good to write about this...
|
||||
# https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
|
||||
systemd.services.greetd.serviceConfig = {
|
||||
Type = "idle";
|
||||
StandardInput = "tty";
|
||||
StandardOutput = "tty";
|
||||
StandardError = "journal"; # Without this errors will spam on screen
|
||||
# Without these bootlogs will spam on screen
|
||||
TTYReset = true;
|
||||
TTYVHangup = true;
|
||||
TTYVTDisallocate = true;
|
||||
};
|
||||
|
||||
# Enable common container config files in /etc/containers
|
||||
virtualisation = {
|
||||
containers.enable = true;
|
||||
podman = {
|
||||
enable = true;
|
||||
|
||||
# Required for containers under podman-compose to be able to talk to each other.
|
||||
# defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
distrobox
|
||||
];
|
||||
|
||||
#weird hack to get swaylock working? idk, if you don't put this here, password entry doesnt work
|
||||
#if I move to another lock screen program, i will have to replace `swaylock`
|
||||
security.pam.services.swaylock = { };
|
||||
|
||||
system.activationScripts = {
|
||||
"secureboot-keys".text =
|
||||
let
|
||||
secureboot_path = "/etc/secureboot";
|
||||
in
|
||||
''
|
||||
#!/bin/sh
|
||||
rm -fr ${secureboot_path} || true
|
||||
mkdir -p ${secureboot_path}
|
||||
${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${secureboot_path}
|
||||
'';
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user