126 lines
2.9 KiB
Nix
126 lines
2.9 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
username,
|
|
system,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./common.nix
|
|
./hardware_laptop.nix
|
|
];
|
|
|
|
services.tlp = {
|
|
enable = true;
|
|
settings = {
|
|
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
|
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
|
|
|
|
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
|
|
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
|
|
|
|
CPU_MIN_PERF_ON_AC = 0;
|
|
CPU_MAX_PERF_ON_AC = 100;
|
|
CPU_MIN_PERF_ON_BAT = 0;
|
|
CPU_MAX_PERF_ON_BAT = 60;
|
|
|
|
CPU_BOOST_ON_BAT = 0;
|
|
START_CHARGE_THRESH_BAT0 = 90;
|
|
STOP_CHARGE_THRESH_BAT0 = 95;
|
|
RUNTIME_PM_ON_BAT = "auto";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
#using btrfs, so lets scrub!
|
|
btrfs.autoScrub = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
fileSystems = [ "/" ];
|
|
};
|
|
};
|
|
|
|
services.greetd = {
|
|
enable = true;
|
|
settings = {
|
|
default_session = {
|
|
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.niri}/bin/niri-session";
|
|
user = "${username}";
|
|
};
|
|
};
|
|
};
|
|
|
|
boot = {
|
|
enableContainers = true;
|
|
|
|
lanzaboote = {
|
|
enable = true;
|
|
pkiBundle = "/etc/secureboot";
|
|
};
|
|
|
|
# Bootloader.
|
|
loader = {
|
|
/*
|
|
Lanzaboote currently replaces the systemd-boot module.
|
|
This setting is usually set to true in configuration.nix
|
|
generated at installation time. So we force it to false
|
|
for now.
|
|
*/
|
|
systemd-boot.enable = lib.mkForce false;
|
|
};
|
|
|
|
kernelParams = [
|
|
"mitigations=off"
|
|
];
|
|
};
|
|
|
|
# this is a life saver.
|
|
# literally no documentation about this anywhere.
|
|
# might be good to write about this...
|
|
# https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
|
|
systemd.services.greetd.serviceConfig = {
|
|
Type = "idle";
|
|
StandardInput = "tty";
|
|
StandardOutput = "tty";
|
|
StandardError = "journal"; # Without this errors will spam on screen
|
|
# Without these bootlogs will spam on screen
|
|
TTYReset = true;
|
|
TTYVHangup = true;
|
|
TTYVTDisallocate = true;
|
|
};
|
|
|
|
# Enable common container config files in /etc/containers
|
|
virtualisation = {
|
|
containers.enable = true;
|
|
podman = {
|
|
enable = true;
|
|
|
|
# Required for containers under podman-compose to be able to talk to each other.
|
|
# defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
distrobox
|
|
];
|
|
|
|
#weird hack to get swaylock working? idk, if you don't put this here, password entry doesnt work
|
|
#if I move to another lock screen program, i will have to replace `swaylock`
|
|
security.pam.services.swaylock = { };
|
|
|
|
system.activationScripts = {
|
|
"secureboot-keys".text =
|
|
let
|
|
secureboot_path = "/etc/secureboot";
|
|
in
|
|
''
|
|
#!/bin/sh
|
|
rm -fr ${secureboot_path} || true
|
|
mkdir -p ${secureboot_path}
|
|
${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${secureboot_path}
|
|
'';
|
|
};
|
|
}
|