131 lines
3.3 KiB
Nix
131 lines
3.3 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
username,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./common.nix
|
|
./hardware_laptop.nix
|
|
|
|
inputs.nixos-hardware.nixosModules.framework-12th-gen-intel
|
|
inputs.lanzaboote.nixosModules.lanzaboote
|
|
];
|
|
|
|
# hardware.framework.laptop13.audioEnhancement = {
|
|
# enable = true;
|
|
|
|
# # seems audio doesn't work without this
|
|
# hideRawDevice = false;
|
|
# };
|
|
|
|
services.tlp = {
|
|
enable = true;
|
|
settings = {
|
|
CPU_SCALING_GOVERNOR_ON_AC = "powersave";
|
|
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
|
|
|
|
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
|
|
CPU_ENERGY_PERF_POLICY_ON_AC = "default";
|
|
|
|
PCIE_ASPM_ON_BAT = "powersupersave";
|
|
PCIE_ASPM_ON_AC = "default";
|
|
PLATFORM_PROFILE_ON_BAT = "low-power";
|
|
PLATFORM_PROFILE_ON_AC = "balanced";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
#using btrfs, so lets scrub!
|
|
btrfs.autoScrub = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
fileSystems = [ "/" ];
|
|
};
|
|
};
|
|
|
|
services.greetd = {
|
|
enable = true;
|
|
settings = {
|
|
default_session = {
|
|
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd niri-session";
|
|
user = username;
|
|
};
|
|
};
|
|
};
|
|
|
|
boot = {
|
|
lanzaboote = {
|
|
enable = true;
|
|
# TODO: proper secrets management so this is not stored in nix store
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
|
|
# Bootloader.
|
|
loader = {
|
|
/*
|
|
Lanzaboote currently replaces the systemd-boot module.
|
|
This setting is usually set to true in configuration.nix
|
|
generated at installation time. So we force it to false
|
|
for now.
|
|
*/
|
|
systemd-boot.enable = lib.mkForce false;
|
|
};
|
|
};
|
|
|
|
system.activationScripts = {
|
|
# extract all my secureboot keys
|
|
"secureboot-keys".text = ''
|
|
#!/bin/sh
|
|
rm -fr ${config.boot.lanzaboote.pkiBundle} || true
|
|
mkdir -p ${config.boot.lanzaboote.pkiBundle}
|
|
${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
|
|
chown -R root:wheel ${config.boot.lanzaboote.pkiBundle}
|
|
chmod -R 500 ${config.boot.lanzaboote.pkiBundle}
|
|
'';
|
|
};
|
|
|
|
programs.gamescope = {
|
|
enable = true;
|
|
capSysNice = true;
|
|
};
|
|
|
|
programs.steam = {
|
|
gamescopeSession.enable = true;
|
|
};
|
|
|
|
# this is a life saver.
|
|
# literally no documentation about this anywhere.
|
|
# might be good to write about this...
|
|
# https://www.reddit.com/r/NixOS/comments/u0cdpi/tuigreet_with_xmonad_how/
|
|
systemd.services.greetd.serviceConfig = {
|
|
Type = "idle";
|
|
StandardInput = "tty";
|
|
StandardOutput = "tty";
|
|
StandardError = "journal"; # Without this errors will spam on screen
|
|
# Without these bootlogs will spam on screen
|
|
TTYReset = true;
|
|
TTYVHangup = true;
|
|
TTYVTDisallocate = true;
|
|
};
|
|
|
|
system.activationScripts = {
|
|
# FIX: https://github.com/NixOS/nix/issues/2982
|
|
"profile-channel-dummy".text = ''
|
|
#!/bin/sh
|
|
mkdir -p /nix/var/nix/profiles/per-user/root/channels
|
|
'';
|
|
};
|
|
|
|
# weird hack to get swaylock working? idk, if you don't put this here, password entry doesnt work
|
|
# if I move to another lock screen program, i will have to replace `swaylock`
|
|
security.pam.services.swaylock = { };
|
|
|
|
# disable framework kernel module
|
|
# https://github.com/NixOS/nixos-hardware/issues/1330
|
|
hardware.framework.enableKmod = false;
|
|
}
|