diff --git a/nixos/configuration.nix b/common/default.nix similarity index 79% rename from nixos/configuration.nix rename to common/default.nix index 999c472..a5a7119 100644 --- a/nixos/configuration.nix +++ b/common/default.nix @@ -1,67 +1,25 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running `nixos-help`). - { config, pkgs, lib, inputs, ... }: let unstable = inputs.nixos-unstable; - localfork = import /home/spiollinux/src/nixpkgs { }; in { imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./modules/packages.nix - ./modules/nitrokey.nix + ./packages.nix + ./nitrokey.nix ]; services.davfs2.enable = true; - # try newer kernels - #boot.kernelPackages = pkgs.linuxPackages_latest; - - services.fstrim.enable = true; - services.btrfs.autoScrub = - { - enable = true; - fileSystems = [ "/" "/home" ]; - }; # exfat support #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - zramSwap = - { - enable = true; - memoryPercent = 20; - }; - boot.kernel.sysctl."vm.swappiness" = 9; - - boot.loader.efi.canTouchEfiVariables = true; - - # UEFI secure boot - environment.systemPackages = [ - pkgs.sbctl - ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - # make the boot look good boot.plymouth.enable = true; - networking.hostName = "thinknix"; - # configure console console = { font = "Lat2-Terminus16"; @@ -87,7 +45,7 @@ in programs.adb.enable = true; - # programs.mtr.enable = true; + programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: @@ -102,6 +60,7 @@ in # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect + # FIXME: kdeconnect module # Or disable the firewall altogether. # networking.firewall.enable = false; @@ -183,6 +142,7 @@ in }; + # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; @@ -198,7 +158,7 @@ in services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; - # dconf required for several Gnome applications like Cawbird + # dconf required for several Gnome applications programs.dconf.enable = true; programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts @@ -233,12 +193,6 @@ in # profile sync daemon services.psd.enable = true; - services.smartd = - { - enable = true; - devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; - }; - fonts = { fontDir.enable = true; fontconfig.enable = true; @@ -301,10 +255,5 @@ in # stop NetworkManager from managing virtual interfaces networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "18.09"; # Did you read the comment? } diff --git a/nixos/modules/nitrokey.nix b/common/nitrokey.nix similarity index 100% rename from nixos/modules/nitrokey.nix rename to common/nitrokey.nix diff --git a/nixos/modules/packages.nix b/common/packages.nix similarity index 98% rename from nixos/modules/packages.nix rename to common/packages.nix index be11975..0a048cc 100644 --- a/nixos/modules/packages.nix +++ b/common/packages.nix @@ -15,7 +15,7 @@ python3 man-pages dnsutils - netcat + netcat-openbsd ntfs3g file multipath-tools diff --git a/flake.lock b/flake.lock index 5523caf..923378c 100644 --- a/flake.lock +++ b/flake.lock @@ -74,6 +74,22 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "path": "/nix/store/pgid9c9xfcrbqx2giry0an0bi0df7s5c-source", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "path" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -117,11 +133,11 @@ ] }, "locked": { - "lastModified": 1703113038, - "narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=", + "lastModified": 1705476964, + "narHash": "sha256-W5OK1fnj4qdn1HWOlxV2S3YiUvfaVjQM5ldWVpGV1fs=", "owner": "nix-community", "repo": "home-manager", - "rev": "0c2353d5d930c3d93724df6858aef064a31b3c00", + "rev": "85c3b600f660abd86e94cbcd1c46733943197a07", "type": "github" }, "original": { @@ -136,7 +152,7 @@ "crane": "crane", "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" @@ -190,11 +206,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1702453208, - "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", + "lastModified": 1705312285, + "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", + "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", "type": "github" }, "original": { @@ -206,11 +222,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { @@ -254,11 +270,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1703068421, - "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", + "lastModified": 1705458851, + "narHash": "sha256-uQvEhiv33Zj/Pv364dTvnpPwFSptRZgVedDzoM+HqVg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", + "rev": "8bf65f17d8070a0a490daf5f1c784b87ee73982c", "type": "github" }, "original": { @@ -270,11 +286,11 @@ }, "nur": { "locked": { - "lastModified": 1703159048, - "narHash": "sha256-TcW0kf7nd/OEZwwxPs1y07YU4oZe18ezolScRbXXWZA=", + "lastModified": 1705602701, + "narHash": "sha256-FkR40ElbG1pW3f/mpSzbRON9Tjx5pkT2IBWNtd3YKDQ=", "owner": "nix-community", "repo": "NUR", - "rev": "9ef37017837733a76fe18680264fcd815df1eea6", + "rev": "66c3aec51e9d40381a053798de41b5e477d4b665", "type": "github" }, "original": { @@ -316,6 +332,7 @@ }, "root": { "inputs": { + "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "logseq-fix-nixpkgs": "logseq-fix-nixpkgs", @@ -323,7 +340,8 @@ "nixos-hardware": "nixos-hardware", "nixos-unstable": "nixos-unstable", "nixpkgs": "nixpkgs_2", - "nur": "nur" + "nur": "nur", + "utils": "utils" } }, "rust-overlay": { @@ -365,6 +383,54 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b03bfc7..21a0317 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,7 @@ url = "github:nix-community/lanzaboote/v0.3.0"; # deliberately do _not_ follow the nixpkgs input here, because paranoia and test coverage }; + utils.url = "github:numtide/flake-utils"; nur.url = "github:nix-community/NUR"; # TODO: possible make this a flake as well @@ -25,42 +26,47 @@ }; outputs = - { self, nixpkgs, nur, lanzaboote, ... }@inputs: + { self, nixpkgs, nur, lanzaboote, flake-utils, home-manager, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - in - { - - nixosConfigurations.thinknix = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ ./nixos/configuration.nix lanzaboote.nixosModules.lanzaboote ]; - # necessary to make the top-level inputs available to system configuration - specialArgs = { - #TODO: for system, consider moving to flake-utils - inherit inputs system; - }; + # FIXME: allow different systems + systems = flake-utils.lib.system; + # necessary to make the top-level inputs available to system configuration + defaultModules = [ + { _module.args = { inherit inputs; }; } + ]; + mkSystem = system: extraModules: + nixpkgs.lib.nixosSystem rec { + modules = defaultModules ++ extraModules; + inherit system; }; - homeConfigurations.spiollinux = inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - + mkHomeManager = confName: user: system: # unfortunately, home-manager configs are still system-specific + # FIXME: this is thus still linux-x86_64 specific + home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.${system}; modules = [ { imports = [ nur.hmModules.nur + # TODO: $name can be utilised to conditionally load other config files ./home/home.nix ]; # extends the home config - home.username = "spiollinux"; - home.homeDirectory = "/home/spiollinux"; + home.username = user; + home.homeDirectory = "/home/${user}"; } ]; # Optionally use extraSpecialArgs # to pass through arguments to home.nix extraSpecialArgs = { - #TODO: for system, consider moving to flake-utils inherit inputs system; }; }; + in + { + nixosConfigurations = { + thinknix = mkSystem systems.x86_64-linux [ ./hosts/thinknix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s lanzaboote.nixosModules.lanzaboote ]; + framenix = mkSystem systems.x86_64-linux [ ./hosts/framenix inputs.nixos-hardware.nixosModules.framework-13-7040-amd lanzaboote.nixosModules.lanzaboote ]; + }; + homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux; }; } diff --git a/hosts/framenix/default.nix b/hosts/framenix/default.nix new file mode 100644 index 0000000..d3d828c --- /dev/null +++ b/hosts/framenix/default.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, inputs, ...}: +{ + imports = [ + ../../common + + ./hardware-configuration.nix + ./storage.nix + ./swap.nix + ]; + + networking.hostName = "framenix"; # Define your hostname. + + # try newer kernels + boot.kernelPackages = pkgs.linuxPackages_latest; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + + hardware.enableRedistributableFirmware = true; + + services.fwupd.enable = true; + + # I do not need fingerprint reading + services.fprintd.enable = false; + + environment.systemPackages = [ pkgs.radeontop ]; +} + diff --git a/hosts/framenix/hardware-configuration.nix b/hosts/framenix/hardware-configuration.nix new file mode 100644 index 0000000..a731402 --- /dev/null +++ b/hosts/framenix/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp193s0f3u1c2.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/framenix/storage.nix b/hosts/framenix/storage.nix new file mode 100644 index 0000000..3efa655 --- /dev/null +++ b/hosts/framenix/storage.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: +let + fsOptions = [ "noatime" "ssd" "compress=zstd" ]; +in +{ + boot.initrd.luks = { + devices = + # allow discards on all devices + builtins.mapAttrs (name: val: val // {allowDiscards = true;}) + { + "system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92"; + "cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c"; + }; + reusePassphrases = true; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=nixos_root" ]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=home" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/AF8E-E9E6"; + fsType = "vfat"; + options = [ "discard" ]; + }; + }; + + services.fstrim.enable = true; + services.btrfs.autoScrub = { + enable = true; + fileSystems = [ "/" "/home" ]; + }; + + boot.tmp.useTmpfs = true; +} diff --git a/hosts/framenix/swap.nix b/hosts/framenix/swap.nix new file mode 100644 index 0000000..262809c --- /dev/null +++ b/hosts/framenix/swap.nix @@ -0,0 +1,12 @@ +{ + swapDevices = + [ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; } + ]; + + zramSwap = { + enable = true; + memoryPercent = 20; + }; + + boot.kernel.sysctl."vm.swappiness" = 9; +} diff --git a/hosts/thinknix/default.nix b/hosts/thinknix/default.nix new file mode 100644 index 0000000..8451bc0 --- /dev/null +++ b/hosts/thinknix/default.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, inputs, ...}: +{ + imports = [ + ../../common + + ./hardware-configuration.nix + ./storage.nix + ./swap.nix + # FIXME: move this to common, conditional enabling + ./secureboot.nix + ]; + + + hardware.trackpoint = { + enable = true; + sensitivity = 180; + speed = 180; + }; + + networking.hostName = "thinknix"; + + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "18.09"; # Did you read the comment? +} diff --git a/hosts/thinknix/hardware-configuration.nix b/hosts/thinknix/hardware-configuration.nix new file mode 100644 index 0000000..f3e821a --- /dev/null +++ b/hosts/thinknix/hardware-configuration.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, modulesPath, inputs, ... }: + + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = []; + + nix.settings.max-jobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + # modesetting is always better than intel (legacy) + services.xserver.videoDrivers = [ "modesetting" ]; + +} diff --git a/hosts/thinknix/secureboot.nix b/hosts/thinknix/secureboot.nix new file mode 100644 index 0000000..6e20c35 --- /dev/null +++ b/hosts/thinknix/secureboot.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, inputs, ...}: +{ + boot.loader.efi.canTouchEfiVariables = true; + + # UEFI secure boot + environment.systemPackages = [ + pkgs.sbctl + ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + +} diff --git a/hosts/thinknix/storage.nix b/hosts/thinknix/storage.nix new file mode 100644 index 0000000..358370f --- /dev/null +++ b/hosts/thinknix/storage.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, inputs, ...}: +let + fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ]; +in +{ + # encrypted partitions + boot.initrd.luks = { + devices = + # allow discards on all devices + builtins.mapAttrs (name: val: val // {allowDiscards = true;}) + { + "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; + "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; + "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1"; + }; + reusePassphrases = true; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=nixos_root" ]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/DED9-661B"; + fsType = "vfat"; + options = [ "discard" ]; + }; + + "/home" = { + device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=home" ]; + }; + + "/var/tmp" = { + device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=vartmp" ]; + }; + + "/var/log" = { + device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=varlog" ]; + }; + + "/var/cache" = { + device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; + fsType = "btrfs"; + options = fsOptions ++ [ "subvol=varcache" ]; + }; + }; + + services.fstrim.enable = true; + services.btrfs.autoScrub = { + enable = true; + fileSystems = [ "/" "/home" ]; + }; + + + boot.tmp.useTmpfs = true; + fileSystems."/tmp".fsType = "tmpfs"; + + services.smartd = + { + enable = true; + devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; + }; +} diff --git a/hosts/thinknix/swap.nix b/hosts/thinknix/swap.nix new file mode 100644 index 0000000..5aeb2bc --- /dev/null +++ b/hosts/thinknix/swap.nix @@ -0,0 +1,12 @@ +{ + swapDevices = [ + { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } + ]; + + zramSwap = { + enable = true; + memoryPercent = 20; + }; + + boot.kernel.sysctl."vm.swappiness" = 9; +} diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix deleted file mode 100644 index 5b903fc..0000000 --- a/nixos/hardware-configuration.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: - - -let - fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ]; -in -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - (inputs.nixos-hardware + "/lenovo/thinkpad/t440s") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = []; - - # encrypted partitions - boot.initrd.luks = - { - devices = - # allow discards on all devices - builtins.mapAttrs (name: val: val // {allowDiscards = true;}) - { - "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; - "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; - "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1"; - }; - reusePassphrases = true; - }; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=nixos_root" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/DED9-661B"; - fsType = "vfat"; - options = [ "discard" ]; - }; - - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=home" ]; - }; - - fileSystems."/var/tmp" = - { - device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=vartmp" ]; - }; - - fileSystems."/var/log" = - { - device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=varlog" ]; - }; - - fileSystems."/var/cache" = - { - device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15"; - fsType = "btrfs"; - options = fsOptions ++ [ "subvol=varcache" ]; - }; - - boot.tmp.useTmpfs = true; - fileSystems."/tmp".fsType = "tmpfs"; - - swapDevices = - [ - { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } - ]; - - nix.settings.max-jobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware.trackpoint = { - enable = true; - sensitivity = 180; - speed = 180; - }; - - - # modesetting is always better than intel (legacy) - services.xserver.videoDrivers = [ "modesetting" ]; - -}