[flake lock update]

unfortunately, homeConfigurations do not follow the pattern of having system-specific sub-attrs and thus are dependent on a specific system per-se.

common/default.nix

@@ -1,67 +1,25 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running `nixos-help`).
-
 { config, pkgs, lib, inputs, ... }:
 
 let
   unstable = inputs.nixos-unstable;
-  localfork = import /home/spiollinux/src/nixpkgs { };
 
 in
 {
   imports =
     [
-      # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ./modules/packages.nix
-      ./modules/nitrokey.nix
+      ./packages.nix
+      ./nitrokey.nix
     ];
 
   services.davfs2.enable = true;
 
-  # try newer kernels
-  #boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  services.fstrim.enable = true;
-  services.btrfs.autoScrub =
-    {
-      enable = true;
-      fileSystems = [ "/" "/home" ];
-    };
 
   # exfat support
   #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
 
-  zramSwap =
-    {
-      enable = true;
-      memoryPercent = 20;
-    };
-  boot.kernel.sysctl."vm.swappiness" = 9;
-
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  # UEFI secure boot
-  environment.systemPackages = [
-    pkgs.sbctl
-  ];
-  # Lanzaboote currently replaces the systemd-boot module.
-  # This setting is usually set to true in configuration.nix
-  # generated at installation time. So we force it to false
-  # for now.
-  boot.loader.systemd-boot.enable = lib.mkForce false;
-
-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/etc/secureboot";
-  };
-
   # make the boot look good
   boot.plymouth.enable = true;
 
-  networking.hostName = "thinknix";
-
   # configure console
   console = {
     font = "Lat2-Terminus16";
@@ -87,7 +45,7 @@ in
 
   programs.adb.enable = true;
 
-  # programs.mtr.enable = true;
+  programs.mtr.enable = true;
   # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
 
   # List services that you want to enable:
@@ -102,6 +60,7 @@ in
   # networking.firewall.allowedUDPPorts = [ ... ];
   networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
   networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect
+  # FIXME: kdeconnect module
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
 
@@ -183,6 +142,7 @@ in
   };
 
 
+  # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option
   # Enable the X11 windowing system.
   services.xserver.enable = true;
   services.xserver.layout = "de";
@@ -198,7 +158,7 @@ in
   services.xserver.displayManager.sddm.enable = true;
   services.xserver.desktopManager.plasma5.enable = true;
 
-  # dconf required for several Gnome applications like Cawbird
+  # dconf required for several Gnome applications
   programs.dconf.enable = true;
   
   programs.firefox.enable = true;   # enables support for automatically setting additionsl nativeMessagingHosts
@@ -233,12 +193,6 @@ in
   # profile sync daemon
   services.psd.enable = true;
 
-  services.smartd =
-    {
-      enable = true;
-      devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
-    };
-
   fonts = {
     fontDir.enable = true;
     fontconfig.enable = true;
@@ -301,10 +255,5 @@ in
   # stop NetworkManager from managing virtual interfaces
   networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
 
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "18.09"; # Did you read the comment?
 
 }

common/packages.nix

@@ -15,7 +15,7 @@
     python3
     man-pages
     dnsutils
-    netcat
+    netcat-openbsd
     ntfs3g
     file
     multipath-tools

flake.lock

@@ -74,6 +74,22 @@
       "inputs": {
         "systems": "systems"
       },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "path": "/nix/store/pgid9c9xfcrbqx2giry0an0bi0df7s5c-source",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "path"
+      },
+      "original": {
+        "id": "flake-utils",
+        "type": "indirect"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
       "locked": {
         "lastModified": 1681202837,
         "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
@@ -117,11 +133,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703113038,
-        "narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=",
+        "lastModified": 1705476964,
+        "narHash": "sha256-W5OK1fnj4qdn1HWOlxV2S3YiUvfaVjQM5ldWVpGV1fs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0c2353d5d930c3d93724df6858aef064a31b3c00",
+        "rev": "85c3b600f660abd86e94cbcd1c46733943197a07",
         "type": "github"
       },
       "original": {
@@ -136,7 +152,7 @@
         "crane": "crane",
         "flake-compat": "flake-compat",
         "flake-parts": "flake-parts",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": "nixpkgs",
         "pre-commit-hooks-nix": "pre-commit-hooks-nix",
         "rust-overlay": "rust-overlay"
@@ -190,11 +206,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1702453208,
-        "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
+        "lastModified": 1705312285,
+        "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
+        "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0",
         "type": "github"
       },
       "original": {
@@ -206,11 +222,11 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1703013332,
-        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+        "lastModified": 1705496572,
+        "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+        "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19",
         "type": "github"
       },
       "original": {
@@ -254,11 +270,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1703068421,
-        "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
+        "lastModified": 1705458851,
+        "narHash": "sha256-uQvEhiv33Zj/Pv364dTvnpPwFSptRZgVedDzoM+HqVg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
+        "rev": "8bf65f17d8070a0a490daf5f1c784b87ee73982c",
         "type": "github"
       },
       "original": {
@@ -270,11 +286,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1703159048,
-        "narHash": "sha256-TcW0kf7nd/OEZwwxPs1y07YU4oZe18ezolScRbXXWZA=",
+        "lastModified": 1705602701,
+        "narHash": "sha256-FkR40ElbG1pW3f/mpSzbRON9Tjx5pkT2IBWNtd3YKDQ=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "9ef37017837733a76fe18680264fcd815df1eea6",
+        "rev": "66c3aec51e9d40381a053798de41b5e477d4b665",
         "type": "github"
       },
       "original": {
@@ -316,6 +332,7 @@
     },
     "root": {
       "inputs": {
+        "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "lanzaboote": "lanzaboote",
         "logseq-fix-nixpkgs": "logseq-fix-nixpkgs",
@@ -323,7 +340,8 @@
         "nixos-hardware": "nixos-hardware",
         "nixos-unstable": "nixos-unstable",
         "nixpkgs": "nixpkgs_2",
-        "nur": "nur"
+        "nur": "nur",
+        "utils": "utils"
       }
     },
     "rust-overlay": {
@@ -365,6 +383,54 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -14,6 +14,7 @@
       url = "github:nix-community/lanzaboote/v0.3.0";
       # deliberately do _not_ follow the nixpkgs input here, because paranoia and test coverage
     };
+    utils.url = "github:numtide/flake-utils";
 
       nur.url = "github:nix-community/NUR";
     # TODO: possible make this a flake as well
@@ -25,42 +26,47 @@
   };
 
   outputs = 
-  { self, nixpkgs, nur, lanzaboote, ... }@inputs: 
+  { self, nixpkgs, nur, lanzaboote, flake-utils, home-manager, ... }@inputs: 
   let
-    system = "x86_64-linux";
-    pkgs = nixpkgs.legacyPackages.${system};
-  in
-  {
-
-    nixosConfigurations.thinknix = nixpkgs.lib.nixosSystem {
-      inherit system;
-      modules = [ ./nixos/configuration.nix lanzaboote.nixosModules.lanzaboote ];
-      # necessary to make the top-level inputs available to system configuration
-      specialArgs = {
-        #TODO: for system, consider moving to flake-utils
-        inherit inputs system;
-      };
+    # FIXME: allow different systems
+    systems = flake-utils.lib.system;
+    # necessary to make the top-level inputs available to system configuration
+    defaultModules = [
+      { _module.args = { inherit inputs; }; }
+    ];
+    mkSystem = system: extraModules:
+      nixpkgs.lib.nixosSystem rec {
+        modules = defaultModules ++ extraModules;
+        inherit system;
     };
-    homeConfigurations.spiollinux = inputs.home-manager.lib.homeManagerConfiguration {
-      inherit pkgs;
-
+    mkHomeManager = confName: user: system:  # unfortunately, home-manager configs are still system-specific
+    # FIXME: this is thus still linux-x86_64 specific
+    home-manager.lib.homeManagerConfiguration {
+      pkgs = nixpkgs.legacyPackages.${system};
       modules = [
         {
           imports = [
             nur.hmModules.nur
+            # TODO: $name can be utilised to conditionally load other config files
             ./home/home.nix
           ];
           # extends the home config
-          home.username = "spiollinux";
-          home.homeDirectory = "/home/spiollinux";
+          home.username = user;
+          home.homeDirectory = "/home/${user}";
         }
       ];
       # Optionally use extraSpecialArgs
       # to pass through arguments to home.nix
       extraSpecialArgs = {
-        #TODO: for system, consider moving to flake-utils
         inherit inputs system;
       };
     };
+  in
+  {
+    nixosConfigurations = {
+      thinknix = mkSystem systems.x86_64-linux [ ./hosts/thinknix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s lanzaboote.nixosModules.lanzaboote ];
+      framenix = mkSystem systems.x86_64-linux [ ./hosts/framenix inputs.nixos-hardware.nixosModules.framework-13-7040-amd lanzaboote.nixosModules.lanzaboote ];
+    };
+    homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux;
   };
 }

hosts/framenix/default.nix

@@ -0,0 +1,48 @@
+{ config, lib, pkgs, inputs, ...}:
+{
+  imports = [
+    ../../common
+
+    ./hardware-configuration.nix
+    ./storage.nix
+    ./swap.nix
+  ];
+
+  networking.hostName = "framenix"; # Define your hostname.
+
+  # try newer kernels
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+  hardware.enableRedistributableFirmware = true;
+
+  services.fwupd.enable = true;
+
+  # I do not need fingerprint reading
+  services.fprintd.enable = false;
+
+  environment.systemPackages = [ pkgs.radeontop ];
+}
+

hosts/framenix/hardware-configuration.nix

@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp193s0f3u1c2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/framenix/storage.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+let
+  fsOptions = [ "noatime" "ssd" "compress=zstd" ];
+in
+{
+  boot.initrd.luks = {
+    devices =
+      # allow discards on all devices
+      builtins.mapAttrs (name: val: val // {allowDiscards = true;})
+      {
+        "system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92";
+        "cryptswap".device =  "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c";
+      };
+      reusePassphrases = true;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=nixos_root" ];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/22388786-4285-403b-9994-e9aae1f11172";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=home" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/AF8E-E9E6";
+      fsType = "vfat";
+      options = [ "discard" ];
+    };
+  };
+
+  services.fstrim.enable = true;
+  services.btrfs.autoScrub = {
+    enable = true;
+    fileSystems = [ "/" "/home" ];
+  };
+
+  boot.tmp.useTmpfs = true;
+}

hosts/framenix/swap.nix

@@ -0,0 +1,12 @@
+{
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; }
+    ];
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 20;
+  };
+
+  boot.kernel.sysctl."vm.swappiness" = 9;
+}

hosts/thinknix/default.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, inputs, ...}:
+{
+  imports = [
+    ../../common
+
+    ./hardware-configuration.nix
+    ./storage.nix
+    ./swap.nix
+    # FIXME: move this to common, conditional enabling
+    ./secureboot.nix
+  ];
+
+
+  hardware.trackpoint = {
+    enable = true;
+    sensitivity = 180;
+    speed = 180;
+  };
+
+  networking.hostName = "thinknix";
+
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "18.09"; # Did you read the comment?
+}

hosts/thinknix/hardware-configuration.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, modulesPath, inputs, ... }:
+
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [];
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  # modesetting is always better than intel (legacy)
+  services.xserver.videoDrivers = [ "modesetting" ];
+
+}

hosts/thinknix/secureboot.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, inputs, ...}:
+{  
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # UEFI secure boot
+  environment.systemPackages = [
+    pkgs.sbctl
+  ];
+  # Lanzaboote currently replaces the systemd-boot module.
+  # This setting is usually set to true in configuration.nix
+  # generated at installation time. So we force it to false
+  # for now.
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
+
+}

hosts/thinknix/storage.nix

@@ -0,0 +1,72 @@
+{ config, lib, pkgs, inputs, ...}:
+let
+  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
+in
+{
+  # encrypted partitions
+  boot.initrd.luks = {
+    devices =
+      # allow discards on all devices
+      builtins.mapAttrs (name: val: val // {allowDiscards = true;})
+      {
+        "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
+        "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
+        "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
+      };
+      reusePassphrases = true;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=nixos_root" ];
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/DED9-661B";
+      fsType = "vfat";
+      options = [ "discard" ];
+    };
+
+    "/home" = {
+      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=home" ];
+    };
+
+    "/var/tmp" = {
+      device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=vartmp" ];
+    };
+
+    "/var/log" = {
+      device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=varlog" ];
+    };
+
+    "/var/cache" = {
+      device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
+      fsType = "btrfs";
+      options = fsOptions ++ [ "subvol=varcache" ];
+    };
+  };
+
+  services.fstrim.enable = true;
+  services.btrfs.autoScrub = {
+    enable = true;
+    fileSystems = [ "/" "/home" ];
+  };
+
+
+  boot.tmp.useTmpfs = true;
+  fileSystems."/tmp".fsType = "tmpfs";
+
+  services.smartd =
+    {
+      enable = true;
+      devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
+    };
+}

hosts/thinknix/swap.nix

@@ -0,0 +1,12 @@
+{
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
+  ];
+
+  zramSwap = {
+    enable = true;
+    memoryPercent = 20;
+  };
+
+  boot.kernel.sysctl."vm.swappiness" = 9;
+}

nixos/hardware-configuration.nix

@@ -1,95 +0,0 @@
-{ config, lib, pkgs, modulesPath, inputs, ... }:
-
-
-let
-  fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ];
-in
-{
-  imports =
-    [
-      (modulesPath + "/installer/scan/not-detected.nix")
-      (inputs.nixos-hardware + "/lenovo/thinkpad/t440s")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [];
-
-  # encrypted partitions
-  boot.initrd.luks =
-    {
-      devices =
-        # allow discards on all devices
-        builtins.mapAttrs (name: val: val // {allowDiscards = true;})
-        {
-          "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
-          "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
-          "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
-        };
-      reusePassphrases = true;
-    };
-
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
-      fsType = "btrfs";
-      options = fsOptions ++ [ "subvol=nixos_root" ];
-    };
-
-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/DED9-661B";
-      fsType = "vfat";
-      options = [ "discard" ];
-    };
-
-  fileSystems."/home" =
-    {
-      device = "/dev/disk/by-uuid/cb5998ae-cfc9-447f-8756-1ceaec6ca4c4";
-      fsType = "btrfs";
-      options = fsOptions ++ [ "subvol=home" ];
-    };
-
-    fileSystems."/var/tmp" =
-      {
-        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
-        fsType = "btrfs";
-        options = fsOptions ++ [ "subvol=vartmp" ];
-      };
-
-    fileSystems."/var/log" =
-      {
-        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
-        fsType = "btrfs";
-        options = fsOptions ++ [ "subvol=varlog" ];
-      };
-
-    fileSystems."/var/cache" =
-      {
-        device = "/dev/disk/by-uuid/cd6b8f25-c029-49a6-b326-656faec3ce15";
-        fsType = "btrfs";
-        options = fsOptions ++ [ "subvol=varcache" ];
-      };
-
-    boot.tmp.useTmpfs = true;
-    fileSystems."/tmp".fsType = "tmpfs";
-
-  swapDevices =
-    [
-      { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
-    ];
-
-  nix.settings.max-jobs = lib.mkDefault 4;
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-
-  hardware.trackpoint = {
-    enable = true;
-    sensitivity = 180;
-    speed = 180;
-  };
-
-
-  # modesetting is always better than intel (legacy)
-  services.xserver.videoDrivers = [ "modesetting" ];
-
-}