{ config, pkgs, ... }: { # [HARDWARE] imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; hardware.bluetooth.enable = true; services.logind = { lidSwitch = "hibernate"; lidSwitchDocked = "ignore"; lidSwitchExternalPower = "hibernate"; }; services.tlp = { enable = true; settings = { TLP_DEFAULT_MODE = "BAT"; DISK_IDLE_SECS_ON_AC = 0; DISK_IDLE_SECS_ON_BAT = 5; MAX_LOST_WORK_SECS_ON_AC = 15; MAX_LOST_WORK_SECS_ON_BAT = 120; CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; CPU_SCALING_MIN_FREQ_ON_AC = 400000; CPU_SCALING_MAX_FREQ_ON_AC = 4700000; CPU_SCALING_MIN_FREQ_ON_BAT = 400000; CPU_SCALING_MAX_FREQ_ON_BAT = 2700000; CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance"; CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; CPU_MIN_PERF_ON_AC = 0; CPU_MAX_PERF_ON_AC = 100; CPU_MIN_PERF_ON_BAT = 0; CPU_MAX_PERF_ON_BAT = 30; CPU_BOOST_ON_AC = 1; CPU_BOOST_ON_BAT = 0; SCHED_POWERSAVE_ON_AC = 0; SCHED_POWERSAVE_ON_BAT = 1; NMI_WATCHDOG = 0; DISK_DEVICES = "nvme0n1"; }; }; services.power-profiles-daemon.enable = false; # [BOOT / DISK ENCRYPTION] boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; device = "nodev"; efiSupport = true; enableCryptodisk = true; theme = "/etc/grub-themes/sayonara"; }; environment.etc = { "grub-themes/sayonara".source = ../shared/sayonara; }; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.initrd = { availableKernelModules = [ "aesni_intel" "cryptd" ]; secrets = { "/boot/key" = "/boot/key"; }; luks.mitigateDMAAttacks = true; luks.devices = { root = { device = "/dev/disk/by-uuid/91114176-b6cc-4454-89df-e2bf5c1fac0a"; keyFile = "/boot/key"; preLVM = true; }; }; }; # [NETWORKING] networking.hostName = "lambda"; networking.networkmanager = { enable = true; wifi.powersave = true; wifi.scanRandMacAddress = true; wifi.macAddress = "random"; }; # Xenia's router sucks networking.resolvconf.enable = true; networking.nameservers = [ "8.8.8.8" ]; networking.resolvconf.dnsExtensionMechanism = false; # [NFS] fileSystems."/home/rachel/music" = { device = "rachel.cafe:/srv/music"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; }; # [LOCALE] time.timeZone = "Europe/Stockholm"; i18n.defaultLocale = "en_GB.UTF-8"; i18n.supportedLocales = [ "sv_SE.UTF-8/UTF-8" "en_GB.UTF-8/UTF-8" ] ; console = { font = "LatGrkCyr-12x22"; keyMap = "us"; }; # [NIX] nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; }; gc = { automatic = true; dates = "monthly"; options = "--delete-older-than 30d"; }; }; nixpkgs.config.allowUnfree = true; # [DESKTOP / XORG / WAYLAND] services.xserver = { enable = true; desktopManager.plasma5.enable = true; displayManager.startx.enable = true; layout = "us,se"; xkbOptions = "grp:alt_caps_toggle"; libinput = { enable = true; touchpad = { naturalScrolling = true; accelProfile = "flat" ; tapping = false; }; }; }; # [SOUND] sound.enable = false; services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; wireplumber.enable = true; }; # [PACKAGES] environment.systemPackages = with pkgs; [ git neovim ]; # [SERVICES] services.printing.enable = true; # [SECURITY / FIREWALL] networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ ]; networking.firewall.allowedUDPPorts = [ ]; programs.gnupg.agent = { enable = true; pinentryFlavor = "qt"; }; security.doas = { enable = true; extraRules = [{ runAs = "root"; groups = [ "wheel" ]; noPass = false; keepEnv = true; }]; }; # [USER / HOME MANAGER] users.users.rachel = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "input" "audio" ]; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }