{ inputs, lib, pkgs, config, configVars, outputs, ... }: let # Disko setup fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence dev = "/dev/nvme0n1"; # depends on target hardware encrypted = true; # currrently only applies to btrfs btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; user = "sam"; impermanence = true; piholeIp = configVars.networking.addresses.pihole.ip; gatewayIp = configVars.networking.addresses.gateway.ip; in { imports = [ # Create users for this host ../common/users/${user} # Disk configuration inputs.disko.nixosModules.disko (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) # Impermanence (import ../common/disks/btrfs/impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; }) # Import core options ./hardware-configuration.nix ../common/core # Import optional options ../common/optional/persistence.nix ../common/optional/pipewire.nix ../common/optional/openssh.nix ../common/optional/dwm.nix ../common/optional/fileserver/nfs-client/media.nix ../common/optional/fileserver/nfs-client/photos.nix ../common/optional/fileserver/nfs-client/personal.nix ../common/optional/printing.nix ../common/optional/backlight.nix ../common/optional/xmodmap-arrow-remaps.nix ../common/optional/nix-ld.nix ../common/optional/gaming.nix ../common/optional/powersave.nix ../common/optional/restic-backup.nix # This machine is used for remote building ../common/optional/distributed-builds/remote-builder-machine.nix # ../../modules/nixos outputs.nixosModules.nixosAutoUpgrade ]; boot = { supportedFilesystems = ["nfs"]; blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"]; kernelModules = ["iwlwifi"]; initrd.kernelModules = ["thinkpad-acpi" "acpi-call" "nfs"]; kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; extraModulePackages = [ config.boot.kernelPackages.acpi_call ]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; timeout = 3; }; }; swapDevices = [ { device = "/.swapvol/swapfile"; size = 4 * 1024; } ]; system.services.nixosAutoUpgrade = { enable = true; persistent = true; reboot = false; pushUpdates = false; configDir = "/etc/nixos"; onCalendar = "*-*-* 08:00:00"; user = "sam"; }; services = { libinput.touchpad.accelSpeed = "0.5"; xserver = { xkb.options = "caps:swapescape"; dpi = 196; upscaleDefaultCursor = true; # FIXME this doesnt work for some reason # displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" '' # ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch" # ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H" # ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J" # ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K" # ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L" # ''; }; # enable oom killer when system ram drops below 5% free earlyoom = { enable = true; freeMemThreshold = 5; # <%5 free }; }; # fix cpu throttling on Lenovo Thinkpad # see: https://github.com/erpalma/throttled services.throttled.enable = true; environment.variables = { GDK_SCALE = "2.2"; GDK_DPI_SCALE = "0.8"; _JAVA_OPTIONS = "-Dsun.java2d.uiScale=2.2"; QT_AUTO_SCREEN_SCALE_FACTOR = "1"; XCURSOR_SIZE = "64"; }; hardware = { bluetooth = { enable = true; powerOnBoot = true; }; enableRedistributableFirmware = true; firmware = [ pkgs.sof-firmware ]; }; # nvidia hardware.opengl = { enable = true; }; services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { prime = { offload = { enable = true; enableOffloadCmd = true; }; intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; }; nvidiaPersistenced = true; modesetting.enable = true; powerManagement.enable = true; powerManagement.finegrained = true; open = false; nvidiaSettings = true; # # FIXME issue with stable nvidia driver and latest linux kernel # # use mkDriver to specify newer nvidia driver that is compatible # # see: https://github.com/NixOS/nixpkgs/issues/341844#issuecomment-2351075413 # # and https://discourse.nixos.org/t/builder-for-nvidia-x11-550-78-6-10-drv-failed-with-exit-code-2/49360/32 # package = config.boot.kernelPackages.nvidiaPackages.mkDriver { # version = "555.58.02"; # sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM="; # sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8="; # openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY="; # settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8="; # persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw="; # }; }; # https://bbs.archlinux.org/viewtopic.php?id=297276 for NVreg_EnableGpuFirmware fix # https://discourse.nixos.org/t/how-to-use-nvidia-prime-offload-to-run-the-x-server-on-the-integrated-board/9091/15 # for udev rules to disable dGPU when not in use boot.extraModprobeConfig = '' options nvidia NVreg_EnableGpuFirmware=0 ''; services.udev.extraRules = '' # Remove NVIDIA USB xHCI Host Controller devices, if present ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1" # Remove NVIDIA USB Type-C UCSI devices, if present ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1" # Remove NVIDIA Audio devices, if present ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1" # Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto" ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto" # Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on" ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on" ''; programs.fuse.userAllowOther = true; networking = { hostName = "citadel"; networkmanager.enable = true; enableIPv6 = false; nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"]; }; services.libinput.enable = true; }