nixos/machines/Lilim/hardware-configuration.nix

{
  nixpkgs,
  config,
  pkgs,
  ...
}:
let
  cfg = config.machine;
in
{
  imports = [ "${nixpkgs}/nixos/modules/installer/scan/not-detected.nix" ];

  boot = {
    loader.systemd-boot = {
      enable = true;
      #      signed = true;
      #      signing-key = "${cfg.secretPath}/secureboot/db.key";
      #      signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
    };
    loader.efi.canTouchEfiVariables = true;
    tmp = {
      cleanOnBoot = true;
    };
    supportedFilesystems = [ "btrfs" ];
    kernelPackages = pkgs.linuxPackages_latest;
    initrd = {
      availableKernelModules = [
        "xhci_pci"
        "ahci"
        "sd_mod"
        "rtsx_pci_sdmmc"
      ];
      luks.devices."btrfs-crypt".device = "/dev/disk/by-uuid/10435741-b864-453d-ab18-4dc710db1378";
    };
    kernelModules = [
      "acpi_call"
      "i915"
      "kvm-intel"
      "uinput"
    ];
    # 5_10 breaks my touchpad/mouse buttons
    # https://bbs.archlinux.org/viewtopic.php?id=254885
    # maybe modprobe hid_rmi or i2c_i801
    # blacklistedKernelModules = [ "i2c_i801" ];
    extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; # pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];
    kernelParams = [ "intel_iommu=on" ];
    extraModprobeConfig = ''
      options i915 enable_fbc=1 enable_guc=3
    '';
    kernel.sysctl = {
      "kernel.nmi_watchdog" = 0;
      "fs.inotify.max_user_watches" = 524288;
      "vm.dirty_writeback_centisecs" = 1500;
    };
  };

  fileSystems = {
    "/" = {
      device = "none";
      fsType = "tmpfs";
      options = [
        "defaults"
        "size=6G"
        "mode=755"
        "noexec"
      ];
    };
    "/tmp" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=tmp"
        "noatime"
        "compress=zstd"
      ];
      neededForBoot = true;
    };
    "/persist" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=persist"
        "noatime"
        "compress=zstd"
        "noexec"
      ];
      neededForBoot = true;
    };
    "/nix" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=nix"
        "noatime"
        "compress=zstd"
      ];
      neededForBoot = true;
    };
    "/snapshots" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=snapshots"
        "noatime"
        "compress=zstd"
        "noexec"
      ];
      neededForBoot = false;
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/546A-A3D1";
      fsType = "vfat";
      options = [
        "fmask=0022"
        "dmask=0022"
      ];
    };
  };

  hardware = {
    firmware = with pkgs; [ firmwareLinuxNonfree ];
    cpu.intel.updateMicrocode = true;
    enableAllFirmware = false;
    ksm.enable = true;
    graphics = {
      extraPackages = with pkgs; [ (intel-vaapi-driver.override { enableHybridCodec = true; }) ];
      extraPackages32 = with pkgs.pkgsi686Linux; [
        (intel-vaapi-driver.override { enableHybridCodec = true; })
      ];
    };

    pulseaudio = {
      enable = true;
      support32Bit = true;
      package = pkgs.pulseaudioFull;
      zeroconf.discovery.enable = false;
      extraClientConf = ''
        autospawn = no
      '';
    };

    bluetooth = {
      enable = true;
      powerOnBoot = true;
    };
  };

  powerManagement = {
    enable = true;
    cpuFreqGovernor = "powersave";
  };
  services = {
    upower.enable = true;
    xserver.videoDrivers = [ "intel" ];
  };
  environment.variables.LIBVA_DRIVER_NAME = "i915";
  time.timeZone = "Europe/Berlin";
}
Format the entire project. 2023-09-11 20:23:04 +02:00			`{`
			`nixpkgs,`
			`config,`
			`pkgs,`
			`...`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`}:`
			`let`
Remove hardcoded secret path. 2019-10-08 15:36:47 +02:00			`cfg = config.machine;`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`in`
			`{`
			`imports = [ "${nixpkgs}/nixos/modules/installer/scan/not-detected.nix" ];`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00
			`boot = {`
Lilim is dead. Long live Lilim! 2019-09-29 08:09:26 +02:00			`loader.systemd-boot = {`
			`enable = true;`
Format the entire project. 2023-09-11 20:23:04 +02:00			`# signed = true;`
			`# signing-key = "${cfg.secretPath}/secureboot/db.key";`
			`# signing-certificate = "${cfg.secretPath}/secureboot/db.crt";`
Lilim is dead. Long live Lilim! 2019-09-29 08:09:26 +02:00			`};`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`loader.efi.canTouchEfiVariables = true;`
Update tmpfs option names. 2023-04-16 18:29:48 +02:00			`tmp = {`
Format the entire project. 2023-09-11 20:23:04 +02:00			`cleanOnBoot = true;`
Update tmpfs option names. 2023-04-16 18:29:48 +02:00			`};`
Lilim: fresh stateless installation 2025-01-01 20:57:47 +01:00			`supportedFilesystems = [ "btrfs" ];`
Properly configure Intel Graphics on Lilim. 2020-03-11 02:33:31 +01:00			`kernelPackages = pkgs.linuxPackages_latest;`
Lilim: fresh stateless installation 2025-01-01 20:57:47 +01:00			`initrd = {`
			`availableKernelModules = [`
			`"xhci_pci"`
			`"ahci"`
			`"sd_mod"`
			`"rtsx_pci_sdmmc"`
			`];`
			`luks.devices."btrfs-crypt".device = "/dev/disk/by-uuid/10435741-b864-453d-ab18-4dc710db1378";`
			`};`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`kernelModules = [`
			`"acpi_call"`
			`"i915"`
			`"kvm-intel"`
			`"uinput"`
			`];`
Update Lilim config. 2023-01-29 14:35:38 +01:00			`# 5_10 breaks my touchpad/mouse buttons`
			`# https://bbs.archlinux.org/viewtopic.php?id=254885`
			`# maybe modprobe hid_rmi or i2c_i801`
			`# blacklistedKernelModules = [ "i2c_i801" ];`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; # pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];`
			`kernelParams = [ "intel_iommu=on" ];`
Properly configure Intel Graphics on Lilim. 2020-03-11 02:33:31 +01:00			`extraModprobeConfig = ''`
			`options i915 enable_fbc=1 enable_guc=3`
			`'';`
Lilim is dead. Long live Lilim! 2019-09-29 08:09:26 +02:00			`kernel.sysctl = {`
Get Surface touchscreen and pen working again. 2019-06-22 20:48:16 +02:00			`"kernel.nmi_watchdog" = 0;`
Properly configure Intel Graphics on Lilim. 2020-03-11 02:33:31 +01:00			`"fs.inotify.max_user_watches" = 524288;`
Get Surface touchscreen and pen working again. 2019-06-22 20:48:16 +02:00			`"vm.dirty_writeback_centisecs" = 1500;`
			`};`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`};`

Lilim: fresh stateless installation 2025-01-01 20:57:47 +01:00			`fileSystems = {`
			`"/" = {`
			`device = "none";`
			`fsType = "tmpfs";`
			`options = [`
			`"defaults"`
			`"size=6G"`
			`"mode=755"`
			`"noexec"`
			`];`
			`};`
			`"/tmp" = {`
			`device = "/dev/mapper/btrfs-crypt";`
			`fsType = "btrfs";`
			`options = [`
			`"subvol=tmp"`
			`"noatime"`
			`"compress=zstd"`
			`];`
			`neededForBoot = true;`
			`};`
			`"/persist" = {`
			`device = "/dev/mapper/btrfs-crypt";`
			`fsType = "btrfs";`
			`options = [`
			`"subvol=persist"`
			`"noatime"`
			`"compress=zstd"`
			`"noexec"`
			`];`
			`neededForBoot = true;`
			`};`
			`"/nix" = {`
			`device = "/dev/mapper/btrfs-crypt";`
			`fsType = "btrfs";`
			`options = [`
			`"subvol=nix"`
			`"noatime"`
			`"compress=zstd"`
			`];`
			`neededForBoot = true;`
			`};`
			`"/snapshots" = {`
			`device = "/dev/mapper/btrfs-crypt";`
			`fsType = "btrfs";`
			`options = [`
			`"subvol=snapshots"`
			`"noatime"`
			`"compress=zstd"`
			`"noexec"`
			`];`
			`neededForBoot = false;`
			`};`
			`"/boot" = {`
			`device = "/dev/disk/by-uuid/546A-A3D1";`
			`fsType = "vfat";`
			`options = [`
			`"fmask=0022"`
			`"dmask=0022"`
			`];`
			`};`
Format the entire project. 2023-09-11 20:23:04 +02:00			`};`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00
			`hardware = {`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`firmware = with pkgs; [ firmwareLinuxNonfree ];`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`cpu.intel.updateMicrocode = true;`
Update Lilim config. 2023-01-29 14:35:38 +01:00			`enableAllFirmware = false;`
hardware.enableKSM has been renamed to hardware.ksm.enable 2019-07-09 12:06:07 +02:00			`ksm.enable = true;`
Lilim: update gpu driver configuration. 2024-11-20 11:57:43 +01:00			`graphics = {`
			`extraPackages = with pkgs; [ (intel-vaapi-driver.override { enableHybridCodec = true; }) ];`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`extraPackages32 = with pkgs.pkgsi686Linux; [`
			`(intel-vaapi-driver.override { enableHybridCodec = true; })`
			`];`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`};`

			`pulseaudio = {`
			`enable = true;`
			`support32Bit = true;`
			`package = pkgs.pulseaudioFull;`
			`zeroconf.discovery.enable = false;`
			`extraClientConf = ''`
			`autospawn = no`
			`'';`
			`};`

			`bluetooth = {`
			`enable = true;`
			`powerOnBoot = true;`
			`};`
			`};`

			`powerManagement = {`
			`enable = true;`
Lilim is dead. Long live Lilim! 2019-09-29 08:09:26 +02:00			`cpuFreqGovernor = "powersave";`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`};`
Update Lilim config. 2023-01-29 14:35:38 +01:00			`services = {`
			`upower.enable = true;`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`xserver.videoDrivers = [ "intel" ];`
Update Lilim config. 2023-01-29 14:35:38 +01:00			`};`
Update Lilim gpu config. 2024-05-09 13:35:27 +02:00			`environment.variables.LIBVA_DRIVER_NAME = "i915";`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`time.timeZone = "Europe/Berlin";`
			`}`