{ config, pkgs, ... }: let cfg = config.machine; in { imports = [ ]; boot = { loader.systemd-boot = { enable = true; signed = true; signing-key = "${cfg.secretPath}/secureboot/db.key"; signing-certificate = "${cfg.secretPath}/secureboot/db.crt"; }; loader.efi.canTouchEfiVariables = true; tmpOnTmpfs = true; cleanTmpDir = true; kernelPackages = pkgs.linuxPackages_latest; initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ]; kernelModules = [ "kvm-intel" "uinput" ]; kernelParams = [ "intel_iommu=on" ]; kernel.sysctl = { "kernel.nmi_watchdog" = 0; "fs.inotify.max_user_watches" = 524288; "vm.dirty_writeback_centisecs" = 1500; }; }; fileSystems."/" = { device = "/dev/disk/by-uuid/b37b48a8-5dcb-4f4d-ad71-1b26500b3e5f"; fsType = "ext4"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/546A-A3D1"; fsType = "vfat"; }; hardware = { firmware = with pkgs; [ firmwareLinuxNonfree ]; cpu.intel.updateMicrocode = true; enableAllFirmware = true; ksm.enable = true; opengl = { driSupport = true; extraPackages = with pkgs; [ intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau intel-media-driver ]; driSupport32Bit = true; extraPackages32 = with pkgs.pkgsi686Linux; [ libvdpau-va-gl vaapiIntel vaapiVdpau ]; }; pulseaudio = { enable = true; support32Bit = true; package = pkgs.pulseaudioFull; zeroconf.discovery.enable = false; extraClientConf = '' autospawn = no ''; }; bluetooth = { enable = true; powerOnBoot = true; }; }; powerManagement = { enable = true; cpuFreqGovernor = "powersave"; }; services.upower.enable = true; time.timeZone = "Europe/Berlin"; }