nixos/machines/Lilim/hardware-configuration.nix

{
  config,
  pkgs,
  modulesPath,
  nixos-hardware,
  ...
}:

{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    nixos-hardware.nixosModules.lenovo-thinkpad-t550
  ];

  boot = {
    loader.systemd-boot = {
      enable = true;
      #      signed = true;
      #      signing-key = "${cfg.secretPath}/secureboot/db.key";
      #      signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
    };
    loader.efi.canTouchEfiVariables = true;
    tmp = {
      cleanOnBoot = true;
    };
    supportedFilesystems = [ "btrfs" ];
    blacklistedKernelModules = [ "uvcvideo" ];
    kernelPackages = pkgs.linuxPackages_latest;
    initrd = {
      availableKernelModules = [
        "xhci_pci"
        "ahci"
        "sd_mod"
        "rtsx_pci_sdmmc"
      ];
      luks.devices."btrfs-crypt".device = "/dev/disk/by-uuid/10435741-b864-453d-ab18-4dc710db1378";
    };
    kernelModules = [
      "i915"
      "kvm-intel"
      "uinput"
    ];
    kernelParams = [ "intel_iommu=on" ];
    extraModprobeConfig = ''
      options i915 enable_fbc=1 enable_guc=3
    '';
    kernel.sysctl = {
      "kernel.nmi_watchdog" = 0;
      "fs.inotify.max_user_watches" = 524288;
      "vm.dirty_writeback_centisecs" = 1500;
    };
  };

  fileSystems = {
    "/" = {
      device = "none";
      fsType = "tmpfs";
      options = [
        "defaults"
        "size=1G"
        "mode=755"
        "noexec"
      ];
    };
    "/tmp" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=tmp"
        "noatime"
        "compress=zstd"
      ];
      neededForBoot = true;
    };
    "/persist" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=persist"
        "noatime"
        "compress=zstd"
        "noexec"
      ];
      neededForBoot = true;
    };
    "/nix" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=nix"
        "noatime"
        "compress=zstd"
      ];
      neededForBoot = true;
    };
    "/snapshots" = {
      device = "/dev/mapper/btrfs-crypt";
      fsType = "btrfs";
      options = [
        "subvol=snapshots"
        "noatime"
        "compress=zstd"
        "noexec"
      ];
      neededForBoot = false;
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/546A-A3D1";
      fsType = "vfat";
      options = [
        "fmask=0022"
        "dmask=0022"
      ];
    };
  };

  hardware = {
    firmware = with pkgs; [ firmwareLinuxNonfree ];
    cpu.intel.updateMicrocode = true;
    enableAllFirmware = false;
    ksm.enable = true;

    bluetooth = {
      enable = true;
      powerOnBoot = true;
    };
  };

  powerManagement = {
    enable = true;
    cpuFreqGovernor = "powersave";
  };
  services = {
    upower.enable = true;
    xserver.videoDrivers = [ "intel" ];
  };
  environment.variables.LIBVA_DRIVER_NAME = "i915";
  time.timeZone = "Europe/Berlin";
}