#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ ├─ ./bspwm
# │ │ └─ default.nix
# │ └─ ./virtualisation
# │ └─ docker.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
];
nixos-config.isLaptop = true;
profiles.virtualisation.enable = true;
profiles.vpn.enable = true;
profiles.sync.enable = true;
profiles.development = {
enable = true;
fpga.cables = [ "vivado" "ise" ];
mcu.cables = [ "tiva-c" "st-link" "trezor" ];
keyboards = [ "moonlander" ];
};
environment.sessionVariables = {
# TODO this is a temporary solution until the Guix module
# is fixed in nixpkgs!
XDG_CONFIG_HOME = "$HOME/.config";
};
services.guix = {
enable = true;
# Hacky, yes.
package = pkgs.callPackage ({ stateDir, storeDir }: pkgs.symlinkJoin {
name = "guix-without-info";
paths = [ (pkgs.guix.override { inherit stateDir storeDir; }) ];
postBuild = ''
rm -rf $out/share/info
'';
}) { stateDir = "/var"; storeDir = "/gnu/store"; };
};
networking.hostName = "laptop-phobos";
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
initrd.kernelModules = [ "amdgpu" ];
# Secure boot
# lanzaboote = {
# enable = true;
# pkiBundle = "/etc/secureboot";
# };
loader = { # EFI Boot
efi = {
canTouchEfiVariables = true;
};
systemd-boot = {
enable = true; # lanzaboote is used instead
editor = false; # Better security, disallows passing /bin/sh to start as root
configurationLimit = 5;
extraEntries = {
"guix-grub.conf" = ''
title Guix (grub)
efi /efi/Guix/grubx64.efi
sort-key a_grub
'';
};
};
timeout = 0;
};
initrd.systemd.enable = true;
initrd.luks.devices = {
"crypted-linux-root" = {
device = "/dev/disk/by-label/crypted-linux-root";
allowDiscards = true;
keyFileSize = 256;
keyFile = "/dev/disk/by-id/usb-VendorCo_ProductCode_92073160DC061126104-0:0";
keyFileTimeout = 10;
};
};
};
# TODO under profiles
systemd.services."getty@tty1" = {
overrideStrategy = "asDropin";
serviceConfig.ExecStart = [ "" "@${pkgs.util-linux}/sbin/agetty agetty --login-program '${config.services.getty.loginProgram}' --login-options '-p -- ruther' --skip-login --noclear --keep-baud %I 115200,38400,9600 $TERM" ];
};
# TODO under qtile
hardware = { # No xbacklight, this is the alterantive
brillo.enable = true;
};
# TODO under qtile
programs = {
xss-lock = let
xsecurelock = (pkgs.xsecurelock.overrideAttrs(attrs: {
postInstall = attrs.postInstall or "" + ''
wrapProgram $out/bin/xsecurelock --set XSECURELOCK_COMPOSITE_OBSCURER 0
'';
}));
in {
enable = true;
lockerCommand = "${xsecurelock}/bin/xsecurelock";
};
};
systemd.user.services.xss-lock = {
partOf = lib.mkForce [ "xorg-wm-session.target" ];
wantedBy = lib.mkForce [ "xorg-wm-session.target" ];
};
programs.steam = {
enable = true;
};
systemd.services."NetworkManager-wait-online".enable = false;
services = {
power-profiles-daemon.enable = true;
logind.lidSwitch = "suspend"; # suspend on lid close
logind.lidSwitchDocked = "ignore"; # suspend on lid close
# TODO: this is here because when the laptop is docked, and Wayland/X session
# ends, it is for a brief moment not in docked state, which suspends it.
# Since it is also on external power, this effectively means it will be ignored
logind.lidSwitchExternalPower = "ignore"; # suspend on lid close
libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
tapping = true;
};
};
xserver = {
videoDrivers = [ "amdgpu" ];
deviceSection = ''Option "TearFree" "true"'';
};
printing = {
enable = true;
drivers = [
pkgs.splix
pkgs.samsung-unified-linux-driver
];
};
};
# TODO put these in relevant files instead
security.pam.services.waylock = {};
security.pam.services.swaylock = {};
# Wireguard
profiles.vpn.lanIp = "192.168.32.25";
}