diff options
Diffstat (limited to 'systems/glados')
| -rw-r--r-- | systems/glados/boot.nix | 25 | ||||
| -rw-r--r-- | systems/glados/default.nix | 69 | ||||
| -rw-r--r-- | systems/glados/hardware-configuration.nix | 72 |
3 files changed, 166 insertions, 0 deletions
diff --git a/systems/glados/boot.nix b/systems/glados/boot.nix new file mode 100644 index 0000000..4a9af4e --- /dev/null +++ b/systems/glados/boot.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + sbctl + tpm2-tss + ]; + + boot = { + initrd.systemd.enable = true; + kernelPackages = pkgs.linuxPackages_latest; + + bootspec.enable = true; + loader.systemd-boot.enable = lib.mkForce false; + + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + + supportedFilesystems = ["btrfs" "ntfs"]; + }; +} diff --git a/systems/glados/default.nix b/systems/glados/default.nix new file mode 100644 index 0000000..e5a275a --- /dev/null +++ b/systems/glados/default.nix @@ -0,0 +1,69 @@ +{ + lib, + self, + ... +}: { + imports = [ + ./boot.nix + ./hardware-configuration.nix + ../../modules/nixos/features/tailscale.nix + ../../modules/nixos/features/virtualisation.nix + self.nixosModules.desktop + self.nixosModules.gnome + ]; + + boot = { + kernelParams = ["amd_pstate=active"]; + kernel.sysctl = { + "vm.swappiness" = 100; + "vm.vfs_cache_pressure" = 500; + "vm.dirty_background_ratio" = 1; + "vm.dirty_ratio" = 50; + }; + }; + + features = { + tailscale.enable = true; + virtualisation.enable = true; + }; + + hardware = { + nvidia.enable = true; + ssd.enable = true; + }; + + home-manager.users.seth = { + desktop.enable = true; + }; + + networking.hostName = "glados"; + + security.tpm2 = { + enable = true; + abrmd.enable = true; + }; + + services = { + flatpak.enable = true; + fwupd.enable = true; + }; + + systemd = { + services."prepare-kexec".wantedBy = ["multi-user.target"]; + tmpfiles.rules = let + nproc = 12; + in + builtins.map + (n: "w /sys/devices/system/cpu/cpu${builtins.toString n}/cpufreq/energy_performance_preference - - - - ${"balance_performance"}") + (lib.range 0 (nproc - 1)); + }; + + powerManagement.cpuFreqGovernor = "powersave"; + + zramSwap = { + enable = true; + algorithm = "zstd"; + swapDevices = 1; + memoryPercent = 50; + }; +} diff --git a/systems/glados/hardware-configuration.nix b/systems/glados/hardware-configuration.nix new file mode 100644 index 0000000..a7ff9e9 --- /dev/null +++ b/systems/glados/hardware-configuration.nix @@ -0,0 +1,72 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + extraModulePackages = []; + kernelModules = ["kvm-amd"]; + + initrd = { + availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + kernelModules = []; + + luks.devices."cryptroot" = { + device = "/dev/disk/by-uuid/bbbc1f37-53f5-4776-a70e-f2779179de50"; + allowDiscards = true; + crypttabExtraOpts = ["tpm2-device=auto"]; + }; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/cryptroot"; + fsType = "btrfs"; + options = ["subvol=root" "compress=zstd" "noatime"]; + }; + + "/var/log" = { + device = "/dev/mapper/cryptroot"; + fsType = "btrfs"; + options = ["subvol=var_log" "compress=zstd" "noatime"]; + }; + + "/nix" = { + device = "/dev/mapper/cryptroot"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=zstd" "noatime" "nodatacow"]; + }; + + "/home" = { + device = "/dev/mapper/cryptroot"; + fsType = "btrfs"; + options = ["subvol=home" "compress=zstd" "noatime"]; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/B95B-9412"; + fsType = "vfat"; + }; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} |