Commit a9f5cfebbba6
Changed files (5)
systems
common
desktop
foobar
systems/common/desktop/niri.nix
@@ -0,0 +1,14 @@
+{
+ pkgs,
+ lib,
+ ...
+}:
+{
+ imports = [
+ ./tiling-common.nix
+ ];
+
+ programs.niri = {
+ enable = true;
+ };
+}
systems/foobar/boot.nix
@@ -0,0 +1,63 @@
+{ pkgs, lib, ... }:
+{
+ environment.systemPackages = with pkgs; [
+ sbctl
+ ];
+
+ boot = {
+ # Secure boot configuration
+ bootspec.enable = true;
+ # First boot systemd-boot has to be enabled, then switch to lanzaboote
+ loader.systemd-boot.enable = lib.mkForce false;
+ lanzaboote = {
+ enable = true;
+ pkiBundle = "/var/lib/sbctl";
+ };
+
+ initrd = {
+ luks.devices."cryptroot" = {
+ crypttabExtraOpts = [ "fido2-device=auto" ];
+ };
+ systemd = {
+ fido2.enable = true;
+ };
+ };
+
+ # extraModprobeConfig = ''
+ # options snd_hda_intel power_save=1
+ # '';
+
+ blacklistedKernelModules = [
+ "sierra_net" # sierra wireless modules
+ "cdc_mbim" # modem mobile broadband modules
+ "cdc_ncm" # similar
+ ];
+ kernelModules = [
+ "ahci" # sata controller, might not be needed
+ "nvme" # required for nvme disks
+ "thunderbolt" # required for thunderbolt (dock, …)
+ # from thinkpad x1 gen 9
+ "dm-mod"
+ "cryptd" # required for encryption
+ "xhci_pci" # usb controller related
+ "usb_storage" # usb storage related
+ "sd_mod" # block device related
+ "sdhci_pci" # block device related as well
+ "aesni-intel" # advanced encryption for intel
+ "kvm_intel"
+ ];
+
+ kernelParams = [
+ # Kernel GPU Savings Options (NOTE i915 chipset only)
+ # "i915.enable_rc6=1"
+ # "i915.enable_fbc=1"
+ # "i915.lvds_use_ssc=0"
+ # "drm.debug=0"
+ # "drm.vblankoffdelay=1"
+ "kvm_intel.nested=1"
+ "intel_iommu=on"
+ ];
+
+ kernelPackages = pkgs.linuxPackages_latest;
+ };
+}
systems/foobar/disks.nix
@@ -0,0 +1,55 @@
+_: {
+ disko.devices = {
+ disk = {
+ # 512GB root/boot drive. Configured with:
+ # - A FAT32 ESP partition for systemd-boot
+ # - A LUKS container which contains an EXT4 filesystem
+ root = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
+ };
+ root = {
+ size = "100%";
+ content = {
+ # LUKS passphrase will be prompted interactively only
+ type = "luks";
+ name = "cryptroot";
+ askPassword = true;
+ settings = {
+ # Make sure there is no trailing newline in keyfile if used for interactive unlock.
+ # Use `echo -n "password" > /tmp/data.keyfile`
+ # keyFile = "/dev/disk/by-id/usb-_USB_DISK_2.0_070D375D84327E87-0:0";
+ # keyFileOffset = 30992883712;
+ # keyFileSize = 4096;
+ allowDiscards = true;
+ };
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ mountOptions = [
+ "noatime"
+ "nodiratime"
+ "discard"
+ ];
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
+}
systems/foobar/hardware.nix
@@ -0,0 +1,16 @@
+{ inputs, lib, ... }:
+{
+ imports = [
+ inputs.disko.nixosModules.disko
+ (import ./disks.nix { inherit lib; })
+
+ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
+
+ ../common/hardware/acpid.nix
+ ../common/hardware/bluetooth.nix
+ ];
+
+ hardware = {
+ # opengl.extraPackages = with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl intel-media-driver ];
+ };
+}
flake.nix
@@ -58,6 +58,11 @@
hostname = "kyushu";
desktop = "sway";
};
+ # Test VM, name is..
+ foobar = libx.mkHost {
+ hostname = "foobar";
+ desktop = "niri";
+ };
# Servers (unstable)
aomi = libx.mkHost {
hostname = "aomi";