{ config, lib, pkgs, ... }: let cryptrootUuid = "f4edc0df-b50b-42f6-94ed-1c8f88d6cdbb"; cryptroot = "/dev/disk/by-uuid/${cryptrootUuid}"; encPart = "/dev/disk/by-uuid/ce6ccdf0-7b6a-43ae-bfdf-10009a55041a"; efiPart = "/dev/disk/by-uuid/D77D-8CE0"; in { system.stateVersion = "22.11"; ### SECTION 1: HARDWARE/BOOT PARAMETERS ### boot = { initrd = { availableKernelModules = [ "nvme" "xhci_pci" ]; # insert crypto_keyfile into initrd so that grub can tell the kernel the # encryption key once I unlock the /boot partition secrets."/crypto_keyfile.bin" = "/boot/initrd/crypto_keyfile.bin"; luks.devices."cryptroot" = { device = encPart; # idk whether this is needed but it works preLVM = true; # see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling allowDiscards = true; # improve SSD performance bypassWorkqueues = true; keyFile = "/crypto_keyfile.bin"; }; }; resumeDevice = cryptroot; kernelParams = [ "resume=/@swap/swapfile" # resume_offset = $(btrfs inspect-internal map-swapfile -r path/to/swapfile) "resume_offset=533760" "fbcon=font:TER16x32" ]; cleanTmpDir = true; loader = { grub = { enable = true; enableCryptodisk = true; efiSupport = true; # nodev = disable bios support device = "nodev"; gfxmodeEfi = "1920x1080"; gfxmodeBios = "1920x1080"; }; efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot/efi"; }; kernel.sysctl = { "vm.dirty_ratio" = 4; "vm.dirty_background_ratio" = 2; "vm.swappiness" = 40; }; kernelPackages = pkgs.linuxPackages_zen; }; nixpkgs.config.allowUnfreePredicate = pkg: (lib.getName pkg) == "steam-original"; hardware = { steam-hardware.enable = true; video.hidpi.enable = true; enableRedistributableFirmware = true; }; # see common/vfio.nix vfio.enable = true; vfio.pciIDs = [ "1002:73df" "1002:ab28" ]; vfio.libvirtdGroup = [ "user" ]; vfio.lookingGlass.ivshmem = [{ owner = "user"; }]; fileSystems = let device = cryptroot; fsType = "btrfs"; # max compression! my cpu is pretty good anyway compress = "compress=zstd:15"; discard = "discard=async"; in { "/" = { inherit device fsType; options = [ discard compress "subvol=@" ]; }; "/nix" = { inherit device fsType; options = [ discard compress "subvol=@nix" "noatime" ]; }; "/swap" = { inherit device fsType; options = [ discard "subvol=@swap" "noatime" ]; }; "/home" = { inherit device fsType; options = [ discard compress "subvol=@home" ]; }; "/.snapshots" = { inherit device fsType; options = [ discard compress "subvol=@snapshots" ]; }; "/boot/efi" = { device = efiPart; fsType = "vfat"; }; }; swapDevices = [ { device = "/swap/swapfile"; } ]; ### SECTION 2: SYSTEM CONFIG/ENVIRONMENT ### i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; i18n.supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ]; networking.useDHCP = true; # networking.firewall.enable = false; networking.firewall.allowedTCPPorts = [ 27015 25565 7777 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # networking.hostName = "nixmsi"; networking.wireless.iwd.enable = true; #networking.networkmanager.enable = true; services.mullvad-vpn.enable = true; services.mullvad-vpn.package = pkgs.mullvad-vpn; services.xserver = { enable = true; libinput.enable = true; desktopManager.xterm.enable = false; # I couldn't get lightdm to start sway, so let's just do this displayManager.startx.enable = true; windowManager.i3.enable = true; }; programs.sway.enable = true; programs.firejail.enable = true; environment.systemPackages = with pkgs; [ vim wget git ]; services.dbus.enable = true; security.polkit.enable = true; services.printing.enable = true; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; xdg.portal = { enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; }; users.users.user = { isNormalUser = true; extraGroups = [ "networkmanager" "wheel" ]; }; nix = { settings.allowed-users = [ "user" ]; package = pkgs.nixFlakes; extraOptions = '' experimental-features = nix-command flakes ''; }; ### RANDOM PATCHES ### # zsh environment.pathsToLink = [ "/share/zsh" ]; # dedupe services.beesd = { filesystems.cryptroot = { spec = "UUID=${cryptrootUuid}"; hashTableSizeMB = 128; # extraOptions = [ ]; }; }; # System76 scheduler (not actually a scheduler, just a renice daemon) for improved responsiveness services.dbus.packages = [ pkgs.system76-scheduler ]; systemd.services."system76-scheduler" = { description = "Automatically configure CPU scheduler for responsiveness on AC"; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "dbus"; BusName= "com.system76.Scheduler"; ExecStart = "${pkgs.system76-scheduler}/bin/system76-scheduler daemon"; ExecReload = "${pkgs.system76-scheduler}/bin/system76-scheduler daemon reload"; }; }; environment.etc."system76-scheduler/assignments.ron".source = lib.mkOptionDefault "${pkgs.system76-scheduler}/etc/system76-scheduler/assignments.ron"; environment.etc."system76-scheduler/config.ron".source = lib.mkOptionDefault "${pkgs.system76-scheduler}/etc/system76-scheduler/config.ron"; environment.etc."system76-scheduler/exceptions.ron".source = lib.mkOptionDefault "${pkgs.system76-scheduler}/etc/system76-scheduler/exceptions.ron"; # I can't enable early KMS with VFIO, so this will have to do # (amdgpu resets the font upon being loaded) systemd.services."systemd-vconsole-setup2" = { serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStart = "${pkgs.systemd}/lib/systemd/systemd-vconsole-setup"; }; wantedBy = ["graphical.target"]; wants = ["multi-user.target"]; after = ["multi-user.target"]; }; # autologin once after boot # --skip-login means directly call login instead of first asking for username # (normally login asks for username too, but getty prefers to do it by itself for whatever reason) services.getty.extraArgs = ["--skip-login"]; services.getty.loginProgram = with pkgs; writeScript "login-once" '' #! ${bash}/bin/bash LOCKFILE=/tmp/login-once.lock if [ -f $LOCKFILE ] then exec ${shadow}/bin/login $@ else ${coreutils}/bin/touch $LOCKFILE exec ${shadow}/bin/login -f user fi ''; # overlays nixpkgs.overlays = [(self: super: with lib; with pkgs; { system76-scheduler = rustPlatform.buildRustPackage { pname = "system76-scheduler"; version = "unstable-2022-10-05"; src = fetchFromGitHub { owner = "pop-os"; repo = "system76-scheduler"; rev = "25a45add4300eab47ceb332b4ec07e1e74e4baaf"; sha256 = "sha256-eB1Qm+ITlLM51nn7GG42bydO1SQ4ZKM0wgRl8q522vw="; }; cargoPatches = [(pkgs.writeText "system76-scheduler-cargo.patch" '' diff --git i/daemon/Cargo.toml w/daemon/Cargo.toml index 0397788..fbd6202 100644 --- i/daemon/Cargo.toml +++ w/daemon/Cargo.toml @@ -33,7 +33,7 @@ clap = { version = "3.1.18", features = ["cargo"] } # Necessary for deserialization of untagged enums in assignments. [dependencies.ron] git = "https://github.com/MomoLangenstein/ron" -branch = "253-untagged-enums" +rev = "a9c5444d74677716f4a8a00504fb1bedbde55156" [dependencies.tracing-subscriber] version = "0.3.11" diff --git i/Cargo.lock w/Cargo.lock index a782756..fe56c1f 100644 --- i/Cargo.lock +++ w/Cargo.lock @@ -788,7 +788,7 @@ dependencies = [ [[package]] name = "ron" version = "0.7.0" -source = "git+https://github.com/MomoLangenstein/ron?branch=253-untagged-enums#a9c5444d74677716f4a8a00504fb1bedbde55156" +source = "git+https://github.com/MomoLangenstein/ron?rev=a9c5444d74677716f4a8a00504fb1bedbde55156#a9c5444d74677716f4a8a00504fb1bedbde55156" dependencies = [ "base64", "bitflags", '')]; cargoSha256 = "sha256-EzvJEJlJzCzNEJLCE3U167LkaQHzGthPhIJ6fp0aGk8="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ dbus ]; EXECSNOOP_PATH = "${bcc}/bin/execsnoop"; postInstall = '' install -D -m 0644 data/com.system76.Scheduler.conf $out/etc/dbus-1/system.d/com.system76.Scheduler.conf mkdir -p $out/etc/system76-scheduler install -D -m 0644 data/*.ron $out/etc/system76-scheduler/ ''; meta = { description = "System76 Scheduler"; homepage = "https://github.com/pop-os/system76-scheduler"; license = licenses.mpl20; platforms = [ "i686-linux" "x86_64-linux" ]; }; }; })]; }