nix/systems/nixos-fw16/default.nix

{ config
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    inputs.nixos-hardware.nixosModules.common-hidpi
    inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
    inputs.nixos-hardware.nixosModules.framework-16-7040-amd
    ../../os-mods/amdgpu
    ../../os-mods/cachix
    ../../os-mods/common
    ../../os-mods/desktop
    ../../os-mods/desktop/audio.nix
    ../../os-mods/desktop/gaming.nix
    ../../os-mods/desktop/printing.nix
    ../../os-mods/network
    # ../../os-mods/ryzenapu
    ../../os-mods/virt
    ../../users
    ./disks.nix
  ];

  security.sudo-rs.wheelNeedsPassword = lib.mkForce true; # unneded due to fp sensor

  # Power mgmt
  services.power-profiles-daemon.enable = true;
  powerManagement.powertop.enable = true;
  programs.corectrl.gpuOverclock.enable = lib.mkForce false; # TODO Check if needed
  ####

  nix.settings.system-features = [
    "benchmark"
    "big-parallel"
    "kvm"
    "nixos-test"
    "gccarch-znver4"
  ];

  chaotic = {
    scx = {
      enable = true;
      scheduler = "scx_rusty";
      package = pkgs.scx;
    };
    nyx = {
      overlay.enable = true;
      overlay.onTopOf = "user-pkgs";
      overlay.flakeNixpkgs.config = pkgs.config;
    };
  };

  # specialisation.linux-rc.configuration = {
  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos-rc;
  # environment.etc."specialisation".text = "linux-rc";
  # system.nixos.tags = [ "linux-rc" ];
  # };

  boot = {
    # kernelPackages = pkgs.linuxPackages_cachyos; # bootstrap
    kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos; # TODO see above, include into module
    kernelPatches = [ ];
    kernelParams = [
      # "systemd.unit=emergency.target"
      "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
      # "rescue"
      "pcie_aspm=force"
      # "pcie_aspm.policy=powersupersave"
      "rtc_cmos.use_acpi_alarm=1" # reduce S0 sleep wakeups
      "gpiolib_acpi.ignore_interrupt=AMDI0009:00@9" # mask IRQ 9 ?
    ];
    loader = {
      systemd-boot = {
        enable = false; # due to lanzaboote
        configurationLimit = 16;
      };
      efi.canTouchEfiVariables = true;
    };

    lanzaboote = {
      enable = true;
      configurationLimit = 16;
      pkiBundle = "/etc/secureboot";
    };

    initrd = {
      availableKernelModules = [
        "nvme"
        "xhci_pci"
        "thunderbolt"
        "uas" # needed ?
        "usbhid"
        "usb_storage"
        "sd_mod"
      ];
      kernelModules = [ ];
      systemd.enable = true;
    };

    extraModulePackages = [ ];
  };

  networking = {
    hostName = "nixos-fw16";
    extraHosts = ''
      192.168.0.75    monitor.oekonzept.de
      192.168.0.151   rosa.oekonzept.de
      192.168.0.171   karl.oekonzept.de
      192.168.0.206   vewadb.oekonzept.de
      192.168.0.191   vewadb2.oekonzept.de
      192.168.0.190   vpn.oekonzept.de
      192.168.0.180   vewasmb.oekonzept.de
      192.168.0.91    puppet.oekonzept.de
      192.168.0.245   camt.oekonzept.net
      192.168.0.245   camt-cbg.oekonzept.net
      192.168.0.245   camt-eth.oekonzept.net
      192.168.0.245   camt-pro.oekonzept.net
      192.168.0.245   camt-swbfk.oekonzept.net
      192.168.0.245   cloud.oekonzept.net
      192.168.0.245   office.oekonzept.net
      192.168.0.245   llama.oekonzept.net
      192.168.0.245   netdata.oekonzept.net
      192.168.0.245   nixos-karl-kvm-guest.oekonzept.de
      176.9.242.147   fe3f3294-c93a-4aca-895e-abe6c858dbd5-llama-cpp.redvau.lt
    '';
    interfaces = {
      eth0 = {
        useDHCP = false;
        ipv4.addresses = [
          {
            address = "192.168.0.21";
            prefixLength = 24;
          }
        ];
        ipv4.routes = [
          {
            address = "192.168.0.0";
            prefixLength = 24;
          }
          {
            address = "0.0.0.0";
            prefixLength = 0;
            via = "192.168.0.5";
          }
        ];
      };
    };
  };

  systemd = {
    services = {
      ryzenadj = {
        enable = true;
        description = "RyzenAdj Autoset";
        serviceConfig = {
          Type = "oneshot";
          User = "root";
          ExecStart = "${pkgs.ryzenadj}/bin/ryzenadj -f90 --set-coall=-20";
        };
        wantedBy = [ "multi-user.target" ];
      };

      # Do not manage HID devices with powertop to prevent annoying keyboard/mouse sleeps
      powertop.postStart = ''
        HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u)
        for i in $HIDDEVICES; do
          echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product
          echo 'on' > /sys/bus/usb/devices/$i/power/control
        done
      '';

      # This manually configures the automatically created network-adresses service to be more flexible
      # regarding booting without the the device being available on boot
      # It prevents slow timeouts & errors on boot while preserving Plug & Play ability
      network-addresses-eth0.unitConfig = {
        ConditionPathExists = "/sys/class/net/eth0";
        BindsTo = lib.mkForce null;
      };
    };
  };
  services.udev.extraRules = ''
    # Framework Laptop 16 - LED Matrix
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0020", MODE="0660", TAG+="uaccess"

    # B1 Display (Experimental prototype, not a product)
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0021", MODE="0660", TAG+="uaccess"

    # C1 Minimal Microcontroller Module (Template for DIY Module)
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0022", MODE="0660", TAG+="uaccess"

    # USB-C dock ethernet
    ACTION=="add", KERNEL=="eth0", TAG+="systemd", ENV{SYSTEMD_WANTS}="network-addresses-eth0.service"
    ACTION=="remove", KERNEL=="eth0", RUN+="${pkgs.systemd}/bin/systemctl stop network-addresses-eth0.service"

    # TODO check needed?
    SUBSYSTEM=="pci", ATTR{power/control}="auto"
    # ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled"
  '';

  environment.systemPackages = with pkgs; [
    ryzenadj
    lm_sensors
    coreutils-full
    cpu-x
    fw-ectool
    sbctl # secureboot debugging/config/mgmt
  ];
  #   android-tools
  #   android-udev-rules

  hardware = {
    enableRedistributableFirmware = true;
    i2c.enable = true;

    cpu.amd = {
      updateMicrocode = true;
      ryzen-smu.enable = true;
    };
    sensor.iio.enable = true;
  };

  zramSwap.enable = true;

  system.stateVersion = "24.05";
}
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`{ config`
			`, lib`
			`, pkgs`
			`, modulesPath`
			`, system`
			`, inputs`
			`, ...`
			`}: {`
			`imports = [`
			`(modulesPath + "/installer/scan/not-detected.nix")`
			`inputs.nixos-hardware.nixosModules.common-hidpi`
			`inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call`
			`inputs.nixos-hardware.nixosModules.framework-16-7040-amd`
			`../../os-mods/amdgpu`
			`../../os-mods/cachix`
			`../../os-mods/common`
			`../../os-mods/desktop`
			`../../os-mods/desktop/audio.nix`
			`../../os-mods/desktop/gaming.nix`
			`../../os-mods/desktop/printing.nix`
			`../../os-mods/network`
			`# ../../os-mods/ryzenapu`
			`../../os-mods/virt`
			`../../users`
			`./disks.nix`
			`];`

Add hm programs, migrate to znver4 kernel & add sched_ext 2024-07-09 16:40:07 +02:00			`security.sudo-rs.wheelNeedsPassword = lib.mkForce true; # unneded due to fp sensor`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00
Run alejandra 2024-07-09 16:41:23 +02:00			`# Power mgmt`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`services.power-profiles-daemon.enable = true;`
			`powerManagement.powertop.enable = true;`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`programs.corectrl.gpuOverclock.enable = lib.mkForce false; # TODO Check if needed`
Add hm programs, migrate to znver4 kernel & add sched_ext 2024-07-09 16:40:07 +02:00			`####`

			`nix.settings.system-features = [`
			`"benchmark"`
			`"big-parallel"`
			`"kvm"`
			`"nixos-test"`
			`"gccarch-znver4"`
			`];`

			`chaotic = {`
			`scx = {`
			`enable = true;`
			`scheduler = "scx_rusty";`
			`package = pkgs.scx;`
			`};`
			`nyx = {`
			`overlay.enable = true;`
			`overlay.onTopOf = "user-pkgs";`
			`overlay.flakeNixpkgs.config = pkgs.config;`
			`};`
			`};`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00
Add ryzenadj systemd oneshot unit for curve opt & tctl 2024-07-16 18:55:42 +02:00			`# specialisation.linux-rc.configuration = {`
			`# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos-rc;`
			`# environment.etc."specialisation".text = "linux-rc";`
			`# system.nixos.tags = [ "linux-rc" ];`
			`# };`

Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`boot = {`
Add hm programs, migrate to znver4 kernel & add sched_ext 2024-07-09 16:40:07 +02:00			`# kernelPackages = pkgs.linuxPackages_cachyos; # bootstrap`
			`kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos; # TODO see above, include into module`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`kernelPatches = [ ];`
			`kernelParams = [`
			`# "systemd.unit=emergency.target"`
			`"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"`
			`# "rescue"`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`"pcie_aspm=force"`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`# "pcie_aspm.policy=powersupersave"`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`"rtc_cmos.use_acpi_alarm=1" # reduce S0 sleep wakeups`
			`"gpiolib_acpi.ignore_interrupt=AMDI0009:00@9" # mask IRQ 9 ?`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`];`
			`loader = {`
			`systemd-boot = {`
WIP Laptop 2024-07-16 09:29:19 +02:00			`enable = false; # due to lanzaboote`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`configurationLimit = 16;`
			`};`
			`efi.canTouchEfiVariables = true;`
			`};`

WIP Laptop 2024-07-16 09:29:19 +02:00			`lanzaboote = {`
			`enable = true;`
			`configurationLimit = 16;`
			`pkiBundle = "/etc/secureboot";`
			`};`

Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`initrd = {`
Add nixos-fw16 fixes (#7) Signed-off-by: Tristan D. <tristan@gitea@vault81.de> Reviewed-on: https://git.vlt81.de/tristan/nix/pulls/7 Co-authored-by: Tristan D <tristan@gitea@vault81.de> Co-committed-by: Tristan D <tristan@gitea@vault81.de> 2024-06-20 18:29:49 +00:00			`availableKernelModules = [`
			`"nvme"`
			`"xhci_pci"`
			`"thunderbolt"`
			`"uas" # needed ?`
			`"usbhid"`
			`"usb_storage"`
			`"sd_mod"`
			`];`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`kernelModules = [ ];`
			`systemd.enable = true;`
			`};`

			`extraModulePackages = [ ];`
			`};`

			`networking = {`
Some more fw16 fixes 2024-06-20 20:47:43 +02:00			`hostName = "nixos-fw16";`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`extraHosts = ''`
			`192.168.0.75 monitor.oekonzept.de`
			`192.168.0.151 rosa.oekonzept.de`
			`192.168.0.171 karl.oekonzept.de`
			`192.168.0.206 vewadb.oekonzept.de`
			`192.168.0.191 vewadb2.oekonzept.de`
			`192.168.0.190 vpn.oekonzept.de`
			`192.168.0.180 vewasmb.oekonzept.de`
			`192.168.0.91 puppet.oekonzept.de`
			`192.168.0.245 camt.oekonzept.net`
			`192.168.0.245 camt-cbg.oekonzept.net`
			`192.168.0.245 camt-eth.oekonzept.net`
			`192.168.0.245 camt-pro.oekonzept.net`
			`192.168.0.245 camt-swbfk.oekonzept.net`
			`192.168.0.245 cloud.oekonzept.net`
			`192.168.0.245 office.oekonzept.net`
			`192.168.0.245 llama.oekonzept.net`
			`192.168.0.245 netdata.oekonzept.net`
			`192.168.0.245 nixos-karl-kvm-guest.oekonzept.de`
			`176.9.242.147 fe3f3294-c93a-4aca-895e-abe6c858dbd5-llama-cpp.redvau.lt`
			`'';`
			`interfaces = {`
Some more fw16 fixes 2024-06-20 20:47:43 +02:00			`eth0 = {`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`useDHCP = false;`
			`ipv4.addresses = [`
			`{`
			`address = "192.168.0.21";`
			`prefixLength = 24;`
			`}`
			`];`
			`ipv4.routes = [`
			`{`
			`address = "192.168.0.0";`
			`prefixLength = 24;`
			`}`
			`{`
			`address = "0.0.0.0";`
			`prefixLength = 0;`
			`via = "192.168.0.5";`
			`}`
			`];`
			`};`
			`};`
			`};`

			`systemd = {`
			`services = {`
Add ryzenadj systemd oneshot unit for curve opt & tctl 2024-07-16 18:55:42 +02:00			`ryzenadj = {`
			`enable = true;`
			`description = "RyzenAdj Autoset";`
			`serviceConfig = {`
			`Type = "oneshot";`
			`User = "root";`
			`ExecStart = "${pkgs.ryzenadj}/bin/ryzenadj -f90 --set-coall=-20";`
			`};`
			`wantedBy = [ "multi-user.target" ];`
			`};`

Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`# Do not manage HID devices with powertop to prevent annoying keyboard/mouse sleeps`
			`powertop.postStart = ''`
			`HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid \| grep -oE '^[0-9]+-[0-9\.]+' \| sort -u)`
			`for i in $HIDDEVICES; do`
			`echo -n "Enabling " \| cat - /sys/bus/usb/devices/$i/product`
			`echo 'on' > /sys/bus/usb/devices/$i/power/control`
			`done`
			`'';`

Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`# This manually configures the automatically created network-adresses service to be more flexible`
			`# regarding booting without the the device being available on boot`
			`# It prevents slow timeouts & errors on boot while preserving Plug & Play ability`
Some more fw16 fixes 2024-06-20 20:47:43 +02:00			`network-addresses-eth0.unitConfig = {`
			`ConditionPathExists = "/sys/class/net/eth0";`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`BindsTo = lib.mkForce null;`
			`};`
			`};`
			`};`
			`services.udev.extraRules = ''`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`# Framework Laptop 16 - LED Matrix`
			`SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0020", MODE="0660", TAG+="uaccess"`

			`# B1 Display (Experimental prototype, not a product)`
			`SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0021", MODE="0660", TAG+="uaccess"`

			`# C1 Minimal Microcontroller Module (Template for DIY Module)`
			`SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0022", MODE="0660", TAG+="uaccess"`

			`# USB-C dock ethernet`
Some more fw16 fixes 2024-06-20 20:47:43 +02:00			`ACTION=="add", KERNEL=="eth0", TAG+="systemd", ENV{SYSTEMD_WANTS}="network-addresses-eth0.service"`
			`ACTION=="remove", KERNEL=="eth0", RUN+="${pkgs.systemd}/bin/systemctl stop network-addresses-eth0.service"`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00
			`# TODO check needed?`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`SUBSYSTEM=="pci", ATTR{power/control}="auto"`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`# ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled"`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`'';`

Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`environment.systemPackages = with pkgs; [`
Update flakes & improve fw16 apu handling 2024-07-08 10:36:57 +02:00			`ryzenadj`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`lm_sensors`
			`coreutils-full`
			`cpu-x`
			`fw-ectool`
WIP Laptop 2024-07-16 09:29:19 +02:00			`sbctl # secureboot debugging/config/mgmt`
Optimize fw16 conf - power mgmt/sleep/energy usage - usbc dock eth - wheelNeedsPassword=true due to fprint 2024-07-04 10:18:14 +02:00			`];`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`# android-tools`
			`# android-udev-rules`

			`hardware = {`
			`enableRedistributableFirmware = true;`
			`i2c.enable = true;`

Update flakes & improve fw16 apu handling 2024-07-08 10:36:57 +02:00			`cpu.amd = {`
			`updateMicrocode = true;`
			`ryzen-smu.enable = true;`
			`};`
Add initial fw16 conf 2024-06-20 15:07:23 +02:00			`sensor.iio.enable = true;`
			`};`

			`zramSwap.enable = true;`

			`system.stateVersion = "24.05";`
			`}`