{ config , lib , pkgs , modulesPath , system , inputs , ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") inputs.nixos-hardware.nixosModules.common-hidpi inputs.nixos-hardware.nixosModules.framework-16-7040-amd ../../os-mods/age ../../os-mods/net_disks/oeko.nix ../../os-mods/amdgpu ../../os-mods/cachix ../../os-mods/common ../../os-mods/desktop ../../os-mods/desktop/audio.nix ../../os-mods/desktop/gaming.nix ../../os-mods/desktop/printing.nix ../../os-mods/netdata/client.nix ../../os-mods/network ../../os-mods/ryzenapu ../../os-mods/virt ../../users ./disks.nix ]; # age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16"; age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANI+JugoOABEG49405FrbVwbTT/cbYamNZC5Tb01/xp root@nixos-fw16"; nix.settings.builders-use-substitutes = true; nix.distributedBuilds = true; nix.buildMachines = [ ]; # [ # { # hostName = "nixremote@nixos-desk"; # system = "x86_64-linux"; # protocol = "ssh"; # maxJobs = 0; # speedFactor = 0; # supportedFeatures = [ # "benchmark" # "big-parallel" # "kvm" # "nixos-test" # "gccarch-x86-64-v3" # "gccarch-znver3" # ]; # mandatoryFeatures = [ ]; # } # { # hostName = "nixremote@nixos-pulse"; # system = "x86_64-linux"; # protocol = "ssh"; # maxJobs = 0; # speedFactor = 1; # supportedFeatures = [ # "benchmark" # "big-parallel" # "kvm" # "nixos-test" # "gccarch-x86-64-v3" # "gccarch-znver2" # ]; # mandatoryFeatures = [ ]; # } # ]; #################### systemd.user = { services.modprobed-db = { description = "modprobed-db service to scan and store new kernel modules"; wants = [ "modprobed-db.timer" ]; wantedBy = [ "default.target" ]; serviceConfig = { ExecStart = "${pkgs.modprobed-db}/bin/modprobed-db storesilent"; ExecStop = "${pkgs.modprobed-db}/bin/modprobed-db storesilent"; Type = "simple"; }; path = builtins.attrValues { inherit (pkgs) gawk getent coreutils gnugrep gnused kmod; }; }; timers.modprobed-db = { wantedBy = [ "timers.target" ]; partOf = [ "modprobed-db.service" ]; timerConfig = { Persistent = true; OnUnitActiveSec = "1h"; }; }; }; ################ security.sudo-rs.wheelNeedsPassword = lib.mkForce true; # unneded due to fp sensor # Power mgmt services.input-remapper.enable = true; services.power-profiles-daemon.enable = true; # powerManagement.powertop.enable = true; programs.corectrl.gpuOverclock.enable = lib.mkForce false; # TODO Check if needed programs.adb.enable = true; #### nix.settings.system-features = [ "benchmark" "big-parallel" "kvm" "nixos-test" "gccarch-znver1" "gccarch-znver2" "gccarch-znver3" "gccarch-znver4" ]; # nixpkgs.hostPlatform.gcc.arch = "znver2"; chaotic = { # scx = { # enable = false; # temp # scheduler = "scx_bpfland"; # package = pkgs.scx; # }; nyx = { overlay.enable = true; # overlay.onTopOf = "user-pkgs"; # needed ? # overlay.flakeNixpkgs.config = pkgs.config; # needed ? }; }; # specialisation = { # linux-latest.configuration = { # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; # }; # linux-zen.configuration = { # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_zen; # }; # linux-cachyos.configuration = { # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_cachyos; # }; # }; boot = { # kernelPackages = pkgs.linuxPackages_latest; # bootstrap # kernelPackages = pkgs.linuxPackages_zen; # bootstrap # kernelPackages = pkgs.linuxPackages_cachyos; # bootstrap # kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos; # kernelPackages = pkgs.linuxPackages_latest; # kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos-rc; # kernelPackages = pkgs.pkgsAMD64Microarchs.znver2.linuxPackages_cachyos-rc; # kernelPackages = pkgs.linuxPackages_cachyos; kernelPackages = pkgs.pkgsAMD64Microarchs.znver4.linuxPackages_cachyos; kernelPatches = [ ]; kernelParams = [ # "systemd.unit=emergency.target" # "amdgpu.ppfeaturemask=0xfffd7fff" # gpu overclockfoo for LACT /fanctrl # Provokes crashyness ?? "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" # "rescue" "pcie_aspm=force" # TODO Check hibernate without "pcie_aspm.policy=powersupersave" "rtc_cmos.use_acpi_alarm=1" # reduce S0 sleep wakeups "gpiolib_acpi.ignore_interrupt=AMDI0009:00@9" # mask IRQ 9 ? ]; loader = { timeout = 0; systemd-boot = { # enable = false; # due to lanzaboote enable = true; # bootstrap configurationLimit = 12; memtest86.enable = true; # bootCounting.enable = true; # reverted atm }; efi.canTouchEfiVariables = true; }; lanzaboote = { # enable = true; configurationLimit = 12; # pkiBundle = "/etc/secureboot"; pkiBundle = "/var/lib/sbctl"; }; initrd = { availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "uas" # needed ? "usbhid" "usb_storage" "sd_mod" ]; kernelModules = [ ]; systemd.enable = true; }; extraModulePackages = [ ]; }; networking = { hostName = "nixos-fw16"; extraHosts = '' 192.168.0.20 opnsense.oekonzept.local 192.168.0.75 monitor.oekonzept.de 192.168.0.151 rosa.oekonzept.de 192.168.0.171 karl.oekonzept.de 192.168.0.206 vewadb.oekonzept.de 192.168.0.191 vewadb2.oekonzept.de 192.168.0.190 vpn.oekonzept.de 192.168.0.180 vewasmb.oekonzept.de 192.168.0.91 puppet.oekonzept.de 192.168.0.1 srv-nas-01.oekonzept.net 192.168.0.1 nas-01.oekonzept.net 192.168.0.171 net.oekonzept.net 192.168.0.171 git.oekonzept.net 192.168.0.171 office.oekonzept.net 192.168.0.171 libreoffice.oekonzept.net 192.168.0.171 cockpit.oekonzept.net 192.168.0.171 auth.oekonzept.net 192.168.0.171 netdata.oekonzept.net 192.168.0.171 cloud.oekonzept.net 192.168.0.171 bw.oekonzept.net 192.168.0.171 kasm.oekonzept.net 192.168.0.171 warden.oekonzept.net 192.168.0.171 oproject.oekonzept.net 192.168.0.171 netbox.oekonzept.net 192.168.0.171 passwords.oekonzept.net 192.168.0.171 pass.oekonzept.net 192.168.0.171 camt.oekonzept.net 192.168.0.171 camt-eth.oekonzept.net 192.168.0.171 camt-cbg.oekonzept.net 176.9.242.147 fe3f3294-c93a-4aca-895e-abe6c858dbd5-llama-cpp.redvau.lt ''; interfaces = { eth0 = { useDHCP = false; ipv4.addresses = [ { address = "192.168.0.21"; prefixLength = 24; } ]; ipv4.routes = [ { address = "192.168.0.0"; prefixLength = 24; } { address = "0.0.0.0"; prefixLength = 0; via = "192.168.0.5"; } ]; }; }; }; systemd = { services = { # Do not manage HID devices with powertop to prevent annoying keyboard/mouse sleeps # Disabled atm as I disabled Powertop # powertop.postStart = '' # HIDDEVICES=$(ls /sys/bus/usb/drivers/usbhid | grep -oE '^[0-9]+-[0-9\.]+' | sort -u) # for i in $HIDDEVICES; do # echo -n "Enabling " | cat - /sys/bus/usb/devices/$i/product # echo 'on' > /sys/bus/usb/devices/$i/power/control # done # ''; # This manually configures the automatically created network-adresses service to be more flexible # regarding booting without the the device being available on boot # It prevents slow timeouts & errors on boot while preserving Plug & Play ability network-addresses-eth0.unitConfig = { ConditionPathExists = "/sys/class/net/eth0"; BindsTo = lib.mkForce null; }; }; }; services.udev.extraRules = '' # Framework Laptop 16 - LED Matrix SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0020", MODE="0660", TAG+="uaccess" # C1 Minimal Microcontroller Module (Template for DIY Module) SUBSYSTEMS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0022", MODE="0660", TAG+="uaccess" # USB-C dock ethernet ACTION=="add", KERNEL=="eth0", TAG+="systemd", ENV{SYSTEMD_WANTS}="network-addresses-eth0.service" ACTION=="remove", KERNEL=="eth0", RUN+="${pkgs.systemd}/bin/systemctl stop network-addresses-eth0.service" # Might help suspend: SUBSYSTEM=="pci", ATTR{power/control}="auto" # ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled" ''; services.netbird.ui.enable = true; services.netbird.enable = true; environment.systemPackages = with pkgs; [ ryzenadj lm_sensors coreutils-full cpu-x fw-ectool sbctl # secureboot debugging/config/mgmt # android-tools input-remapper ]; hardware = { enableRedistributableFirmware = true; i2c.enable = true; cpu.amd = { updateMicrocode = true; ryzen-smu.enable = true; }; sensor.iio.enable = true; }; zramSwap.enable = true; system.stateVersion = "24.05"; }