nix/systems/nixos-pulse/default.nix

{ config
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    inputs.nixos-hardware.nixosModules.common-cpu-amd
    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
    inputs.nixos-hardware.nixosModules.common-hidpi
    inputs.nixos-hardware.nixosModules.tuxedo-pulse-15-gen2
    ../../os-mods/age
    ../../os-mods/amdgpu
    ../../os-mods/cachix
    ../../os-mods/common
    # ../../os-mods/desktop
    # ../../os-mods/desktop/audio.nix
    # ../../os-mods/desktop/printing.nix
    ../../os-mods/netdata/client.nix
    ../../os-mods/network
    ../../os-mods/ryzenapu
    ../../os-mods/virt
  ];

  nix.settings = {
    trusted-users = [ "nixremote" "root" "tristand" ];
    system-features = [
      "benchmark"
      "big-parallel"
      "kvm"
      "nixos-test"
      "gccarch-x86-64-v3"
      "gccarch-znver2"
    ];
  };

  programs.corectrl.gpuOverclock.enable = lib.mkForce false;
  networking = {
    useDHCP = lib.mkForce false;
    useNetworkd = true;
    wireless = {
      enable = true;
      networks."DruyenWLAN" = {
        psk = "DidWvTDruyenH4";
      };
    };
    networkmanager.unmanaged = [ "wlp3s0" ];
  };
  systemd.network = {
    enable = true;
    networks."10-homewifi" = {
      name = "wlp3s0";
      matchConfig = {
        SSID = "DruyenWLAN";
      };
      DHCP = "yes"; # both ipv4 & 6
    };
  };

  home-manager = {
    useUserPackages = true;
    useGlobalPkgs = true;
    users.tristand = import ../../users/admin-shell.nix {
      username = "tristand";

      inherit pkgs config inputs system lib;
    };
  };

  users.groups.nixremote = { };
  users.users = {
    tristand = {
      isNormalUser = true;
      description = "Tristan Druyen";
      extraGroups = [ "audio" "corectrl" "dialout" "docker" "networkmanager" "i2c" "wheel" "libvirtd" "qemu-libvirtd" "input" ];
      shell = pkgs.fish;
      home = "/home/tristand";
      hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s..";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de"
      ];
    };

    nixremote = {
      isSystemUser = true;
      group = "nixremote";
      description = "remote builder user";
      extraGroups = [ "docker" "networkmanager" "wheel" ];
      shell = pkgs.bash;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRFEtmoq36QmvAwv/xIVdvaf+B9Scbm5cUFFkP/c1nS root@nixos-f16"
      ];
    };
  };

  boot = {
    # kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos;
    kernelPackages = pkgs.pkgsAMD64Microarchs.znver2.linuxPackages_cachyos;
    kernelPatches = [ ];
    kernelParams = [
      # "systemd.unit=emergency.target"
      # "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
      # "rescue"
      # "pcie_aspm=force"
      # "pcie_aspm.policy=powersupersave"
      # "rtc_cmos.use_acpi_alarm=1" # reduce S0 sleep wakeups
      # "gpiolib_acpi.ignore_interrupt=AMDI0030:00@9" # mask IRQ 9 ?
    ];
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 16;
      };
      efi.canTouchEfiVariables = true;
    };

    supportedFilesystems = [ "btrfs" "vfat" ];

    initrd = {
      availableKernelModules = [ "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ];
      kernelModules = [ ];
      systemd.enable = true;
      supportedFilesystems = [ "btrfs" "vfat" ];

      luks.devices = {
        "crypted_1" = {
          device = "/dev/disk/by-uuid/9cca6269-6afa-4f77-92ff-2e9eb8fc9bc7";
          allowDiscards = true;
          bypassWorkqueues = true;
          crypttabExtraOpts = [ "nofail" ];
        };
        "crypted_swap_1" = {
          device = "/dev/disk/by-uuid/7b19e61a-20cd-47ae-9da2-0f40c9be86fe";
          allowDiscards = true;
          bypassWorkqueues = true;
          crypttabExtraOpts = [ "nofail" ];
        };
      };
    };

    extraModulePackages = [ ];
  };

  swapDevices = [
    { device = "/dev/disk/by-uuid/83b6aa0a-ff9f-40ef-b728-6540bd5c9365"; }
  ];

  services.btrfs.autoScrub.enable = true;

  networking = {
    hostName = "nixos-pulse";
    extraHosts = ''
      176.9.242.147      he4.redvau.lt
    '';
  };

  fileSystems =
    let
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
      perm_opts = "uid=1000,gid=100";
      btrfs_opts = "autodefrag,compress=zstd,discard=async,noatime,space_cache=v2,ssd";
      sshfs_opts = [
        "allow_other,_netdev,reconnect,ServerAliveInterval=15,IdentityFile=/var/secrets/id_ed25519"
        perm_opts
        automount_opts
      ];
    in
    {
      "/" = {
        device = "/dev/mapper/crypted_1";
        fsType = "btrfs";
        options = [
          btrfs_opts
          "subvol=_active/root"
        ];
      };
      "/boot" = {
        device = "/dev/disk/by-uuid/3226-7E38";
        fsType = "vfat";
        options = [ "fmask=0022" "dmask=0022" ];
      };
      "/home" = {
        device = "/dev/mapper/crypted_1";
        fsType = "btrfs";
        options = [
          btrfs_opts
          "subvol=_active/home"
        ];
      };
      "/nix" = {
        device = "/dev/mapper/crypted_1";
        fsType = "btrfs";
        options = [
          btrfs_opts
          "subvol=_active/nix"
        ];
      };

      # "/mnt/media_v2" = {
      # device = "root@23.88.68.113:/media_v2";
      # fsType = "sshfs";
      # options = sshfs_opts;
      # };
    };
  system.fsPackages = [ pkgs.sshfs ];

  services.udev.extraRules = ''
    SUBSYSTEM=="pci", ATTR{power/control}="auto"
    ACTION=="add", SUBSYSTEM=="serio", DRIVERS=="atkbd", ATTR{power/wakeup}="disabled"
  '';

  hardware = {
    enableRedistributableFirmware = true;
    i2c.enable = true;
    # tuxedo-keyboard.enable = true; // not needed for server use

    cpu.amd.updateMicrocode = true;
    sensor.iio.enable = true;
    # tuxedo-rs = { // not needed for server use
    # enable = true;
    # tailor-gui.enable = false; # used headless atm
    # } ;
  };

  zramSwap.enable = true;
  environment.systemPackages = with pkgs; [
    firefox
  ];

  system.stateVersion = "23.05";
}