[ # Include the results of the hardware scan.
./hardware-configuration.nix
inputs.home-manager.nixosModules.default
+ inputs.extra-container.nixosModules.default
+ inputs.microvm.nixosModules.host
];
# Bootloader.
boot.initrd.kernelModules = [ "amdgpu" ];
boot.consoleLogLevel = 0;
boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
-
- networking.hostName = "nixos"; # Define your hostname.
+ boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ];
+
+ # incus admin init --minimal
+ # incus image list images:
+ # incus launch images:ubuntu/noble <name>
+ # incus exec <name> -- /bin/bash
+ # incus exec <name> -- adduser --shell /bin/bash --ingroup sudo ps
+ # incus exec <name> -- su - ps -c 'tmux new-session -A -s main'
+ virtualisation.incus.enable = true;
+ virtualisation.incus.ui.enable = true;
+ networking.nftables.enable = true;
+ networking.firewall.trustedInterfaces = [ "incusbr0" ];
+
+ networking.hostName = "thinkpad"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
- nix.package = pkgs.nixVersions.nix_2_28;
+ nix.settings.download-buffer-size = 500000000;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
programs.dconf.enable = true;
programs.steam.enable = true;
+ # Containers
+ containers = {
+ im = {
+ ephemeral = true;
+ # privateNetwork = true;
+ localAddress = "10.23.45.2";
+ hostAddress = "10.23.45.1";
+
+ bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
+ bindMounts."/per".isReadOnly = false;
+
+ extraFlags = [
+ "--property='MemoryMax=60M'"
+ "--property='MemoryHigh=50M'"
+ "--property='CPUQuota=4%'"
+ ];
+
+ config = { config, pkgs, ... }: {
+ imports = [ inputs.impermanence.nixosModules.impermanence ];
+
+ environment.persistence."/per" = {
+ directories = [
+ "/var/log"
+ "/var/lib"
+ { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
+ ];
+ files = [];
+ };
+ environment.systemPackages = with pkgs; [ helix python312 deno ];
+
+ users.users.ps = { isNormalUser = true; };
+
+ networking.firewall.allowedTCPPorts = [ 80 8080 ];
+
+ system.stateVersion = "25.05";
+ };
+ };
+ };
+ networking.nat.enable = true;
+ networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.externalInterface = "eth0";
+ networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+
# Services
services = {
-
+ displayManager = {
+ defaultSession = "xfce+i3";
+ };
xserver = {
enable = true;
- # Enable the GNOME Desktop Environment.
- # displayManager.gdm.enable = true;
- # desktopManager.gnome.enable = true;
-
- # displayManager.sddm.enable = true;
- # desktopManager.budgie.enable = true;
-
- # desktopManager.deepin.enable = true;
- # displayManager.lightdm.enable = true;
-
- # displayManager.gdm.enable = true;
- # desktopManager.plasma5.enable = true;
-
displayManager = {
- defaultSession = "xfce+i3";
lightdm = {
enable = true;
greeters.gtk = {
xterm.enable = false;
xfce = {
enable = true;
- # noDesktop = true;
+ noDesktop = true;
enableXfwm = false;
};
};
dataDir = "/home/ps/sync";
configDir = "/home/ps/.config/syncthing";
};
+
+ services.tlp = {
+ enable = true;
+ settings = {
+ CPU_SCALING_GOVERNOR_ON_AC = "performance";
+ CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+
+ CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance";
+ CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+
+ PLATFORM_PROFILE_ON_AC = "balanced";
+ PLATFORM_PROFILE_ON_BAT = "low-power";
+
+ CPU_BOOST_ON_AC = "1";
+ CPU_BOOST_ON_BAT = "0";
+
+ AMDGPU_ABM_LEVEL_ON_AC = "0";
+ AMDGPU_ABM_LEVEL_ON_BAT = "3";
+
+ CPU_MIN_PERF_ON_AC = 0;
+ CPU_MAX_PERF_ON_AC = 100;
+ CPU_MIN_PERF_ON_BAT = 0;
+ CPU_MAX_PERF_ON_BAT = 20;
+
+ START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge
+ STOP_CHARGE_THRESH_BAT0 = 85; # 85 and above it stops charging
+ };
+ };
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
# OpenGL
- # hardware.graphics.enable = true;
hardware = {
graphics = {
enable = true;
enable = true;
support32Bit.enable = true;
};
-};
+ };
# services.logind = {
# extraConfig = "HandlePowerKey=suspend";
services.printing.enable = true;
services.printing.drivers = [ pkgs.gutenprint ];
+ # Enable scanners
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
+ services.avahi.enable = true;
+ services.avahi.nssmdns4 = true;
+ services.avahi.reflector = true;
+ services.udev.packages = [ pkgs.sane-airscan ];
+
# Enable Bluetooth
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = false;
services.blueman.enable = true;
# Enable sound with pipewire.
- hardware.pulseaudio.enable = false;
+ services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
isNormalUser = true;
description = "Patrick";
shell = pkgs.bash;
- extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" ];
+ extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ];
};
sshd = {
isSystemUser = true;
pavucontrol
syncthingtray
# xfce plugins
+ xfce.xfce4-panel
xfce.xfce4-pulseaudio-plugin
# xfce.xfce4-verve-plugin
xfce.xfce4-notes-plugin
projects / flake_thinkpad / blobdiff