X-Git-Url: https://gitweb.ps.run/flake_thinkpad/blobdiff_plain/7dba1e01896b0e3bb2c7470706a560beaa72f28e..6d5e77492bd3b0032686f2351498726da5d98cd8:/configuration.nix?ds=inline diff --git a/configuration.nix b/configuration.nix index cda8392..e236758 100644 --- a/configuration.nix +++ b/configuration.nix @@ -20,6 +20,8 @@ in [ # Include the results of the hardware scan. ./hardware-configuration.nix inputs.home-manager.nixosModules.default + inputs.extra-container.nixosModules.default + inputs.microvm.nixosModules.host ]; # Bootloader. @@ -33,14 +35,24 @@ in boot.initrd.kernelModules = [ "amdgpu" ]; boot.consoleLogLevel = 0; boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ]; - - networking.hostName = "nixos"; # Define your hostname. + boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ]; + + # incus admin init --minimal + # incus image list images: + # incus launch images:ubuntu/noble + # incus exec -- /bin/bash + # incus exec -- adduser --shell /bin/bash --ingroup sudo ps + # incus exec -- su - ps -c 'tmux new-session -A -s main' + virtualisation.incus.enable = true; + virtualisation.incus.ui.enable = true; + networking.nftables.enable = true; + networking.firewall.trustedInterfaces = [ "incusbr0" ]; + + networking.hostName = "thinkpad"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.download-buffer-size = 500000000; - nix.package = pkgs.nixVersions.nix_2_28; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -70,27 +82,58 @@ in programs.dconf.enable = true; programs.steam.enable = true; + # Containers + containers = { + im = { + ephemeral = true; + # privateNetwork = true; + localAddress = "10.23.45.2"; + hostAddress = "10.23.45.1"; + + bindMounts."/per".hostPath = "/var/lib/nixos-containers/im"; + bindMounts."/per".isReadOnly = false; + + extraFlags = [ + "--property='MemoryMax=60M'" + "--property='MemoryHigh=50M'" + "--property='CPUQuota=4%'" + ]; + + config = { config, pkgs, ... }: { + imports = [ inputs.impermanence.nixosModules.impermanence ]; + + environment.persistence."/per" = { + directories = [ + "/var/log" + "/var/lib" + { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; } + ]; + files = []; + }; + environment.systemPackages = with pkgs; [ helix python312 deno ]; + + users.users.ps = { isNormalUser = true; }; + + networking.firewall.allowedTCPPorts = [ 80 8080 ]; + + system.stateVersion = "25.05"; + }; + }; + }; + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = "eth0"; + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; + # Services services = { - + displayManager = { + defaultSession = "xfce+i3"; + }; xserver = { enable = true; - # Enable the GNOME Desktop Environment. - # displayManager.gdm.enable = true; - # desktopManager.gnome.enable = true; - - # displayManager.sddm.enable = true; - # desktopManager.budgie.enable = true; - - # desktopManager.deepin.enable = true; - # displayManager.lightdm.enable = true; - - # displayManager.gdm.enable = true; - # desktopManager.plasma5.enable = true; - displayManager = { - defaultSession = "xfce+i3"; lightdm = { enable = true; greeters.gtk = { @@ -115,7 +158,7 @@ in xterm.enable = false; xfce = { enable = true; - # noDesktop = true; + noDesktop = true; enableXfwm = false; }; }; @@ -149,13 +192,40 @@ in dataDir = "/home/ps/sync"; configDir = "/home/ps/.config/syncthing"; }; + + services.tlp = { + enable = true; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + + PLATFORM_PROFILE_ON_AC = "balanced"; + PLATFORM_PROFILE_ON_BAT = "low-power"; + + CPU_BOOST_ON_AC = "1"; + CPU_BOOST_ON_BAT = "0"; + + AMDGPU_ABM_LEVEL_ON_AC = "0"; + AMDGPU_ABM_LEVEL_ON_BAT = "3"; + + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 20; + + START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge + STOP_CHARGE_THRESH_BAT0 = 85; # 85 and above it stops charging + }; + }; services.udev.extraRules = '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" ''; # OpenGL - # hardware.graphics.enable = true; hardware = { graphics = { enable = true; @@ -166,7 +236,7 @@ in enable = true; support32Bit.enable = true; }; -}; + }; # services.logind = { # extraConfig = "HandlePowerKey=suspend"; @@ -180,13 +250,21 @@ in services.printing.enable = true; services.printing.drivers = [ pkgs.gutenprint ]; + # Enable scanners + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ]; + services.avahi.enable = true; + services.avahi.nssmdns4 = true; + services.avahi.reflector = true; + services.udev.packages = [ pkgs.sane-airscan ]; + # Enable Bluetooth hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = false; services.blueman.enable = true; # Enable sound with pipewire. - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; @@ -216,7 +294,7 @@ in isNormalUser = true; description = "Patrick"; shell = pkgs.bash; - extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" ]; + extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ]; }; sshd = { isSystemUser = true; @@ -280,6 +358,7 @@ in pavucontrol syncthingtray # xfce plugins + xfce.xfce4-panel xfce.xfce4-pulseaudio-plugin # xfce.xfce4-verve-plugin xfce.xfce4-notes-plugin