Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: fixes for initial lifebook

Browse Source 
add lanzaboote lifebook
This commit is contained in:
Kabbone 2024-08-10 06:08:14 +02:00
parent e5db869b82
commit b05a692b47
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
3 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/default.nix
View File

@ -63,6 +63,7 @@ in
specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; }; specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
lanzaboote.nixosModule.lanzaboote
./lifebook ./lifebook
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix ../modules/hardware/hydraCache.nix

21
hosts/lifebook/default.nix
View File

@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, ... }: { lib, config, pkgs, user, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
@ -32,13 +32,18 @@
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = lib.mkForce false;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
}; };
timeout = 1; # Grub auto select time timeout = 1; # Grub auto select time
}; };
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}; };
# hardware.sane = { # Used for scanning with Xsane # hardware.sane = { # Used for scanning with Xsane
@ -51,9 +56,8 @@
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
# simple-scan linux-firmware
intel-media-driver intel-media-driver
# alacritty
]; ];
}; };
@ -62,14 +66,7 @@
}; };
services = { services = {
tlp = { logind.lidSwitch = "hibernate"; # Laptop does not go to sleep when lid is closed
enable = true; # TLP and auto-cpufreq for power management
settings = {
USB_DENYLIST="fc32:1287 1e7d:2e4a 1d5c:5500 1d5c:5510";
};
};
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
printing = { # Printing and drivers for TS5300 printing = { # Printing and drivers for TS5300

15
hosts/lifebook/hardware-configuration.nix
View File

@ -32,10 +32,10 @@
}; };
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" ]; kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" ];
# extraModprobeConfig = '' extraModprobeConfig = ''
# options i915 enable_guc=3 enable_fbc=1 fastboot=1 options i915 enable_guc=3
# ''; '';
tmp.useTmpfs = false; tmp.useTmpfs = false;
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
}; };
@ -174,16 +174,15 @@
#defaultGateway = "192.168.0.1"; #defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ]; #nameservers = [ "192.168.0.4" ];
firewall = { firewall = {
checkReversePath = "loose"; checkReversePath = "false";
enable = true; enable = true;
allowedUDPPorts = [ 24727 ]; allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ]; allowedTCPPorts = [ 24727 ];
}; };
}; };
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = { powerManagement = {
#cpuFreqGovernor = lib.mkDefault "schedutil"; powertop.enable = true;
#powertop.enable = true;
}; };
} }