nixos-config/hosts/lifebook/hardware-configuration.nix

#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
#  └─ ./hosts
#      └─ ./laptop
#          └─ hardware-configuration.nix *
#
# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}: {
  imports =
    [(modulesPath + "/installer/scan/not-detected.nix")]
    ++ [(import ../../modules/hardware/backup.nix)];

  boot = {
    initrd = {
      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci"];
      kernelModules = ["i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1"];
      systemd.enable = true;
      luks = {
        devices."crypted" = {
          device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
          allowDiscards = true;
          bypassWorkqueues = true;
        };
      };
    };

    kernelModules = ["kvm-intel"];
    kernelParams = ["luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force"];
    extraModprobeConfig = ''
      options i915 force_probe=!9a49
      options xe force_probe=9a49
    '';
    tmp.useTmpfs = false;
    tmp.cleanOnBoot = true;
  };

  zramSwap.enable = true;

  services = {
    btrfs.autoScrub = {
      enable = true;
      interval = "monthly";
      fileSystems = [
        "/"
      ];
    };
    udev.extraRules = ''
      ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
    '';

    btrbk = {
      extraPackages = [pkgs.lz4 pkgs.mbuffer];
      instances = {
        hf = {
          onCalendar = "hourly";
          settings = {
            incremental = "yes";
            snapshot_create = "ondemand";
            snapshot_dir = "@snapshots";
            timestamp_format = "long";

            snapshot_preserve = "2m 2w 5d 5h";
            snapshot_preserve_min = "latest";

            volume = {
              "/mnt/snapshots/root" = {
                snapshot_create = "always";
                subvolume = {
                  "@home" = {};
                };
              };
            };
          };
        };
        bak = {
          onCalendar = "daily";
          settings = {
            stream_buffer = "256m";
            stream_compress = "lz4";
            incremental = "yes";
            snapshot_create = "no";
            snapshot_dir = "@snapshots";
            timestamp_format = "long";

            snapshot_preserve_min = "all";
            target_preserve_min = "no";
            target_preserve = "4w 3d";

            ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
            ssh_user = "btrbk";

            volume = {
              "/mnt/snapshots/root" = {
                subvolume = {
                  "@home" = {};
                };
                target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
              };
            };
          };
        };
      };
    };

    tuned = {
      enable = true;
      profiles = {
        balanced_powertop = {
          main = {
            include = "balanced";
          };
          sysfs = {
            "/sys/class/net/wlan0/device/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/usb3/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/usb1/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/3-9/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/usb4/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/3-10/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/usb2/power/wakeup" = "enabled";
            "/sys/bus/usb/devices/3-5/power/wakeup" = "enabled";
          };
        };
        balanced-battery_powertop = {
          main = {
            include = "balanced-battery";
          };
          sysfs = {
            "/sys/class/net/wlan0/device/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/usb3/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/usb1/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/3-9/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/usb4/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/3-10/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/usb2/power/wakeup" = "disabled";
            "/sys/bus/usb/devices/3-5/power/wakeup" = "disabled";
          };
        };
      };
    };
  };

  systemd.timers = {
    btrbk-bak = {
      after = ["network-online.target"];
      requires = ["network-online.target"];
    };
  };

  fileSystems."/" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async"];
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
  };

  fileSystems."/home" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async"];
  };

  fileSystems."/nix" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async"];
  };

  fileSystems."/srv" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async"];
  };

  fileSystems."/swap" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async"];
  };

  fileSystems."/opt" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async"];
  };

  fileSystems."/var" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async"];
  };

  fileSystems."/mnt/snapshots/root" = {
    device = "/dev/mapper/crypted";
    fsType = "btrfs";
    options = ["compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async"];
  };

  fileSystems."/mnt/Pluto" = {
    device = "jupiter.home.opel-online.de:/Pluto";
    fsType = "nfs";
    options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };

  fileSystems."/mnt/Mars" = {
    device = "jupiter.home.opel-online.de:/Mars";
    fsType = "nfs";
    options = ["nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2"];
  };

  swapDevices = [{device = "/swap/swapfile";}];

  networking = {
    useDHCP = false; # Deprecated
    hostName = "lifebook";
    wireless.iwd.enable = true;
    networkmanager = {
      enable = true;
      wifi = {
        backend = "iwd";
        powersave = true;
      };
    };
    #    interfaces = {
    #      wlan0 = {
    #        useDHCP = true;                     # For versatility sake, manually edit IP on nm-applet.
    #        #ipv4.addresses = [ {
    #        #    address = "192.168.0.51";
    #        #    prefixLength = 24;
    #        #} ];
    #      };
    #    };
    #defaultGateway = "192.168.0.1";
    #nameservers = [ "192.168.0.4" ];
    firewall = {
      checkReversePath = false;
      enable = true;
      allowedUDPPorts = [24727 51820];
      allowedTCPPorts = [24727];
    };
  };

  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  #  powerManagement = {
  #    powertop.enable = true;
  #  };
}