host/thinkpad: split into modules

2025-04-25 16:08:30 +02:00 · 2023-11-24 09:57:15 +01:00 · 2023-11-24 09:57:15 +01:00 · aa2c1e702c
commit aa2c1e702c
parent 70a6695ca1
13 changed files with 153 additions and 160 deletions
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -1,35 +1,20 @@
-{ config, pkgs, lib, agenix, ... }:
+{ config, pkgs, ... }:
 {

  imports =
    [
      ./hardware-configuration.nix
      ./modules/backup
-      ./modules/networks
+      ./modules/graphics
      ./modules/greetd
+      ./modules/networks
+      ./modules/security
+      ./modules/sound
      ./modules/virtualisation
    ];

  # Use the systemd-boot EFI boot loader.
-  # boot.initrd.systemd.additionalUpstreamUnits = [ "systemd-vconsole-setup.service" ];
  boot = {
-    # Lanzaboote currently replaces the systemd-boot module.
-    # This setting is usually set to true in configuration.nix
-    # generated at installation time. So we force it to false
-    # for now.
-    loader.systemd-boot.enable = lib.mkForce false;
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-      configurationLimit = 10;
-    };
-    extraModulePackages = [
-      config.boot.kernelPackages.v4l2loopback.out
-    ];
-
-
-    loader.systemd-boot.editor = false;
-    loader.efi.canTouchEfiVariables = true;
    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
    tmp.useTmpfs = true;
  };
@ -48,105 +33,29 @@
      "/etc/machine-id"
    ];
  };
-  age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    keyMap = "dvorak";
-    colors = let colors = config.home-manager.users.rouven.colorScheme.colors; in
-      [
-        colors.base00
-        colors.base08
-        colors.base0A
-        colors.base0B
-        colors.base0D
-        colors.base0E
-        colors.base0C
-        colors.base05

-        colors.base03
-        colors.base08
-        colors.base0A
-        colors.base0B
-        colors.base0D
-        colors.base0E
-        colors.base0C
-        colors.base07
-      ];
-  };
+  console.keyMap = "dvorak";

-  fonts = {
-    enableDefaultPackages = false;
-    packages = with pkgs;
-      [
-        nerdfonts
-        noto-fonts
-        noto-fonts-cjk
-        noto-fonts-emoji
-        dejavu_fonts
-        fira
-      ];
-  };
-  # Enable sound.
-  sound.enable = true;
-  #hardware.pulseaudio.enable = true;
-  hardware.bluetooth.enable = true;
-
-  security = {
-    polkit.enable = true;
-  };
-
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-  };
-  xdg.portal = {
-    enable = true;
-    extraPortals = [
-      pkgs.xdg-desktop-portal-wlr
-    ];
-  };
-
-
-  # control display backlight
-  programs.light.enable = true;

  services = {
-    # homed.enable = true;
    blueman.enable = true; # bluetooth
    devmon.enable = true; # automount stuff
-    # printing = {
-    #   enable = true;
-    #   stateless = true;
-    #   browsedConf = ''
-    #     BrowsePoll tomate.local
-    #     BrowsePoll cups.agdsn.network
-    #     LocalQueueNamingRemoteCUPS RemoteName
-    #   '';
-    # };
    avahi = {
-      # autodiscover printers
      enable = true;
      nssmdns = true;
    };
-    fprintd.enable = true; # log in using fingerprint
    fwupd.enable = true; # firmware updates
    zfs.autoScrub.enable = true;
  };
-
-  programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work
-
-  programs.ausweisapp = {
-    enable = true;
-    openFirewall = true;
-  };
+  hardware.bluetooth.enable = true;

  systemd.sleep.extraConfig = ''
    HibernateDelaySec=2h
  '';
+
  services.logind = {
    lidSwitch = "suspend-then-hibernate";
    lidSwitchDocked = "suspend-then-hibernate";
@ -155,6 +64,7 @@
      HandlePowerKey = ignore
    '';
  };
+
  services.tlp = {
    enable = true;
    settings = {
@ -163,55 +73,6 @@
    };
  };

-  security.tpm2 = {
-    enable = true;
-    pkcs11.enable = true;
-    abrmd.enable = true;
-    tctiEnvironment.enable = true;
-  };
-
-  hardware.opengl.extraPackages = with pkgs; [
-    intel-compute-runtime
-    intel-media-driver
-  ];
-
-  environment.systemPackages = with pkgs; [
-    # hardware utilities
-    nvme-cli
-    intel-gpu-tools
-    tpm2-tools
-    lm_sensors
-    pciutils
-
-    # system essentials
-    htop-vim
-    lsof
-    killall
-    zip
-    unzip
-    sbctl
-    man-pages
-    cups
-    agenix.packages.x86_64-linux.default
-    mosh
-    qpwgraph
-  ];
-
-  programs.java.enable = true;
-  programs.wireshark = {
-    enable = true;
-    package = pkgs.wireshark-qt;
-  };
-  security.wrappers.etherape = {
-    source = "${pkgs.etherape}/bin/etherape";
-    capabilities = "cap_net_raw,cap_net_admin+eip";
-    owner = "root";
-    group = "wireshark"; # too lazy to create a new one
-    permissions = "u+rx,g+x";
-  };
-
  documentation.dev.enable = true;
-
-
  system.stateVersion = "22.11";
 }