{ config, lib, pkgs, ... }: with lib; let cfg = config.workstation; in { options.workstation = { enable = mkEnableOption "make my computer work"; user = mkOption { type = types.str; description = "The main user of this PC"; }; battery = mkOption { type = types.bool; default = false; description = "If this device has a battery"; }; fancyBoot = mkOption { type = types.bool; default = true; description = "If to use a prettier booting process"; }; }; config = mkIf cfg.enable { services.devmon.enable = lib.mkDefault true; console = { earlySetup = lib.mkDefault false; }; boot = { consoleLogLevel = lib.mkDefault (if cfg.fancyBoot then 0 else 3); initrd.verbose = lib.mkDefault (!cfg.fancyBoot); plymouth.enable = lib.mkDefault cfg.fancyBoot; kernelParams = lib.mkIf cfg.fancyBoot [ "quiet" "rd.systemd.show_status=auto" "vt.global_cursor_default=0" ]; loader.timeout = lib.mkIf cfg.fancyBoot 0; }; services.avahi = { enable = lib.mkDefault true; nssmdns = lib.mkDefault true; publish = { enable = true; userServices = true; }; }; services.ezpw.enable = lib.mkDefault true; security.pam.services = { swaylock.text = '' auth include login ''; }; services.thermald.enable = lib.mkDefault true; # Don't kill the battery services.upower = { enable = lib.mkDefault cfg.battery; percentageLow = lib.mkDefault 15; percentageCritical = lib.mkDefault 10; percentageAction = lib.mkDefault 5; criticalPowerAction = lib.mkDefault "Hibernate"; }; # Make battery usage sane services.tlp = { enable = lib.mkDefault cfg.battery; settings = { PCIE_ASPM_ON_BAT = lib.mkDefault "powersupersave"; PCIE_ASPM_ON_AC = lib.mkDefault "default"; PLATFORM_PROFILE_ON_BAT = lib.mkDefault "low-power"; PLATFORM_PROFILE_ON_AC = lib.mkDefault "performance"; CPU_SCALING_GOVERNOR_ON_BAT = lib.mkOverride 900 "powersave"; CPU_SCALING_GOVERNOR_ON_AC = lib.mkOverride 900 "performance"; CPU_ENERGY_PERF_POLICY_ON_BAT = lib.mkDefault "power"; CPU_ENERGY_PERF_POLICY_ON_AC = lib.mkDefault "performance"; CPU_BOOST_ON_BAT = lib.mkDefault 0; CPU_BOOST_ON_AC = lib.mkDefault 1; CPU_HWP_DYN_BOOST_ON_BAT = lib.mkDefault 0; CPU_HWP_DYN_BOOST_ON_AC = lib.mkDefault 1; SCHED_POWERSAVE_ON_BAT = lib.mkDefault 1; SCHED_POWERSAVE_ON_AC = lib.mkDefault 0; CPU_MAX_PERF_ON_BAT = lib.mkDefault 30; CPU_MAX_PERF_ON_AC = lib.mkDefault 100; CPU_SCALING_MIN_FREQ_ON_BAT = lib.mkDefault 0; CPU_SCALING_MIN_FREQ_ON_AC = lib.mkDefault 0; CPU_SCALING_MAX_FREQ_ON_BAT = lib.mkDefault 9999999; CPU_SCALING_MAX_FREQ_ON_AC = lib.mkDefault 9999999; }; }; # Video support hardware.opengl = { enable = lib.mkDefault true; driSupport = lib.mkDefault true; # Fix steam driSupport32Bit = lib.mkDefault true; }; # Support for steam hardware hardware.steam-hardware.enable = lib.mkDefault true; # Needed for lots of controller stuff hardware.uinput.enable = lib.mkDefault true; # Optimizes running games, we won't turn it on, but we allow it to work better as a result of our other settings programs.gamemode.settings = {general.renice = 10;}; # Allows realtime stuff, useful for games, audio etc services.udev.extraRules = '' KERNEL=="rtc0", GROUP="users" KERNEL=="hpet", GROUP="users" ''; # Allows more open files, useful for sync software and some other stuff systemd.extraConfig = "DefaultLimitNOFILE=1048576"; security.pam.loginLimits = [ # Allows more open files, useful for sync software and some other stuff { domain = "*"; type = "soft"; item = "nofile"; value = "1048576"; } { domain = "*"; type = "hard"; item = "nofile"; value = "1048576"; } # Allows more locked memory, useful for emulators, some games, etc { domain = "@users"; type = "-"; item = "memlock"; value = "unlimited"; } # Allows greater realtime priority, useful for audio, emulators, games, etc { domain = "@users"; type = "-"; item = "rtprio"; value = "90"; } # Allow becoming less nice, useful for audio, emulators, games, etc { domain = "@users"; type = "-"; item = "nice"; value = "-15"; } ]; # the user should have some basic permissions lol users.users."${cfg.user}" = { extraGroups = [ "adbusers" # run ADB commands "audio" # soundcard access "video" # webcam access (and maybe wayland too?) "libvirtd" # run VMs through libvirt "kvm" # run KVM VMs "lxd" # use LXD containers "sway" # run sway.. I guess? "wheel" # sudo "networkmanager" # use networkmanager? "docker" # docker permission (basically the same as `wheel`) "podman" # podman permission (assuming it's a bit like `docker`) "input" # read some types of inputs? "uinput" # make virtual uinput devices? "scanner" # use scanners "lp" # use printers "plugdev" # rootless mounting and other device permissions ]; subUidRanges = [ { startUid = 100000; count = 65536; } ]; subGidRanges = [ { startGid = 100000; count = 65536; } ]; }; # brightness programs.light.enable = lib.mkDefault true; # make fonts not fucked up fonts.fontconfig.enable = lib.mkDefault true; fonts.enableDefaultFonts = lib.mkDefault true; # Important for steam fonts.fontconfig.cache32Bit = lib.mkDefault true; services.xserver = { libinput = { enable = lib.mkDefault true; mouse.accelProfile = lib.mkDefault "flat"; touchpad.accelProfile = lib.mkDefault "flat"; }; dpi = lib.mkDefault 96; layout = lib.mkDefault "us"; }; networking.networkmanager.wifi.macAddress = lib.mkDefault "random"; networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true; networking.firewall.allowedUDPPortRanges = [ # Used for chromecast bullshit { from = 32768; to = 60999; } { from = 45000; to = 47000; } # Steam remote play { from = 27031; to = 27036; } ]; networking.firewall.allowedTCPPortRanges = [ # Used for chromecast bullshit { from = 45000; to = 47000; } ]; networking.firewall.allowedTCPPorts = [ # Steam remote play 27036 # Sunshine/moonlight streaming 47984 47989 48010 ]; networking.firewall.allowedUDPPorts = [ # Used for upnp or something? 1900 # Sunshine/moonlight streaming 47998 47999 48000 48002 48010 ]; # Shit breaks without this lol programs.dconf.enable = lib.mkDefault true; services.dbus.enable = lib.mkDefault true; services.dbus.packages = with pkgs; [dconf]; # bluetooth hardware.bluetooth.enable = lib.mkDefault true; hardware.bluetooth.settings.General.Enable = lib.mkDefault "Source,Sink,Media,Socket"; }; }