296 lines
7.5 KiB
Nix
296 lines
7.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.workstation;
|
|
in {
|
|
options.workstation = {
|
|
enable = mkEnableOption "make my computer work";
|
|
|
|
user = mkOption {
|
|
type = types.str;
|
|
description = "The main user of this PC";
|
|
};
|
|
|
|
battery = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "If this device has a battery";
|
|
};
|
|
|
|
fancyBoot = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "If to use a prettier booting process";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.devmon.enable = lib.mkDefault true;
|
|
|
|
console = {
|
|
earlySetup = lib.mkDefault false;
|
|
};
|
|
|
|
boot = {
|
|
consoleLogLevel = lib.mkDefault (
|
|
if cfg.fancyBoot
|
|
then 0
|
|
else 3
|
|
);
|
|
initrd.verbose = lib.mkDefault (!cfg.fancyBoot);
|
|
plymouth.enable = lib.mkDefault cfg.fancyBoot;
|
|
kernelParams = lib.mkIf cfg.fancyBoot [
|
|
"quiet"
|
|
"rd.systemd.show_status=auto"
|
|
"vt.global_cursor_default=0"
|
|
];
|
|
|
|
loader.timeout = lib.mkIf cfg.fancyBoot 0;
|
|
};
|
|
|
|
services.avahi = {
|
|
enable = lib.mkDefault true;
|
|
nssmdns4 = lib.mkDefault true;
|
|
|
|
publish = {
|
|
enable = true;
|
|
userServices = true;
|
|
};
|
|
};
|
|
|
|
services.ezpw.enable = lib.mkDefault true;
|
|
|
|
security.pam.services = {
|
|
swaylock.text = ''
|
|
auth include login
|
|
'';
|
|
};
|
|
|
|
services.thermald.enable = lib.mkDefault true;
|
|
|
|
# Don't kill the battery
|
|
services.upower = {
|
|
enable = lib.mkDefault cfg.battery;
|
|
percentageLow = lib.mkDefault 15;
|
|
percentageCritical = lib.mkDefault 10;
|
|
percentageAction = lib.mkDefault 5;
|
|
criticalPowerAction = lib.mkDefault "Hibernate";
|
|
};
|
|
|
|
# Make battery usage sane
|
|
services.tlp = {
|
|
enable = lib.mkDefault cfg.battery;
|
|
settings = {
|
|
PCIE_ASPM_ON_BAT = lib.mkDefault "powersupersave";
|
|
PCIE_ASPM_ON_AC = lib.mkDefault "default";
|
|
|
|
PLATFORM_PROFILE_ON_BAT = lib.mkDefault "low-power";
|
|
PLATFORM_PROFILE_ON_AC = lib.mkDefault "performance";
|
|
|
|
CPU_SCALING_GOVERNOR_ON_BAT = lib.mkOverride 900 "powersave";
|
|
CPU_SCALING_GOVERNOR_ON_AC = lib.mkOverride 900 "performance";
|
|
|
|
CPU_ENERGY_PERF_POLICY_ON_BAT = lib.mkDefault "power";
|
|
CPU_ENERGY_PERF_POLICY_ON_AC = lib.mkDefault "performance";
|
|
|
|
CPU_BOOST_ON_BAT = lib.mkDefault 0;
|
|
CPU_BOOST_ON_AC = lib.mkDefault 1;
|
|
|
|
CPU_HWP_DYN_BOOST_ON_BAT = lib.mkDefault 0;
|
|
CPU_HWP_DYN_BOOST_ON_AC = lib.mkDefault 1;
|
|
|
|
SCHED_POWERSAVE_ON_BAT = lib.mkDefault 1;
|
|
SCHED_POWERSAVE_ON_AC = lib.mkDefault 0;
|
|
|
|
CPU_MAX_PERF_ON_BAT = lib.mkDefault 30;
|
|
CPU_MAX_PERF_ON_AC = lib.mkDefault 100;
|
|
|
|
CPU_SCALING_MIN_FREQ_ON_BAT = lib.mkDefault 0;
|
|
CPU_SCALING_MIN_FREQ_ON_AC = lib.mkDefault 0;
|
|
|
|
CPU_SCALING_MAX_FREQ_ON_BAT = lib.mkDefault 9999999;
|
|
CPU_SCALING_MAX_FREQ_ON_AC = lib.mkDefault 9999999;
|
|
};
|
|
};
|
|
|
|
# Video support
|
|
hardware.graphics = {
|
|
enable = lib.mkDefault true;
|
|
# Fix steam
|
|
enable32Bit = lib.mkDefault true;
|
|
};
|
|
|
|
# Support for steam hardware
|
|
hardware.steam-hardware.enable = lib.mkDefault true;
|
|
|
|
# Needed for lots of controller stuff
|
|
hardware.uinput.enable = lib.mkDefault true;
|
|
|
|
# Optimizes running games, we won't turn it on, but we allow it to work better as a result of our other settings
|
|
programs.gamemode.settings = {general.renice = 10;};
|
|
|
|
# Allows realtime stuff, useful for games, audio etc
|
|
services.udev.extraRules = ''
|
|
KERNEL=="rtc0", GROUP="users"
|
|
KERNEL=="hpet", GROUP="users"
|
|
'';
|
|
|
|
# Allows more open files, useful for sync software and some other stuff
|
|
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
|
|
security.pam.loginLimits = [
|
|
# Allows more open files, useful for sync software and some other stuff
|
|
{
|
|
domain = "*";
|
|
type = "soft";
|
|
item = "nofile";
|
|
value = "1048576";
|
|
}
|
|
{
|
|
domain = "*";
|
|
type = "hard";
|
|
item = "nofile";
|
|
value = "1048576";
|
|
}
|
|
|
|
# Allows more locked memory, useful for emulators, some games, etc
|
|
{
|
|
domain = "@users";
|
|
type = "-";
|
|
item = "memlock";
|
|
value = "unlimited";
|
|
}
|
|
|
|
# Allows greater realtime priority, useful for audio, emulators, games, etc
|
|
{
|
|
domain = "@users";
|
|
type = "-";
|
|
item = "rtprio";
|
|
value = "90";
|
|
}
|
|
|
|
# Allow becoming less nice, useful for audio, emulators, games, etc
|
|
{
|
|
domain = "@users";
|
|
type = "-";
|
|
item = "nice";
|
|
value = "-15";
|
|
}
|
|
];
|
|
|
|
# the user should have some basic permissions lol
|
|
users.users."${cfg.user}" = {
|
|
extraGroups = [
|
|
"adbusers" # run ADB commands
|
|
"audio" # soundcard access
|
|
"video" # webcam access (and maybe wayland too?)
|
|
"libvirtd" # run VMs through libvirt
|
|
"kvm" # run KVM VMs
|
|
"lxd" # use LXD containers
|
|
"sway" # run sway.. I guess?
|
|
"wheel" # sudo
|
|
"networkmanager" # use networkmanager?
|
|
"docker" # docker permission (basically the same as `wheel`)
|
|
"podman" # podman permission (assuming it's a bit like `docker`)
|
|
"input" # read some types of inputs?
|
|
"uinput" # make virtual uinput devices?
|
|
"scanner" # use scanners
|
|
"lp" # use printers
|
|
"plugdev" # rootless mounting and other device permissions
|
|
];
|
|
|
|
subUidRanges = [
|
|
{
|
|
startUid = 100000;
|
|
count = 65536;
|
|
}
|
|
];
|
|
subGidRanges = [
|
|
{
|
|
startGid = 100000;
|
|
count = 65536;
|
|
}
|
|
];
|
|
};
|
|
|
|
# brightness
|
|
programs.light.enable = lib.mkDefault true;
|
|
|
|
# make fonts not fucked up
|
|
fonts.fontconfig.enable = lib.mkDefault true;
|
|
fonts.enableDefaultPackages = lib.mkDefault true;
|
|
# Important for steam
|
|
fonts.fontconfig.cache32Bit = lib.mkDefault true;
|
|
services.libinput = {
|
|
enable = lib.mkDefault true;
|
|
mouse.accelProfile = lib.mkDefault "flat";
|
|
touchpad.accelProfile = lib.mkDefault "flat";
|
|
};
|
|
services.xserver = {
|
|
dpi = lib.mkDefault 96;
|
|
xkb.layout = lib.mkDefault "us";
|
|
};
|
|
|
|
networking.networkmanager.wifi.macAddress = lib.mkDefault "random";
|
|
networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;
|
|
|
|
networking.firewall.allowedUDPPortRanges = [
|
|
# Used for chromecast bullshit
|
|
{
|
|
from = 32768;
|
|
to = 60999;
|
|
}
|
|
{
|
|
from = 45000;
|
|
to = 47000;
|
|
}
|
|
# Steam remote play
|
|
{
|
|
from = 27031;
|
|
to = 27036;
|
|
}
|
|
];
|
|
|
|
networking.firewall.allowedTCPPortRanges = [
|
|
# Used for chromecast bullshit
|
|
{
|
|
from = 45000;
|
|
to = 47000;
|
|
}
|
|
];
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
# Steam remote play
|
|
27036
|
|
# Sunshine/moonlight streaming
|
|
47984
|
|
47989
|
|
48010
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
# Used for upnp or something?
|
|
1900
|
|
# Sunshine/moonlight streaming
|
|
47998
|
|
47999
|
|
48000
|
|
48002
|
|
48010
|
|
];
|
|
|
|
# Shit breaks without this lol
|
|
programs.dconf.enable = lib.mkDefault true;
|
|
services.dbus.enable = lib.mkDefault true;
|
|
services.dbus.packages = with pkgs; [dconf];
|
|
|
|
# bluetooth
|
|
hardware.bluetooth.enable = lib.mkDefault true;
|
|
hardware.bluetooth.settings.General.Enable =
|
|
lib.mkDefault "Source,Sink,Media,Socket";
|
|
};
|
|
}
|