notgne2/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixfiles/modules/workstation.nix
notgne2 e70c974289
workstation perf tweaks
2025-11-20 12:15:48 -07:00

279 lines
6.9 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.workstation;
in {
options.workstation = {
enable = mkEnableOption "make my computer work";
user = mkOption {
type = types.str;
description = "The main user of this PC";
};
battery = mkOption {
type = types.bool;
default = false;
description = "If this device has a battery";
};
fancyBoot = mkOption {
type = types.bool;
default = true;
description = "If to use a prettier booting process";
};
};
config = mkIf cfg.enable {
services.gvfs.enable = lib.mkDefault true;
services.udisks2.enable = lib.mkDefault true;
console = {
earlySetup = lib.mkDefault false;
};
boot = {
consoleLogLevel = lib.mkDefault (
if cfg.fancyBoot
then 0
else 3
);
initrd.verbose = lib.mkDefault (!cfg.fancyBoot);
plymouth.enable = lib.mkDefault cfg.fancyBoot;
kernelParams = lib.mkIf cfg.fancyBoot [
"quiet"
"rd.systemd.show_status=auto"
"vt.global_cursor_default=0"
];
loader.timeout = lib.mkIf cfg.fancyBoot 0;
};
services.avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
publish = {
enable = true;
userServices = true;
};
};
services.ezpw.enable = lib.mkDefault true;
services.thermald.enable = lib.mkDefault true;
# Don't kill the battery
services.upower.enable = lib.mkDefault cfg.battery;
# Make battery usage and performance sane
# hardware.system76.power-daemon.enable = lib.mkDefault true;
zramSwap.enable = true;
services.tlp.enable = false;
services.power-profiles-daemon.enable = lib.mkDefault false;
services.system76-scheduler = {
enable = lib.mkDefault true;
exceptions = lib.mkDefault [
"include descends=\"schedtool\""
"include descends=\"nice\""
"include descends=\"chrt\""
"include descends=\"taskset\""
"include descends=\"ionice\""
"schedtool"
"nice"
"chrt"
"ionice"
"dbus"
"dbus-broker"
"rtkit-daemon"
"taskset"
"systemd"
];
};
services.tuned = {
enable = lib.mkDefault true;
settings.dynamic_tuning = lib.mkDefault true;
ppdSettings.battery = lib.mkIf cfg.battery {
balanced = lib.mkDefault "balanced-battery";
power-saver = lib.mkDefault "laptop-battery-powersave";
};
};
# Video support
hardware.graphics = {
enable = lib.mkDefault true;
# Fix steam
enable32Bit = lib.mkDefault true;
};
# Support for steam hardware
hardware.steam-hardware.enable = lib.mkDefault true;
# Needed for lots of controller stuff
hardware.uinput.enable = lib.mkDefault true;
# Optimizes running games, we won't turn it on, but we allow it to work better as a result of our other settings
programs.gamemode.settings = {general.renice = 10;};
# Allows realtime stuff, useful for games, audio etc
services.udev.extraRules = ''
KERNEL=="rtc0", GROUP="users"
KERNEL=="hpet", GROUP="users"
'';
# Allows more open files, useful for sync software and some other stuff
systemd.settings.Manager.DefaultLimitNOFILE = "1048576";
security.pam.loginLimits = [
# Allows more open files, useful for sync software and some other stuff
{
domain = "*";
type = "soft";
item = "nofile";
value = "1048576";
}
{
domain = "*";
type = "hard";
item = "nofile";
value = "1048576";
}
# Allows more locked memory, useful for emulators, some games, etc
{
domain = "@users";
type = "-";
item = "memlock";
value = "unlimited";
}
# Allows greater realtime priority, useful for audio, emulators, games, etc
{
domain = "@users";
type = "-";
item = "rtprio";
value = "90";
}
# Allow becoming less nice, useful for audio, emulators, games, etc
{
domain = "@users";
type = "-";
item = "nice";
value = "-15";
}
];
# the user should have some basic permissions lol
users.users."${cfg.user}" = {
extraGroups = [
"adbusers" # run ADB commands
"audio" # soundcard access
"rtkit" # realtime stuff?
"video" # webcam access (and maybe wayland too?)
"libvirtd" # run VMs through libvirt
"kvm" # run KVM VMs
"lxd" # use LXD containers
"wheel" # sudo
"networkmanager" # use networkmanager?
"docker" # docker permission (basically the same as `wheel`)
"podman" # podman permission (assuming it's a bit like `docker`)
"input" # read some types of inputs?
"uinput" # make virtual uinput devices?
"scanner" # use scanners
"lp" # use printers
"plugdev" # rootless mounting and other device permissions
];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
};
# brightness
programs.light.enable = lib.mkDefault true;
# make fonts not fucked up
fonts.fontconfig.enable = lib.mkDefault true;
fonts.enableDefaultPackages = lib.mkDefault true;
# Important for steam
fonts.fontconfig.cache32Bit = lib.mkDefault true;
services.libinput = {
enable = lib.mkDefault true;
mouse.accelProfile = lib.mkDefault "flat";
touchpad.accelProfile = lib.mkDefault "flat";
};
networking.networkmanager.wifi.macAddress = lib.mkDefault "random";
networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;
networking.firewall.allowedUDPPortRanges = [
# Used for chromecast bullshit
{
from = 32768;
to = 60999;
}
{
from = 45000;
to = 47000;
}
# Steam remote play
{
from = 27031;
to = 27036;
}
];
networking.firewall.allowedTCPPortRanges = [
# Used for chromecast bullshit
{
from = 45000;
to = 47000;
}
];
networking.firewall.allowedTCPPorts = [
# Steam remote play
27036
# Sunshine/moonlight streaming
47984
47989
48010
];
networking.firewall.allowedUDPPorts = [
# Used for upnp or something?
1900
# Sunshine/moonlight streaming
47998
47999
48000
48002
48010
];
# Shit breaks without this lol
programs.dconf.enable = lib.mkDefault true;
services.dbus.enable = lib.mkDefault true;
services.dbus.packages = with pkgs; [dconf];
# bluetooth
hardware.bluetooth.enable = lib.mkDefault true;
hardware.bluetooth.settings.General.Enable =
lib.mkDefault "Source,Sink,Media,Socket";
};
}
Reference in a new issue View git blame Copy permalink