diff --git a/darwin/hardware/imac-2017/hardware.nix b/darwin/hardware/apple/imac/18-3/default.nix similarity index 100% rename from darwin/hardware/imac-2017/hardware.nix rename to darwin/hardware/apple/imac/18-3/default.nix diff --git a/flake.nix b/flake.nix index b518490..c34db9a 100755 --- a/flake.nix +++ b/flake.nix @@ -202,7 +202,7 @@ ./users/guanranwang/nixos/profiles/desktop/addtional/torrenting.nix # Hardware - ./nixos/hardware/81fw-lenovo-legion-y7000/Aristotle + ./nixos/hardware/lenovo/legion/81fw/Aristotle {networking.hostName = "Aristotle";} ]; @@ -220,7 +220,7 @@ ./users/guanranwang/darwin/profiles/desktop ./users/guanranwang/darwin/profiles/core/addtional/networking/clash-meta-client.nix - ./darwin/hardware/imac-2017 + ./darwin/hardware/apple/imac/18-3 {networking.hostName = "Plato";} ]; diff --git a/nixos/hardware/81fw-lenovo-legion-y7000/default.nix b/nixos/hardware/81fw-lenovo-legion-y7000/default.nix deleted file mode 100644 index b377e8f..0000000 --- a/nixos/hardware/81fw-lenovo-legion-y7000/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./hardware.nix - ]; -} diff --git a/nixos/hardware/imac-2017/hardware.nix b/nixos/hardware/apple/imac/18-3/default.nix old mode 100755 new mode 100644 similarity index 84% rename from nixos/hardware/imac-2017/hardware.nix rename to nixos/hardware/apple/imac/18-3/default.nix index 5b6c5d7..c1922a7 --- a/nixos/hardware/imac-2017/hardware.nix +++ b/nixos/hardware/apple/imac/18-3/default.nix @@ -4,11 +4,11 @@ ... }: { imports = [ - ../hardware/misc/audio.nix - ../hardware/misc/bluetooth.nix - ../hardware/misc/opengl.nix - ../hardware/cpu/intel.nix - ../hardware/gpu/amd.nix + ../../../hardware/misc/audio.nix + ../../../hardware/misc/bluetooth.nix + ../../../hardware/misc/opengl.nix + ../../../hardware/cpu/intel.nix + ../../../hardware/gpu/amd.nix (modulesPath + "/hardware/network/broadcom-43xx.nix") (modulesPath + "/installer/scan/not-detected.nix") # what is this ]; diff --git a/nixos/hardware/hardware/cpu/intel.nix b/nixos/hardware/hardware/cpu/intel.nix deleted file mode 100755 index 98719c9..0000000 --- a/nixos/hardware/hardware/cpu/intel.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - boot.kernelModules = ["kvm-intel"]; - hardware.cpu.intel.updateMicrocode = true; - nixpkgs.hostPlatform = "x86_64-linux"; -} diff --git a/nixos/hardware/hardware/gpu/amd.nix b/nixos/hardware/hardware/gpu/amd.nix deleted file mode 100644 index 0e4387b..0000000 --- a/nixos/hardware/hardware/gpu/amd.nix +++ /dev/null @@ -1,25 +0,0 @@ -{pkgs, ...}: -# FOLLOWING https://nixos.wiki/wiki/AMD_GPU DIRECTLY -# I HAVE NO IDEA WHAT AM I DOING -{ - boot.initrd.kernelModules = ["amdgpu"]; - services.xserver.videoDrivers = ["amdgpu"]; - - # OpenCL - hardware.opengl = { - extraPackages = with pkgs; [ - amdvlk - rocm-opencl-icd - rocm-opencl-runtime - ]; - # Only available on unstable - extraPackages32 = with pkgs; [ - driversi686Linux.amdvlk - ]; - }; - - # HIP - systemd.tmpfiles.rules = [ - "L+ /opt/rocm/hip - - - - ${pkgs.hip}" - ]; -} diff --git a/nixos/hardware/hardware/gpu/intel.nix b/nixos/hardware/hardware/gpu/intel.nix deleted file mode 100644 index fcaafa6..0000000 --- a/nixos/hardware/hardware/gpu/intel.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: -# Following https://nixos.wiki/wiki/Intel_Graphics -{ - boot.initrd.kernelModules = ["i915"]; # if not enabled, plymouth's distro logo wont show for some reason - nixpkgs.config.packageOverrides = pkgs: {vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};}; - - hardware.opengl = { - extraPackages = with pkgs; [ - intel-media-driver # libva_driver_name=ihd - vaapiIntel # libva_driver_name=i965 (older but works better for firefox/chromium) - vaapiVdpau - libvdpau-va-gl - intel-compute-runtime # intel opencl - intel-media-driver # intel vaapi - ]; - extraPackages32 = with pkgs; [pkgsi686Linux.vaapiIntel]; - }; -} diff --git a/nixos/hardware/hardware/gpu/nvidia-prime.nix b/nixos/hardware/hardware/gpu/nvidia-prime.nix deleted file mode 100755 index cb8b7a0..0000000 --- a/nixos/hardware/hardware/gpu/nvidia-prime.nix +++ /dev/null @@ -1,18 +0,0 @@ -{...}: -# Nvidia Prime ( multi gpu on laptop ) -{ - hardware.nvidia.prime = { - sync.enable = false; - - ### Device specific, please put those configuration in `machines/your-machine.nix` - # nvidiaBusId = "PCI:1:0:0"; - # intelBusId = "PCI:0:2:0"; - offload = { - enable = true; - enableOffloadCmd = true; - }; - }; - environment.sessionVariables = { - "GAMEMODERUNEXEC" = "env __NV_PRIME_RENDER_OFFLOAD=1 __GLX_VENDOR_LIBRARY_NAME=nvidia __VK_LAYER_NV_optimus=NVIDIA_only"; # gamemode: nvidia offload - }; -} diff --git a/nixos/hardware/hardware/gpu/nvidia.nix b/nixos/hardware/hardware/gpu/nvidia.nix deleted file mode 100755 index e6e624c..0000000 --- a/nixos/hardware/hardware/gpu/nvidia.nix +++ /dev/null @@ -1,16 +0,0 @@ -{config, ...}: -# NVIDIA drivers -# fuck you nvidia btw -{ - services.xserver.videoDrivers = ["nvidia"]; # tell xorg to use the nvidia driver, also valid for wayland - hardware.nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.stable; - open = false; - modesetting.enable = true; - #dynamicboost.enable = true; - powerManagement = { - enable = true; # experimental power management feature - #finegrained = true; - }; - }; -} diff --git a/nixos/hardware/hardware/misc/audio.nix b/nixos/hardware/hardware/misc/audio.nix deleted file mode 100755 index 51da0ea..0000000 --- a/nixos/hardware/hardware/misc/audio.nix +++ /dev/null @@ -1,16 +0,0 @@ -{lib, ...}: -# Audio system (pipewire) -{ - security.rtkit.enable = true; - hardware.pulseaudio.enable = lib.mkDefault false; - services.pipewire = { - enable = lib.mkDefault true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - alsa = { - enable = true; - support32Bit = true; - }; - }; -} diff --git a/nixos/hardware/hardware/misc/bluetooth.nix b/nixos/hardware/hardware/misc/bluetooth.nix deleted file mode 100755 index 0d2526f..0000000 --- a/nixos/hardware/hardware/misc/bluetooth.nix +++ /dev/null @@ -1,13 +0,0 @@ -{pkgs, ...}: -# Bluetooth -{ - # Bluetooth manager - #services.blueman.enable = true; - environment.systemPackages = with pkgs; [blueberry]; - - # Bluetooth service - hardware.bluetooth = { - enable = true; - settings.General.FastConnectable = true; - }; -} diff --git a/nixos/hardware/hardware/misc/opengl.nix b/nixos/hardware/hardware/misc/opengl.nix deleted file mode 100755 index 4806140..0000000 --- a/nixos/hardware/hardware/misc/opengl.nix +++ /dev/null @@ -1,11 +0,0 @@ -{...}: -# OpenGL -{ - hardware = { - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; - }; -} diff --git a/nixos/hardware/hardware/misc/tpm.nix b/nixos/hardware/hardware/misc/tpm.nix deleted file mode 100644 index 9d5c25f..0000000 --- a/nixos/hardware/hardware/misc/tpm.nix +++ /dev/null @@ -1,10 +0,0 @@ -{...}: { - # TPM is currently broken on latest kernel, - # but luckily, linux-zen have a patch for it - # UPDATE: it got fixed in 6.5.3 - security.tpm2 = { - enable = true; - pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - tctiEnvironment.enable = true; # tpm2tools_tcti and tpm2_pkcs11_tcti env variables - }; -} diff --git a/nixos/hardware/imac-2017/default.nix b/nixos/hardware/imac-2017/default.nix deleted file mode 100644 index b377e8f..0000000 --- a/nixos/hardware/imac-2017/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./hardware.nix - ]; -} diff --git a/nixos/hardware/81fw-lenovo-legion-y7000/Aristotle/default.nix b/nixos/hardware/lenovo/legion/81fw/Aristotle/default.nix similarity index 51% rename from nixos/hardware/81fw-lenovo-legion-y7000/Aristotle/default.nix rename to nixos/hardware/lenovo/legion/81fw/Aristotle/default.nix index 9b9c569..dd7199b 100644 --- a/nixos/hardware/81fw-lenovo-legion-y7000/Aristotle/default.nix +++ b/nixos/hardware/lenovo/legion/81fw/Aristotle/default.nix @@ -1,9 +1,9 @@ {...}: { imports = [ ../default.nix - ../../../../nixos/flake-modules/lanzaboote.nix - ../../../../nixos/flake-modules/impermanence.nix - ../../../../nixos/flake-modules/disko.nix + ../../../../../flake-modules/lanzaboote.nix + ../../../../../flake-modules/impermanence.nix + ../../../../../flake-modules/disko.nix ]; _module.args.disks = ["/dev/nvme0n1"]; # Disko diff --git a/nixos/hardware/81fw-lenovo-legion-y7000/hardware.nix b/nixos/hardware/lenovo/legion/81fw/default.nix old mode 100755 new mode 100644 similarity index 74% rename from nixos/hardware/81fw-lenovo-legion-y7000/hardware.nix rename to nixos/hardware/lenovo/legion/81fw/default.nix index 0c97c01..ded7b09 --- a/nixos/hardware/81fw-lenovo-legion-y7000/hardware.nix +++ b/nixos/hardware/lenovo/legion/81fw/default.nix @@ -4,19 +4,23 @@ ... }: { imports = [ - ../hardware/misc/audio.nix - ../hardware/misc/bluetooth.nix - ../hardware/misc/opengl.nix - ../hardware/misc/tpm.nix - ../hardware/cpu/intel.nix - ../hardware/gpu/intel.nix - ../hardware/gpu/nvidia.nix - ../hardware/gpu/nvidia-prime.nix (modulesPath + "/installer/scan/not-detected.nix") # what is this ]; + myFlake.nixos.hardware = { + cpu.intel.enable = true; + + gpu.intel.enable = true; + gpu.nvidia.enable = true; + gpu.nvidia.prime = true; + + misc.audio.enable = true; + misc.bluetooth.enable = true; + misc.fstrim.enable = true; + misc.tpm.enable = true; + }; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid"]; - services.fstrim.enable = true; # Nvidia PRIME hardware.nvidia.prime = { diff --git a/nixos/modules/boot/boot.nix b/nixos/modules/boot/boot.nix index 37c7f47..0e1dafd 100755 --- a/nixos/modules/boot/boot.nix +++ b/nixos/modules/boot/boot.nix @@ -2,38 +2,42 @@ config, lib, ... -}: { +}: let + cfg = config.myFlake.nixos.boot; +in { options = { myFlake.nixos = { boot = { - silentBoot = lib.mkEnableOption "Enable silent boot"; - noLoaderMenu = lib.mkEnableOption "Disable bootloader menu"; + silentBoot = lib.mkEnableOption "Whether to enable silent boot."; + noLoaderMenu = lib.mkEnableOption "Whether to disable bootloader menu."; }; }; }; - ### myFlake.nixos.boot.noLoaderMenu - config.boot.loader.timeout = lib.mkIf config.myFlake.nixos.boot.noLoaderMenu 0; + config = { + ### cfg.noLoaderMenu + boot.loader.timeout = lib.mkIf cfg.noLoaderMenu 0; - ### myFlake.nixos.boot.silentBoot - config.boot.consoleLogLevel = lib.mkIf config.myFlake.nixos.boot.silentBoot 0; - config.boot.kernelParams = - lib.mkIf config.myFlake.nixos.boot.silentBoot - (["quiet"] - ++ lib.optionals config.boot.initrd.systemd.enable [ - "systemd.show_status=auto" - "rd.udev.log_level=3" - ]); + ### cfg.silentBoot + boot.consoleLogLevel = lib.mkIf cfg.silentBoot 0; + boot.kernelParams = + lib.mkIf cfg.silentBoot + (["quiet"] + ++ lib.optionals config.boot.initrd.systemd.enable [ + "systemd.show_status=auto" + "rd.udev.log_level=3" + ]); - ### Misc - config.boot.loader = { - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = lib.mkDefault true; # mkDefault for Lanzaboote - editor = false; # Disabled for security - ### Utilities - #netbootxyz.enable = true; - #memtest86.enable = true; + ### Misc + boot.loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = lib.mkDefault true; # mkDefault for Lanzaboote + editor = false; # Disabled for security + ### Utilities + #netbootxyz.enable = true; + #memtest86.enable = true; + }; }; }; } diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 9bc08ec..01ead29 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,6 +1,7 @@ {...}: { imports = [ ./boot + ./hardware ./networking ]; } diff --git a/darwin/hardware/imac-2017/default.nix b/nixos/modules/hardware/cpu/default.nix similarity index 61% rename from darwin/hardware/imac-2017/default.nix rename to nixos/modules/hardware/cpu/default.nix index b377e8f..024255e 100644 --- a/darwin/hardware/imac-2017/default.nix +++ b/nixos/modules/hardware/cpu/default.nix @@ -1,5 +1,5 @@ {...}: { imports = [ - ./hardware.nix + ./intel.nix ]; } diff --git a/nixos/modules/hardware/cpu/intel.nix b/nixos/modules/hardware/cpu/intel.nix new file mode 100755 index 0000000..0393195 --- /dev/null +++ b/nixos/modules/hardware/cpu/intel.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + ... +}: let + cfg = config.myFlake.nixos.hardware.cpu.intel; +in { + options = { + myFlake.nixos.hardware.cpu.intel.enable = lib.mkEnableOption "Whether to enable Intel CPU."; + }; + + config = lib.mkIf cfg.enable { + boot.kernelModules = ["kvm-intel"]; + hardware.cpu.intel.updateMicrocode = true; + nixpkgs.hostPlatform = "x86_64-linux"; + }; +} diff --git a/nixos/modules/hardware/default.nix b/nixos/modules/hardware/default.nix new file mode 100644 index 0000000..08405b1 --- /dev/null +++ b/nixos/modules/hardware/default.nix @@ -0,0 +1,7 @@ +{...}: { + imports = [ + ./cpu + ./gpu + ./misc + ]; +} diff --git a/nixos/modules/hardware/gpu/amd.nix b/nixos/modules/hardware/gpu/amd.nix new file mode 100644 index 0000000..77188d6 --- /dev/null +++ b/nixos/modules/hardware/gpu/amd.nix @@ -0,0 +1,42 @@ +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.myFlake.nixos.hardware.gpu.amd; +in { + options = { + myFlake.nixos.hardware.gpu.amd.enable = lib.mkEnableOption "Whether to enable AMD GPU."; + }; + + # https://nixos.wiki/wiki/AMD_GPU + config = lib.mkIf cfg.enable { + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + boot.initrd.kernelModules = ["amdgpu"]; + services.xserver.videoDrivers = ["amdgpu"]; + + # OpenCL + hardware.opengl = { + extraPackages = with pkgs; [ + amdvlk + rocm-opencl-icd + rocm-opencl-runtime + ]; + # Only available on unstable + extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + ]; + }; + + # HIP + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.hip}" + ]; + }; +} diff --git a/nixos/modules/hardware/gpu/default.nix b/nixos/modules/hardware/gpu/default.nix new file mode 100644 index 0000000..f1995cb --- /dev/null +++ b/nixos/modules/hardware/gpu/default.nix @@ -0,0 +1,7 @@ +{...}: { + imports = [ + ./amd.nix + ./intel.nix + ./nvidia.nix + ]; +} diff --git a/nixos/modules/hardware/gpu/intel.nix b/nixos/modules/hardware/gpu/intel.nix new file mode 100644 index 0000000..79939f6 --- /dev/null +++ b/nixos/modules/hardware/gpu/intel.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.myFlake.nixos.hardware.gpu.intel; +in { + options = { + myFlake.nixos.hardware.gpu.intel.enable = lib.mkEnableOption "Whether to enable Intel GPU."; + }; + + # https://nixos.wiki/wiki/Intel_Graphics + config = lib.mkIf cfg.enable { + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + boot.initrd.kernelModules = ["i915"]; # if not enabled, plymouth's distro logo wont show for some reason + nixpkgs.config.packageOverrides = pkgs: {vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};}; + + hardware.opengl = { + extraPackages = with pkgs; [ + intel-media-driver # libva_driver_name=ihd + vaapiIntel # libva_driver_name=i965 (older but works better for firefox/chromium) + vaapiVdpau + libvdpau-va-gl + intel-compute-runtime # intel opencl + intel-media-driver # intel vaapi + ]; + extraPackages32 = with pkgs; [pkgsi686Linux.vaapiIntel]; + }; + }; +} diff --git a/nixos/modules/hardware/gpu/nvidia.nix b/nixos/modules/hardware/gpu/nvidia.nix new file mode 100755 index 0000000..52b51b3 --- /dev/null +++ b/nixos/modules/hardware/gpu/nvidia.nix @@ -0,0 +1,48 @@ +{ + lib, + config, + ... +}: let + cfg = config.myFlake.nixos.hardware.gpu.nvidia; +in { + options = { + myFlake.nixos.hardware.gpu.nvidia.enable = lib.mkEnableOption "Whether to enable NVIDIA GPU."; + myFlake.nixos.hardware.gpu.nvidia.prime = lib.mkEnableOption "Whether to enable NVIDIA Prime."; + }; + + # https://nixos.wiki/wiki/Nvidia + config = lib.mkIf cfg.enable { + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + services.xserver.videoDrivers = ["nvidia"]; # tell xorg to use the nvidia driver, also valid for wayland + hardware.nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.stable; + open = false; + modesetting.enable = true; + #dynamicboost.enable = true; + powerManagement = { + enable = true; # experimental power management feature + #finegrained = true; + }; + }; + + # cfg.prime + hardware.nvidia.prime = lib.mkIf cfg.prime { + sync.enable = false; + offload = { + enable = true; + enableOffloadCmd = true; + }; + ### Device specific, please put those configuration in `machines/your-machine.nix` + # nvidiaBusId = "PCI:1:0:0"; + # intelBusId = "PCI:0:2:0"; + }; + environment.sessionVariables = { + "GAMEMODERUNEXEC" = lib.mkIf (cfg.prime || config.programs.gamemode.enable) "env __NV_PRIME_RENDER_OFFLOAD=1 __GLX_VENDOR_LIBRARY_NAME=nvidia __VK_LAYER_NV_optimus=NVIDIA_only"; # gamemode: nvidia offload + }; + }; +} diff --git a/nixos/modules/hardware/misc/audio.nix b/nixos/modules/hardware/misc/audio.nix new file mode 100755 index 0000000..6f964a4 --- /dev/null +++ b/nixos/modules/hardware/misc/audio.nix @@ -0,0 +1,37 @@ +{ + lib, + config, + ... +}: let + cfg = config.myFlake.nixos.hardware.misc.audio; +in { + options = { + myFlake.nixos.hardware.misc.audio.enable = lib.mkEnableOption "Whether to enable audio."; + myFlake.nixos.hardware.misc.audio.soundServer = lib.mkOption { + type = lib.types.enum ["pipewire" "pulseaudio"]; + default = "pipewire"; + example = "pulseaudio"; + description = "Select desired sound system."; + }; + }; + + # https://nixos.wiki/wiki/PipeWire + # https://nixos.wiki/wiki/PulseAudio + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf (cfg.soundServer == "pipewire") { + security.rtkit.enable = true; + hardware.pulseaudio.enable = false; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + }) + (lib.mkIf (cfg.soundServer == "pulseaudio") { + hardware.pulseaudio.enable = true; + hardware.pulseaudio.support32Bit = true; + }) + ]); +} diff --git a/nixos/modules/hardware/misc/bluetooth.nix b/nixos/modules/hardware/misc/bluetooth.nix new file mode 100755 index 0000000..5d5e796 --- /dev/null +++ b/nixos/modules/hardware/misc/bluetooth.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.myFlake.nixos.hardware.misc.bluetooth; +in { + options = { + myFlake.nixos.hardware.misc.bluetooth.enable = lib.mkEnableOption "Whether to enable bluetooth."; + }; + + # https://nixos.wiki/wiki/Bluetooth + config = lib.mkIf cfg.enable { + # Bluetooth manager + #services.blueman.enable = true; + environment.systemPackages = lib.mkIf config.services.xserver.enable (with pkgs; [blueberry]); + + # Bluetooth service + hardware.bluetooth = { + enable = true; + settings.General.FastConnectable = true; + }; + }; +} diff --git a/nixos/modules/hardware/misc/default.nix b/nixos/modules/hardware/misc/default.nix new file mode 100644 index 0000000..492ff1a --- /dev/null +++ b/nixos/modules/hardware/misc/default.nix @@ -0,0 +1,8 @@ +{...}: { + imports = [ + ./audio.nix + ./bluetooth.nix + ./fstrim.nix + ./tpm.nix + ]; +} diff --git a/nixos/modules/hardware/misc/fstrim.nix b/nixos/modules/hardware/misc/fstrim.nix new file mode 100644 index 0000000..252ef5f --- /dev/null +++ b/nixos/modules/hardware/misc/fstrim.nix @@ -0,0 +1,15 @@ +{ + lib, + config, + ... +}: let + cfg = config.myFlake.nixos.hardware.misc.fstrim; +in { + options = { + myFlake.nixos.hardware.misc.fstrim.enable = lib.mkEnableOption "Whether to enable SSD triming in background."; + }; + + config = lib.mkIf cfg.enable { + services.fstrim.enable = true; + }; +} diff --git a/nixos/modules/hardware/misc/tpm.nix b/nixos/modules/hardware/misc/tpm.nix new file mode 100644 index 0000000..664866f --- /dev/null +++ b/nixos/modules/hardware/misc/tpm.nix @@ -0,0 +1,23 @@ +{ + lib, + config, + ... +}: let + cfg = config.myFlake.nixos.hardware.misc.tpm; +in { + options = { + myFlake.nixos.hardware.misc.tpm.enable = lib.mkEnableOption "Whether to enable TPM."; + }; + + # https://nixos.wiki/wiki/TPM + config = lib.mkIf cfg.enable { + # TPM is currently broken on latest kernel, + # but luckily, linux-zen have a patch for it + # UPDATE: it got fixed in 6.5.3 + security.tpm2 = { + enable = true; + pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + tctiEnvironment.enable = true; # tpm2tools_tcti and tpm2_pkcs11_tcti env variables + }; + }; +} diff --git a/nixos/modules/networking/dns.nix b/nixos/modules/networking/dns.nix index d0d26a9..80824b0 100644 --- a/nixos/modules/networking/dns.nix +++ b/nixos/modules/networking/dns.nix @@ -7,7 +7,7 @@ type = lib.types.enum ["google" "alidns"]; default = "google"; example = "alidns"; - description = "Select your DNS provider"; + description = "Select desired DNS provider."; }; config.networking.nameservers = lib.mkMerge [ diff --git a/nixos/modules/networking/network-configuration-daemon.nix b/nixos/modules/networking/network-configuration-daemon.nix index 37466a5..41d4de7 100644 --- a/nixos/modules/networking/network-configuration-daemon.nix +++ b/nixos/modules/networking/network-configuration-daemon.nix @@ -3,7 +3,7 @@ config, ... }: let - cfg = config.myFlake.nixos.networking.network-configuration-daemon; + cfg = config.myFlake.nixos.networking; in { options = { myFlake.nixos = { @@ -12,20 +12,26 @@ in { type = lib.types.enum ["iwd" "networkmanager" "networkmanager-iwd"]; default = "iwd"; example = "networkmanager"; - description = "Select network configuration daemon"; + description = "Select desired network configuration daemon."; }; }; }; }; - config = { - networking.wireless.iwd.enable = lib.mkIf (cfg == "iwd" || cfg == "networkmanager-iwd") true; - - networking.networkmanager = lib.mkIf (cfg == "networkmanager" || cfg == "networkmanager-iwd") { - enable = true; - ethernet.macAddress = "random"; - wifi.macAddress = "random"; - wifi.backend = lib.mkIf (cfg == "networkmanager-iwd") "iwd"; - }; - }; + config = lib.mkMerge [ + (lib.mkIf (cfg.network-configuration-daemon == "iwd") { + networking.wireless.iwd.enable = true; + }) + (lib.mkIf (cfg.network-configuration-daemon == "networkmanager" || cfg.network-configuration-daemon == "networkmanager-iwd") { + networking.networkmanager = { + enable = true; + ethernet.macAddress = "random"; + wifi.macAddress = "random"; + }; + }) + (lib.mkIf (cfg.network-configuration-daemon == "networkmanager-iwd") { + networking.wireless.iwd.enable = true; + networking.networkmanager.wifi.backend = "iwd"; + }) + ]; }