942 lines
33 KiB
Nix
942 lines
33 KiB
Nix
{
|
|
config,
|
|
options,
|
|
pkgs,
|
|
lib,
|
|
username,
|
|
inputs,
|
|
site_config,
|
|
niri-package,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./common.nix
|
|
|
|
# desktop-only modules
|
|
./desktop-vm.nix
|
|
./desktop-steam.nix
|
|
./desktop-networkmanager.nix
|
|
./desktop-age-secrets.nix
|
|
./desktop-lanzaboote-agenix.nix
|
|
|
|
inputs.disko.nixosModules.disko
|
|
|
|
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
|
|
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
|
|
inputs.nixos-hardware.nixosModules.common-pc-ssd
|
|
];
|
|
|
|
# allow overclocking (I actually underclock but lol)
|
|
hardware.amdgpu.overdrive.ppfeaturemask = "0xFFFFFFFF";
|
|
|
|
# Add niri to display manager session packages
|
|
services.displayManager.sessionPackages = [ niri-package ];
|
|
|
|
programs = {
|
|
gamescope = {
|
|
enable = true;
|
|
capSysNice = true;
|
|
};
|
|
steam = {
|
|
enable = true;
|
|
gamescopeSession.enable = true;
|
|
};
|
|
};
|
|
|
|
system.activationScripts = {
|
|
# FIX: https://github.com/NixOS/nix/issues/2982
|
|
"profile-channel-dummy".text = ''
|
|
#!/bin/sh
|
|
mkdir -p /nix/var/nix/profiles/per-user/root/channels
|
|
'';
|
|
|
|
};
|
|
|
|
swapDevices = [ ];
|
|
|
|
# Desktop-specific Nix cache — muffin serves it, desktops consume.
|
|
# Base nix settings (optimise, gc, experimental-features) come from common.nix.
|
|
nix.settings = {
|
|
substituters = [ site_config.binary_cache.url ];
|
|
trusted-public-keys = [
|
|
site_config.binary_cache.public_key
|
|
];
|
|
netrc-file = config.age.secrets.nix-cache-netrc.path;
|
|
};
|
|
|
|
# cachyos kernel overlay
|
|
nixpkgs.overlays = [ inputs.nix-cachyos-kernel.overlays.default ];
|
|
|
|
# kernel options
|
|
boot = {
|
|
|
|
# cachyos kernel: bore scheduler, full lto, x86_64-v3 (common to zen 3 + zen 5)
|
|
kernelPackages =
|
|
let
|
|
helpers = pkgs.callPackage "${inputs.nix-cachyos-kernel}/helpers.nix" { };
|
|
kernel = pkgs.cachyosKernels.linux-cachyos-bore-lto.override {
|
|
lto = "full";
|
|
processorOpt = "x86_64-v3";
|
|
};
|
|
in
|
|
helpers.kernelModuleLLVMOverride (pkgs.linuxKernel.packagesFor kernel);
|
|
|
|
# disable legacy subsystems neither host will ever use
|
|
kernelPatches = [
|
|
{
|
|
name = "disable-legacy-subsystems";
|
|
patch = null;
|
|
structuredExtraConfig = with lib.kernel; {
|
|
# ancient bus/card standards
|
|
PCMCIA = lib.mkForce no;
|
|
PCCARD = lib.mkForce no;
|
|
PARPORT = lib.mkForce no;
|
|
GAMEPORT = lib.mkForce module;
|
|
FIREWIRE = lib.mkForce no;
|
|
AGP = lib.mkForce no;
|
|
|
|
# legacy networking
|
|
ATM = lib.mkForce no;
|
|
FDDI = lib.mkForce no;
|
|
ISDN = lib.mkForce no;
|
|
CAN = lib.mkForce no;
|
|
NFC = lib.mkForce no;
|
|
INFINIBAND = lib.mkForce no;
|
|
|
|
# amateur radio (HAMRADIO is the umbrella but these are separate symbols)
|
|
HAMRADIO = lib.mkForce no;
|
|
AX25 = lib.mkForce no;
|
|
NETROM = lib.mkForce no;
|
|
ROSE = lib.mkForce no;
|
|
|
|
# dead protocols
|
|
PHONET = lib.mkForce no;
|
|
IEEE802154 = lib.mkForce no;
|
|
"6LOWPAN" = lib.mkForce no;
|
|
NET_9P = lib.mkForce no;
|
|
BATMAN_ADV = lib.mkForce no;
|
|
CAIF = lib.mkForce no;
|
|
|
|
# tv tuners / digital video broadcasting
|
|
MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
|
|
MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
|
|
DVB_CORE = lib.mkForce no;
|
|
|
|
# hypervisor guest support (bare metal only)
|
|
HYPERV = lib.mkForce no;
|
|
XEN = lib.mkForce no;
|
|
VMWARE_VMCI = lib.mkForce no;
|
|
VMWARE_BALLOON = lib.mkForce no;
|
|
VMWARE_PVSCSI = lib.mkForce no;
|
|
VMWARE_VMCI_VSOCKETS = lib.mkForce no;
|
|
VMXNET3 = lib.mkForce no;
|
|
DRM_VMWGFX = lib.mkForce no;
|
|
VBOXGUEST = lib.mkForce no;
|
|
VBOXSF_FS = lib.mkForce no;
|
|
|
|
# staging drivers (experimental/unmaintained)
|
|
STAGING = lib.mkForce no;
|
|
# SND_PCI stays — SND_HDA_INTEL (AMD HDA audio) lives under it
|
|
ACCESSIBILITY = lib.mkForce no;
|
|
MTD = lib.mkForce no;
|
|
MEDIA_RC_SUPPORT = lib.mkForce no;
|
|
|
|
# legacy storage (AHCI for modern SATA is independent)
|
|
ATA_SFF = lib.mkForce no;
|
|
SCSI_LOWLEVEL = lib.mkForce no;
|
|
FUSION = lib.mkForce no;
|
|
|
|
# misc legacy
|
|
MOST = lib.mkForce no;
|
|
PPDEV = lib.mkForce no;
|
|
PHANTOM = lib.mkForce no;
|
|
X86_ANDROID_TABLETS = lib.mkForce no;
|
|
# CHROME_PLATFORMS stays — Framework laptops use CrOS EC
|
|
SURFACE_PLATFORMS = lib.mkForce no;
|
|
MCTP = lib.mkForce no;
|
|
GPIB = lib.mkForce no;
|
|
SIOX = lib.mkForce no;
|
|
SLIMBUS = lib.mkForce no;
|
|
WWAN = lib.mkForce no;
|
|
QFMT_V1 = lib.mkForce no;
|
|
FIREWIRE_NOSY = lib.mkForce no;
|
|
|
|
# nvidia gpu
|
|
DRM_NOUVEAU = lib.mkForce no;
|
|
|
|
# other gpus not present
|
|
DRM_RADEON = lib.mkForce no;
|
|
DRM_GMA500 = lib.mkForce no;
|
|
DRM_AST = lib.mkForce no;
|
|
DRM_MGAG200 = lib.mkForce no;
|
|
DRM_HISI_HIBMC = lib.mkForce no;
|
|
DRM_APPLETBDRM = lib.mkForce no;
|
|
|
|
# legacy AMD IP blocks. hosts are Navi 32 RDNA3 dGPU (7800 XT, yarn,
|
|
# 2023, gfx1101, DCN 3.2) and Krackan Point RDNA 3.5 iGPU (mreow,
|
|
# 2024, gfx1150, DCN 3.5). everything below pre-dates those by a
|
|
# decade. upstream only exposes per-generation toggles for SI and
|
|
# CIK — no switch for VI/Polaris/Vega/Navi1x, those stay in amdgpu.
|
|
DRM_AMDGPU_SI = lib.mkForce no; # Southern Islands / GCN 1 (2012): HD 7950/7970, R9 280/280X, R7 260X
|
|
DRM_AMDGPU_CIK = lib.mkForce no; # Sea Islands / GCN 2 (2013): R9 290/290X/390, Kaveri APUs (A10-7850K), Steam Machine Bonaire
|
|
DRM_AMD_SECURE_DISPLAY = lib.mkForce no; # HDCP region-CRC debugfs helper, needs custom DMCU firmware
|
|
|
|
# early-boot framebuffer chain: drop every alternative to amdgpu so
|
|
# the console never transitions simpledrm -> dummy -> amdgpu (visible
|
|
# as a flash + scrolled dmesg). amdgpu owns the display from initrd
|
|
# onward; pre-amdgpu kernel output stays in the printk ring buffer.
|
|
DRM_SIMPLEDRM = lib.mkForce no;
|
|
FB_EFI = lib.mkForce no;
|
|
FB_VESA = lib.mkForce no;
|
|
|
|
# intel cpu / platform
|
|
INTEL_IOMMU = lib.mkForce no;
|
|
INTEL_IDLE = lib.mkForce no;
|
|
INTEL_HFI_THERMAL = lib.mkForce no;
|
|
INTEL_TCC_COOLING = lib.mkForce no;
|
|
INTEL_SOC_DTS_THERMAL = lib.mkForce no;
|
|
INTEL_PCH_THERMAL = lib.mkForce no;
|
|
INTEL_POWERCLAMP = lib.mkForce no;
|
|
X86_PKG_TEMP_THERMAL = lib.mkForce no;
|
|
X86_INTEL_LPSS = lib.mkForce no;
|
|
INTEL_MEI = lib.mkForce no;
|
|
INTEL_TH = lib.mkForce no;
|
|
INTEL_VSEC = lib.mkForce no;
|
|
INTEL_IDXD = lib.mkForce no;
|
|
INTEL_IOATDMA = lib.mkForce no;
|
|
EDAC_E752X = lib.mkForce no;
|
|
EDAC_I82975X = lib.mkForce no;
|
|
EDAC_I3000 = lib.mkForce no;
|
|
EDAC_I3200 = lib.mkForce no;
|
|
EDAC_IE31200 = lib.mkForce no;
|
|
EDAC_X38 = lib.mkForce no;
|
|
EDAC_I5400 = lib.mkForce no;
|
|
EDAC_I7CORE = lib.mkForce no;
|
|
EDAC_I5100 = lib.mkForce no;
|
|
EDAC_I7300 = lib.mkForce no;
|
|
EDAC_SBRIDGE = lib.mkForce no;
|
|
EDAC_SKX = lib.mkForce no;
|
|
EDAC_I10NM = lib.mkForce no;
|
|
EDAC_IMH = lib.mkForce no;
|
|
EDAC_PND2 = lib.mkForce no;
|
|
EDAC_IGEN6 = lib.mkForce no;
|
|
|
|
# intel audio
|
|
SND_SOC_SOF_INTEL_TOPLEVEL = lib.mkForce no;
|
|
SND_SOC_INTEL_SST_TOPLEVEL = lib.mkForce no;
|
|
|
|
# mellanox networking
|
|
MLX4_CORE = lib.mkForce no;
|
|
MLX5_CORE = lib.mkForce no;
|
|
MLXSW_CORE = lib.mkForce no;
|
|
MLX_PLATFORM = lib.mkForce no;
|
|
|
|
# fpga
|
|
FPGA = lib.mkForce no;
|
|
XILLYBUS = lib.mkForce no;
|
|
XILLYUSB = lib.mkForce no;
|
|
|
|
# old x86 cpufreq / platform (both systems are modern Zen)
|
|
AMD_NUMA = lib.mkForce no;
|
|
X86_POWERNOW_K8 = lib.mkForce no;
|
|
X86_P4_CLOCKMOD = lib.mkForce no;
|
|
X86_SPEEDSTEP_LIB = lib.mkForce no;
|
|
|
|
# cxl (datacenter memory expansion)
|
|
CXL_BUS = lib.mkForce no;
|
|
|
|
# embedded SoC peripherals (not present on desktop/laptop)
|
|
INPUT_TOUCHSCREEN = lib.mkForce no;
|
|
INPUT_TABLET = lib.mkForce no;
|
|
INPUT_JOYSTICK = lib.mkForce no;
|
|
MEDIA_PLATFORM_DRIVERS = lib.mkForce no;
|
|
MEDIA_TEST_SUPPORT = lib.mkForce no;
|
|
|
|
# deprecated userland compat
|
|
SGETMASK_SYSCALL = lib.mkForce no;
|
|
UID16 = lib.mkForce no;
|
|
X86_X32_ABI = lib.mkForce no;
|
|
|
|
# Disable EXT2
|
|
EXT2_FS = lib.mkForce no;
|
|
EXT4_USE_FOR_EXT2 = lib.mkForce yes;
|
|
|
|
# disable unused security stuff
|
|
SECURITY_TOMOYO = lib.mkForce no;
|
|
SECURITY_YAMA = lib.mkForce no;
|
|
SECURITY_SELINUX = lib.mkForce no;
|
|
SECURITY_APPARMOR = lib.mkForce no;
|
|
INTEGRITY = lib.mkForce no;
|
|
SECURITY_IPE = lib.mkForce no;
|
|
SECURITY_LANDLOCK = lib.mkForce no;
|
|
SECURITY_SMACK = lib.mkForce no;
|
|
|
|
# I am not a switch
|
|
NET_SWITCHDEV = lib.mkForce no;
|
|
|
|
# incorrect ARCH
|
|
XZ_DEC_POWERPC = lib.mkForce no;
|
|
XZ_DEC_ARM = lib.mkForce no;
|
|
XZ_DEC_ARMTHUMB = lib.mkForce no;
|
|
XZ_DEC_ARM64 = lib.mkForce no;
|
|
XZ_DEC_SPARC = lib.mkForce no;
|
|
XZ_DEC_RISCV = lib.mkForce no;
|
|
|
|
# ==== no hardware for any of these on either host ====
|
|
|
|
# laptop vendor platform drivers (only FRAMEWORK_LAPTOP is used)
|
|
ACER_WMI = lib.mkForce no;
|
|
ACER_WIRELESS = lib.mkForce no;
|
|
ACERHDF = lib.mkForce no;
|
|
APPLE_GMUX = lib.mkForce no;
|
|
ASUS_LAPTOP = lib.mkForce no;
|
|
ASUS_WMI = lib.mkForce no;
|
|
ASUS_NB_WMI = lib.mkForce no;
|
|
ASUS_ARMOURY = lib.mkForce no;
|
|
ASUS_TF103C_DOCK = lib.mkForce no;
|
|
ASUS_WIRELESS = lib.mkForce no;
|
|
COMPAL_LAPTOP = lib.mkForce no;
|
|
DELL_LAPTOP = lib.mkForce no;
|
|
DELL_RBTN = lib.mkForce no;
|
|
DELL_PC = lib.mkForce no;
|
|
DELL_SMBIOS = lib.mkForce no;
|
|
DELL_SMO8800 = lib.mkForce no;
|
|
DELL_UART_BACKLIGHT = lib.mkForce no;
|
|
DELL_WMI = lib.mkForce no;
|
|
DELL_WMI_AIO = lib.mkForce no;
|
|
DELL_WMI_DDV = lib.mkForce no;
|
|
DELL_WMI_DESCRIPTOR = lib.mkForce no;
|
|
DELL_WMI_LED = lib.mkForce no;
|
|
DELL_WMI_SYSMAN = lib.mkForce no;
|
|
EEEPC_LAPTOP = lib.mkForce no;
|
|
EEEPC_WMI = lib.mkForce no;
|
|
FUJITSU_LAPTOP = lib.mkForce no;
|
|
FUJITSU_ES = lib.mkForce no;
|
|
FUJITSU_TABLET = lib.mkForce no;
|
|
HUAWEI_WMI = lib.mkForce no;
|
|
IBM_ASM = lib.mkForce no;
|
|
IBM_RTL = lib.mkForce no;
|
|
IDEAPAD_LAPTOP = lib.mkForce no;
|
|
LG_LAPTOP = lib.mkForce no;
|
|
MSI_LAPTOP = lib.mkForce no;
|
|
MSI_WMI = lib.mkForce no;
|
|
MSI_EC = lib.mkForce no;
|
|
PANASONIC_LAPTOP = lib.mkForce no;
|
|
SONY_LAPTOP = lib.mkForce no;
|
|
SAMSUNG_LAPTOP = lib.mkForce no;
|
|
TOPSTAR_LAPTOP = lib.mkForce no;
|
|
THINKPAD_ACPI = lib.mkForce no;
|
|
THINKPAD_LMI = lib.mkForce no;
|
|
LENOVO_SE10_WDT = lib.mkForce no;
|
|
LENOVO_SE30_WDT = lib.mkForce no;
|
|
LENOVO_WMI_HOTKEY_UTILITIES = lib.mkForce no;
|
|
LENOVO_WMI_CAMERA = lib.mkForce no;
|
|
LENOVO_YMC = lib.mkForce no;
|
|
LENOVO_WMI_CAPDATA = lib.mkForce no;
|
|
LENOVO_WMI_EVENTS = lib.mkForce no;
|
|
LENOVO_WMI_HELPERS = lib.mkForce no;
|
|
LENOVO_WMI_GAMEZONE = lib.mkForce no;
|
|
LENOVO_WMI_TUNING = lib.mkForce no;
|
|
YOGABOOK = lib.mkForce no;
|
|
YT2_1380 = lib.mkForce no;
|
|
XIAOMI_WMI = lib.mkForce no;
|
|
BARCO_P50_GPIO = lib.mkForce no;
|
|
PC_ENGINES_APU = lib.mkForce no;
|
|
SILICOM_PLATFORM = lib.mkForce no;
|
|
SIEMENS_SIMATIC_IPC_WDT = lib.mkForce no;
|
|
SYSTEM76_ACPI = lib.mkForce no;
|
|
INSPUR_PLATFORM_PROFILE = lib.mkForce no;
|
|
NVIDIA_WMI_EC_BACKLIGHT = lib.mkForce no;
|
|
|
|
# legacy filesystems (hosts use vfat/f2fs/tmpfs/fuse; exfat/ntfs3 kept for externals)
|
|
JFS_FS = lib.mkForce no;
|
|
GFS2_FS = lib.mkForce no;
|
|
OCFS2_FS = lib.mkForce no;
|
|
NILFS2_FS = lib.mkForce no;
|
|
AFFS_FS = lib.mkForce no;
|
|
HFS_FS = lib.mkForce no;
|
|
HFSPLUS_FS = lib.mkForce no;
|
|
BEFS_FS = lib.mkForce no;
|
|
JFFS2_FS = lib.mkForce no;
|
|
UBIFS_FS = lib.mkForce no;
|
|
MINIX_FS = lib.mkForce no;
|
|
OMFS_FS = lib.mkForce no;
|
|
ROMFS_FS = lib.mkForce no;
|
|
UFS_FS = lib.mkForce no;
|
|
EROFS_FS = lib.mkForce no;
|
|
ORANGEFS_FS = lib.mkForce no;
|
|
CODA_FS = lib.mkForce no;
|
|
AFS_FS = lib.mkForce no;
|
|
CEPH_FS = lib.mkForce no;
|
|
ZONEFS_FS = lib.mkForce no;
|
|
BCACHE = lib.mkForce no;
|
|
BCACHEFS_FS = lib.mkForce no;
|
|
ECRYPT_FS = lib.mkForce no;
|
|
NFSD = lib.mkForce no;
|
|
|
|
# legacy partition tables (only GPT+MBR in use)
|
|
AIX_PARTITION = lib.mkForce no;
|
|
MAC_PARTITION = lib.mkForce no;
|
|
LDM_PARTITION = lib.mkForce no;
|
|
KARMA_PARTITION = lib.mkForce no;
|
|
MINIX_SUBPARTITION = lib.mkForce no;
|
|
SOLARIS_X86_PARTITION = lib.mkForce no;
|
|
BSD_DISKLABEL = lib.mkForce no;
|
|
UNIXWARE_DISKLABEL = lib.mkForce no;
|
|
SYSV68_PARTITION = lib.mkForce no;
|
|
ULTRIX_PARTITION = lib.mkForce no;
|
|
OSF_PARTITION = lib.mkForce no;
|
|
SGI_PARTITION = lib.mkForce no;
|
|
SUN_PARTITION = lib.mkForce no;
|
|
ATARI_PARTITION = lib.mkForce no;
|
|
AMIGA_PARTITION = lib.mkForce no;
|
|
ACORN_PARTITION = lib.mkForce no;
|
|
|
|
# legacy net protocols (nothing uses SCTP/RDS/TIPC/SMC or GRE tunnels)
|
|
IP_SCTP = lib.mkForce no;
|
|
RDS = lib.mkForce no;
|
|
TIPC = lib.mkForce no;
|
|
SMC = lib.mkForce no;
|
|
NET_IPIP = lib.mkForce no;
|
|
NET_IPGRE = lib.mkForce no;
|
|
NET_IPGRE_DEMUX = lib.mkForce no;
|
|
NET_IPVTI = lib.mkForce no;
|
|
|
|
# legacy PCI sound cards (kept: SND_HDA_* for AMD HDA, SND_SOC_SOF_AMD for ACP)
|
|
SND_ALI5451 = lib.mkForce no;
|
|
SND_ATIIXP = lib.mkForce no;
|
|
SND_ATIIXP_MODEM = lib.mkForce no;
|
|
SND_AU8810 = lib.mkForce no;
|
|
SND_AU8820 = lib.mkForce no;
|
|
SND_AU8830 = lib.mkForce no;
|
|
SND_AW2 = lib.mkForce no;
|
|
SND_AZT3328 = lib.mkForce no;
|
|
SND_BT87X = lib.mkForce no;
|
|
SND_CA0106 = lib.mkForce no;
|
|
SND_CMIPCI = lib.mkForce no;
|
|
SND_OXYGEN = lib.mkForce no;
|
|
SND_CS46XX = lib.mkForce no;
|
|
SND_CTXFI = lib.mkForce no;
|
|
SND_DARLA20 = lib.mkForce no;
|
|
SND_GINA20 = lib.mkForce no;
|
|
SND_LAYLA20 = lib.mkForce no;
|
|
SND_DARLA24 = lib.mkForce no;
|
|
SND_GINA24 = lib.mkForce no;
|
|
SND_LAYLA24 = lib.mkForce no;
|
|
SND_MONA = lib.mkForce no;
|
|
SND_MIA = lib.mkForce no;
|
|
SND_ECHO3G = lib.mkForce no;
|
|
SND_INDIGO = lib.mkForce no;
|
|
SND_INDIGOIO = lib.mkForce no;
|
|
SND_INDIGODJ = lib.mkForce no;
|
|
SND_INDIGOIOX = lib.mkForce no;
|
|
SND_INDIGODJX = lib.mkForce no;
|
|
SND_EMU10K1 = lib.mkForce no;
|
|
SND_EMU10K1X = lib.mkForce no;
|
|
SND_ENS1370 = lib.mkForce no;
|
|
SND_ENS1371 = lib.mkForce no;
|
|
SND_ES1938 = lib.mkForce no;
|
|
SND_ES1968 = lib.mkForce no;
|
|
SND_FM801 = lib.mkForce no;
|
|
SND_HDSP = lib.mkForce no;
|
|
SND_HDSPM = lib.mkForce no;
|
|
SND_ICE1712 = lib.mkForce no;
|
|
SND_ICE1724 = lib.mkForce no;
|
|
SND_INTEL8X0 = lib.mkForce no;
|
|
SND_INTEL8X0M = lib.mkForce no;
|
|
SND_KORG1212 = lib.mkForce no;
|
|
SND_LOLA = lib.mkForce no;
|
|
SND_LX6464ES = lib.mkForce no;
|
|
SND_MAESTRO3 = lib.mkForce no;
|
|
SND_MIXART = lib.mkForce no;
|
|
SND_MPU401 = lib.mkForce no;
|
|
SND_MTS64 = lib.mkForce no;
|
|
SND_NM256 = lib.mkForce no;
|
|
SND_PCXHR = lib.mkForce no;
|
|
SND_PORTMAN2X4 = lib.mkForce no;
|
|
SND_RIPTIDE = lib.mkForce no;
|
|
SND_RME32 = lib.mkForce no;
|
|
SND_RME96 = lib.mkForce no;
|
|
SND_RME9652 = lib.mkForce no;
|
|
SND_SE6X = lib.mkForce no;
|
|
SND_TRIDENT = lib.mkForce no;
|
|
SND_VIA82XX = lib.mkForce no;
|
|
SND_VIRTUOSO = lib.mkForce no;
|
|
SND_VX222 = lib.mkForce no;
|
|
SND_YMFPCI = lib.mkForce no;
|
|
|
|
# legacy HDA codecs (kept: REALTEK for ALC269 on Framework + HDMI for amdhdmi)
|
|
SND_HDA_CODEC_ANALOG = lib.mkForce no;
|
|
SND_HDA_CODEC_SIGMATEL = lib.mkForce no;
|
|
SND_HDA_CODEC_VIA = lib.mkForce no;
|
|
SND_HDA_CODEC_CONEXANT = lib.mkForce no;
|
|
SND_HDA_CODEC_CA0110 = lib.mkForce no;
|
|
SND_HDA_CODEC_CA0132 = lib.mkForce no;
|
|
SND_HDA_CODEC_SI3054 = lib.mkForce no;
|
|
SND_HDA_CODEC_CIRRUS = lib.mkForce no;
|
|
SND_HDA_CODEC_CS420X = lib.mkForce no;
|
|
SND_HDA_CODEC_CS421X = lib.mkForce no;
|
|
SND_HDA_CODEC_CS8409 = lib.mkForce no;
|
|
|
|
# OSS compat (deprecated)
|
|
SOUND_OSS_CORE = lib.mkForce no;
|
|
|
|
# legacy USB HCDs (Zen APUs only have xHCI)
|
|
USB_OHCI_HCD = lib.mkForce no;
|
|
USB_UHCI_HCD = lib.mkForce no;
|
|
USB_C67X00_HCD = lib.mkForce no;
|
|
USB_OXU210HP_HCD = lib.mkForce no;
|
|
USB_ISP116X_HCD = lib.mkForce no;
|
|
USB_ISP1760 = lib.mkForce no;
|
|
USB_MAX3421_HCD = lib.mkForce no;
|
|
USB_SL811_HCD = lib.mkForce no;
|
|
USB_R8A66597 = lib.mkForce no;
|
|
USB_XEN_HCD = lib.mkForce no;
|
|
|
|
# USB gadget + exotic device drivers
|
|
USB_GADGET = lib.mkForce no;
|
|
USB_MICROTEK = lib.mkForce no;
|
|
USB_USS720 = lib.mkForce no;
|
|
USB_EMI26 = lib.mkForce no;
|
|
USB_EMI62 = lib.mkForce no;
|
|
USB_ADUTUX = lib.mkForce no;
|
|
USB_SEVSEG = lib.mkForce no;
|
|
USB_LEGOTOWER = lib.mkForce no;
|
|
USB_CYPRESS_CY7C63 = lib.mkForce no;
|
|
USB_CYTHERM = lib.mkForce no;
|
|
USB_IDMOUSE = lib.mkForce no;
|
|
USB_APPLEDISPLAY = lib.mkForce no;
|
|
USB_TRANCEVIBRATOR = lib.mkForce no;
|
|
USB_CHAOSKEY = lib.mkForce no;
|
|
USB_TEST = lib.mkForce no;
|
|
|
|
# USB mass-storage sub-drivers for legacy flash/camera readers
|
|
USB_STORAGE_REALTEK = lib.mkForce no;
|
|
USB_STORAGE_DATAFAB = lib.mkForce no;
|
|
USB_STORAGE_FREECOM = lib.mkForce no;
|
|
USB_STORAGE_ISD200 = lib.mkForce no;
|
|
USB_STORAGE_USBAT = lib.mkForce no;
|
|
USB_STORAGE_SDDR09 = lib.mkForce no;
|
|
USB_STORAGE_SDDR55 = lib.mkForce no;
|
|
USB_STORAGE_JUMPSHOT = lib.mkForce no;
|
|
USB_STORAGE_ALAUDA = lib.mkForce no;
|
|
USB_STORAGE_ONETOUCH = lib.mkForce no;
|
|
USB_STORAGE_KARMA = lib.mkForce no;
|
|
USB_STORAGE_CYPRESS_ATACB = lib.mkForce no;
|
|
USB_STORAGE_ENE_UB6250 = lib.mkForce no;
|
|
|
|
# wlan vendors (kept: MEDIATEK/INTEL/REALTEK/BROADCOM for mreow+yarn)
|
|
WLAN_VENDOR_ADMTEK = lib.mkForce no;
|
|
WLAN_VENDOR_ATMEL = lib.mkForce no;
|
|
WLAN_VENDOR_CISCO = lib.mkForce no;
|
|
WLAN_VENDOR_INTERSIL = lib.mkForce no;
|
|
WLAN_VENDOR_MARVELL = lib.mkForce no;
|
|
WLAN_VENDOR_MICROCHIP = lib.mkForce no;
|
|
WLAN_VENDOR_PURELIFI = lib.mkForce no;
|
|
WLAN_VENDOR_QUANTENNA = lib.mkForce no;
|
|
WLAN_VENDOR_RALINK = lib.mkForce no;
|
|
WLAN_VENDOR_RSI = lib.mkForce no;
|
|
WLAN_VENDOR_SILABS = lib.mkForce no;
|
|
WLAN_VENDOR_ST = lib.mkForce no;
|
|
WLAN_VENDOR_TI = lib.mkForce no;
|
|
WLAN_VENDOR_ZYDAS = lib.mkForce no;
|
|
|
|
# ethernet vendors (kept: AMD/INTEL/REALTEK/AQUANTIA/ATHEROS)
|
|
NET_VENDOR_3COM = lib.mkForce no;
|
|
NET_VENDOR_ADAPTEC = lib.mkForce no;
|
|
NET_VENDOR_AGERE = lib.mkForce no;
|
|
NET_VENDOR_ALACRITECH = lib.mkForce no;
|
|
NET_VENDOR_ALTEON = lib.mkForce no;
|
|
NET_VENDOR_AMAZON = lib.mkForce no;
|
|
NET_VENDOR_ARC = lib.mkForce no;
|
|
NET_VENDOR_BROADCOM = lib.mkForce no;
|
|
NET_VENDOR_BROCADE = lib.mkForce no;
|
|
NET_VENDOR_CADENCE = lib.mkForce no;
|
|
NET_VENDOR_CAVIUM = lib.mkForce no;
|
|
NET_VENDOR_CHELSIO = lib.mkForce no;
|
|
NET_VENDOR_CISCO = lib.mkForce no;
|
|
NET_VENDOR_CORTINA = lib.mkForce no;
|
|
NET_VENDOR_DAVICOM = lib.mkForce no;
|
|
NET_VENDOR_DEC = lib.mkForce no;
|
|
NET_VENDOR_DLINK = lib.mkForce no;
|
|
NET_VENDOR_EMULEX = lib.mkForce no;
|
|
NET_VENDOR_ENGLEDER = lib.mkForce no;
|
|
NET_VENDOR_EZCHIP = lib.mkForce no;
|
|
NET_VENDOR_FUJITSU = lib.mkForce no;
|
|
NET_VENDOR_FUNGIBLE = lib.mkForce no;
|
|
NET_VENDOR_GOOGLE = lib.mkForce no;
|
|
NET_VENDOR_HISILICON = lib.mkForce no;
|
|
NET_VENDOR_HUAWEI = lib.mkForce no;
|
|
NET_VENDOR_I825XX = lib.mkForce no;
|
|
NET_VENDOR_ADI = lib.mkForce no;
|
|
NET_VENDOR_LITEX = lib.mkForce no;
|
|
NET_VENDOR_MARVELL = lib.mkForce no;
|
|
NET_VENDOR_META = lib.mkForce no;
|
|
NET_VENDOR_MICREL = lib.mkForce no;
|
|
NET_VENDOR_MICROCHIP = lib.mkForce no;
|
|
NET_VENDOR_MICROSEMI = lib.mkForce no;
|
|
NET_VENDOR_MICROSOFT = lib.mkForce no;
|
|
NET_VENDOR_MUCSE = lib.mkForce no;
|
|
NET_VENDOR_MYRI = lib.mkForce no;
|
|
NET_VENDOR_NI = lib.mkForce no;
|
|
NET_VENDOR_NATSEMI = lib.mkForce no;
|
|
NET_VENDOR_NETRONOME = lib.mkForce no;
|
|
NET_VENDOR_8390 = lib.mkForce no;
|
|
NET_VENDOR_NVIDIA = lib.mkForce no;
|
|
NET_VENDOR_OKI = lib.mkForce no;
|
|
NET_VENDOR_PACKET_ENGINES = lib.mkForce no;
|
|
NET_VENDOR_PENSANDO = lib.mkForce no;
|
|
NET_VENDOR_QLOGIC = lib.mkForce no;
|
|
NET_VENDOR_QUALCOMM = lib.mkForce no;
|
|
NET_VENDOR_RDC = lib.mkForce no;
|
|
NET_VENDOR_RENESAS = lib.mkForce no;
|
|
NET_VENDOR_ROCKER = lib.mkForce no;
|
|
NET_VENDOR_SAMSUNG = lib.mkForce no;
|
|
NET_VENDOR_SEEQ = lib.mkForce no;
|
|
NET_VENDOR_SILAN = lib.mkForce no;
|
|
NET_VENDOR_SIS = lib.mkForce no;
|
|
NET_VENDOR_SOLARFLARE = lib.mkForce no;
|
|
NET_VENDOR_SMSC = lib.mkForce no;
|
|
NET_VENDOR_SOCIONEXT = lib.mkForce no;
|
|
NET_VENDOR_STMICRO = lib.mkForce no;
|
|
NET_VENDOR_SUN = lib.mkForce no;
|
|
NET_VENDOR_SYNOPSYS = lib.mkForce no;
|
|
NET_VENDOR_TEHUTI = lib.mkForce no;
|
|
NET_VENDOR_TI = lib.mkForce no;
|
|
NET_VENDOR_VERTEXCOM = lib.mkForce no;
|
|
NET_VENDOR_VIA = lib.mkForce no;
|
|
NET_VENDOR_WANGXUN = lib.mkForce no;
|
|
NET_VENDOR_WIZNET = lib.mkForce no;
|
|
NET_VENDOR_XILINX = lib.mkForce no;
|
|
NET_VENDOR_XIRCOM = lib.mkForce no;
|
|
|
|
# watchdogs (kept: SP5100_TCO for AMD chipset, WDAT_WDT for ACPI)
|
|
ACQUIRE_WDT = lib.mkForce no;
|
|
ADVANTECH_WDT = lib.mkForce no;
|
|
ADVANTECH_EC_WDT = lib.mkForce no;
|
|
ALIM1535_WDT = lib.mkForce no;
|
|
ALIM7101_WDT = lib.mkForce no;
|
|
CGBC_WDT = lib.mkForce no;
|
|
EBC_C384_WDT = lib.mkForce no;
|
|
EXAR_WDT = lib.mkForce no;
|
|
F71808E_WDT = lib.mkForce no;
|
|
EUROTECH_WDT = lib.mkForce no;
|
|
IB700_WDT = lib.mkForce no;
|
|
WAFER_WDT = lib.mkForce no;
|
|
I6300ESB_WDT = lib.mkForce no;
|
|
IE6XX_WDT = lib.mkForce no;
|
|
ITCO_WDT = lib.mkForce no;
|
|
IT8712F_WDT = lib.mkForce no;
|
|
IT87_WDT = lib.mkForce no;
|
|
HP_WATCHDOG = lib.mkForce no;
|
|
HPWDT_NMI_DECODE = lib.mkForce no;
|
|
KEMPLD_WDT = lib.mkForce no;
|
|
MLX_WDT = lib.mkForce no;
|
|
NI903X_WDT = lib.mkForce no;
|
|
NIC7018_WDT = lib.mkForce no;
|
|
SMSC37B787_WDT = lib.mkForce no;
|
|
TQMX86_WDT = lib.mkForce no;
|
|
VIA_WDT = lib.mkForce no;
|
|
W83627HF_WDT = lib.mkForce no;
|
|
W83877F_WDT = lib.mkForce no;
|
|
W83977F_WDT = lib.mkForce no;
|
|
MACHZ_WDT = lib.mkForce no;
|
|
SBC_EPX_C3_WATCHDOG = lib.mkForce no;
|
|
MEN_A21_WDT = lib.mkForce no;
|
|
DW_WATCHDOG = lib.mkForce no;
|
|
SOFT_WATCHDOG = lib.mkForce no;
|
|
XILINX_WATCHDOG = lib.mkForce no;
|
|
|
|
# misc dead weight
|
|
BLK_DEV_DRBD = lib.mkForce no;
|
|
GREYBUS = lib.mkForce no;
|
|
SOUNDWIRE_QCOM = lib.mkForce no;
|
|
SOUNDWIRE_INTEL = lib.mkForce no;
|
|
MEDIA_RADIO_SUPPORT = lib.mkForce no;
|
|
|
|
# net queue disciplines not used on desktop (kept: htb/prio/fifo/fq/fq_codel/cake/bpf/ingress/netem/tbf/mqprio for basic shaping + testing)
|
|
NET_SCH_CBS = lib.mkForce no;
|
|
NET_SCH_CHOKE = lib.mkForce no;
|
|
NET_SCH_CODEL = lib.mkForce no;
|
|
NET_SCH_DRR = lib.mkForce no;
|
|
NET_SCH_DUALPI2 = lib.mkForce no;
|
|
NET_SCH_ETF = lib.mkForce no;
|
|
NET_SCH_ETS = lib.mkForce no;
|
|
NET_SCH_FQ_PIE = lib.mkForce no;
|
|
NET_SCH_GRED = lib.mkForce no;
|
|
NET_SCH_HFSC = lib.mkForce no;
|
|
NET_SCH_HHF = lib.mkForce no;
|
|
NET_SCH_MULTIQ = lib.mkForce no;
|
|
NET_SCH_PIE = lib.mkForce no;
|
|
NET_SCH_PLUG = lib.mkForce no;
|
|
NET_SCH_QFQ = lib.mkForce no;
|
|
NET_SCH_RED = lib.mkForce no;
|
|
NET_SCH_SFB = lib.mkForce no;
|
|
NET_SCH_SFQ = lib.mkForce no;
|
|
NET_SCH_SKBPRIO = lib.mkForce no;
|
|
NET_SCH_TAPRIO = lib.mkForce no;
|
|
NET_SCH_TEQL = lib.mkForce no;
|
|
|
|
# battery charger PMIC drivers — all mobile/embedded SoCs, none of these
|
|
# exist on x86 laptops/desktops (which use ACPI battery + USB-PD via ucsi).
|
|
# CROS_* are Chromebook-specific; Framework has CrOS EC but not CrOS charging.
|
|
CHARGER_88PM860X = lib.mkForce no;
|
|
CHARGER_ADP5061 = lib.mkForce no;
|
|
CHARGER_AXP20X = lib.mkForce no;
|
|
CHARGER_BD71828 = lib.mkForce no;
|
|
CHARGER_BD99954 = lib.mkForce no;
|
|
CHARGER_BQ2415X = lib.mkForce no;
|
|
CHARGER_BQ24190 = lib.mkForce no;
|
|
CHARGER_BQ24257 = lib.mkForce no;
|
|
CHARGER_BQ24735 = lib.mkForce no;
|
|
CHARGER_BQ2515X = lib.mkForce no;
|
|
CHARGER_BQ256XX = lib.mkForce no;
|
|
CHARGER_BQ257XX = lib.mkForce no;
|
|
CHARGER_BQ25890 = lib.mkForce no;
|
|
CHARGER_BQ25980 = lib.mkForce no;
|
|
CHARGER_CROS_CONTROL = lib.mkForce no;
|
|
CHARGER_CROS_PCHG = lib.mkForce no;
|
|
CHARGER_CROS_USBPD = lib.mkForce no;
|
|
CHARGER_DA9150 = lib.mkForce no;
|
|
CHARGER_DETECTOR_MAX14656 = lib.mkForce no;
|
|
CHARGER_GPIO = lib.mkForce no;
|
|
CHARGER_ISP1704 = lib.mkForce no;
|
|
CHARGER_LP8727 = lib.mkForce no;
|
|
CHARGER_LP8788 = lib.mkForce no;
|
|
CHARGER_LT3651 = lib.mkForce no;
|
|
CHARGER_LTC4162L = lib.mkForce no;
|
|
CHARGER_MANAGER = lib.mkForce no;
|
|
CHARGER_MAX14577 = lib.mkForce no;
|
|
CHARGER_MAX77650 = lib.mkForce no;
|
|
CHARGER_MAX77693 = lib.mkForce no;
|
|
CHARGER_MAX77705 = lib.mkForce no;
|
|
CHARGER_MAX77976 = lib.mkForce no;
|
|
CHARGER_MAX8903 = lib.mkForce no;
|
|
CHARGER_MAX8971 = lib.mkForce no;
|
|
CHARGER_MAX8997 = lib.mkForce no;
|
|
CHARGER_MAX8998 = lib.mkForce no;
|
|
CHARGER_MP2629 = lib.mkForce no;
|
|
CHARGER_MT6360 = lib.mkForce no;
|
|
CHARGER_MT6370 = lib.mkForce no;
|
|
CHARGER_PF1550 = lib.mkForce no;
|
|
CHARGER_RK817 = lib.mkForce no;
|
|
CHARGER_RT5033 = lib.mkForce no;
|
|
CHARGER_RT9455 = lib.mkForce no;
|
|
CHARGER_RT9467 = lib.mkForce no;
|
|
CHARGER_RT9471 = lib.mkForce no;
|
|
CHARGER_RT9756 = lib.mkForce no;
|
|
CHARGER_SBS = lib.mkForce no;
|
|
CHARGER_SMB347 = lib.mkForce no;
|
|
CHARGER_TPS65090 = lib.mkForce no;
|
|
CHARGER_TPS65217 = lib.mkForce no;
|
|
CHARGER_TWL4030 = lib.mkForce no;
|
|
CHARGER_TWL6030 = lib.mkForce no;
|
|
CHARGER_UCS1002 = lib.mkForce no;
|
|
CHARGER_WILCO = lib.mkForce no;
|
|
|
|
# enterprise storage stack (kept: DM_CRYPT for LUKS, DM_SNAPSHOT/INTEGRITY/VERITY, MD_RAID0/1/10/456 in case)
|
|
DM_MULTIPATH = lib.mkForce no;
|
|
DM_MULTIPATH_QL = lib.mkForce no;
|
|
DM_MULTIPATH_ST = lib.mkForce no;
|
|
DM_MULTIPATH_HST = lib.mkForce no;
|
|
DM_MULTIPATH_IOA = lib.mkForce no;
|
|
DM_VDO = lib.mkForce no;
|
|
DM_PCACHE = lib.mkForce no;
|
|
DM_ZONED = lib.mkForce no;
|
|
DM_LOG_USERSPACE = lib.mkForce no;
|
|
DM_EBS = lib.mkForce no;
|
|
DM_ERA = lib.mkForce no;
|
|
DM_DUST = lib.mkForce no;
|
|
DM_DELAY = lib.mkForce no;
|
|
DM_FLAKEY = lib.mkForce no;
|
|
DM_SWITCH = lib.mkForce no;
|
|
DM_LOG_WRITES = lib.mkForce no;
|
|
DM_CLONE = lib.mkForce no;
|
|
DM_UNSTRIPED = lib.mkForce no;
|
|
DM_CACHE = lib.mkForce no;
|
|
DM_WRITECACHE = lib.mkForce no;
|
|
DM_THIN_PROVISIONING = lib.mkForce no;
|
|
MD_CLUSTER = lib.mkForce no;
|
|
MD_LINEAR = lib.mkForce no;
|
|
SCSI_DH_RDAC = lib.mkForce no;
|
|
SCSI_DH_HP_SW = lib.mkForce no;
|
|
SCSI_ENCLOSURE = lib.mkForce no;
|
|
};
|
|
}
|
|
];
|
|
|
|
# aes_generic is built-in as of linux 7.0, no longer a loadable module
|
|
initrd.luks.cryptoModules = lib.mkForce (
|
|
lib.filter (m: m != "aes_generic") options.boot.initrd.luks.cryptoModules.default
|
|
);
|
|
|
|
# some default initrd modules (ata_piix etc) don't exist with ATA_SFF=n
|
|
initrd.allowMissingModules = true;
|
|
|
|
lanzaboote = {
|
|
enable = true;
|
|
# TODO: proper secrets management so this is not stored in nix store
|
|
pkiBundle = "/var/lib/sbctl";
|
|
};
|
|
|
|
# Bootloader.
|
|
loader = {
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
timeout = 1;
|
|
/*
|
|
Lanzaboote currently replaces the systemd-boot module.
|
|
This setting is usually set to true in configuration.nix
|
|
generated at installation time. So we force it to false
|
|
for now.
|
|
*/
|
|
systemd-boot.enable = lib.mkForce false;
|
|
systemd-boot.configurationLimit = 10;
|
|
};
|
|
|
|
initrd = {
|
|
systemd.enable = true;
|
|
compressor = "zstd";
|
|
kernelModules = [ "amdgpu" ]; # own the display from initrd, no fbcon handoff
|
|
availableKernelModules = [
|
|
"xhci_pci"
|
|
"thunderbolt"
|
|
"nvme"
|
|
"usbhid"
|
|
];
|
|
};
|
|
|
|
kernelModules = [
|
|
"kvm-amd"
|
|
"ip_tables"
|
|
"iptable_nat"
|
|
"msr"
|
|
"btusb"
|
|
];
|
|
};
|
|
|
|
services = {
|
|
# auto detect network printers
|
|
avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
# Enable CUPS to print documents.
|
|
printing = {
|
|
enable = true;
|
|
drivers = with pkgs; [ hplip ];
|
|
};
|
|
|
|
# I don't want fingerprint login
|
|
fprintd.enable = false;
|
|
|
|
# Making sure mullvad works on boot
|
|
mullvad-vpn.enable = true;
|
|
|
|
# power statistics
|
|
upower.enable = true;
|
|
|
|
# power profiles for noctalia shell
|
|
power-profiles-daemon.enable = true;
|
|
|
|
# geolocation (uses beacondb.net by default)
|
|
geoclue2 = {
|
|
enable = true;
|
|
appConfig.zen-twilight = {
|
|
isAllowed = true;
|
|
isSystem = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
# Enable Bluetooth
|
|
hardware.bluetooth = {
|
|
enable = true;
|
|
powerOnBoot = true;
|
|
|
|
# Enable experimental features for battery % of bluetooth devices
|
|
settings.General.Experimental = true;
|
|
};
|
|
|
|
# Apply gtk themes by enabling dconf
|
|
programs.dconf.enable = true;
|
|
|
|
# Enable sound with pipewire.
|
|
services.pulseaudio.enable = false; # pipewire >>>>>>> pulseaudio
|
|
security.rtkit.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
alsa.support32Bit = true;
|
|
pulse.enable = true;
|
|
};
|
|
|
|
# Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`)
|
|
users.users.${username} = {
|
|
isNormalUser = true;
|
|
extraGroups = [
|
|
"networkmanager"
|
|
"wheel"
|
|
"video"
|
|
"camera"
|
|
"adbusers"
|
|
];
|
|
hashedPasswordFile = config.age.secrets.password-hash.path;
|
|
};
|
|
|
|
services.gvfs.enable = true;
|
|
programs.gphoto2.enable = true;
|
|
|
|
# Enable thermal data
|
|
services.thermald.enable = true;
|
|
|
|
services.pcscd.enable = true;
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
pinentryPackage = pkgs.pinentry-curses;
|
|
enableSSHSupport = false;
|
|
};
|
|
|
|
# System packages
|
|
environment.systemPackages = with pkgs; [
|
|
# mullvad-vpn is provided by services.mullvad-vpn.enable
|
|
|
|
#secureboot ctl
|
|
sbctl
|
|
|
|
dmidecode
|
|
|
|
glib
|
|
usbutils
|
|
libmtp
|
|
man-pages
|
|
man-pages-posix
|
|
|
|
# needed for home-manager
|
|
git
|
|
|
|
tmux
|
|
android-tools
|
|
];
|
|
|
|
# wayland with electron/chromium applications
|
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
|
|
|
# port 53317 for localsend
|
|
networking.firewall.allowedUDPPorts = [ 53317 ];
|
|
networking.firewall.allowedTCPPorts = [ 53317 ];
|
|
|
|
system.stateVersion = "25.05";
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
|
|
documentation.enable = true;
|
|
documentation.man.enable = true;
|
|
documentation.dev.enable = true;
|
|
}
|