From 381924aee19816d40769bd160f11acab73a48a7c Mon Sep 17 00:00:00 2001 From: "Chinmay D. Pai" Date: Mon, 2 Sep 2024 20:51:39 +0530 Subject: [PATCH] feat: upgrade from thinkpad x1 9th-gen to 12th-gen Signed-off-by: Chinmay D. Pai --- flake.nix | 10 +- homes/x86_64-linux/chnmy@thonkpad/default.nix | 246 +++++++++++------- systems/x86_64-linux/thonkpad/hardware.nix | 69 ++--- 3 files changed, 202 insertions(+), 123 deletions(-) diff --git a/flake.nix b/flake.nix index 5d2db72..3099b91 100644 --- a/flake.nix +++ b/flake.nix @@ -19,14 +19,14 @@ systems.modules.nixos = with inputs; [ agenix.nixosModules.age + chaotic.nixosModules.default disko.nixosModules.disko - nur.nixosModules.nur srvos.nixosModules.common srvos.nixosModules.mixins-systemd-boot ]; systems.hosts.thonkpad.modules = [ - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen inputs.lanzaboote.nixosModules.lanzaboote ]; systems.hosts.thonkpad.specialArgs = { @@ -39,6 +39,10 @@ }; systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server]; + homes.modules = with inputs; [ + nur.hmModules.nur + ]; + overlays = [(_: prev: {inherit (inputs.maych-in.packages.${prev.system}) maych-in;})]; channels-config.allowUnfree = true; @@ -70,6 +74,8 @@ agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.home-manager.follows = "nixpkgs"; + chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; + deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/homes/x86_64-linux/chnmy@thonkpad/default.nix b/homes/x86_64-linux/chnmy@thonkpad/default.nix index c97b486..06acac3 100644 --- a/homes/x86_64-linux/chnmy@thonkpad/default.nix +++ b/homes/x86_64-linux/chnmy@thonkpad/default.nix @@ -1,6 +1,6 @@ { config, - inputs, + lib, pkgs, ... }: { @@ -31,100 +31,170 @@ programs.firefox = { enable = true; - package = inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.override { - cfg = { - pipewireSupport = true; + policies = { + DisableFirefoxStudies = true; + EnableTrackingProtection = { + Value = true; + Locked = true; + Cryptomining = true; + Fingerprinting = true; + }; + OfferToSaveLoginsDefault = false; + DisableTelemetry = true; + DisablePocket = true; + DisableFirefoxAccounts = true; + OverrideFirstRunPage = ""; + OverridePostUpdatePage = ""; + DontCheckDefaultBrowser = true; + DisplayMenuBar = "default-off"; + SearchBar = "unified"; + NoDefaultBookmarks = true; + DisplayBookmarksToolbar = "never"; + Preferences = let + lock-false = { + Value = false; + Status = "locked"; + }; + lock-true = { + Value = false; + Status = "locked"; + }; + lock-empty-string = { + Value = false; + Status = "locked"; + }; + in { + "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; + + # Remove poluting defaults + "extensions.pocket.enabled" = lock-false; + + # Remove default top sites + "browser.topsites.contile.enabled" = lock-false; + "browser.urlbar.suggest.topsites" = lock-false; + + # Remove sponsored sites + "browser.newtabpage.pinned" = lock-empty-string; + "browser.newtabpage.activity-stream.showSponsored" = lock-false; + "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; + + # Remove firefox shiny buttons + "browser.tabs.firefox-view" = false; + "browser.tabs.firefox-view-next" = false; + # Style + "browser.compactmode.show" = lock-true; + "browser.uidensity" = { + Value = 1; + Status = "locked"; + }; + # Fonts - make web pages follow system font + "browser.display.use_document_fonts" = { + Value = 0; + Status = "locked"; + }; }; }; - # extensions = with config.nur.repos.rycee.firefox-addons; [ - # bitwarden - # clearurls - # duckduckgo-privacy-essentials - # reddit-enhancement-suite - # sponsorblock - # ublock-origin - # ]; - # policies = { - # DisableFirefoxStudies = true; - # EnableTrackingProtection = { - # Value = true; - # Locked = true; - # Cryptomining = true; - # Fingerprinting = true; - # }; - # OfferToSaveLoginsDefault = false; + profiles.ff = { + extensions = with config.nur.repos.rycee.firefox-addons; [ + bitwarden + clearurls + duckduckgo-privacy-essentials + reddit-enhancement-suite + sponsorblock + ublock-origin + ]; + bookmarks = {}; + settings = { + "browser.startup.homepage" = "about:home"; - # DisableTelemetry = true; - # DisablePocket = true; - # DisableFirefoxAccounts = true; - # OverrideFirstRunPage = ""; - # OverridePostUpdatePage = ""; - # DontCheckDefaultBrowser = true; - # DisplayMenuBar = "default-off"; - # SearchBar = "unified"; - # NoDefaultBookmarks = true; - # DisplayBookmarksToolbar = "never"; - # Preferences = let - # lock-false = { - # Value = false; - # Status = "locked"; - # }; - # lock-true = { - # Value = false; - # Status = "locked"; - # }; - # lock-empty-string = { - # Value = false; - # Status = "locked"; - # }; - # in { - # "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true; + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; - # # Remove poluting defaults - # "extensions.pocket.enabled" = lock-false; + # Don't ask for download dir + "browser.download.useDownloadDir" = false; - # # Remove default top sites - # "browser.topsites.contile.enabled" = lock-false; - # "browser.urlbar.suggest.topsites" = lock-false; + # Disable crappy home activity stream page + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Youtube + "26UbzFJ7qT9/4DhodHKA1Q==" + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Wikipedia + "eV8/WsSLxHadrTL1gAxhug==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); - # # Remove sponsored sites - # "browser.newtabpage.pinned" = lock-empty-string; - # "browser.newtabpage.activity-stream.showSponsored" = lock-false; - # "browser.newtabpage.activity-stream.system.showSponsored" = lock-false; - # "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false; + # Disable some telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; - # # Remove firefox shiny buttons - # "browser.tabs.firefox-view" = false; - # "browser.tabs.firefox-view-next" = false; - # # Style - # "browser.compactmode.show" = lock-true; - # "browser.uidensity" = { - # Value = 1; - # Status = "locked"; - # }; - # # Fonts - make web pages follow system font - # "browser.display.use_document_fonts" = { - # Value = 0; - # Status = "locked"; - # }; - - # "browser.tabs.loadInBackground" = true; - # "gfx.canvas.accelerated" = true; - # "gfx.webrender.enabled" = true; - # "gfx.x11-egl.force-enabled" = true; - # "layers.acceleration.force-enabled" = true; - # "media.av1.enabled" = false; - # "media.ffmpeg.vaapi.enabled" = true; - # "media.hardware-video-decoding.force-enabled" = true; - # "media.rdd-ffmpeg.enabled" = true; - # "widget.dmabuf.force-enabled" = true; - # "svg.context-properties.content.enabled" = true; - # "gnomeTheme.hideSingleTab" = true; - # "gnomeTheme.bookmarksToolbarUnderTabs" = true; - # "gnomeTheme.normalWidthTabs" = false; - # "gnomeTheme.tabsAsHeaderbar" = false; - # }; - # }; + # Disable fx accounts + "identity.fxaccounts.enabled" = false; + # Disable "save password" prompt + "signon.rememberSignons" = false; + # Harden + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + "browser.tabs.loadInBackground" = true; + "gfx.canvas.accelerated" = true; + "gfx.webrender.enabled" = true; + "gfx.x11-egl.force-enabled" = true; + "layers.acceleration.force-enabled" = true; + "media.av1.enabled" = false; + "media.ffmpeg.vaapi.enabled" = true; + "media.hardware-video-decoding.force-enabled" = true; + "media.rdd-ffmpeg.enabled" = true; + "widget.dmabuf.force-enabled" = true; + "svg.context-properties.content.enabled" = true; + "gnomeTheme.hideSingleTab" = true; + "gnomeTheme.bookmarksToolbarUnderTabs" = true; + "gnomeTheme.normalWidthTabs" = false; + "gnomeTheme.tabsAsHeaderbar" = false; + }; + }; }; home.packages = [ diff --git a/systems/x86_64-linux/thonkpad/hardware.nix b/systems/x86_64-linux/thonkpad/hardware.nix index 650360e..06fd38e 100644 --- a/systems/x86_64-linux/thonkpad/hardware.nix +++ b/systems/x86_64-linux/thonkpad/hardware.nix @@ -3,58 +3,60 @@ _: { initrd = { availableKernelModules = [ "xhci_pci" - "xhci_hcd" + "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - luks.devices."cryptroot".device = "/dev/disk/by-uuid/312b4d84-64dc-4721-9be3-bb0148199b16"; - luks.devices."cryptroot".preLVM = true; + luks.devices."cryptroot".device = "/dev/disk/by-uuid/9de352ea-128f-4d56-a720-36d81dfd9b92"; }; kernelModules = [ "kvm-intel" "thinkpad_acpi" - "iwlwifi" - "i915" + # "iwlwifi" + "xe" ]; - blacklistedKernelModules = [ - "iTCO_wdt" + kernelParams = [ + "quiet" + "xe.force_probe=7d55" + "i915.force_probe=!7d55" + # "resume_offset=2465529" + "intel_pstate=active" + "thinkpad_acpi.fan_control=1" ]; - kernelParams = ["resume_offset=2465529" "intel_pstate=active" "i915.enable_gvt=1" "i915.enable_guc=3" "thinkpad_acpi.fan_control=1"]; - resumeDevice = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; - supportedFilesystems = ["btrfs"]; + # resumeDevice = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; }; fileSystems = { "/" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" + "autodefrag" "compress-force=zstd" "noatime" "ssd" "subvol=@" - "discard=async" ]; neededForBoot = true; }; "/home" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" + "autodefrag" "compress-force=zstd" "noatime" "ssd" "subvol=@home" - "discard=async" ]; }; "/.snapshots" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" @@ -62,38 +64,37 @@ _: { "noatime" "ssd" "subvol=@snapshots" - "discard=async" ]; }; "/var/log" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" + "autodefrag" "compress-force=zstd" "noatime" "ssd" "subvol=@log" - "discard=async" ]; }; "/var/cache" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" + "autodefrag" "compress-force=zstd" "noatime" "ssd" "subvol=@cache" - "discard=async" ]; }; "/etc/nixos" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" @@ -105,32 +106,34 @@ _: { }; "/nix" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; + device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; fsType = "btrfs"; options = [ "defaults" + "autodefrag" "compress-force=zstd" "noatime" "ssd" "subvol=@nix-store" - "discard=async" ]; }; + # TODO: setup swap # ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/ - "/swap" = { - device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5"; - fsType = "btrfs"; - options = [ - "subvol=@swap" - "noatime" - ]; - }; + # "/swap" = { + # device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d"; + # fsType = "btrfs"; + # options = [ + # "subvol=@swap" + # "noatime" + # ]; + # }; "/boot" = { - device = "/dev/disk/by-uuid/90A5-35FF"; + device = "/dev/disk/by-uuid/7FBB-9E80"; fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; }; }; - swapDevices = [{device = "/swap/swapfile";}]; + swapDevices = []; }