thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: thunderbottom:8f4c7fe4cc7fe14236a746afef4e123c84508542
Branches Tags
thunderbottom:main
thunderbottom:master
..
compare: thunderbottom:381924aee19816d40769bd160f11acab73a48a7c
Branches Tags
thunderbottom:main
thunderbottom:master

3 Commits
8f4c7fe4cc ... 381924aee1

Author SHA1 Message Date
Chinmay D. Pai
381924aee1
feat: upgrade from thinkpad x1 9th-gen to 12th-gen 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-09-02 20:51:39 +05:30
Chinmay D. Pai
37a10b7fe2
chore: remove unused iproute2 from netbird 
Yet another failed experiment to check why netbird fails to connect after
suspending the system. Turns out none of this was needed after all.

All that was needed was to stop systemd from managing foreign routing policy
rules:

systemd.network.config.networkConfig.ManageForeignRoutingPolicyRules = false;

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-09-02 20:48:47 +05:30
Chinmay D. Pai
b6931cbb9b
chore: remove profile sync daemon 
Since we've moved to firefox profiles managed by nix, declaratively,
we do not need profile sync daemon.

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-09-02 20:47:33 +05:30
5 changed files with 202 additions and 130 deletions
Show Stats Expand all files Collapse all files

10
flake.nix
View File

@ -19,14 +19,14 @@
systems.modules.nixos = with inputs; [
agenix.nixosModules.age
chaotic.nixosModules.default
disko.nixosModules.disko
nur.nixosModules.nur
srvos.nixosModules.common
srvos.nixosModules.mixins-systemd-boot
];
systems.hosts.thonkpad.modules = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-12th-gen
inputs.lanzaboote.nixosModules.lanzaboote
];
systems.hosts.thonkpad.specialArgs = {
@ -39,6 +39,10 @@
};
systems.hosts.smolboye.modules = [inputs.srvos.nixosModules.server];
homes.modules = with inputs; [
nur.hmModules.nur
];
overlays = [(_: prev: {inherit (inputs.maych-in.packages.${prev.system}) maych-in;})];
channels-config.allowUnfree = true;
@ -70,6 +74,8 @@
agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "nixpkgs";
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";

246
homes/x86_64-linux/chnmy@thonkpad/default.nix
View File

@ -1,6 +1,6 @@
{
config,
inputs,
lib,
pkgs,
...
}: {
@ -31,100 +31,170 @@
programs.firefox = {
enable = true;
package = inputs.firefox.packages.${pkgs.system}.firefox-nightly-bin.override {
cfg = {
pipewireSupport = true;
policies = {
DisableFirefoxStudies = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
OfferToSaveLoginsDefault = false;
DisableTelemetry = true;
DisablePocket = true;
DisableFirefoxAccounts = true;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DontCheckDefaultBrowser = true;
DisplayMenuBar = "default-off";
SearchBar = "unified";
NoDefaultBookmarks = true;
DisplayBookmarksToolbar = "never";
Preferences = let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = false;
Status = "locked";
};
lock-empty-string = {
Value = false;
Status = "locked";
};
in {
"toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
# Remove poluting defaults
"extensions.pocket.enabled" = lock-false;
# Remove default top sites
"browser.topsites.contile.enabled" = lock-false;
"browser.urlbar.suggest.topsites" = lock-false;
# Remove sponsored sites
"browser.newtabpage.pinned" = lock-empty-string;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
# Remove firefox shiny buttons
"browser.tabs.firefox-view" = false;
"browser.tabs.firefox-view-next" = false;
# Style
"browser.compactmode.show" = lock-true;
"browser.uidensity" = {
Value = 1;
Status = "locked";
};
# Fonts - make web pages follow system font
"browser.display.use_document_fonts" = {
Value = 0;
Status = "locked";
};
};
};
# extensions = with config.nur.repos.rycee.firefox-addons; [
# bitwarden
# clearurls
# duckduckgo-privacy-essentials
# reddit-enhancement-suite
# sponsorblock
# ublock-origin
# ];
# policies = {
# DisableFirefoxStudies = true;
# EnableTrackingProtection = {
# Value = true;
# Locked = true;
# Cryptomining = true;
# Fingerprinting = true;
# };
# OfferToSaveLoginsDefault = false;
profiles.ff = {
extensions = with config.nur.repos.rycee.firefox-addons; [
bitwarden
clearurls
duckduckgo-privacy-essentials
reddit-enhancement-suite
sponsorblock
ublock-origin
];
bookmarks = {};
settings = {
"browser.startup.homepage" = "about:home";
# DisableTelemetry = true;
# DisablePocket = true;
# DisableFirefoxAccounts = true;
# OverrideFirstRunPage = "";
# OverridePostUpdatePage = "";
# DontCheckDefaultBrowser = true;
# DisplayMenuBar = "default-off";
# SearchBar = "unified";
# NoDefaultBookmarks = true;
# DisplayBookmarksToolbar = "never";
# Preferences = let
# lock-false = {
# Value = false;
# Status = "locked";
# };
# lock-true = {
# Value = false;
# Status = "locked";
# };
# lock-empty-string = {
# Value = false;
# Status = "locked";
# };
# in {
# "toolkit.legacyUserProfileCustomizations.stylesheets" = lock-true;
# Disable irritating first-run stuff
"browser.disableResetPrompt" = true;
"browser.download.panel.shown" = true;
"browser.feeds.showFirstRunUI" = false;
"browser.messaging-system.whatsNewPanel.enabled" = false;
"browser.rights.3.shown" = true;
"browser.shell.checkDefaultBrowser" = false;
"browser.shell.defaultBrowserCheckCount" = 1;
"browser.startup.homepage_override.mstone" = "ignore";
"browser.uitour.enabled" = false;
"startup.homepage_override_url" = "";
"trailhead.firstrun.didSeeAboutWelcome" = true;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.bookmarks.addedImportButton" = true;
# # Remove poluting defaults
# "extensions.pocket.enabled" = lock-false;
# Don't ask for download dir
"browser.download.useDownloadDir" = false;
# # Remove default top sites
# "browser.topsites.contile.enabled" = lock-false;
# "browser.urlbar.suggest.topsites" = lock-false;
# Disable crappy home activity stream page
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false;
"browser.newtabpage.blocked" = lib.genAttrs [
# Youtube
"26UbzFJ7qT9/4DhodHKA1Q=="
# Facebook
"4gPpjkxgZzXPVtuEoAL9Ig=="
# Wikipedia
"eV8/WsSLxHadrTL1gAxhug=="
# Reddit
"gLv0ja2RYVgxKdp0I5qwvA=="
# Amazon
"K00ILysCaEq8+bEqV/3nuw=="
# Twitter
"T9nJot5PurhJSy8n038xGA=="
] (_: 1);
# # Remove sponsored sites
# "browser.newtabpage.pinned" = lock-empty-string;
# "browser.newtabpage.activity-stream.showSponsored" = lock-false;
# "browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
# "browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
# Disable some telemetry
"app.shield.optoutstudies.enabled" = false;
"browser.discovery.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.sessions.current.clean" = true;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = 2;
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
# # Remove firefox shiny buttons
# "browser.tabs.firefox-view" = false;
# "browser.tabs.firefox-view-next" = false;
# # Style
# "browser.compactmode.show" = lock-true;
# "browser.uidensity" = {
# Value = 1;
# Status = "locked";
# };
# # Fonts - make web pages follow system font
# "browser.display.use_document_fonts" = {
# Value = 0;
# Status = "locked";
# };
# "browser.tabs.loadInBackground" = true;
# "gfx.canvas.accelerated" = true;
# "gfx.webrender.enabled" = true;
# "gfx.x11-egl.force-enabled" = true;
# "layers.acceleration.force-enabled" = true;
# "media.av1.enabled" = false;
# "media.ffmpeg.vaapi.enabled" = true;
# "media.hardware-video-decoding.force-enabled" = true;
# "media.rdd-ffmpeg.enabled" = true;
# "widget.dmabuf.force-enabled" = true;
# "svg.context-properties.content.enabled" = true;
# "gnomeTheme.hideSingleTab" = true;
# "gnomeTheme.bookmarksToolbarUnderTabs" = true;
# "gnomeTheme.normalWidthTabs" = false;
# "gnomeTheme.tabsAsHeaderbar" = false;
# };
# };
# Disable fx accounts
"identity.fxaccounts.enabled" = false;
# Disable "save password" prompt
"signon.rememberSignons" = false;
# Harden
"privacy.trackingprotection.enabled" = true;
"dom.security.https_only_mode" = true;
"browser.tabs.loadInBackground" = true;
"gfx.canvas.accelerated" = true;
"gfx.webrender.enabled" = true;
"gfx.x11-egl.force-enabled" = true;
"layers.acceleration.force-enabled" = true;
"media.av1.enabled" = false;
"media.ffmpeg.vaapi.enabled" = true;
"media.hardware-video-decoding.force-enabled" = true;
"media.rdd-ffmpeg.enabled" = true;
"widget.dmabuf.force-enabled" = true;
"svg.context-properties.content.enabled" = true;
"gnomeTheme.hideSingleTab" = true;
"gnomeTheme.bookmarksToolbarUnderTabs" = true;
"gnomeTheme.normalWidthTabs" = false;
"gnomeTheme.tabsAsHeaderbar" = false;
};
};
};
home.packages = [

4
modules/nixos/desktop/default.nix
View File

@ -46,10 +46,6 @@
services.xserver.excludePackages = [pkgs.xterm];
services.xserver.desktopManager.xterm.enable = false;
# Enable profile-sync-daemon for browsers.
# ref: https://wiki.archlinux.org/title/profile-sync-daemon
services.psd.enable = true;
# Add udev rules for ADB.
services.udev.packages = [pkgs.android-udev-rules];

3
modules/nixos/networking/netbird/default.nix
View File

@ -17,9 +17,6 @@
# ref: https://github.com/NixOS/nixpkgs/issues/113589
wireguard.enable = true;
# netbird requires iproute2 route tables.
# iproute2.enable = true;
};
services.netbird.enable = true;

69
systems/x86_64-linux/thonkpad/hardware.nix
View File

@ -3,58 +3,60 @@ _: {
initrd = {
availableKernelModules = [
"xhci_pci"
"xhci_hcd"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/312b4d84-64dc-4721-9be3-bb0148199b16";
luks.devices."cryptroot".preLVM = true;
luks.devices."cryptroot".device = "/dev/disk/by-uuid/9de352ea-128f-4d56-a720-36d81dfd9b92";
};
kernelModules = [
"kvm-intel"
"thinkpad_acpi"
"iwlwifi"
"i915"
# "iwlwifi"
"xe"
];
blacklistedKernelModules = [
"iTCO_wdt"
kernelParams = [
"quiet"
"xe.force_probe=7d55"
"i915.force_probe=!7d55"
# "resume_offset=2465529"
"intel_pstate=active"
"thinkpad_acpi.fan_control=1"
];
kernelParams = ["resume_offset=2465529" "intel_pstate=active" "i915.enable_gvt=1" "i915.enable_guc=3" "thinkpad_acpi.fan_control=1"];
resumeDevice = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
supportedFilesystems = ["btrfs"];
# resumeDevice = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@"
"discard=async"
];
neededForBoot = true;
};
"/home" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@home"
"discard=async"
];
};
"/.snapshots" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
@ -62,38 +64,37 @@ _: {
"noatime"
"ssd"
"subvol=@snapshots"
"discard=async"
];
};
"/var/log" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@log"
"discard=async"
];
};
"/var/cache" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@cache"
"discard=async"
];
};
"/etc/nixos" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
@ -105,32 +106,34 @@ _: {
};
"/nix" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
fsType = "btrfs";
options = [
"defaults"
"autodefrag"
"compress-force=zstd"
"noatime"
"ssd"
"subvol=@nix-store"
"discard=async"
];
};
# TODO: setup swap
# ref: https://sawyershepherd.org/post/hibernating-to-an-encrypted-swapfile-on-btrfs-with-nixos/
"/swap" = {
device = "/dev/disk/by-uuid/d5c21883-f0e6-4e7a-b9a5-ee0bf4780ec5";
fsType = "btrfs";
options = [
"subvol=@swap"
"noatime"
];
};
# "/swap" = {
# device = "/dev/disk/by-uuid/870fde90-a91a-4554-8b1c-d5702c789f4d";
# fsType = "btrfs";
# options = [
# "subvol=@swap"
# "noatime"
# ];
# };
"/boot" = {
device = "/dev/disk/by-uuid/90A5-35FF";
device = "/dev/disk/by-uuid/7FBB-9E80";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [{device = "/swap/swapfile";}];
swapDevices = [];
}