]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/oignon/hardware.nix
dnscrypt-proxy2: fix SystemCallFilter
[julm/julm-nix.git] / hosts / oignon / hardware.nix
1 { config, lib, pkgs, hostName, ... }:
2 {
3 hardware.cpu.intel.updateMicrocode = true;
4 powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
5 services.thinkfan = {
6 enable = true;
7 smartSupport = true;
8 levels = [
9 [0 0 57]
10 [1 56 62]
11 [2 61 65]
12 [3 64 66]
13 [4 65 68]
14 [5 67 71]
15 [6 70 76]
16 [7 75 81]
17 [127 80 32767]
18 ];
19 };
20 hardware.acpilight.enable = true;
21 services.acpid = {
22 enable = true;
23 handlers = {
24 brightnessDown = {
25 event = "video/brightnessdown.*";
26 action = "${pkgs.acpilight}/bin/xbacklight -dec 5";
27 };
28 brightnessUp = {
29 event = "video/brightnessup.*";
30 action = "${pkgs.acpilight}/bin/xbacklight -inc 5";
31 };
32 acAdapter = {
33 event = "ac_adapter/*";
34 action = ''
35 vals=($1)
36 case ''${vals[3]} in
37 00000000) # unplugged
38 ${pkgs.linuxPackages.cpupower}/bin/cpupower frequency-set -g powersave;;
39 00000001) # plugged in
40 ${pkgs.linuxPackages.cpupower}/bin/cpupower frequency-set -g ondemand;;
41 esac
42 '';
43 };
44 };
45 };
46
47 # https://bugzilla.kernel.org/show_bug.cgi?id=110941
48 boot.kernelParams = [ "intel_pstate=no_hwp" ];
49 boot.kernelModules = [ "kvm-intel" ];
50 boot.cleanTmpDir = true;
51 boot.tmpOnTmpfs = true;
52 boot.extraModulePackages = [
53 config.boot.kernelPackages.exfat-nofuse
54 ];
55 boot.loader.grub = {
56 enable = true;
57 version = 2;
58 device = "/dev/disk/by-id/ata-Samsung_SSD_850_PRO_128GB_S1SMNSAFC36436X";
59 configurationLimit = 3;
60 #zfsSupport = true;
61 /*
62 efiSupport = true;
63 efi = {
64 canTouchEfiVariables = false;
65 efiSysMountPoint = "/boot/efi";
66 };
67 */
68 #enableCryptodisk = true;
69 };
70
71 fileSystems."/boot" =
72 { device = "/dev/disk/by-partlabel/${hostName}_ssd_boot";
73 fsType = "ext2";
74 };
75 fileSystems."/boot/efi" =
76 { device = "/dev/disk/by-partlabel/${hostName}_ssd_efi";
77 fsType = "vfat";
78 };
79 swapDevices = [
80 { device = "/dev/disk/by-partlabel/${hostName}_ssd_swap";
81 randomEncryption = {
82 enable = true;
83 cipher = "aes-xts-plain64";
84 source = "/dev/urandom";
85 };
86 }
87 ];
88 zramSwap = {
89 enable = true;
90 algorithm = lib.mkDefault "zstd";
91 # There is little point creating a zram of greater
92 # than twice the size of memory
93 # since we expect a 2:1 compression ratio.
94 # Note that zram uses about 0.1% of the size of the disk
95 # when not in use so a huge zram is wasteful.
96 memoryPercent = lib.mkDefault 150;
97 # Linux supports multithreaded compression for 1 device since 3.15.
98 # See https://lkml.org/lkml/2014/2/28/404 for details.
99 swapDevices = lib.mkDefault 1;
100 };
101 boot.kernel.sysctl = {
102 # Increase cache pressure, which increases the tendency of the kernel to
103 # reclaim memory used for caching of directory and inode objects. You will use
104 # less memory over a longer period of time. The performance hit is negated by
105 # the downside of swapping sooner.
106 "vm.vfs_cache_pressure" = lib.mkDefault 500;
107
108 # Increasing how aggressively the kernel will swap memory pages since we are
109 # using ZRAM first.
110 "vm.swappiness" = lib.mkDefault 100;
111
112 # Background processes will start writing right away when it hits the 1% limit
113 "vm.dirty_background_ratio" = lib.mkDefault 1;
114
115 # The system won’t force synchronous I/O until it gets to 50% dirty_ratio.
116 "vm.dirty_ratio" = lib.mkDefault 50;
117 };
118
119 # The 32-bit host id of the host, formatted as 8 hexadecimal characters.
120 # You should try to make this id unique among your hosts.
121 # Manually generated with : head -c4 /dev/urandom | od -A none -t x4 | cut -d ' ' -f 2
122 networking.hostId = "ce53d0c3";
123
124 # none is the recommended elevator with ZFS (which has its own I/O scheduler)
125 # and/or for SSD, whereas HDD could use mq-deadline.
126 services.udev.extraRules = ''
127 # set none scheduler for non-rotating disks
128 ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="none"
129 '';
130
131 boot.supportedFilesystems = [ "ntfs" "vfat" "zfs" ];
132 boot.initrd.supportedFilesystems = [ "zfs" ];
133 boot.initrd.availableKernelModules = [
134 "ahci"
135 "drbg"
136 "ehci_pci"
137 "gf128mul"
138 "hmac"
139 "sd_mod"
140 ];
141
142 boot.zfs.forceImportAll = false;
143 boot.zfs.forceImportRoot = false;
144 boot.zfs.enableUnstable = false;
145 boot.zfs.requestEncryptionCredentials = [ hostName ];
146 services.zfs.autoScrub.enable = true;
147
148 fileSystems."/" =
149 { device = "${hostName}/root";
150 fsType = "zfs";
151 };
152 fileSystems."/nix" =
153 { device = "${hostName}/nix";
154 fsType = "zfs";
155 };
156 fileSystems."/var" =
157 { device = "${hostName}/var";
158 fsType = "zfs";
159 };
160
161 }