add aoife

hosts/thalassa/aoife/README.md

@@ -0,0 +1,22 @@
+# Aoife
+This is the NixOS config for my laptop `aoife`.
+
+## Hardware
+This is a Thinkpad Z16 Gen 1.
+
+**CPU**: AMD Ryzen 9 PRO 6950H (16 cores) @ 4.935GHz
+
+**RAM**: 32GB LPDDR5 6400MHz
+
+**SCREEN**: 16" 3840 x 2400 OLED
+
+**GPU**: AMD Radeon™ RX 6500M, 4 GB, GDDR6
+
+
+## Software
+**OS**: NixOS
+
+**DE**: Gnome
+
+**Shell**: ZSH (grml)
+

hosts/thalassa/aoife/default.nix

@@ -0,0 +1,44 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ inputs, lib, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
+    ./hardware.nix
+  ];
+
+  # Bootloader.
+  boot = {
+    bootspec.enable = true;
+    initrd.kernelModules = [ "amdgpu" ];
+    resumeDevice = "/dev/nvme0n1p2";
+    loader.systemd-boot.enable = lib.mkForce false;
+
+    kernel.sysctl = {
+      "perf_event_paranoid" = 1;
+      "kptr_restrict" = 0;
+    };
+    lanzaboote = {
+      enable = true;
+      configurationLimit = 5;
+      pkiBundle = "/etc/secureboot";
+    };
+  };
+
+  home-manager.users.vivian = import ./home;
+
+  # Enable Ozone rendering for Chromium and Electron apps.
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  # environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

hosts/thalassa/aoife/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  boot = {
+
+    initrd.availableKernelModules =
+      [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/c184866a-9a53-4a9f-9a1f-493792af7ea9";
+    fsType = "btrfs";
+    options = [ "subvol=@" ];
+  };
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/5BB8-7503";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/bedb5b75-578e-441f-a9eb-2ecff1f4cfca"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+}

hosts/thalassa/aoife/hardware.nix

@@ -0,0 +1,55 @@
+{ pkgs, ... }: {
+  hardware = {
+    enableAllFirmware = true;
+
+    bluetooth.enable = true;
+
+    # Vulkan
+    opengl.driSupport = true;
+    opengl.extraPackages = with pkgs; [
+      amdvlk
+      rocm-opencl-icd
+      rocm-opencl-runtime
+    ];
+  };
+  services = {
+
+    hardware.bolt.enable = true;
+
+    fprintd.enable = true;
+
+    # Video Driver
+    xserver.videoDrivers = [ "amdgpu" ];
+    xserver = {
+      dpi = 280;
+      xkbOptions = "caps:swapescape";
+    };
+
+    # SSD Trim
+    fstrim.enable = true;
+
+    # Power Management
+    upower.enable = true;
+    thermald.enable = true;
+  };
+
+  # hardware.trackpoint.enable = true;
+
+  # FS
+  fileSystems."/".options = [ "compress=zstd" ];
+
+  powerManagement = {
+    enable = true;
+    powertop.enable = true;
+  };
+  security = {
+    tpm2 = {
+
+      # tpm
+      enable = true;
+      pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
+      tctiEnvironment.enable = true;
+    };
+  }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
+  users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices
+}

hosts/thalassa/aoife/home/.gitignore

@@ -0,0 +1 @@
+*dconf_dump*

hosts/thalassa/aoife/home/default.nix

@@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+  # Custom dconf settings
+  dconf.settings."org/gnome/desktop/input-sources" = {
+    xkb-options = [ "caps:swapescape" ];
+  };
+
+  programs.zsh.envExtra = ''
+    source ~/.zshrc.secrets
+  '';
+
+  home.packages = with pkgs; [
+    libreoffice-fresh
+    jetbrains.clion
+    jetbrains.rust-rover
+  ];
+}