{ repoFlake, nodeFlake, pkgs, lib, config, nodeName, system, ... }: { nixos-x13s = { enable = true; # TODO: use hardware address bluetoothMac = "65:9e:7a:8b:86:28"; }; systemd.services.bluetooth-mac = { enable = true; path = [ pkgs.systemd pkgs.util-linux pkgs.bluez5-experimental pkgs.expect ]; script = '' # TODO: this may not be required while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do echo Waiting for bluetooth firmware to complete echo sleep 1 done ( # best effort set +e rfkill block bluetooth echo $? btmgmt public-addr ${config.nixos-x13s.bluetoothMac} echo $? rfkill unblock bluetooth echo $? ) ''; requiredBy = [ "bluetooth.service" ]; before = [ "bluetooth.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; # we need a tty, otherwise btmgmt will hang StandardInput = "tty"; TTYPath = "/dev/tty2"; TTYReset = "yes"; TTYVHangup = "yes"; }; }; imports = [ nodeFlake.inputs.nixos-x13s.nixosModules.default repoFlake.inputs.sops-nix.nixosModules.sops nodeFlake.inputs.disko.nixosModules.disko ./disko.nix ../../snippets/nix-settings.nix ../../profiles/common/user.nix { services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; services.openssh.openFirewall = true; sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.defaultSopsFormat = "yaml"; users.commonUsers = { enable = true; enableNonRoot = true; }; } ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix ../../snippets/timezone.nix ../../snippets/radicale.nix ]; networking.hostName = nodeName; networking.firewall.enable = true; networking.networkmanager.enable = true; nixpkgs.config.allowUnfree = true; environment.systemPackages = [ pkgs.sshfs pkgs.util-linux pkgs.coreutils pkgs.vim pkgs.git pkgs.git-crypt ]; system.stateVersion = "23.11"; home-manager.users.root = _: { home.stateVersion = "23.11"; }; home-manager.users.steveej = _: { home.stateVersion = "23.11"; imports = [ ../../../home-manager/configuration/graphical-fullblown.nix ]; home.sessionVariables = { }; home.packages = with pkgs; [ ]; # TODO: currently unsupported services.gammastep.enable = lib.mkForce false; # programs.chromium.enable = lib.mkForce false; }; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = [ "wwan" ]; initrd.kernelModules = [ "uas" "usb_storage" "phy_qcom_qmp_pcie" "phy_qcom_qmp_combo" "phy_qcom_snps_femto_v2" "phy_qcom_qmp_pcie" "phy_qcom_qmp_usb" "xhci-pci-renesas" "msm" ]; initrd.extraFiles = { "firmware/qcom/sc8280xp/LENOVO/21BX/adspr.jsn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/adspua.jsn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/audioreach-tplg.bin".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/battmgr.jsn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/cdspr.jsn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcadsp8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qccdsp8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcdxkmsuc8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcslpi8280.mbn".source = pkgs.linux-firmware; "firmware/qcom/sc8280xp/LENOVO/21BX/qcvss8280.mbn".source = nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware"; }; }; hardware.firmware = [ pkgs.linux-firmware nodeFlake.inputs.nixos-x13s.packages.${system}."x13s/extra-firmware" ]; hardware.enableAllFirmware = true; # see https://linrunner.de/tlp/ services.tlp = { enable = true; settings = { START_CHARGE_THRESH_BAT0 = "80"; STOP_CHARGE_THRESH_BAT0 = "85"; }; }; # android on linux virtualisation.waydroid.enable = true; virtualisation.podman.enable = true; virtualisation.podman.dockerCompat = true; }