added stuff

nyx/modules/core/common/system/hardware/bluetooth.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  sys = config.modules.system.bluetooth;
+in {
+  config = mkIf sys.enable {
+    modules.system.boot.extraKernelParams = ["btusb"];
+
+    hardware.bluetooth = {
+      enable = true;
+      package = pkgs.bluez5-experimental;
+      #hsphfpd.enable = true;
+      powerOnBoot = true;
+      disabledPlugins = ["sap"];
+      settings = {
+        General = {
+          JustWorksRepairing = "always";
+          MultiProfile = "multiple";
+          Experimental = true;
+        };
+      };
+    };
+
+    # https://nixos.wiki/wiki/Bluetooth
+    services.blueman.enable = true;
+  };
+}

nyx/modules/core/common/system/hardware/cpu/amd/default.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf mkMerge versionOlder versionAtLeast;
+  dev = config.modules.device;
+
+  kver = config.boot.kernelPackages.kernel.version;
+  inherit (dev.cpu.amd) pstate zenpower;
+in {
+  config = mkIf (builtins.elem dev.cpu.type ["amd" "vm-amd"]) {
+    environment.systemPackages = [pkgs.amdctl];
+
+    hardware.cpu.amd.updateMicrocode = true;
+    boot = mkMerge [
+      {
+        kernelModules = [
+          "kvm-amd" # amd virtualization
+          "amd-pstate" # load pstate module in case the device has a newer gpu
+          "zenpower" # zenpower is for reading cpu info, i.e voltage
+          "msr" # x86 CPU MSR access device
+        ];
+        extraModulePackages = [config.boot.kernelPackages.zenpower];
+      }
+
+      (mkIf (pstate.enable && (versionAtLeast kver "5.17") && (versionOlder kver "6.1")) {
+        kernelParams = ["initcall_blacklist=acpi_cpufreq_init"];
+        kernelModules = ["amd-pstate"];
+      })
+
+      (mkIf (pstate.enable && (versionAtLeast kver "6.1") && (versionOlder kver "6.3")) {
+        kernelParams = ["amd_pstate=passive"];
+      })
+
+      # for older kernels
+      # see <https://github.com/NixOS/nixos-hardware/blob/c256df331235ce369fdd49c00989fdaa95942934/common/cpu/amd/pstate.nix>
+      (mkIf (pstate.enable && (versionAtLeast kver "6.3")) {
+        kernelParams = ["amd_pstate=active"];
+      })
+    ];
+
+    # Ryzen cpu control
+    systemd.services.zenstates = mkIf zenpower.enable {
+      enable = true;
+      description = "Undervolt via Zenstates";
+      after = ["syslog.target" "systemd-modules-load.service"];
+
+      unitConfig = {ConditionPathExists = "${pkgs.zenstates}/bin/zenstates";};
+
+      serviceConfig = {
+        User = "root";
+        ExecStart = "${pkgs.zenstates}/bin/zenstates ${zenpower.args}";
+      };
+
+      wantedBy = ["multi-user.target"];
+    };
+  };
+}

nyx/modules/core/common/system/hardware/cpu/default.nix

@@ -0,0 +1,6 @@
+_: {
+  imports = [
+    ./amd
+    ./intel
+  ];
+}

nyx/modules/core/common/system/hardware/cpu/intel/default.nix

@@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  dev = config.modules.device;
+in {
+  config = mkIf (builtins.elem dev.cpu.type ["intel" "vm-intel"]) {
+    hardware.cpu.intel.updateMicrocode = true;
+    boot = {
+      kernelModules = ["kvm-intel"];
+      kernelParams = ["i915.fastboot=1" "enable_gvt=1"];
+    };
+
+    environment.systemPackages = with pkgs; [intel-gpu-tools];
+  };
+}

nyx/modules/core/common/system/hardware/default.nix

@@ -0,0 +1,12 @@
+{
+  imports = [
+    ./cpu # cpu specific options
+    ./gpu # gpu specific options
+    ./multimedia # enable multimedia: e.g. sound and video
+
+    ./bluetooth.nix # bluetooth and device management
+    ./generic.nix # host-agnostic options and settings
+    ./tpm.nix # trusted platform module
+    ./yubikey.nix # yubikey device support and management tools
+  ];
+}

nyx/modules/core/common/system/hardware/generic.nix

@@ -0,0 +1,8 @@
+{lib, ...}: {
+  # This enables non-free firmware on devices not recognized by `nixos-generate-config`.
+  # Disabling this option will make the system unbootable if such devices are critical
+  # in your boot chain - therefore this should remain true until you are running a device
+  # with mostly libre firmware. Which there is not many of.
+  # on 2021-06-14: disabled this by accident and nuked my GPU drivers
+  hardware.enableRedistributableFirmware = lib.mkDefault true;
+}

nyx/modules/core/common/system/hardware/gpu/amd/default.nix

@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  dev = config.modules.device;
+in {
+  config = mkIf (builtins.elem dev.gpu.type ["amd" "hybrid-amd"]) {
+    # enable amdgpu xorg drivers in case Hyprland breaks again
+    services.xserver.videoDrivers = lib.mkDefault ["modesetting" "amdgpu"];
+
+    # enable amdgpu kernel module
+    boot = {
+      initrd.kernelModules = ["amdgpu"]; # load amdgpu kernel module as early as initrd
+      kernelModules = ["amdgpu"]; # if loading somehow fails during initrd but the boot continues, try again later
+    };
+
+    environment.systemPackages = [pkgs.nvtopPackages.amd];
+
+    # enables AMDVLK & OpenCL support
+    hardware.opengl = {
+      extraPackages = with pkgs;
+        [
+          amdvlk
+
+          # mesa
+          mesa
+
+          # vulkan
+          vulkan-tools
+          vulkan-loader
+          vulkan-validation-layers
+          vulkan-extension-layer
+        ]
+        ++ (
+          # this is a backwards-compatible way of loading appropriate opencl packages
+          # in case the host runs an older revision of nixpkgs
+          if pkgs ? rocmPackages.clr
+          then with pkgs.rocmPackages; [clr clr.icd]
+          else with pkgs; [rocm-opencl-icd rocm-opencl-runtime]
+        );
+
+      extraPackages32 = [pkgs.driversi686Linux.amdvlk];
+    };
+  };
+}

nyx/modules/core/common/system/hardware/gpu/default.nix

@@ -0,0 +1,7 @@
+_: {
+  imports = [
+    ./intel
+    ./nvidia
+    ./amd
+  ];
+}

nyx/modules/core/common/system/hardware/gpu/intel/default.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  dev = config.modules.device;
+
+  # let me play youtube videos without h.264, please and thank you
+  vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
+in {
+  config = mkIf (builtins.elem dev.gpu.type ["intel" "hybrid-intel"]) {
+    # enable the i915 kernel module
+    boot.initrd.kernelModules = ["i915"];
+    # better performance than the actual Intel driver
+    services.xserver.videoDrivers = ["modesetting"];
+
+    # OpenCL support and VAAPI
+    hardware.opengl = {
+      extraPackages = with pkgs; [
+        intel-compute-runtime
+        intel-media-driver
+        vaapiIntel
+        vaapiVdpau
+        libvdpau-va-gl
+      ];
+
+      extraPackages32 = with pkgs.pkgsi686Linux; [
+        # intel-compute-runtime # FIXME does not build due to unsupported system
+        intel-media-driver
+        vaapiIntel
+        vaapiVdpau
+        libvdpau-va-gl
+      ];
+    };
+
+    environment.variables = mkIf (config.hardware.opengl.enable && dev.gpu != "hybrid-nv") {
+      VDPAU_DRIVER = "va_gl";
+    };
+  };
+}

nyx/modules/core/common/system/hardware/gpu/nvidia/default.nix

@@ -0,0 +1,117 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf mkDefault mkMerge versionOlder;
+
+  # use the latest possible nvidia package
+  nvStable = config.boot.kernelPackages.nvidiaPackages.stable.version;
+  nvBeta = config.boot.kernelPackages.nvidiaPackages.beta.version;
+
+  nvidiaPackage =
+    if (versionOlder nvBeta nvStable)
+    then config.boot.kernelPackages.nvidiaPackages.stable
+    else config.boot.kernelPackages.nvidiaPackages.beta;
+
+  dev = config.modules.device;
+  env = config.modules.usrEnv;
+in {
+  config = mkIf (builtins.elem dev.gpu.type ["nvidia" "hybrid-nv"]) {
+    # nvidia drivers are unfree software
+    nixpkgs.config.allowUnfree = true;
+
+    services.xserver = mkMerge [
+      {
+        videoDrivers = ["nvidia"];
+      }
+
+      # xorg settings
+      (mkIf (!env.isWayland) {
+        # disable DPMS
+        monitorSection = ''
+          Option "DPMS" "false"
+        '';
+
+        # disable screen blanking in general
+        serverFlagsSection = ''
+          Option "StandbyTime" "0"
+          Option "SuspendTime" "0"
+          Option "OffTime" "0"
+          Option "BlankTime" "0"
+        '';
+      })
+    ];
+
+    # blacklist nouveau module so that it does not conflict with nvidia drm stuff
+    # also the nouveau performance is godawful, I'd rather run linux on a piece of paper than use nouveau
+    # no offense to nouveau devs, I'm sure they're doing their best and they have my respect for that
+    # but their best does not constitute a usable driver for me
+    boot.blacklistedKernelModules = ["nouveau"];
+
+    environment = {
+      sessionVariables = mkMerge [
+        {LIBVA_DRIVER_NAME = "nvidia";}
+
+        (mkIf env.isWayland {
+          WLR_NO_HARDWARE_CURSORS = "1";
+          #__GLX_VENDOR_LIBRARY_NAME = "nvidia";
+          #GBM_BACKEND = "nvidia-drm"; # breaks firefox apparently
+        })
+
+        (mkIf (env.isWayland && (dev.gpu == "hybrid-nv")) {
+          #__NV_PRIME_RENDER_OFFLOAD = "1";
+          #WLR_DRM_DEVICES = mkDefault "/dev/dri/card1:/dev/dri/card0";
+        })
+      ];
+      systemPackages = with pkgs; [
+        nvtopPackages.nvidia
+
+        # mesa
+        mesa
+
+        # vulkan
+        vulkan-tools
+        vulkan-loader
+        vulkan-validation-layers
+        vulkan-extension-layer
+
+        # libva
+        libva
+        libva-utils
+      ];
+    };
+
+    hardware = {
+      nvidia = {
+        package = mkDefault nvidiaPackage;
+        modesetting.enable = mkDefault true;
+
+        prime.offload = let
+          isHybrid = dev.gpu == "hybrid-nv";
+        in {
+          enable = isHybrid;
+          enableOffloadCmd = isHybrid;
+        };
+
+        powerManagement = {
+          enable = mkDefault true;
+          finegrained = mkDefault false;
+        };
+
+        # use open source drivers by default, hosts may override this option if their gpu is
+        # not supported by the open source drivers
+        open = mkDefault true;
+        nvidiaSettings = false; # add nvidia-settings to pkgs, useless on nixos
+        nvidiaPersistenced = true;
+        forceFullCompositionPipeline = true;
+      };
+
+      opengl = {
+        extraPackages = with pkgs; [nvidia-vaapi-driver];
+        extraPackages32 = with pkgs.pkgsi686Linux; [nvidia-vaapi-driver];
+      };
+    };
+  };
+}

nyx/modules/core/common/system/hardware/multimedia/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./video
+    ./sound
+  ];
+}

nyx/modules/core/common/system/hardware/multimedia/sound/default.nix

@@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf mkDefault;
+  cfg = config.modules.system.sound;
+  dev = config.modules.device;
+in {
+  imports = [./pipewire.nix];
+  config = mkIf (cfg.enable && dev.hasSound) {
+    sound = {
+      enable = mkDefault false; # this just enables ALSA, which we don't really care abouyt
+      mediaKeys.enable = true;
+    };
+  };
+}

nyx/modules/core/common/system/hardware/multimedia/sound/pipewire.nix

@@ -0,0 +1,130 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) isx86Linux;
+  inherit (lib.modules) mkIf;
+  inherit (lib.lists) optionals;
+  inherit (lib.generators) toLua;
+
+  cfg = config.modules.system.sound;
+  dev = config.modules.device;
+in {
+  config = mkIf (cfg.enable && dev.hasSound) {
+    # if the device advertises sound enabled, and pipewire is disabled
+    # for whatever reason, we may fall back to PulseAudio to ensure
+    # that we still have audio. I do not like PA, but bad audio
+    # is better than no audio. Though we should always use
+    # PipeWire where available
+    hardware.pulseaudio.enable = !config.services.pipewire.enable;
+
+    # able to change scheduling policies, e.g. to SCHED_RR
+    # sounds server use RealtimeKit (rtkti) to acquire
+    # realtime priority
+    security.rtkit.enable = config.services.pipewire.enable;
+
+    # enable pipewire and configure it for low latency
+    # the below configuration may not fit every use case
+    # and you are recommended to experiment with the values
+    # in order to find the perfect configuration
+    services = {
+      pipewire = let
+        quantum = 64;
+        rate = 48000;
+        qr = "${toString quantum}/${toString rate}";
+      in {
+        enable = true;
+
+        # emulation layers
+        audio.enable = true;
+        pulse.enable = true; # PA server emulation
+        jack.enable = true; # JACK audio emulation
+        alsa = {
+          enable = true;
+          support32Bit = isx86Linux pkgs; # if we're on x86 linux, we can support 32 bit
+        };
+
+        extraConfig.pipewire."99-lowlatency" = {
+          context = {
+            properties.default.clock.min-quantum = quantum;
+            modules = [
+              {
+                name = "libpipewire-module-rtkit";
+                flags = ["ifexists" "nofail"];
+                args = {
+                  nice.level = -15;
+                  rt = {
+                    prio = 88;
+                    time.soft = 200000;
+                    time.hard = 200000;
+                  };
+                };
+              }
+              {
+                name = "libpipewire-module-protocol-pulse";
+                args = {
+                  server.address = ["unix:native"];
+                  pulse.min = {
+                    req = qr;
+                    quantum = qr;
+                    frag = qr;
+                  };
+                };
+              }
+            ];
+
+            stream.properties = {
+              node.latency = qr;
+              resample.quality = 1;
+            };
+          };
+        };
+
+        wireplumber = {
+          enable = true;
+          configPackages = let
+            # generate "matches" section of the rules
+            matches = toLua {
+              multiline = false; # looks better while inline
+              indent = false;
+            } [[["node.name" "matches" "alsa_output.*"]]]; # nested lists are to produce `{{{ }}}` in the output
+
+            # generate "apply_properties" section of the rules
+            apply_properties = toLua {} {
+              "audio.format" = "S32LE";
+              "audio.rate" = rate * 2;
+              "api.alsa.period-size" = 2;
+            };
+          in
+            [
+              (pkgs.writeTextDir "share/lowlatency.lua.d/99-alsa-lowlatency.lua" ''
+                alsa_monitor.rules = {
+                  {
+                    matches = ${matches};
+                    apply_properties = ${apply_properties};
+                  }
+                }
+              '')
+            ]
+            ++ optionals dev.hasBluetooth [
+              (pkgs.writeTextDir "share/bluetooth.lua.d/51-bluez-config.lua" ''
+                bluez_monitor.properties = {
+                  ["bluez5.enable-sbc-xq"] = true,
+                  ["bluez5.enable-msbc"] = true,
+                  ["bluez5.enable-hw-volume"] = true,
+                  ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
+                }
+              '')
+            ];
+        };
+      };
+    };
+
+    systemd.user.services = {
+      pipewire.wantedBy = ["default.target"];
+      pipewire-pulse.wantedBy = ["default.target"];
+    };
+  };
+}

nyx/modules/core/common/system/hardware/multimedia/video/default.nix

@@ -0,0 +1,26 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  inherit (lib) mkIf isx86Linux;
+
+  sys = config.modules.system;
+in {
+  config = mkIf sys.video.enable {
+    hardware = {
+      opengl = {
+        enable = true;
+        driSupport = true;
+        driSupport32Bit = isx86Linux pkgs;
+      };
+    };
+
+    # benchmarking tools
+    environment.systemPackages = with pkgs; [
+      glxinfo
+      glmark2
+    ];
+  };
+}

nyx/modules/core/common/system/hardware/tpm.nix

@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf mkDefault;
+
+  dev = config.modules.device;
+in {
+  config = mkIf dev.hasTPM {
+    security.tpm2 = {
+      # enable Trusted Platform Module 2 support
+      enable = true;
+
+      # enable Trusted Platform 2 userspace resource manager daemon
+      abrmd.enable = mkDefault false;
+
+      # The TCTI is the "Transmission Interface" that is used to communicate with a
+      # TPM. this option sets TCTI environment variables to the specified values if enabled
+      #  - TPM2TOOLS_TCTI
+      #  - TPM2_PKCS11_TCTI
+      tctiEnvironment.enable = mkDefault true;
+
+      # enable TPM2 PKCS#11 tool and shared library in system path
+      pkcs11.enable = mkDefault false;
+    };
+  };
+}

nyx/modules/core/common/system/hardware/yubikey.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  config = lib.mkIf config.modules.system.yubikeySupport.enable {
+    hardware.gpgSmartcards.enable = true;
+
+    services = {
+      pcscd.enable = true;
+      udev.packages = [pkgs.yubikey-personalization];
+    };
+
+    programs = {
+      ssh.startAgent = false;
+      gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      # Yubico's official tools
+      yubikey-manager # cli
+      yubikey-manager-qt # gui
+      yubikey-personalization # cli
+      yubikey-personalization-gui # gui
+      yubico-piv-tool # cli
+      #yubioath-flutter # gui
+    ];
+  };
+}