nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Crypto Change

Browse Source 
luks for xps
ssh via ssh
sops via age
gpg backbone, but not removed
gpg-agent removed
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-10-04 22:53:18 +02:00
parent 21fee7056a
commit 6809a6494f
8 changed files with 144 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -2,6 +2,7 @@ keys:
- &users: - &users:
- &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634 - &nx2 22FB2CC03DC5292AB81CF67D0AF27B383170E634
- &nx2_key_13 age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq - &nx2_key_13 age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq
- &xps-home age1pn4utvwpqdrswn0xurfdexn5nks9cd06jxzwg3m3m6za25ap4vxqxd0p3k
- &hosts: - &hosts:
- &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - &north age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
- &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 - &xps age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
@@ -14,5 +15,6 @@ creation_rules:
- *xps - *xps
- *ace - *ace
- *nx2_key_13 - *nx2_key_13
- *xps-home
pgp: pgp:
- *nx2 - *nx2

6
flake.lock generated
View File

@@ -607,11 +607,11 @@
}, },
"nixpkgs-latest": { "nixpkgs-latest": {
"locked": { "locked": {
"lastModified": 1759571742, "lastModified": 1759574388,
"narHash": "sha256-XnKT7uz8+qWixrdfbADNKK7RXw5qS/C/ODRl2UpgL28=", "narHash": "sha256-6Vv/JfG6A6YmlsKYqF88TrisrNWacTCUDX2Ibe8n4yw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "52d84c8433651dec08db86d2a31b4562f026bd6b", "rev": "32fd1eea9d3114de2acff9b10e67fd0007d2c833",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View File

@@ -31,7 +31,7 @@
inherit system; inherit system;
user = "nx2"; user = "nx2";
domain = "nx2.site"; domain = "nx2.site";
home = "/home/${user}/"; home = "/home/${user}";
webroot = "/var/lib/hugo/nx2site/public"; webroot = "/var/lib/hugo/nx2site/public";
pkgs-version = "25.05"; pkgs-version = "25.05";
}; };

65
home-modules/gpg.nix
View File

@@ -2,52 +2,35 @@
{ {
# there also is a system module # there also is a system module
home.packages = with pkgs; [ home.packages = with pkgs; [
gnupg
gpg-tui gpg-tui
pinentry-all pinentry-all
]; ];
services.gpg-agent = let programs.gpg = {
min2sec = min: (min * 60);
in {
enable = true; enable = true;
verbose = true; package = pkgs.gnupg;
sshKeys = [ homedir = if hyper.host == "NxXPS" then "${hyper.home}/vault/gnupg" else "${hyper.home}/.gnupg";
"97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey settings = {
]; armor = true;
enableSshSupport = true; cert-digest-algo = "SHA512";
enableFishIntegration = true; charset = "utf-8";
defaultCacheTtlSsh = min2sec 60; default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
defaultCacheTtl = min2sec 30; keyid-format = "0xlong";
pinentry = { list-options = "show-uid-validity";
package = pkgs.pinentry; no-comments = true;
program = "pinentry"; no-emit-version = true;
no-greeting = true;
no-symkey-cache = true;
personal-cipher-preferences = "AES256 AES192 AES";
personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
personal-digest-preferences = "SHA512 SHA384 SHA256";
pinentry-mode = "loopback";
require-cross-certification = true;
s2k-cipher-algo = "AES256";
s2k-digest-algo = "SHA512";
use-agent = true;
verify-options = "show-uid-validity";
with-fingerprint = true;
}; };
extraConfig = ''
allow-loopback-pinentry
'';
}; };
home.file.".gnupg/gpg.conf".text = ''
personal-cipher-preferences AES256 AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-digest-algo SHA512
s2k-cipher-algo AES256
charset utf-8
no-comments
no-emit-version
no-greeting
keyid-format 0xlong
list-options show-uid-validity
verify-options show-uid-validity
with-fingerprint
require-cross-certification
no-symkey-cache
armor
use-agent
pinentry-mode loopback
'';
} }

22
home-modules/sops.nix
View File

@@ -1,22 +1,18 @@
{ pkgs, ... }@all: with all; { pkgs, ... }@all: with all; {
{ imports = [ inputs.sops-nix.homeManagerModules.sops ];
imports = [
inputs.sops-nix.homeManagerModules.sops
];
sops = { sops = {
age.keyFile = "${hyper.home}.age_nx2_key_13.txt"; age.keyFile = if (hyper.host == "NxXPS") then
"${hyper.home}/vault/age/sops-xps-home.key"
else if (hyper.host == "NxACE") then
"${hyper.home}/.age_nx2_key_13.txt"
else if (hyper.host == "NxNORTH") then
"${hyper.home}/.age_nx2_key_13.txt"
else "unkown host in sops.nix";
defaultSopsFile = ../sops-secrets.yaml; defaultSopsFile = ../sops-secrets.yaml;
# %r is $XDG_RUNTIME_DIR
secrets = { secrets = {
"example" = { "example" = {
path = "%r/secrets/example"; path = "%r/secrets/example";
}; };
# "sops-age-private-key" = { # Bootstrapping doens't work
# mode = "0400";
# path = "/home/${user}/.config/sops/age/keys.txt";
# };
}; };
}; };
} }

25
home-modules/ssh.nix
View File

@@ -2,16 +2,18 @@
{ {
home = { home = {
packages = with pkgs; [ sshfs ]; packages = with pkgs; [ sshfs ];
file.".ssh/config".text = '' file."vault/ssh/config".text = /* ssh */ ''
HOST nxace HOST nxace
HostName ssh.${hyper.domain} HostName ssh.${hyper.domain}
User ${hyper.user} User ${hyper.user}
Port 50022 Port 50022
IdentityFile ~/vault/ssh/nxace-nx2-${hyper.host}
HOST nxacel HOST nxacel
HostName 10.0.1.1 HostName 10.0.1.1
User ${hyper.user} User ${hyper.user}
Port 50022 Port 50022
IdentityFile ~/vault/ssh/nxace-nx2-${hyper.host}
HOST nxrpil HOST nxrpil
HostName 10.0.1.31 HostName 10.0.1.31
@@ -22,6 +24,27 @@
HostName ssh.${hyper.domain} HostName ssh.${hyper.domain}
User git User git
Port 50022 Port 50022
IdentityFile ~/vault/ssh/nxgit-nx2-${hyper.host}
''; '';
}; };
# services.gpg-agent = let
# min2sec = min: (min * 60);
# in {
# enable = true;
# verbose = true;
# sshKeys = [
# "97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey
# ];
# enableSshSupport = true;
# enableFishIntegration = true;
# defaultCacheTtlSsh = min2sec 60;
# defaultCacheTtl = min2sec 30;
# pinentry = {
# package = pkgs.pinentry;
# program = "pinentry";
# };
# extraConfig = ''
# allow-loopback-pinentry
# '';
# };
} }

61
sops-secrets.yaml
View File

@@ -58,51 +58,60 @@ sops:
- recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e - recipient: age1vkqn2nars5qmpr35tac0x9vshphrq6nnzjfyxwusgn27kt3zualssv0u8e
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZWl0RCszNGZqNDhzY25a YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUSW9RSEE1aGV1RVUzZXh0
K2dPTGMvMzBSZytRMWR5d1pkTVpETmNZUTFzCmUrU25XdklVc3NicUV2OVh5bktR M3FhS01jYU90S3pOUzhKMUFndXVzSk8wYkZrCnhRdkE4cnNxWHJWYjVzUGZVMmNQ
YmZIeGZzYkVJMXRwSkt6bXlaRGpiaEkKLS0tIEZOMDUxaEo1aXRsV050a3I0eFNR N1kxM240OC9oOEloUjhEUmx3c3RTQzQKLS0tIGIwNUhjOURaVXNIeHR5SjNEQmly
UlIxODJVK3lEaC9lWG9wNmhaUWhuZEEKnQT50Svfxgnbo6+gTSGyLW8vt+hzehu5 QUFHYUxTSWREcU9GT2JUSXNBNndkMkEKCIPVu8VbDjsdDaePoivW0jMvzD/GZpHk
djy0wdML7XGORKURUJcAnGCdgsugu7exTBPMeKldlPXySPGUf6vPRA== 9P1zJ0fN1NPCTi7spAyiyDWpJa6sfwAVj7Bs2zzFZoJZUxvE054YPw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6 - recipient: age1jvf2lyrt2dw9jfnwgvnhmj9fmvyq8vvtepqjpkyycc5dqkkd4edqhxsgv6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISzJjS2t4OFNtd2s3RjE3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjb3R0bFhqZzg3MC9rZFVi
V2hOUnByNVp3bjE4a0tPSkdCbXcwU093NGtFCmR2RXdzbTk1RXhQbmdVM0pkdGhE elJCTHdjVlpTVUtaUzcwQklmbVd6TXJsSUNRClk0VExaYVFkaE5KYWtGYmU1bGk4
T2VGN1VnYlRqWXRmWEJucTd5eU5HYWsKLS0tIFJRODNibTZNRjZtZjlpN0IzbVZQ OHJYQUpKZ1gzUnQyaVpudVdiZ0RYb1UKLS0tIGNINzBHRHE3YkhMNVY4dVVlUVBs
aHQwY0l3OTRVYlNSZnBQMGM4ekp0NGMKL0scPlNFywKmdPI3I8sgvmaVXOp6qm2m TzhkWmxYU016TXN5Z0JDUVFZeG1QMWsKiukK/zVn6WEr1E5qKPULsyJQX8qDgQoY
O0N8BuQPEhiZXzNhPBPJnt6e/X+eW35lXdvbQ6AKv791WjZ4OlSZow== JIeoG+OehtZ33VIXJfiNw60taM4XJb+bv/u9dzCY9ahW8M5VthpIlg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk - recipient: age1jj7kfjw3e7rf9kwg5f87zf4ns6yr5465wcasanr9gcgwrq7c6dmq6gprgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwT2laNmNOYnhON2FEcGxl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOStIUnJVVU5YRFg0T0dF
OVFHa2owL1RCWWNWdDhzZWRlSkhPZmJpQjFvCjNPSGc4L1V5cENBMzY2VU56RnNW ZjBMVThZSFlRa0lCZ2RFZ1R4Mjk0Zjd4b0RRCkwveXN2SmIwajd6R1NScXpQS0FH
QmNiNGMyZXY0WmN3R0c5YURQN1RGbDQKLS0tIE5lZXZiR2FZVms4YllUd1BsOURD S25rOFRKRzd2SFRlZHYxMnZPY3Q3QUEKLS0tIDZRVU54UlFiSWJlWW9LWVRqcGpD
YTMxdkhkLzNGOWVYQkZJQnVCeW4zcXcKLaGzWYXBaR9mpLE47pWAkYUv/L5JuCR9 RXIxSVA3T0RwZEJDTk1JWHZVT09neUUKX7QgyC+yJ+eDvKX2dW9XU2UA8WPC5Tsm
ZH2oaOLio6BHY+pf9WbbazbjIKXMZ8KozpLTzbn7ayKYYgGxEiwdIA== fzlmjPWR/E2Gdnoi0k2+HLWo46SUeMYdpZfx3gK+UmDFUags+SCHpg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq - recipient: age1x2lpsennl74n0f5jl60uv2ffjcuqymzf9ap3frlz2quyv0x3hq3scnewwq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUmxCQ3ZOVGlWUWFkcGk1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMUw1OXpCN0F6WkdBWFVM
ZzNaR0R0UG43dkh5Wjd5MmQ5SlkwU0g3c0ZJCnVYZExQdi94ME56eUVwUG5XbjJi M0VWdGlVcllTQlJKQUpKTG9wQ2NqVGEzVFJzCjE4UU92MlljSEIrZENFdVZpQUcx
OC9OSmZYeHo4anJLb0NQSEs3cmMrS1UKLS0tIFJWU1VYL09SbDlHZlJtRlhmSjFJ SUh3SUh4bnZFVFpJOThQdG8wM24xZVkKLS0tIGJsUUl1QmJiRUFFRERrWWlMK1Fk
YkJWUEMySU50ZHVxUzVudjNnYURXak0KkMn/8sFrrviqb3s8DtS/BAbrdCwJ+jv/ V2ZCS0tFUHNKckY1YXNRa3lwS3dVYW8KzrtAPlNuWQxSR2PEqFyqI5yv8jD2ZE3j
A8rXQkKMjvTqG1f0fq5IlSmRAQy7XFBzkfbKdIUoefhey190WPEHaw== CT1SFmY9vf++WiOt1epby2MNpYdgyNrvlcaNUiE8Pt5ce0Y21pbq5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pn4utvwpqdrswn0xurfdexn5nks9cd06jxzwg3m3m6za25ap4vxqxd0p3k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MHZlREs5OGxqTkZadmx1
R2hwMmc1YlZTd3owOHRIajJQMnVCbTFPOWtrCndMQ2Evc09VazNGVktrMXVHR2Vw
dFZWMm9rdi9iQWh3Y1lQT1g2SDJqNjQKLS0tIHYwVmVLeWQvc2ZWUzkxZzdKSnZt
TE44bHh2SFBMNldkdWZGcXc0c05LVWsK7LfqdRED2NkJxAxq+48MlLyIV30ihe0+
t269ote4qHDBx0RCZd5/hYUph/8Xf/fPa7Q6JYl6fkKiWUA3uWdbFQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-07T21:03:20Z" lastmodified: "2025-09-07T21:03:20Z"
mac: ENC[AES256_GCM,data:x8eIqQQGxtB5ukScesN1Lf4cFicTOi3VSOr/hFxKzccgwW7HLLEqwjai6e67KUFC2otaN9TR7ft0tUsTVwWRVRCHnpEoQ5KshLHy2zsk+CmPIpWTLCZJBpe154z3rRLlc10DCM7yhqArzepw0HgE4j1knADqLVwC7e0k+o/OmE8=,iv:uXeIv19J3LmYg7gtA2SGUSoMe9uccrvvztlDFSSs1V8=,tag:YTJpZdw1K+7//EARR+MviA==,type:str] mac: ENC[AES256_GCM,data:x8eIqQQGxtB5ukScesN1Lf4cFicTOi3VSOr/hFxKzccgwW7HLLEqwjai6e67KUFC2otaN9TR7ft0tUsTVwWRVRCHnpEoQ5KshLHy2zsk+CmPIpWTLCZJBpe154z3rRLlc10DCM7yhqArzepw0HgE4j1knADqLVwC7e0k+o/OmE8=,iv:uXeIv19J3LmYg7gtA2SGUSoMe9uccrvvztlDFSSs1V8=,tag:YTJpZdw1K+7//EARR+MviA==,type:str]
pgp: pgp:
- created_at: "2025-06-08T12:35:30Z" - created_at: "2025-10-04T19:49:10Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DCvJ7ODFw5jQSAQdAw5PIhSmghpU+R4d8A9FY1z9NwN2C1CQvnP0u/D6k9nEw hF4DCvJ7ODFw5jQSAQdA2lEw0/JamW2LbvTLg0PhRxyNFbBunqhNa0/Bgv9riF8w
4jYo133RBpSmZUEOPsrAIGDwcx5rAjIwXtYEUeH3ZR1/0imfyOh0iF0NhEqF5awG 4MIL+i7o3KOAGF4h3NQpQNkG1rgMImzlXbSOzLJJV/uEMkew6VASKENAa+4FFo7t
0l4BWb/AQFnokqiIuRGQPMqpO6X3m00C2kB79nodaxorhc/WBs4JX3qz89zozsLq 0l4B3QpXdQzCWe07HXhqG+YetjR8tM9Rtk5XZuw4XTyca49BZezXPCbqgstoSW+U
ao8WHHadtQJwBveKurCNHLcr2+vLatPZ93Oo3s/ky+5eB+HrottOC818TIP51tXx TSjvpKr4FeE3tA3ePo4Jo7HYa1qotJe97pgDqziWIqEIJNwNhwROv9aLagWX9cVd
=8dKb =dhDw
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634 fp: 22FB2CC03DC5292AB81CF67D0AF27B383170E634
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

98
system-modules/hardware-configuration.nix
View File

@@ -1,54 +1,48 @@
{ pkgs, ... }@all: with all; { pkgs, ... }@all: with all; {
{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports = [ environment = {
(modulesPath + "/installer/scan/not-detected.nix") systemPackages = with pkgs; [ ntfs3g cryptsetup ];
]; variables = pkgs.lib.mkIf (hyper.host == "NxXPS") {
VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
environment.systemPackages = with pkgs; [ };
ntfs3g };
]; boot = {
initrd = {
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
# boot.initrd.kernelModules = [ ]; luks.devices.cryptroot.device = pkgs.lib.mkIf (hyper.host == "NxXPS") "/dev/nvme0n1p7";
boot.kernelModules = [ "kvm-intel" ]; kernelModules = pkgs.lib.mkIf (hyper.host == "NxXPS") [ "i915" "cryptd" ];
boot.extraModulePackages = [ ]; };
kernelModules = [ "kvm-intel" ];
fileSystems = if hyper.host != "NxACE" then { extraModulePackages = [ ];
"/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; extraModprobeConfig = pkgs.lib.mkIf (hyper.host == "NxXPS") ''
"/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; }; options iwlwifi 11n_disable=8
"/home/${hyper.user}/shared" = { device = "/dev/disk/by-label/shared"; fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; }; '';
} else { };
"/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; fileSystems = let
"/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; }; ntfs = { fsType = "ntfs"; options = [ "uid=1000" "gid=100" ]; };
"/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; }; in {
"/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
}; "/boot" = { device = "/dev/disk/by-label/EFI"; fsType = "vfat"; };
} // (if hyper.host == "NxXPS" then {
"${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
swapDevices = [ "${hyper.home}/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
{ device = "/dev/disk/by-label/swap"; } } else if hyper.host == "NxNORTH" then {
]; "${hyper.home}/shared" = { device = "/dev/disk/by-label/shared"; } // ntfs;
} else if hyper.host == "NxXPS" then {
"/vault" = { device = "/dev/disk/by-label/vault"; fsType = "ext4"; };
} else {});
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics.extraPackages = with pkgs.lib; mkIf (hyper.host == "NxXPS") [
(if (versionOlder (versions.majorMinor version) "25.05") then pkgs.vaapiIntel else pkgs.intel-vaapi-driver)
pkgs.libvdpau-va-gl
pkgs.intel-media-driver
];
};
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
services = {
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; thermald.enable = lib.mkDefault true;
upower.enable = true;
# from nixos-hardware };
services.thermald.enable = lib.mkDefault true;
boot.extraModprobeConfig = if hyper.host == "NxXPS" then ''
options iwlwifi 11n_disable=8
'' else "";
boot.initrd.kernelModules = if hyper.host == "NxXPS" then [ "i915" ] else [];
environment.variables = if hyper.host == "NxXPS" then {
VDPAU_DRIVER = lib.mkIf config.hardware.graphics.enable (lib.mkDefault "va_gl");
} else {};
hardware.graphics.extraPackages = if hyper.host == "NxXPS" then with pkgs; [
(if (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05") then vaapiIntel else intel-vaapi-driver)
libvdpau-va-gl
intel-media-driver
] else [];
services.upower.enable = true;
} }