NixOS/hosts/workstation/hardware-configuration.nix

{
  modulesPath,
  config,
  pkgs,
  inputs,
  lib,
  ...
}:
let
  getMapper = mapper: "/dev/mapper/${mapper}";
  getUUID = uuid: "/dev/disk/by-uuid/${uuid}";
in
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    inputs.ucodenix.nixosModules.default
  ];
  services = {
    udev.extraRules = lib.mkIf config.my.apps.gaming.enable ''
      SUBSYSTEM=="usb", ATTRS{idVendor}=="0cf3", ATTRS{idProduct}=="3005", TAG+="uaccess"
    '';
    ucodenix = {
      enable = true;
      cpuModelId = "00A50F00";
    };
  };
  hardware = {
    bluetooth = {
      enable = true;
      settings.General = {
        Enable = "Source,Sink,Media,Socket";
        Experimental = true;
      };
    };
    opentabletdriver = {
      enable = true;
      daemon.enable = true;
    };
  };
  boot = {
    plymouth.enable = true;
    consoleLogLevel = 0;
    loader.timeout = 0;
    kernelParams = [
      "quiet"
      "splash"
      "boot.shell_on_fail"
      "loglevel=3"
      "rd.systemd.show_status=false"
      "rd.udev.log_level=3"
      "udev.log_priority=3"
      "preempt=full"
      "microcode.amd_sha_check=off"
    ];
    kernelPackages = pkgs.linuxPackages;
    kernel.sysctl = {
      "vm.swappiness" = 80;
      "net.ipv4.tcp_mtu_probing" = 1;
      "kernel.sched_cfsbandwidth_slice_us" = lib.mkDefault 3000;
      "net.ipv4.tcp_fin_timeout" = lib.mkDefault 5;
      "vm.max_map_count" = lib.mkDefault 2147483642;
    };
    loader = {
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
      grub = {
        enable = true;
        device = "nodev";
        efiSupport = true;
        useOSProber = true;
        enableCryptodisk = true;
      };
    };
    initrd = {
      verbose = false;
      secrets."/keyfile" = /etc/keyfile;
      availableKernelModules = [
        "xhci_pci"
        "ahci"
        "usbhid"
        "nvme"
        "usb_storage"
        "sd_mod"
      ];
      luks.devices =
        let
          decryptLuks = uuid: {
            device = getUUID uuid;
            keyFile = "/keyfile";
            preLVM = true;
          };
        in
        {
          nvme = decryptLuks "e9618e85-a631-4374-b2a4-22c376d6e41b";
        };
    };
  };
  fileSystems =
    let
      nfsMount = server: nfsDisk: {
        device = "${server}:/${nfsDisk}";
        fsType = "nfs";
        options = [
          "x-systemd.automount"
          "noauto"
          "x-systemd.idle-timeout=600"
        ];
      };
      btrfsMount = device: subvol: extraOpts: {
        inherit device;
        fsType = "btrfs";
        options = extraOpts ++ [
          "subvol=${subvol}"
          "ssd"
          "compress=lzo"
          "x-systemd.device-timeout=0"
          "space_cache=v2"
          "commit=120"
          "datacow"
        ];
      };
      trashOptions = [
        "x-gvfs-trash"
        "x-gvfs-show"
      ];
    in
    {
      "/" = btrfsMount (getMapper "nvme") "nixos" [ "noatime" ];
      "/home" = btrfsMount (getMapper "nvme") "home" [ ];
      "/srv/games" = btrfsMount (getMapper "nvme") "games" trashOptions;
      "/srv/ai" = btrfsMount (getUUID "ca1671e1-e201-4960-ad30-593393f970fb") "ai" trashOptions;
      "/srv/pool" = nfsMount "server" "pool";
      "/srv/server_home" = nfsMount "server" "jawz";
      "/srv/backups" = nfsMount "server" "backups";
      "/boot" = {
        device = getUUID "ac6d349a-96b9-499e-9009-229efd7743a5";
        fsType = "ext4";
      };
      "/boot/efi" = {
        device = getUUID "B05D-B5FB";
        fsType = "vfat";
      };
    };
  swapDevices = [
    {
      device = "/dev/disk/by-partuuid/c1bd22d7-e62c-440a-88d1-6464be1aa1b0";
      randomEncryption = {
        enable = true;
        cipher = "aes-xts-plain64";
        keySize = 512;
        sectorSize = 4096;
      };
    }
  ];
}