From 1ba9ce1ce643f31515dd7285ebc054c9c6beb35f Mon Sep 17 00:00:00 2001
From: cnst <adam@cnst.dev>
Date: Tue, 31 Dec 2024 17:39:34 +0100
Subject: [PATCH] new cnix system and lanzaboote default

---
 hosts/cnix/hardware-configuration.nix | 78 +++++++++++++--------------
 hosts/cnix/modules.nix                |  6 +--
 modules/nixos/boot/loader/default.nix |  2 +-
 3 files changed, 40 insertions(+), 46 deletions(-)

diff --git a/hosts/cnix/hardware-configuration.nix b/hosts/cnix/hardware-configuration.nix
index 4a0d25a2..abb1ea93 100644
--- a/hosts/cnix/hardware-configuration.nix
+++ b/hosts/cnix/hardware-configuration.nix
@@ -1,72 +1,66 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
 {
-  config,
-  lib,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-  boot = {
-    initrd = {
-      availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
-      kernelModules = [];
-      luks.devices."enc".device = "/dev/disk/by-uuid/1bda09f1-5b2c-4040-ab71-cee54a6df910";
-    };
-    kernelModules = ["amdgpu"];
-    extraModulePackages = [];
-    supportedFilesystems = ["btrfs"];
-  };
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
       fsType = "btrfs";
-      options = ["subvol=root" "compress=zstd"];
+      options = [ "subvol=root" ];
     };
 
-    "/home" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/36144799-13f2-4166-9bfe-b29c3df435ab";
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
       fsType = "btrfs";
-      options = ["subvol=home" "compress=zstd"];
+      options = [ "subvol=home" ];
     };
 
-    "/nix" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
       fsType = "btrfs";
-      options = ["subvol=nix" "compress=zstd" "noatime"];
+      options = [ "subvol=nix" ];
     };
 
-    "/persist" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
       fsType = "btrfs";
-      options = ["subvol=persist" "compress=zstd"];
+      options = [ "subvol=persist" ];
     };
 
-    "/var/log" = {
-      device = "/dev/disk/by-uuid/529700f1-0da2-4e1e-91bc-617c267df1dd";
+  fileSystems."/var/log" =
+    { device = "/dev/disk/by-uuid/90eafb57-0f89-4c2a-b417-4e0f2fba5f47";
       fsType = "btrfs";
-      options = ["subvol=log" "compress=zstd"];
+      options = [ "subvol=log" ];
       neededForBoot = true;
     };
 
-    "/boot" = {
-      device = "/dev/disk/by-uuid/12CE-A600";
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/1D4A-3121";
       fsType = "vfat";
-      options = ["fmask=0022" "dmask=0022" "umask=0077"];
+      options = [ "fmask=0022" "dmask=0022" ];
     };
-  };
 
-  swapDevices = [];
+  swapDevices = [{ device = "/dev/disk/by-uuid/91e16a5f-6a1c-4c7d-aa61-5823068fdaf0";}];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
diff --git a/hosts/cnix/modules.nix b/hosts/cnix/modules.nix
index 4f525887..ac08bc29 100644
--- a/hosts/cnix/modules.nix
+++ b/hosts/cnix/modules.nix
@@ -136,9 +136,9 @@
     };
     services = {
       agenix = {
-        enable = true;
+        enable = false;
         cnix = {
-          enable = true;
+          enable = false;
         };
       };
       blueman = {
@@ -196,7 +196,7 @@
       scx = {
         enable = true;
         scheduler = "scx_lavd";
-        flags = "--performance --no-core-compaction";
+        flags = "--performance";
       };
       udisks = {
         enable = true;
diff --git a/modules/nixos/boot/loader/default.nix b/modules/nixos/boot/loader/default.nix
index 11f5fb2c..11de59d9 100644
--- a/modules/nixos/boot/loader/default.nix
+++ b/modules/nixos/boot/loader/default.nix
@@ -47,7 +47,7 @@ in {
       boot = {
         lanzaboote = {
           enable = true;
-          pkiBundle = "/etc/secureboot";
+          pkiBundle = "/var/lib/sbctl";
         };
 
         # We let Lanzaboote install systemd-boot