hardware-configuration.nix

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{
  config,
  lib,
  pkgs,
  pkgs-latest,
  myvars,
  modulesPath,
  ...
}:
let

  # Shared function for mounting key devices
  mountKeyDeviceFunction = ''
    mount_key_device() {
      echo "Attempting to mount key device..."
      mkdir -m 0755 -p /key

      sleep 2 # To make sure the usb key has been loaded

      # List of UUIDs for fallback USB key devices
      key_device_uuids=(
        "12CE-A600"
        "D7AB-22CE"
        # Add more UUIDs here as needed
      )

      # Try to mount each key device UUID in order
      for uuid in "''${key_device_uuids[@]}"; do
        # Use findfs if available, otherwise fall back to /dev/disk/by-uuid path
        if command -v findfs >/dev/null 2>&1; then
          echo "Using findfs to find device with UUID $uuid"
          device_path=$(findfs "UUID=$uuid" 2>/dev/null)
          if [ $? -ne 0 ] || [ -z "$device_path" ]; then
            echo "Failed to find device with UUID $uuid using findfs"
            # Try direct path as fallback
            device_path="/dev/disk/by-uuid/$uuid"
          fi
        else
          echo "findfs not available, falling back to /dev/disk/by-uuid path"
          device_path="/dev/disk/by-uuid/$uuid"
        fi
        
        # Check if device exists and is accessible
        if [ -e "$device_path" ] && [ -r "$device_path" ]; then
          echo "Found device $device_path for UUID $uuid"
          if mount -n -t vfat -o ro "$device_path" /key; then
            echo "Successfully mounted key device with UUID $uuid"
            
            # Check if the key file exists
            if [ ! -f "/key/luks/root-part.key" ]; then
              echo "WARNING: Key file '/key/luks/root-part.key' not found on mounted device"
              umount /key
              continue
            fi
            
            echo "Key file found on device with UUID $uuid"
            return 0
          else
            echo "Failed to mount key device with UUID $uuid at $device_path"
          fi
        else
          echo "Device $device_path for UUID $uuid does not exist or is not accessible"
        fi
      done

      echo "Failed to mount any key device with valid key file"
      return 1
    }
  '';
in
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

  boot.kernelParams = [
    # === NVMe SSD Timeout / Freeze Fix for Linux ===
    # https://community.frame.work/t/nvme-timeout-woes/54999

    "nvme_core.default_ps_max_latency_us=0"
    # Explanation: Completely disables NVMe Autonomous Power State Transition (APST)
    # Why: Your drive enters deep sleep states during high load. Wake-up latency is too slow (>30 ms),
    # causing the kernel to think the command timed out.
    # Setting it to 0 = never let the drive sleep → root-cause fix for "freezes during big reads/writes"

    "nvme_core.io_timeout=4294967295"
    # Explanation: Increases the kernel's NVMe command timeout to the maximum possible value (~49 days)
    # Why: Linux default is only 30 seconds, after which it aborts the request and resets the controller.
    # This makes the kernel "patient" so even if the drive is momentarily slow, it won't crash/reset.

    "pcie_aspm=off"
    # Explanation: Fully disables PCIe Active State Power Management (link power saving)
    # Why: The PCIe link dropping into L1/L1.2 low-power states is the #1 cause of NVMe timeouts on Linux.
    # Turning it off keeps the link at full speed at all times → eliminates "Link is Down" + timeout errors.
  ];

  # Use the EFI boot loader.
  boot.loader.efi.canTouchEfiVariables = true;
  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = true;
  # TODO: add boot entity for windows
  # NOTE: https://github.com/nix-community/lanzaboote/issues/427#issuecomment-2629899407
  boot.loader.systemd-boot.edk2-uefi-shell.enable = true;
  boot.loader.systemd-boot.edk2-uefi-shell.sortKey = "z1";
  boot.loader.systemd-boot.windows = {
    "nvme1n1p1" = {
      title = "Windows 11";
      efiDeviceHandle = "HD1b";
    };
  };
  # NOTE: manual configuration example
  # boot.loader.systemd-boot.extraEntries."windows.conf" = ''
  #   title     Windows
  #   sort-key  0
  #   efi       /shellx64.efi
  #   options   -nointerrupt -nomap -noversion windows.nsh
  # '';

  # boot.loader.systemd-boot.extraFiles."windows.nsh" = (
  #   pkgs.writeText "windows.nsh" ''
  #     HD1b:EFI\Microsoft\Boot\Bootmgfw.efi
  #   ''
  # );

  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/top-level/linux-kernels.nix
  boot.kernelPackages = pkgs.linuxPackages_6_18; # 6.19 works not well with nvidia driver
  # boot.kernelPackages = pkgs.linuxPackages_latest;
  # boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
  # boot.kernelPackages = pkgs.linuxPackages_cachyos;
  # services.scx.enable = true;
  # boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_xanmod.override {
  #   structuredExtraConfig = with lib.kernel; {
  #     DMABUF_HEAPS = yes;
  #     DMABUF_HEAPS_SYSTEM = yes;
  #   };
  # });

  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "usb_storage"
    "sd_mod"
    "virtio_pci"
    "virtio_blk"
    "virtio_scsi"
  ];
  boot.initrd.kernelModules = [
    "uas"
    "usbcore"
    "usb_storage"
    "vfat"
    "nls_cp437"
    "nls_iso8859_1"
    "dm_crypt"
    "btrfs"
  ];
  boot.kernelModules = [
    # kvm
    "kvm-intel" # kvm virtualization support
    #"acpi_call"
    "usb_storage"
  ];
  boot.extraModprobeConfig =
    # for intel cpu
    ''
      options intel_iommu=on
      options iommu=pt
      options kvm_intel nested=1
      options kvm_intel emulate_invalid_guest_state=0
      options kvm ignore_msrs=1
    '';
  boot.extraModulePackages = [
    # config.boot.kernelPackages.acpi_call.out
  ];
  # clear /tmp on boot to get a stateless /tmp directory.
  boot.tmp.cleanOnBoot = true;

  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = [
    "aarch64-linux"
    "riscv64-linux"
  ];
  # This enables the kernel to preload the emulator binaries when the binfmt registrations are added,
  # obviating the need to make the emulator binaries available inside chroots and chroot-like sandboxes.
  boot.binfmt.preferStaticEmulators = true; # required to work with podman

  # supported file systems, so we can mount any removable disks with these filesystems
  boot.supportedFilesystems = [
    "ext4"
    "btrfs"
    "xfs"
    "ntfs"
    "fat"
    "vfat"
    "exfat"
  ];

  # LUKS initrd, all fileSystems (/, /boot, /btr_pool, /nix, /gnu, /persistent, /snapshots, /tmp, /swap)
  # and swap (including /swap/swapfile bind and swapDevices) are managed by disko (disko-fs.nix).

  # mount windows disk
  fileSystems."/run/media/${myvars.username}/windows" = {
    device = "/dev/disk/by-uuid/7A66017F66013D7F";
    fsType = "ntfs";
  };

  features.lenovo-legion = {
    enable = true;
    enhanceMode = true;
    installKernelModule = false;
  };
  features.intel-gpu-tools = {
    enable = true;
    enhanceMode = true;
  };

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; # ondemand / powersave / performance
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}