Add powertop.

nix/configuration/configuration.nix

@@ -18,9 +18,9 @@
         sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
       }
     }/module.nix"
-    ./boot.nix
-    ./zfs.nix
-    ./network.nix
+    ./roles/boot
+    ./roles/zfs
+    ./roles/network
     ./roles/firewall
     ./roles/zsh
     ./roles/graphics
@@ -35,6 +35,10 @@
     ./roles/gpg
     ./roles/waybar
     ./roles/qemu
+    ./roles/wireguard
+    ./roles/bsnes
+    ./roles/ssh
+    ./roles/python
   ];
 
   nix.settings.experimental-features = [
@@ -122,6 +126,7 @@
     ripgrep
     strace
     tcpdump
+    git-crypt
   ];
 
   services.openssh = {

nix/configuration/flake.lock

@@ -181,11 +181,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1734991663,
-        "narHash": "sha256-8T660guvdaOD+2/Cj970bWlQwAyZLKrrbkhYOFcY1YE=",
+        "lastModified": 1735141468,
+        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6c90912761c43e22b6fb000025ab96dd31c971ff",
+        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
         "type": "github"
       },
       "original": {
@@ -345,7 +345,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-Cf8NVSnjPiAi29Df1Tb1Ea6uqISWps5nx3qJl5yAbOo=",
+        "narHash": "sha256-TFks1dvPwAXKQeePh9jmxj06ZfXArH1pN9yXVQWeL6w=",
         "path": "flakes/zsh-histdb",
         "type": "path"
       },

nix/configuration/flakes/zsh-histdb/flake.lock

@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1734991663,
-        "narHash": "sha256-8T660guvdaOD+2/Cj970bWlQwAyZLKrrbkhYOFcY1YE=",
+        "lastModified": 1735141468,
+        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6c90912761c43e22b6fb000025ab96dd31c971ff",
+        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
         "type": "github"
       },
       "original": {

nix/configuration/hosts/odo/default.nix

@@ -4,6 +4,7 @@
     ./hardware-configuration.nix
     ./disk-config.nix
     ./optimized_build.nix
+    ./power_management.nix
   ];
 
   # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -14,4 +15,10 @@
   time.timeZone = "America/New_York";
 
   me.secureBoot.enable = true;
+
+  # Early KMS
+  boot.initrd.kernelModules = [ "amdgpu" ];
+
+  # Mount tmpfs at /tmp
+  boot.tmp.useTmpfs = true;
 }

nix/configuration/hosts/odo/optimized_build.nix

@@ -2,11 +2,29 @@
   config,
   lib,
   pkgs,
+  pkgs-unstable,
   ...
 }:
 {
   imports = [ ];
 
+  nix.settings.system-features = lib.mkForce [
+    "gccarch-znver4"
+    "gccarch-skylake"
+    # "gccarch-alderlake" missing pkgwait
+    "gccarch-x86-64-v3"
+    "benchmark"
+    "big-parallel"
+    "kvm"
+    "nixos-test"
+  ];
+
+  # nixpkgs.hostPlatform = {
+  #   gcc.arch = "znver4";
+  #   gcc.tune = "znver4";
+  #   system = "x86_64-linux";
+  # };
+
   nixpkgs.overlays = [
     (
       self: super:
@@ -24,6 +42,9 @@
         ];
       }
     )
+    (final: prev: {
+      linux-firmware = pkgs-unstable.linux-firmware;
+    })
   ];
 
   boot.kernelPackages = lib.mkIf (!config.me.buildingIso) (pkgs.linuxPackagesFor pkgs.linux_znver4);

nix/configuration/hosts/odo/power_management.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  environment.systemPackages = with pkgs; [
+    powertop
+  ];
+}

nix/configuration/roles/bsnes/default.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  environment.systemPackages = with pkgs; [
+    bsnes-hd
+  ];
+}

nix/configuration/roles/gpg/default.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  pkgs-unstable,
   ...
 }:
 
@@ -13,9 +14,36 @@
   #
   # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
 
+  hardware.gpgSmartcards.enable = true;
+  services.udev.packages = [ pkgs.yubikey-personalization ];
+  services.pcscd.enable = true;
+  # services.gnome.gnome-keyring.enable = true;
+
+  # services.dbus.packages = [ pkgs.gcr ];
+
+  # services.pcscd.plugins = lib.mkForce [ ];
+
+  #   programs.gpg.scdaemonSettings = {
+  #   disable-ccid = true;
+  # };
+
+  # .gnupg/scdaemon.conf
+  home-manager.users.talexander =
+    { pkgs, ... }:
+    {
+      home.file.".gnupg/scdaemon.conf" = {
+        source = ./files/scdaemon.conf;
+      };
+    };
+
+  programs.gnupg.dirmngr.enable = true;
   programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
+    pinentryPackage = pkgs.pinentry-qt;
+    # settings = {
+    #   disable-ccid = true;
+    # };
   };
 
   environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
@@ -32,4 +60,40 @@
     };
   };
 
+  # nixpkgs.overlays = [
+  #   (final: prev: {
+  #     pcsclite = prev.pcsclite.overrideAttrs (old: {
+  #       postPatch = ''
+  #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
+  #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
+  #       '';
+  #     });
+  #   })
+  # ];
+
+  # security.polkit.extraConfig = ''
+  #   polkit.addRule(function(action, subject) {
+  #     if (action.id == "org.debian.pcsc-lite.access_card") {
+  #       return polkit.Result.YES;
+  #     }
+  #   });
+
+  #   polkit.addRule(function(action, subject) {
+  #     if (action.id == "org.debian.pcsc-lite.access_pcsc") {
+  #       return polkit.Result.YES;
+  #     }
+  #   });
+  # '';
+
+  environment.systemPackages = with pkgs; [
+    pcsctools
+  ];
+
+  # nixpkgs.overlays = [
+  #   (final: prev: {
+  #     gnupg = pkgs-unstable.gnupg;
+  #     scdaemon = pkgs-unstable.scdaemon;
+  #   })
+  # ];
+
 }

nix/configuration/roles/gpg/files/scdaemon.conf

@@ -0,0 +1,2 @@
+reader-port Yubico Yubi
+disable-ccid

nix/configuration/roles/network/default.nix

@@ -16,7 +16,7 @@
   ];
   services.resolved = {
     enable = true;
-    dnssec = "true";
+    # dnssec = "true";
     domains = [ "~." ];
     fallbackDns = [ ];
     dnsovertls = "true";
@@ -25,7 +25,14 @@
   # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
   #
   # Test with: drill @127.0.0.53 odo.home.arpa
-  networking.extraHosts = "127.0.0.1 odo.home.arpa";
+  networking.extraHosts = ''
+    127.0.0.1 odo.home.arpa
+    10.216.1.1		homeserver
+    10.216.1.6		media
+    10.216.1.12		odo
+    10.217.1.1		drmario
+    10.217.2.1		mrmanager
+  '';
 
   networking.wireless.iwd = {
     enable = true;

nix/configuration/roles/python/default.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  environment.systemPackages = with pkgs; [
+    python3
+    poetry
+    pyright
+    isort
+    black
+  ];
+}

nix/configuration/roles/sound/default.nix

@@ -60,4 +60,14 @@
       '')
     ];
   };
+
+  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+    hideMounts = true;
+    users.talexander = {
+      directories = [
+        ".local/state/wireplumber" # Sound settings
+      ];
+    };
+  };
+
 }

nix/configuration/roles/ssh/default.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+    hideMounts = true;
+    users.talexander = {
+      files = [
+        ".ssh/known_hosts"
+      ];
+    };
+  };
+}

nix/configuration/roles/sway/default.nix

@@ -374,4 +374,7 @@ in
         };
       };
     };
+
+  # For mounting drives in pcmanfm
+  services.gvfs.enable = true;
 }

nix/configuration/roles/wireguard/default.nix

@@ -0,0 +1,37 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  config = lib.mkIf (!config.me.buildingIso) {
+    networking.firewall.allowedUDPPorts = [ 51821 ];
+    networking.wireguard.enable = true;
+    networking.wg-quick.interfaces.drmario.configFile = "/persist/manual/wireguard/drmario.conf";
+    systemd.services."wg-quick-drmario".after = [
+      "nss-lookup.target"
+      "systemd-resolved.service"
+      "multi-user.target"
+    ];
+
+    systemd.services."wg-quick-drmario".preStart = "${pkgs.toybox}/bin/sleep 10";
+
+    networking.wg-quick.interfaces.wgh.configFile = "/persist/manual/wireguard/wgh.conf";
+    systemd.services."wg-quick-wgh".after = [
+      "nss-lookup.target"
+      "systemd-resolved.service"
+      "multi-user.target"
+    ];
+
+    systemd.services."wg-quick-wgh".preStart = "${pkgs.toybox}/bin/sleep 10";
+  };
+
+  # environment.systemPackages = with pkgs; [
+  #   wireguard-tools
+  # ];
+
+}