System/modules/linux/base.nix

{ config, lib, pkgs, inputs, ... }@attrs:
with lib; {
  config = mkMerge [
    (mkIf pkgs.stdenv.isLinux {
      zramSwap = mkIf config.nathan.services.zramSwap {
        enable = true;
        algorithm = "lz4";
        memoryPercent = 25;
      };
      nix = mkIf config.nathan.config.nix.autoGC {
        settings.auto-optimise-store = true;
      };
    })
    (mkIf config.nathan.config.harden
      (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
    (mkIf config.nathan.config.harden {
      boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_1_hardened;
      security = {
        allowSimultaneousMultithreading = true;
        unprivilegedUsernsClone = true;
      };
    })
    (mkIf ((!config.nathan.config.harden) && config.nathan.config.isDesktop) {
      # Use the zen kernel with muqss turned on
      boot.kernelPackages = pkgs.linuxKernel.packages.linux_lqx;
    })
    (mkIf ((!config.nathan.config.harden) && config.nathan.config.isDesktop
      && config.nathan.programs.perf) {
        # Install perf and related tools
        environment.systemPackages =
          let unstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
          in [ unstable.linuxKernel.packages.linux_lqx.perf ];
        # Allow users to use it
        boot.kernel.sysctl."kernel.perf_event_paranoid" = -1;
        boot.kernel.sysctl."kernel.kptr_restrict" = lib.mkForce 0;
      })
    (mkIf config.nathan.config.isDesktop {
      # Setup frequency scaling
      powerManagement = {
        enable = true;
        cpuFreqGovernor = "schedutil";
      };
    })
    (mkIf (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) {
      # Auto update daily at 2 am
      system.autoUpgrade = {
        enable = true;
        allowReboot = true;
        # Update from the flake
        flake = "git+https://git.stranger.systems/nix/System";
        # Attempt to update daily at 2AM
        dates = lib.mkDefault "2:00";
      };
    })
    # Systemd user service cludge
    {
      systemd.user.extraConfig = ''
        DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin"
      '';
      nix = mkIf config.nathan.config.nix.autoGC {
        gc = {
          automatic = true;
          dates = "weekly";
          options = "--delete-older-than 7d";
        };
      };
    }
    # iperf3 configuration
    {
      services.iperf3.enable = true;
      environment.systemPackages = with pkgs; [ iperf ];
    }
    # Don't store logs longer than 7 days
    {
      services.journald.extraConfig = ''
        MaxRetentionSec=7day
      '';
    }
    # Partitioning tools
    (mkIf config.nathan.config.isDesktop {
      environment.systemPackages = with pkgs; [
        parted
        gparted
        xorg.xhost
        nvme-cli
      ];
    })
  ];
}