From 78d758b4b22e1150b32f3643ef5a9f04f76abf26 Mon Sep 17 00:00:00 2001
From: Tim Keller <tjkeller.xyz>
Date: Tue, 5 Nov 2024 10:00:57 -0600
Subject: fix bugs for t495 and cleanup

---
 modules/root/default.nix    |  2 ++
 modules/root/normaluser.nix |  2 +-
 modules/root/secrets.nix    | 16 ++++++++++++++++
 modules/root/software.nix   |  1 +
 modules/root/tlp.nix        |  9 +++++++++
 modules/root/wifi.nix       |  2 +-
 6 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 modules/root/tlp.nix

(limited to 'modules/root')

diff --git a/modules/root/default.nix b/modules/root/default.nix
index 9b3bedd..62eb9b5 100644
--- a/modules/root/default.nix
+++ b/modules/root/default.nix
@@ -17,6 +17,7 @@
 		./printing.nix
 		./secrets.nix
 		./software.nix
+		./tlp.nix
 		./virtualisation.nix
 		./wifi.nix
 		./x11.nix
@@ -40,6 +41,7 @@
 	home-manager.enable    = lib.mkDefault true;
 	pipewire.enable        = lib.mkDefault true;
 	printing.enable        = lib.mkDefault true;
+	tlp.enable             = lib.mkDefault true;
 	scanning.enable        = lib.mkDefault true;
 	software = {
 		desktop = {
diff --git a/modules/root/normaluser.nix b/modules/root/normaluser.nix
index 192e64e..4be90e8 100644
--- a/modules/root/normaluser.nix
+++ b/modules/root/normaluser.nix
@@ -3,6 +3,6 @@
 		description = userDetails.fullname;
 		#home = userDetails.home.root;
 		isNormalUser = true;
-		extraGroups = [ "wheel" ];
+		extraGroups = [ "wheel" "docker" ];
 	};
 }
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
index 464a8f2..bfeb542 100644
--- a/modules/root/secrets.nix
+++ b/modules/root/secrets.nix
@@ -10,4 +10,20 @@
 			wireless-env = { };
 		};
 	};
+
+	# This service is a workaround to ensure that secrets are available on
+	# reboot when the secret keys are on a separate subvolume
+	systemd.services.npcnix-force-rebuild-sops-hack = {
+		wantedBy = [ "multi-user.target" ];
+		before = [
+			# List all services that require secrets
+			"wpa_supplicant.service"
+		];
+		serviceConfig = {
+			ExecStart = "/run/current-system/activate";
+			Type = "oneshot";
+			Restart = "on-failure"; # because oneshot
+			RestartSec = "10s";
+		};
+	};
 }
diff --git a/modules/root/software.nix b/modules/root/software.nix
index 635ecf6..d7ab886 100644
--- a/modules/root/software.nix
+++ b/modules/root/software.nix
@@ -64,6 +64,7 @@
 		] ++ pkgs.lib.optionals config.software.utils.enable [
 			# Utilities
 			age
+			cryptsetup
 			ddcutil # TODO
 			fastfetch
 			htop
diff --git a/modules/root/tlp.nix b/modules/root/tlp.nix
new file mode 100644
index 0000000..3414c03
--- /dev/null
+++ b/modules/root/tlp.nix
@@ -0,0 +1,9 @@
+{ lib, config, ... }: {
+	options = {
+		tlp.enable = lib.mkEnableOption "enables tlp";
+	};
+
+	config = lib.mkIf config.tlp.enable {
+		services.tlp.enable = true;
+	};
+}
diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix
index ff143b9..880d436 100644
--- a/modules/root/wifi.nix
+++ b/modules/root/wifi.nix
@@ -2,7 +2,7 @@
 let
 	mkNetworksFromEnvironmentFile = n: builtins.listToAttrs (
 		map (i: {
-			name     = "@SSID_${toString i}@";
+			name    = "@SSID_${toString i}@";
 			value = {
 				psk = "@PSK_${toString i}@";
 				priority = n - i;
-- 
cgit v1.2.3