summary refs log tree commit diff stats
path: root/system/settings
diff options
context:
space:
mode:
Diffstat (limited to 'system/settings')
-rw-r--r--system/settings/base.nix13
-rw-r--r--system/settings/configuration/berlin.nix8
-rw-r--r--system/settings/configuration/british-english.nix4
-rw-r--r--system/settings/configuration/england.nix8
-rw-r--r--system/settings/configuration/nix.nix29
-rw-r--r--system/settings/configuration/user.nix11
-rw-r--r--system/settings/gaming.nix27
-rw-r--r--system/settings/hardware/adb.nix9
-rw-r--r--system/settings/hardware/audio.nix20
-rw-r--r--system/settings/hardware/bare-metal.nix29
-rw-r--r--system/settings/hardware/connman.nix14
-rw-r--r--system/settings/hardware/grub2.nix13
-rw-r--r--system/settings/hardware/hidpi.nix9
-rw-r--r--system/settings/hardware/intel-gpu.nix15
-rw-r--r--system/settings/hardware/keyboardio-model01.nix13
-rw-r--r--system/settings/hardware/laptop.nix87
-rw-r--r--system/settings/hardware/mouse.nix12
-rw-r--r--system/settings/hardware/network-manager.nix12
-rw-r--r--system/settings/hardware/nitrokey.nix13
-rw-r--r--system/settings/hardware/nvidia-gpu.nix5
-rw-r--r--system/settings/hardware/printing.nix19
-rw-r--r--system/settings/hardware/qwerty.nix9
-rw-r--r--system/settings/hardware/synaptics.nix27
-rw-r--r--system/settings/hardware/systemd-boot.nix10
-rw-r--r--system/settings/hardware/thinkpad.nix26
-rw-r--r--system/settings/hardware/trackball.nix13
-rw-r--r--system/settings/hardware/trezor.nix13
-rw-r--r--system/settings/kubernetes.nix21
-rw-r--r--system/settings/machines/t470s.nix59
-rw-r--r--system/settings/machines/x250.nix33
-rw-r--r--system/settings/programs/accounting.nix10
-rw-r--r--system/settings/programs/barrier.nix7
-rw-r--r--system/settings/programs/gnome.nix24
-rw-r--r--system/settings/programs/gnupg.nix10
-rw-r--r--system/settings/programs/i3.nix20
-rw-r--r--system/settings/programs/infrastructure.nix8
-rw-r--r--system/settings/programs/kde.nix20
-rw-r--r--system/settings/programs/keybase.nix11
-rw-r--r--system/settings/programs/shell.nix8
-rw-r--r--system/settings/programs/tor.nix22
-rw-r--r--system/settings/programs/window-manager.nix46
-rw-r--r--system/settings/programs/wine.nix6
-rw-r--r--system/settings/satoshipay.nix71
-rw-r--r--system/settings/services/syncthing.nix11
-rw-r--r--system/settings/services/xserver.nix82
-rw-r--r--system/settings/services/zeroconf.nix16
-rw-r--r--system/settings/user-interface.nix97
47 files changed, 1050 insertions, 0 deletions
diff --git a/system/settings/base.nix b/system/settings/base.nix
new file mode 100644
index 00000000..9e94a5a2
--- /dev/null
+++ b/system/settings/base.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{ boot.loader.timeout = 1;
+
+  environment.systemPackages = with pkgs; [
+    nix-index
+  ];
+
+  networking.extraHosts = ''
+    127.0.0.1 ${config.networking.hostName}
+    ::1 ${config.networking.hostName}
+  '';
+}
diff --git a/system/settings/configuration/berlin.nix b/system/settings/configuration/berlin.nix
new file mode 100644
index 00000000..246510c4
--- /dev/null
+++ b/system/settings/configuration/berlin.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{ time.timeZone = "Europe/Berlin";
+  services.redshift = {
+    latitude = "52.586";
+    longitude = "13.300";
+  };
+}
diff --git a/system/settings/configuration/british-english.nix b/system/settings/configuration/british-english.nix
new file mode 100644
index 00000000..3ff93678
--- /dev/null
+++ b/system/settings/configuration/british-english.nix
@@ -0,0 +1,4 @@
+{ config, pkgs, ... }:
+
+{ i18n.defaultLocale = "en_GB.UTF-8";
+}
diff --git a/system/settings/configuration/england.nix b/system/settings/configuration/england.nix
new file mode 100644
index 00000000..b2f799cd
--- /dev/null
+++ b/system/settings/configuration/england.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{ time.timeZone = "Europe/London";
+  services.redshift = {
+    latitude = "52.2394";
+    longitude = "-0.9416";
+  };
+}
diff --git a/system/settings/configuration/nix.nix b/system/settings/configuration/nix.nix
new file mode 100644
index 00000000..d254de0e
--- /dev/null
+++ b/system/settings/configuration/nix.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{ nix = {
+    buildCores = 0;
+
+    daemonNiceLevel = 19;
+    daemonIONiceLevel = 7;
+
+    autoOptimiseStore = true;
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 14d";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    cachix
+  ];
+
+  system.autoUpgrade = {
+    enable = true;
+    flags = [ "--max-jobs" "1" ];
+  };
+  systemd.services.nixos-upgrade = {
+    script = pkgs.lib.mkForce ''
+      ${config.system.build.nixos-rebuild}/bin/nixos-rebuild boot --no-build-output --upgrade ${toString config.system.autoUpgrade.flags}
+    '';
+  };
+}
diff --git a/system/settings/configuration/user.nix b/system/settings/configuration/user.nix
new file mode 100644
index 00000000..e7362bce
--- /dev/null
+++ b/system/settings/configuration/user.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{ users.extraUsers.alan = {
+    description = "Alan Pearce";
+    isNormalUser = true;
+    extraGroups = [ "audio" "wheel" "lp" "adbusers" "docker" "nitrokey" "dialout" "networkmanager" ];
+    shell = "/run/current-system/sw/bin/zsh";
+    home = "/home/alan";
+    uid = 1000;
+  };
+}
diff --git a/system/settings/gaming.nix b/system/settings/gaming.nix
new file mode 100644
index 00000000..0dbc5b12
--- /dev/null
+++ b/system/settings/gaming.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+{
+  hardware.steam-hardware.enable = true;
+  hardware.opengl.driSupport32Bit = true;
+  hardware.pulseaudio.support32Bit = true;
+
+  systemd = {
+    extraConfig = ''
+      DefaultLimitNOFILE=524288
+    '';
+    user.extraConfig = ''
+      DefaultLimitNOFILE=524288
+    '';
+  };
+
+  networking.firewall = {
+    allowedUDPPorts = [
+      27031
+      27036
+    ];
+    allowedTCPPorts = [
+      27036
+      27037
+    ];
+  };
+}
diff --git a/system/settings/hardware/adb.nix b/system/settings/hardware/adb.nix
new file mode 100644
index 00000000..8b511f55
--- /dev/null
+++ b/system/settings/hardware/adb.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{ programs.adb.enable = true;
+  users.groups.adbusers = {};
+
+  services.udev = {
+   packages = [ pkgs.android-udev-rules ];
+  };
+}
diff --git a/system/settings/hardware/audio.nix b/system/settings/hardware/audio.nix
new file mode 100644
index 00000000..ed956919
--- /dev/null
+++ b/system/settings/hardware/audio.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{ hardware.pulseaudio = {
+    enable = true;
+    support32Bit = true;
+    daemon.config = {
+      flat-volumes = "no";
+    };
+    package = if config.hardware.bluetooth.enable
+      then pkgs.pulseaudioFull
+      else pkgs.pulseaudio;
+  };
+
+  sound.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    pamixer
+    pavucontrol
+  ];
+}
diff --git a/system/settings/hardware/bare-metal.nix b/system/settings/hardware/bare-metal.nix
new file mode 100644
index 00000000..0a61790a
--- /dev/null
+++ b/system/settings/hardware/bare-metal.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{ environment.systemPackages = with pkgs; [
+    fuse_exfat
+    cryptsetup
+    dmidecode
+    hdparm
+    pciutils
+    usbutils
+  ];
+
+  hardware.cpu.intel.updateMicrocode = true;
+
+  boot.kernel.sysctl = {
+    "net.ipv4.tcp_allowed_congestion_control" = "illinois reno lp";
+    "net.ipv4.tcp_congestion_control" = "illinois";
+  };
+
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+  };
+  boot.tmpOnTmpfs = true;
+
+  boot.kernelModules = [ "bfq" ];
+
+  fileSystems."/".options = [ "noatime" "nodiratime" ];
+  fileSystems."/home".options = [ "noatime" "nodiratime" ];
+}
diff --git a/system/settings/hardware/connman.nix b/system/settings/hardware/connman.nix
new file mode 100644
index 00000000..0361f9cb
--- /dev/null
+++ b/system/settings/hardware/connman.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+{ networking.connman = {
+    enable = true;
+    enableVPN = false;
+  };
+  networking.wireless.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    cmst
+    connman-notify
+    connman_dmenu
+  ];
+}
diff --git a/system/settings/hardware/grub2.nix b/system/settings/hardware/grub2.nix
new file mode 100644
index 00000000..70e86e71
--- /dev/null
+++ b/system/settings/hardware/grub2.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{ boot.loader = {
+    grub = {
+      enable = true;
+      splashImage = null;
+      version = 2;
+      device = "nodev";
+      efiSupport = true;
+    };
+    efi.canTouchEfiVariables = true;
+  };
+}
diff --git a/system/settings/hardware/hidpi.nix b/system/settings/hardware/hidpi.nix
new file mode 100644
index 00000000..1f4644c5
--- /dev/null
+++ b/system/settings/hardware/hidpi.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{ i18n = {
+    consoleFont = "ter-v24b";
+    consolePackages = with pkgs; [
+      terminus_font
+    ];
+  };
+}
diff --git a/system/settings/hardware/intel-gpu.nix b/system/settings/hardware/intel-gpu.nix
new file mode 100644
index 00000000..fc6b6fa3
--- /dev/null
+++ b/system/settings/hardware/intel-gpu.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{ hardware.opengl.extraPackages = with pkgs; [
+    vaapiIntel
+    vaapiVdpau
+    libvdpau-va-gl
+  ];
+
+  services.xserver.videoDrivers = [ "intel" "modesetting" ];
+
+  boot.earlyVconsoleSetup = true;
+  boot.initrd.kernelModules = [
+    "i915"
+  ];
+}
diff --git a/system/settings/hardware/keyboardio-model01.nix b/system/settings/hardware/keyboardio-model01.nix
new file mode 100644
index 00000000..7a624f56
--- /dev/null
+++ b/system/settings/hardware/keyboardio-model01.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{ services.udev.extraRules = ''
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2300", SYMLINK+="model01", ENV{ID_MM_DEVICE_IGNORE}:="1", ENV{ID_MM_CANDIDATE}:="0"
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="2301", SYMLINK+="model01", ENV{ID_MM_DEVICE_IGNORE}:="1", ENV{ID_MM_CANDIDATE}:="0"
+  '';
+
+  environment.systemPackages = with pkgs; [
+    arduino_core
+  ];
+
+  environment.variables.ARDUINO_PATH = "${pkgs.arduino_core}/share/arduino";
+}
diff --git a/system/settings/hardware/laptop.nix b/system/settings/hardware/laptop.nix
new file mode 100644
index 00000000..17e27b63
--- /dev/null
+++ b/system/settings/hardware/laptop.nix
@@ -0,0 +1,87 @@
+{ config, pkgs, lib, ... }:
+
+{ boot.kernelModules = [ "coretemp" ];
+  boot.extraModulePackages = with config.boot.kernelPackages; [
+    x86_energy_perf_policy
+  ];
+
+  hardware = {
+    bluetooth = {
+      enable = true;
+      powerOnBoot = false;
+      package = pkgs.bluezFull;
+    };
+    pulseaudio = {
+      extraModules = with pkgs; [
+        pulseaudio-modules-bt
+      ];
+    };
+  };
+  systemd.services.bluetooth.wantedBy = lib.mkForce [];
+  systemd.timers.bluetooth = {
+    description = "Delayed startup of Bluetooth";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "1 min";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    blueman
+    bluez-tools
+
+    powerstat
+    powertop
+
+    arandr
+    autorandr
+    disper
+  ];
+
+  programs.light.enable = true;
+
+  services.autorandr.enable = true;
+
+  services.logind.extraConfig = ''
+    IdleAction=suspend
+    IdleActionSec=600
+  '';
+
+  services.acpid = {
+    enable = true;
+    lidEventCommands = ''
+      ${pkgs.autorandr}/bin/autorandr --batch --change
+    '';
+  };
+
+  services.tlp = {
+    enable = true;
+    extraConfig = ''
+      CPU_SCALING_GOVERNOR_ON_BAT=powersave
+      ENERGY_PERF_POLICY_ON_BAT="balance_power"
+
+      SOUND_POWER_SAVE_ON_AC=60
+      DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wwan"
+    '';
+  };
+
+  services.xserver = {
+    libinput = {
+      enable = lib.mkDefault true;
+      naturalScrolling = true;
+      disableWhileTyping = true;
+    };
+    displayManager.sessionCommands = ''
+      ${pkgs.autorandr}/bin/autorandr --change --force
+      ${pkgs.blueman}/bin/blueman-applet &
+    '';
+  };
+
+  systemd.services.nixos-upgrade.unitConfig.ConditionACPower = true;
+  systemd.services.nix-gc.unitConfig.ConditionACPower = true;
+  systemd.services.docker-prune.unitConfig.ConditionACPower = true;
+
+  imports = [
+    ../user-interface.nix
+  ];
+}
diff --git a/system/settings/hardware/mouse.nix b/system/settings/hardware/mouse.nix
new file mode 100644
index 00000000..b30d4124
--- /dev/null
+++ b/system/settings/hardware/mouse.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{ services.xserver.config = ''
+    Section "InputClass"
+        Identifier "Mouse (No Acceleration)"
+        MatchIsPointer "yes"
+        MatchIsTouchpad "no"
+        Option "AccelerationProfile" "-1"
+        Option "AccelerationScheme" "none"
+    EndSection
+  '';
+}
diff --git a/system/settings/hardware/network-manager.nix b/system/settings/hardware/network-manager.nix
new file mode 100644
index 00000000..f28548a1
--- /dev/null
+++ b/system/settings/hardware/network-manager.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{ networking.networkmanager = {
+    enable = true;
+    dns = "unbound";
+  };
+
+  environment.systemPackages = with pkgs; [
+    networkmanagerapplet
+    networkmanager_dmenu
+  ];
+}
diff --git a/system/settings/hardware/nitrokey.nix b/system/settings/hardware/nitrokey.nix
new file mode 100644
index 00000000..a77ce00c
--- /dev/null
+++ b/system/settings/hardware/nitrokey.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+
+{
+  hardware.nitrokey = {
+    enable = true;
+  };
+
+  services.pcscd.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    nitrokey-app
+  ];
+}
diff --git a/system/settings/hardware/nvidia-gpu.nix b/system/settings/hardware/nvidia-gpu.nix
new file mode 100644
index 00000000..9fc34169
--- /dev/null
+++ b/system/settings/hardware/nvidia-gpu.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+
+{ services.xserver.videoDrivers = [ "nvidia" ];
+  nixpkgs.config.allowUnfree = true;
+}
diff --git a/system/settings/hardware/printing.nix b/system/settings/hardware/printing.nix
new file mode 100644
index 00000000..96d3a959
--- /dev/null
+++ b/system/settings/hardware/printing.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }:
+
+{ services.printing.enable = true;
+  systemd.services.cups.wantedBy = lib.mkForce [];
+  systemd.sockets.cups.wantedBy = [ "sockets.target" ];
+  systemd.services.cups-browsed.wantedBy = lib.mkForce [];
+
+  systemd.timers.cups-browsed = {
+    description = "Delayed startup of CUPS Remote Printer Discovery";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "2 min";
+    };
+  };
+
+  imports = [
+    ../services/zeroconf.nix
+  ];
+}
diff --git a/system/settings/hardware/qwerty.nix b/system/settings/hardware/qwerty.nix
new file mode 100644
index 00000000..c967d561
--- /dev/null
+++ b/system/settings/hardware/qwerty.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "intl-unicode";
+    xkbOptions = "altwin:prtsc_rwin,caps:escape";
+  };
+}
diff --git a/system/settings/hardware/synaptics.nix b/system/settings/hardware/synaptics.nix
new file mode 100644
index 00000000..9f075cce
--- /dev/null
+++ b/system/settings/hardware/synaptics.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+{ services.xserver = {
+    libinput.enable = false;
+    synaptics = {
+      enable = true;
+
+      accelFactor = "0.04";
+
+      minSpeed = "0.3";
+      maxSpeed = "0.6";
+
+      palmDetect = true;
+      palmMinWidth = 5;
+      palmMinZ = 20;
+
+      twoFingerScroll = true;
+      vertTwoFingerScroll = true;
+      horizTwoFingerScroll = true;
+      additionalOptions = ''
+        Option "RBCornerButton" "3"
+        Option "VertScrollDelta" "-111"
+        Option "HorizScrollDelta" "-111"
+      '';
+    };
+  };
+}
diff --git a/system/settings/hardware/systemd-boot.nix b/system/settings/hardware/systemd-boot.nix
new file mode 100644
index 00000000..80e79fdc
--- /dev/null
+++ b/system/settings/hardware/systemd-boot.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+{ boot.loader.systemd-boot = {
+    enable = true;
+    editor = false; # Don't allow modification
+  };
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.vesa = true;
+  boot.earlyVconsoleSetup = true;
+}
diff --git a/system/settings/hardware/thinkpad.nix b/system/settings/hardware/thinkpad.nix
new file mode 100644
index 00000000..903e819b
--- /dev/null
+++ b/system/settings/hardware/thinkpad.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+{ boot.kernelModules = [ ];
+  boot.blacklistedKernelModules = [ "thinkpad_ec" ];
+  boot.extraModulePackages = with config.boot.kernelPackages; [
+    acpi_call
+  ];
+
+  hardware.trackpoint = {
+    enable = true;
+    emulateWheel = true;
+  };
+
+  services.thinkfan = {
+    enable = true;
+  };
+
+  services.tlp = {
+    enable = true;
+  };
+
+  imports = [
+    ./bare-metal.nix
+    ./laptop.nix
+  ];
+}
diff --git a/system/settings/hardware/trackball.nix b/system/settings/hardware/trackball.nix
new file mode 100644
index 00000000..9aa5abc0
--- /dev/null
+++ b/system/settings/hardware/trackball.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{ services.xserver.config = ''
+    Section "InputClass"
+        Identifier "Trackball (No Acceleration)"
+        MatchIsPointer "yes"
+        MatchIsTouchpad "no"
+        MatchProduct "Trackball"
+        Option "AccelerationProfile" "-1"
+        Option "AccelerationScheme" "none"
+    EndSection
+  '';
+}
diff --git a/system/settings/hardware/trezor.nix b/system/settings/hardware/trezor.nix
new file mode 100644
index 00000000..33cc6f25
--- /dev/null
+++ b/system/settings/hardware/trezor.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+{ services.trezord.enable = true;
+  environment.systemPackages = with pkgs; [
+    gnupg
+    pinentry
+    (python3.withPackages(ps: with ps; [ trezor_agent wheel ]))
+  ];
+  programs.gnupg.agent = {
+    enable = lib.mkForce false;
+    enableSSHSupport = lib.mkForce false;
+  };
+}
diff --git a/system/settings/kubernetes.nix b/system/settings/kubernetes.nix
new file mode 100644
index 00000000..692e46d6
--- /dev/null
+++ b/system/settings/kubernetes.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+  networking.bridges = {
+    cbr0.interfaces = [];
+  };
+  networking.interfaces = {
+    cbr0 = {
+      ipv4.addresses = [
+      { address = "10.10.0.1";
+        prefixLength = 24;
+      }
+      ];
+    };
+  };
+  services.kubernetes.roles = ["master" "node"];
+  services.kubernetes.kubelet.extraOpts = "--fail-swap-on=false";
+  virtualisation.docker.extraOptions = ''
+    --iptables=false --ip-masq=false -b cbr0
+  '';
+}
diff --git a/system/settings/machines/t470s.nix b/system/settings/machines/t470s.nix
new file mode 100644
index 00000000..4ee6c2ac
--- /dev/null
+++ b/system/settings/machines/t470s.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+{ hardware.usbWwan.enable = false; # unused
+  systemd.services.ModemManager.enable = false;
+
+  hardware.firmware = with pkgs; [
+    firmwareLinuxNonfree
+  ];
+
+  services.thinkfan.sensors = ''
+    hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon0/temp3_input
+    hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon0/temp1_input
+    hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon0/temp2_input
+  '';
+  services.thinkfan.levels = ''
+    (0,     0,      48)
+    (1,     45,     52)
+    (2,     50,     57)
+    (3,     55,     63)
+    (6,     60,     65)
+    (7,     60,     85)
+    (127,   80,     32767)
+  '';
+
+  boot.kernelParams = [
+    "i915.enable_guc=2"
+    "i915.enable_psr=1"
+  ];
+
+  boot.postBootCommands = ''
+    echo bfq > /sys/block/nvme0n1/queue/scheduler
+  '';
+
+  hardware.pulseaudio.extraConfig = ''
+    load-module module-alsa-sink device=hw:0,7
+  '';
+
+  services.tlp.extraConfig = ''
+    DISK_DEVICES="nvme0n1"
+    DISK_IOSCHED="keep"
+  '';
+
+  services.xserver = {
+    dpi = 109;
+    monitorSection = ''
+      DisplaySize 310 176
+    '';
+  };
+
+  environment.systemPackages = with pkgs; [
+    nvme-cli
+  ];
+
+  imports = [
+    ../hardware/intel-gpu.nix
+    ../hardware/hidpi.nix
+    ../hardware/thinkpad.nix
+  ];
+}
diff --git a/system/settings/machines/x250.nix b/system/settings/machines/x250.nix
new file mode 100644
index 00000000..0e8ac04e
--- /dev/null
+++ b/system/settings/machines/x250.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{ boot.extraModulePackages = with config.boot.kernelPackages; [
+    acpi_call
+  ];
+
+  hardware.firmware = with pkgs; [
+    firmwareLinuxNonfree
+  ];
+
+  services.tlp.extraConfig = ''
+    # Newer Thinkpads have a battery firmware
+    # it conflicts with TLP if stop thresholds are set
+    START_CHARGE_THRESH_BAT0=70
+    # STOP_CHARGE_THRESH_BAT0=80
+    START_CHARGE_THRESH_BAT1=70
+    # STOP_CHARGE_THRESH_BAT1=80
+
+    DISK_APM_LEVEL_ON_AC="254 254"
+    DISK_APM_LEVEL_ON_BAT="128 128"
+
+    # One or both of these lines stops disk corruption
+    # when re-attaching to AC whilst on.
+    SATA_LINKPWR_ON_BAT=medium_power
+    SATA_LINKPWR_BLACKLIST="host1"
+  '';
+
+  imports = [
+    ../hardware/synaptics.nix
+    ../hardware/intel-gpu.nix
+    ../hardware/thinkpad.nix
+  ];
+}
diff --git a/system/settings/programs/accounting.nix b/system/settings/programs/accounting.nix
new file mode 100644
index 00000000..e98c3e7e
--- /dev/null
+++ b/system/settings/programs/accounting.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+{ environment.systemPackages = with pkgs; [
+    ledger
+    bean-add
+    beancount
+    fava
+    reckon
+  ];
+}
diff --git a/system/settings/programs/barrier.nix b/system/settings/programs/barrier.nix
new file mode 100644
index 00000000..9a73620d
--- /dev/null
+++ b/system/settings/programs/barrier.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    barrier
+  ];
+
+  networking.firewall.allowedTCPPorts = [ 24800 ];
+}
diff --git a/system/settings/programs/gnome.nix b/system/settings/programs/gnome.nix
new file mode 100644
index 00000000..bd785453
--- /dev/null
+++ b/system/settings/programs/gnome.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{ services = {
+    gnome3 = {
+      gnome-documents.enable = false;
+      gnome-user-share.enable = false;
+      gnome-online-accounts.enable = false;
+      seahorse.enable = false;
+      tracker.enable = false;
+    };
+    telepathy.enable = false;
+
+    xserver = {
+      desktopManager.gnome3 = {
+        enable = true;
+        extraGSettingsOverrides = ''
+          [org.gnome.desktop.input-sources]
+          sources=[('xkb','${config.services.xserver.layout + (optionalString (config.services.xserver.xkbVariant != "") ("+" + config.services.xserver.xkbVariant))}')]
+        '';
+      };
+    };
+  };
+}
diff --git a/system/settings/programs/gnupg.nix b/system/settings/programs/gnupg.nix
new file mode 100644
index 00000000..663bcb3c
--- /dev/null
+++ b/system/settings/programs/gnupg.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, lib, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    gnupg
+    pinentry
+    (python3.withPackages(ps: with ps; [ trezor_agent wheel ]))
+  ];
+  environment.variables.GNUPGHOME = "$HOME/.gnupg/trezor/";
+}
diff --git a/system/settings/programs/i3.nix b/system/settings/programs/i3.nix
new file mode 100644
index 00000000..b0140cdb
--- /dev/null
+++ b/system/settings/programs/i3.nix
@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{ services.xserver.windowManager = {
+    default = "i3";
+    i3 = {
+      enable = true;
+      extraSessionCommands = ''
+        ${pkgs.sxhkd}/bin/sxhkd &
+      '';
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    i3status
+  ];
+
+  imports = [
+    ./window-manager.nix
+  ];
+}
diff --git a/system/settings/programs/infrastructure.nix b/system/settings/programs/infrastructure.nix
new file mode 100644
index 00000000..5e68bc8a
--- /dev/null
+++ b/system/settings/programs/infrastructure.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{ environment.systemPackages = with pkgs; [
+    hugo
+
+    nixops
+  ];
+}
diff --git a/system/settings/programs/kde.nix b/system/settings/programs/kde.nix
new file mode 100644
index 00000000..652eb2a6
--- /dev/null
+++ b/system/settings/programs/kde.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{ services = {
+    xserver = {
+      desktopManager = {
+        plasma5.enable = true;
+      };
+      displayManager = {
+        sddm.enable = true;
+      };
+    };
+
+    physlock.enable = lib.mkForce false;
+  };
+
+  environment.systemPackages = with pkgs; [
+    kde-gtk-config
+  ];
+}
diff --git a/system/settings/programs/keybase.nix b/system/settings/programs/keybase.nix
new file mode 100644
index 00000000..39a16b27
--- /dev/null
+++ b/system/settings/programs/keybase.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.keybase.enable = true;
+  services.kbfs.enable = true;
+  environment.variables.NIX_SKIP_KEYBASE_CHECKS = "1";
+
+  environment.systemPackages = with pkgs; [
+    keybase-gui
+  ];
+}
diff --git a/system/settings/programs/shell.nix b/system/settings/programs/shell.nix
new file mode 100644
index 00000000..a8d4f56f
--- /dev/null
+++ b/system/settings/programs/shell.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{ programs.zsh = {
+    enable = true;
+    promptInit = "";
+  };
+  programs.bash.enableCompletion = true;
+}
diff --git a/system/settings/programs/tor.nix b/system/settings/programs/tor.nix
new file mode 100644
index 00000000..5524aede
--- /dev/null
+++ b/system/settings/programs/tor.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.tor = {
+    enable = true;
+    client = {
+      enable = true;
+      socksListenAddress = "9050 IPv6Traffic";
+    };
+    torsocks = {
+      enable = true;
+    };
+  };
+  systemd.services.tor.wantedBy = lib.mkForce [];
+  systemd.timers.tor = {
+    description = "Delayed startup of Tor";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "1 min";
+    };
+  };
+}
diff --git a/system/settings/programs/window-manager.nix b/system/settings/programs/window-manager.nix
new file mode 100644
index 00000000..7095d523
--- /dev/null
+++ b/system/settings/programs/window-manager.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+{ services.xserver = {
+   desktopManager.xterm.enable = false;
+
+   displayManager = {
+     lightdm = {
+       enable = true;
+       greeters.mini = {
+         enable = true;
+         user = "alan";
+       };
+     };
+     sessionCommands = ''
+       ${pkgs.xorg.xrdb}/bin/xrdb -merge $HOME/.xresources/main
+       ${pkgs.xorg.xsetroot}/bin/xsetroot -cursor_name left_ptr -solid '#4d4d4c'
+     '';
+   };
+    xautolock = {
+      enable = true;
+      locker = "${pkgs.i3lock}/bin/i3lock -n";
+      enableNotifier = true;
+      notifier = "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\"";
+      time = 5;
+    };
+  };
+
+  services.xserver.displayManager.setupCommands = ''
+    ${pkgs.redshift}/bin/redshift \
+      -l ${toString config.services.redshift.latitude}:${toString config.services.redshift.longitude} \
+      -t ${toString config.services.redshift.temperature.day}:${toString config.services.redshift.temperature.night} \
+      -b 1:1 \
+      -o \
+      -r \
+  '';
+
+  environment.systemPackages = with pkgs; [
+    dmenu
+    libnotify # for notify-send
+    rofi
+    sxhkd
+    maim
+
+    perlPackages.FileMimeInfo # xdg-utils uses this when no DE
+  ];
+}
diff --git a/system/settings/programs/wine.nix b/system/settings/programs/wine.nix
new file mode 100644
index 00000000..98dd60a2
--- /dev/null
+++ b/system/settings/programs/wine.nix
@@ -0,0 +1,6 @@
+{ config, pkgs, ... }:
+
+{ environment.systemPackages = with pkgs; [
+    wineStable
+  ];
+}
diff --git a/system/settings/satoshipay.nix b/system/settings/satoshipay.nix
new file mode 100644
index 00000000..9cc5a341
--- /dev/null
+++ b/system/settings/satoshipay.nix
@@ -0,0 +1,71 @@
+{ config, pkgs, fetchurl, lib, ... }:
+
+{ virtualisation = {
+  docker = let
+    daemonConfig = {
+      ipv6 = true;
+      fixed-cidr-v6 = "fd69:2074:9fcd:b0fd::/64";
+      features = {
+        buildkit = true;
+      };
+    };
+    in {
+      enable = true;
+      enableOnBoot = false;
+      liveRestore = false;
+
+      extraOptions = "--config-file=${pkgs.writeText "daemon.json" (builtins.toJSON daemonConfig)}";
+
+      autoPrune = {
+        enable = true;
+      };
+    };
+  };
+
+  services.mongodb = {
+    enable = true;
+    replSetName = "rs0";
+    dbpath = "/tmp/mongodb";
+  };
+  systemd.services.mongodb.wantedBy = lib.mkForce  [];
+  systemd.timers.mongodb = {
+    description = "Delayed startup of MongoDB";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "1 min";
+    };
+  };
+  systemd.services.mongodb-init = {
+    description = "Init mongodb replicaset";
+    requires = [ "mongodb.service" ];
+    script = "${pkgs.mongodb}/bin/mongo --eval 'rs.initiate()'";
+  };
+  systemd.timers.mongodb-init = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "2 min";
+    };
+  };
+
+  services.redis = {
+    enable = true;
+  };
+  systemd.services.redis.wantedBy = lib.mkForce [];
+  systemd.timers.redis = {
+    description = "Delayed startup of Redis";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "1 min";
+    };
+  };
+
+
+  services.printing.drivers = with pkgs; [
+  ];
+
+  networking.domain = "satoshipay.io";
+
+  networking.extraHosts = ''
+    127.0.0.1 blogger.local wallet.satoshipay.local api.satoshipay.local ws.satoshipay.local
+  '';
+}
diff --git a/system/settings/services/syncthing.nix b/system/settings/services/syncthing.nix
new file mode 100644
index 00000000..b6a12861
--- /dev/null
+++ b/system/settings/services/syncthing.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{ services.syncthing = {
+    enable = true;
+    user = "alan";
+    group = "users";
+    openDefaultPorts = true;
+    systemService = true;
+    dataDir = "/home/alan/.config/syncthing";
+  };
+}
diff --git a/system/settings/services/xserver.nix b/system/settings/services/xserver.nix
new file mode 100644
index 00000000..d898f55a
--- /dev/null
+++ b/system/settings/services/xserver.nix
@@ -0,0 +1,82 @@
+{ config, pkgs, ... }:
+
+{ services.xserver = {
+    enable = true;
+    enableCtrlAltBackspace = true;
+    exportConfiguration = true;
+  };
+
+  i18n.consoleUseXkbConfig = true;
+
+  environment.systemPackages = with pkgs; [
+    xorg.xmodmap
+    xorg.xinit
+    xorg.xev
+    xorg.xdpyinfo
+    xclip
+    xfontsel
+
+    vanilla-dmz
+    capitaine-cursors
+    bibata-cursors
+
+    arc-theme
+    hicolor_icon_theme
+    paper-gtk-theme
+    paper-icon-theme
+
+    arc-icon-theme
+    tango-icon-theme
+
+    gtk-engine-murrine
+    gtk_engines
+  ];
+
+  fonts = {
+    enableFontDir = true;
+    enableDefaultFonts = false;
+    fontconfig = {
+      useEmbeddedBitmaps = true;
+      defaultFonts = {
+        monospace = [ "Liberation Mono" ];
+        sansSerif = [ "Liberation Sans" ];
+        serif = [ "Liberation Serif" ];
+      };
+      penultimate = {
+        enable = true;
+      };
+      ultimate = {
+        enable = false;
+        preset = "osx";
+      };
+    };
+    fonts = with pkgs; [
+      dina-font
+      envypn-font
+      profont
+      proggyfonts
+      terminus_font
+      terminus_font_ttf
+
+      fantasque-sans-mono
+      emacs-all-the-icons-fonts
+      fira
+      fira-code
+      fira-mono
+      go-font
+      font-awesome_5
+      ibm-plex
+      liberation_ttf
+      mononoki
+      roboto
+      roboto-mono
+      roboto-slab
+      source-code-pro
+      source-sans-pro
+      source-serif-pro
+      xorg.fontmiscmisc
+      xorg.fontcursormisc
+      xorg.fontbhlucidatypewriter100dpi
+    ];
+  };
+}
diff --git a/system/settings/services/zeroconf.nix b/system/settings/services/zeroconf.nix
new file mode 100644
index 00000000..0b428c54
--- /dev/null
+++ b/system/settings/services/zeroconf.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, lib, ... }:
+
+{ services.avahi = {
+    enable = true;
+    nssmdns = true;
+    ipv6 = true;
+  };
+  systemd.services.avahi-daemon.wantedBy = lib.mkForce [];
+  systemd.timers.avahi-daemon = {
+    description = "Delayed startup of Avahi";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnActiveSec = "1 min";
+    };
+  };
+}
diff --git a/system/settings/user-interface.nix b/system/settings/user-interface.nix
new file mode 100644
index 00000000..08d390ab
--- /dev/null
+++ b/system/settings/user-interface.nix
@@ -0,0 +1,97 @@
+{ config, pkgs, lib, makeDesktopItem, ... }:
+
+{ documentation.info.enable = true;
+  nixpkgs.config.firefox.enableOfficialBranding = true;
+
+  environment.pathsToLink = [ "/share/zsh" ];
+
+  environment.systemPackages = with pkgs; [
+    aria2
+    firefox
+    pcmanfm
+
+    epdfview
+    geeqie
+
+    cmus
+
+    fish # for emacs-fish-completion
+
+    lxappearance
+    lxrandr
+    lxtask
+
+    python3Packages.keyring
+    isync
+    msmtp
+    html2text
+
+    weechat
+
+    mpv
+
+    aspell
+    aspellDicts.en
+
+    cifs-utils
+    hexchat
+    signal-desktop
+    wire-desktop
+
+    trash-cli
+  ];
+
+  nixpkgs.config.allowUnfree = true;
+
+  services.compton = {
+    enable = true;
+    backend = "glx";
+    vSync = "opengl-swc";
+  };
+
+  services.devmon.enable = true;
+
+  systemd.user.services.trash-clean = {
+    path = with pkgs; [ trash-cli ];
+    description = "Remove old files from FreeDesktop.org trash";
+
+    serviceConfig = {
+      Type = "oneshot";
+    };
+    script = "trash-empty 30";
+  };
+  systemd.user.timers.trash-clean = {
+    wantedBy = [ "default.target" ];
+    timerConfig = {
+      OnCalendar = "weekly";
+      Persistent = true;
+    };
+  };
+
+  environment.variables = {
+    # This is required so that GTK applications launched from Emacs
+    # get properly themed:
+    GTK_DATA_PREFIX = "${config.system.path}";
+  };
+
+  services.redshift = {
+    enable = true;
+    temperature = {
+      day = 6500;
+      night = 3600;
+    };
+  };
+
+  programs.ssh.startAgent = true;
+
+  programs.dconf.enable = true;
+  services.gnome3 = {
+    gnome-keyring.enable = true;
+    seahorse.enable = true;
+    at-spi2-core.enable = true;
+  };
+
+  imports = [
+    ./services/xserver.nix
+  ];
+}