me like nix
1{ ... }: {
2 flake.modules.nixos.framework-laptop =
3 { pkgs, ... }:
4 {
5 networking.hostName = "framework16";
6
7 boot.initrd.luks.devices."luks-ee306bda-c450-4a56-b4fe-537899e38e0d" = {
8 device = "/dev/disk/by-uuid/ee306bda-c450-4a56-b4fe-537899e38e0d";
9 bypassWorkqueues = true;
10 };
11
12 # Reduce swap pressure to avoid thrashing through dm-crypt
13 boot.kernel.sysctl."vm.swappiness" = 10;
14
15 # Disable ABM (Active Backlight Management) to maintain color accuracy
16 boot.kernelParams = [ "amdgpu.abmlevel=0" ];
17
18 # Enable QEMU emulation for aarch64 (for building Pi images)
19 boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
20
21 # nixos-raspberrypi binary cache
22 nix.settings.extra-substituters = [ "https://nixos-raspberrypi.cachix.org" ];
23 nix.settings.extra-trusted-public-keys = [ "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" ];
24 nix.settings.trusted-users = [
25 "root"
26 "sean"
27 ];
28
29 # Use power-profiles-daemon instead of TLP (recommended for AMD Framework)
30 services.power-profiles-daemon.enable = true;
31
32 # Disable keyboard/touchpad wake from suspend (prevents wake in bags)
33 services.udev.extraRules = ''
34 # Framework Laptop 16 - Disable wakeup for internal keyboard to prevent wake in bags
35 ACTION=="add", SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTR{power/wakeup}="disabled"
36 '';
37
38 environment.systemPackages = with pkgs; [
39 brightnessctl
40 gdm
41 ];
42
43 # SSH
44 services.openssh = {
45 enable = true;
46 settings = {
47 PasswordAuthentication = false;
48 KbdInteractiveAuthentication = false;
49 PermitRootLogin = "no";
50 AllowUsers = [ "sean" ];
51 };
52 };
53
54 # Firewall
55 networking.firewall.allowedUDPPorts = [ ];
56 networking.firewall.enable = false;
57
58 system.stateVersion = "25.05";
59 };
60}