From 62d5c4111ea51f98a052781a8c61fca2c0329b93 Mon Sep 17 00:00:00 2001
From: ska <ska@noreply.git.skarockoi.de>
Date: Thu, 25 Dec 2025 18:50:28 +0000
Subject: [PATCH] =?UTF-8?q?gef=C3=A4hrlcihe=20update=20maybe=20=3F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 configuration.nix | 66 ++++++++++++++++++++++++++++++++---------------
 1 file changed, 45 insertions(+), 21 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index bf0f7bf..7e48afb 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -2,24 +2,20 @@
 
 {
   ############################################################
-  # BOOTLOADER - GRUB 
+  # BOOTLOADER - SYSTEMD-BOOT (USB FRIENDLY)
   ############################################################
 
-  boot.loader.grub = {
-    enable = true;
-    device = "nodev";
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-    useOSProber = false;
-  };
+  boot.loader.systemd-boot.enable = true;
 
   boot.loader.efi = {
     canTouchEfiVariables = false;
     efiSysMountPoint = "/boot";
   };
 
+  boot.loader.systemd-boot.configurationLimit = 5;
+
   ############################################################
-  # INITRD - HARDWARE-AGNOSTIC + LUKS
+  # INITRD - HARDWARE-AGNOSTIC + FRAMEBUFFER FALLBACK + LUKS
   ############################################################
 
   boot.initrd.availableKernelModules = [
@@ -32,16 +28,29 @@
     "sr_mod"
   ];
 
+  # Explicit graphics fallback for unknown hardware
+  boot.initrd.kernelModules = [
+    "i915"
+    "amdgpu"
+    "nouveau"
+  ];
+
   boot.kernelModules = [];
 
+  boot.kernelParams = [
+    "i8042.noaux"
+    "i8042.nomux"
+    "i8042.nopnp"
+  ];
+
   boot.initrd.luks.devices.root = {
     device = "/dev/disk/by-partlabel/nixos-crypt";
     preLVM = true;
     allowDiscards = true;
   };
 
-  boot.plymouth.enable = true;
   boot.initrd.systemd.enable = true;
+  boot.plymouth.enable = true;
 
   ############################################################
   # FIRMWARE - WIDE HARDWARE SUPPORT
@@ -54,12 +63,17 @@
   hardware.cpu.amd.updateMicrocode = true;
 
   ############################################################
-  # FILESYSTEMS - BASED ON LABELS
+  # FILESYSTEMS - USB LONGEVITY
   ############################################################
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos-root";
     fsType = "ext4";
+    options = [
+      "noatime"
+      "nodiratime"
+      "discard"
+    ];
   };
 
   fileSystems."/boot" = {
@@ -68,7 +82,7 @@
   };
 
   ############################################################
-  # NETWORKING
+  # NETWORKING / LOCALE
   ############################################################
 
   networking.networkmanager.enable = true;
@@ -113,9 +127,11 @@
   services.printing.enable = true;
 
   ############################################################
-  # USER
+  # USERS
   ############################################################
 
+  users.mutableUsers = true;
+
   users.users.user = {
     isNormalUser = true;
     description = "user";
@@ -139,7 +155,7 @@
 
     gnomeExtensions.dash-in-panel
     gnomeExtensions.dash-to-panel
-    
+
     obsidian
     libreoffice
     keepassxc
@@ -160,7 +176,6 @@
     #!/run/current-system/sw/bin/bash
     set -e
 
-    # Ensure all system tools are available
     export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin"
     export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
 
@@ -170,21 +185,15 @@
     if [ ! -d "$LOCAL_PATH/.git" ]; then
       mkdir -p "$LOCAL_PATH"
       chmod 700 "$LOCAL_PATH"
-      echo "Cloning config from $REPO_URL..."
       git clone "$REPO_URL" "$LOCAL_PATH"
     else
       cd "$LOCAL_PATH"
-      echo "Fetching updates..."
       git fetch origin
       LOCAL_HEAD=$(git rev-parse HEAD)
       REMOTE_HEAD=$(git rev-parse origin/main)
       if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
-        echo "New config available. Updating..."
         git reset --hard origin/main
         nixos-rebuild switch -I nixos-config="$LOCAL_PATH/configuration.nix"
-        echo "System updated successfully."
-      else
-        echo "Config is already up to date."
       fi
     fi
   '';
@@ -197,6 +206,10 @@
       Type = "oneshot";
       User = "root";
       Group = "root";
+      TimeoutStartSec = "10min";
+      Restart = "on-failure";
+      StandardOutput = "journal";
+      StandardError = "journal";
     };
   };
 
@@ -214,6 +227,17 @@
 
   zramSwap.enable = true;
 
+  boot.tmp.useTmpfs = true;
+
+  ############################################################
+  # JOURNALD LIMITS (FLASH FRIENDLY)
+  ############################################################
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=200M
+    RuntimeMaxUse=50M
+  '';
+
   ############################################################
   # NIXOS VERSION
   ############################################################