system/machine/MacPro31/configuration.nix

@@ -22,6 +22,10 @@
 
   networking.hostName = "MacPro31-NixOS";
 
+  # Elderly host: a compressed RAM swap softens memory pressure (earlyoom in
+  # workstation.nix is the backstop).
+  zramSwap.enable = true;
+
   # This host accepts SSH, so open 22 (the firewall itself is enabled in
   # workstation.nix with a default-deny policy).
   services.openssh.enable = true;

system/machine/T400/configuration.nix

@@ -1,7 +1,7 @@
 # ThinkPad T400 (NixOS). Shared laptop options live in ../../modules/laptop.nix;
 # only host-specific settings are here. Install notes (boot variants, GPU,
 # partitions): see ./README.md.
-{ ... }:
+{ config, ... }:
 
 {
   imports = [
@@ -31,6 +31,16 @@
   # the radeon firmware needed by the discrete GPU below.
   hardware.cpu.intel.updateMicrocode = true;
 
+  # Battery longevity: cap charging to 75-80%. tlp itself comes from the
+  # nixos-hardware lenovo-thinkpad profile; tp_smapi supplies the threshold
+  # sysfs on this 2008-era ThinkPad (kernel-native natacpi is too new for it).
+  boot.kernelModules = [ "tp_smapi" ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
+  services.tlp.settings = {
+    START_CHARGE_THRESH_BAT0 = 75;
+    STOP_CHARGE_THRESH_BAT0 = 80;
+  };
+
   # This T400 has the optional discrete GPU fitted: an ATI Mobility Radeon HD
   # 3470 (RV620), driven by the open `radeon` KMS driver. Load it in the initrd
   # for early modesetting (clean Sway/Wayland start); firmware comes from

system/modules/laptop.nix

@@ -12,4 +12,13 @@
     enable = true;
     settings.General.EnableNetworkConfiguration = true;
   };
+
+  # Bluetooth. The Asahi MBP loads Apple's BT firmware (see its host config) and
+  # the T400 has an optional BT module; enable bluez on both, with blueman as the
+  # GUI/tray manager for the Sway session.
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+  };
+  services.blueman.enable = true;
 }

system/modules/workstation.nix

@@ -5,12 +5,16 @@
 # The bootloader is NOT set here -- it is firmware-specific, not form-factor:
 # UEFI hosts (MBP, Mac Pro 3,1) use systemd-boot, the BIOS-only T400 uses GRUB.
 # Each machine config declares its own.
-{ ... }:
+{ lib, pkgs, ... }:
 {
   features.swayDesktop.enable = true;
 
   console.keyMap = "dvorak";
 
+  # Intel thermal management. x86 only -- the Asahi MBP governs its own SoC
+  # thermals, and thermald is an Intel-platform daemon.
+  services.thermald.enable = lib.mkIf pkgs.stdenv.hostPlatform.isx86_64 true;
+
   # Default-deny inbound. Hosts that run a listening service open their own
   # ports next to where the service is enabled (e.g. sshd -> 22 on X1).
   networking.firewall.enable = true;
@@ -20,6 +24,14 @@
   services.fstrim.enable = true;
   boot.tmp.cleanOnBoot = true;
 
+  # Userspace OOM killer: act on memory pressure early instead of letting the
+  # kernel OOM-thrash. Matters on the 4 GiB T400 and the elderly Mac Pro.
+  services.earlyoom.enable = true;
+
+  # Firmware updates via LVFS. No-op on the Asahi MBP (Apple-managed firmware),
+  # useful for UEFI/SSD updates on the x86 hosts.
+  services.fwupd.enable = true;
+
   # Audio. PipeWire with the PulseAudio shim covers every graphical host; no
   # per-machine audio config is needed.
   services.pipewire = {