{ pkgs, config, inputs, lib, ... }: { catppuccin.tty.enable = true; facter.reportPath = ./facter.json; fileSystems = { "/" = { device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b"; fsType = "btrfs"; options = ["subvol=root"]; }; "/home" = { device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b"; fsType = "btrfs"; options = [ "subvol=home" "compress=zstd" ]; }; "/nix" = { device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b"; fsType = "btrfs"; options = [ "subvol=nix" "compress=zstd" "noatime" ]; }; "/persist" = { device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b"; neededForBoot = true; fsType = "btrfs"; options = [ "subvol=persist" "compress=zstd" ]; }; "/var/log" = { device = "/dev/disk/by-uuid/d375c3a3-63a3-47f8-8b77-58fabbb8f67b"; fsType = "btrfs"; options = [ "subvol=log" "compress=zstd" "noatime" ]; neededForBoot = true; }; "/boot" = { device = "/dev/disk/by-uuid/12CE-A600"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; }; security = { rtkit.enable = true; pam = { services.sddm.enableGnomeKeyring = true; loginLimits = [ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; }; sudo-rs = { enable = true; wheelNeedsPassword = false; execWheelOnly = true; }; tpm2 = { enable = true; pkcs11.enable = true; tctiEnvironment.enable = true; }; }; jovian = { steam = { enable = true; autoStart = true; user = "marshall"; desktopSession = "hyprland"; environment = { STEAM_EXTRA_COMPAT_TOOLS_PATHS = "${pkgs.proton-ge-bin.steamcompattool}"; }; }; decky-loader = { enable = false; user = "marshall"; }; }; fonts = { packages = with pkgs; [maple-mono.NF] ++ (with nerd-fonts; [ comic-shanns-mono fira-code iosevka jetbrains-mono recursive-mono symbols-only ubuntu-mono zed-mono ]); }; systemd = { tpm2.enable = true; user.extraConfig = '' DefaultEnvironment="PATH=${lib.concatStringsSep ":" [ "/run/wrappers/bin" "/etc/profiles/per-user/%u/bin" "/nix/var/nix/profiles/default/bin" "/run/current-system/sw/bin" ]}" ''; }; age = { secrets.passwd.file = ../../../secrets/passwd.age; identityPaths = ["/persist/root/.ssh/id_ed25519"]; }; virtualisation = { spiceUSBRedirection.enable = true; podman = { enable = true; dockerCompat = true; dockerSocket.enable = true; }; }; environment = { sessionVariables = { BROWSER = "zen"; COSMIC_DATA_CONTROL_ENABLED = 1; DIRENV_WARN_TIMEOUT = "100s"; EDITOR = "nvim"; NH_FLAKE = "/home/marshall/nix-config"; NIXOS_OZONE_WL = 1; TERMINAL = "wezterm"; }; systemPackages = with pkgs; [ config.boot.kernelPackages.perf ddccontrol-db inputs.agenix.packages.${system}.default inputs.hyprswitch.packages.${system}.hyprswitch nautilus sound-theme-freedesktop tpm2-tss uutils-coreutils-noprefix xclip ]; persistence."/persist" = { hideMounts = true; directories = [ "/etc/ssh" "/etc/NetworkManager" "/root/.ssh" "/var/lib/bluetooth" "/var/lib/iwd" "/var/lib/nixos" "/var/lib/systemd/coredump" "/var/lib/decky-loader" ]; files = ["/etc/machine-id"]; }; }; boot = { kernelPackages = pkgs.linuxPackages_cachyos; tmp.useTmpfs = true; blacklistedKernelModules = [ "nouveau" "i915" ]; supportedFilesystems = [ "btrfs" "ntfs" ]; initrd = { availableKernelModules = ["tpm_tis"]; luks.devices."enc" = { device = "/dev/disk/by-uuid/9952fcd1-46eb-4c9c-ab7d-361d31fdb9a2"; crypttabExtraOpts = ["tpm2-device=auto" "tpm2-measure-pcr=yes"]; }; systemd = { enable = true; emergencyAccess = true; tpm2.enable = true; services.wipe-root = { description = "Rollback BTRFS root subvolume to a pristine state"; wantedBy = ["initrd.target"]; after = ["dev-mapper-enc.device"]; requires = ["dev-mapper-enc.device"]; before = ["sysroot.mount"]; unitConfig.DefaultDependencies = "no"; serviceConfig.Type = "oneshot"; script = '' ( set -xe btrfs_subvolume_delete_recursive() { btrfs subvolume list -o "$1" | cut -f 9- -d ' ' | while read -r subvolume; do btrfs_subvolume_delete_recursive "$mount_point/$subvolume" done btrfs subvolume delete "$1" } mount_point=/mnt mkdir -p "$mount_point" mount -t btrfs "/dev/mapper/enc" "$mount_point" trap 'umount "$mount_point" && rmdir "$mount_point"' EXIT btrfs_subvolume_delete_recursive \ "$mount_point/root" btrfs subvolume create "$mount_point/root" ) ''; }; }; }; extraModprobeConfig = "options nvidia " + lib.concatStringsSep " " [ "NVreg_EnablePCIeGen3=1" "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100" "NVreg_UsePageAttributeTable=1" ]; kernelParams = [ "intel_iommu=on" "iommu=pt" "kvm.ignore_msrs=1" "modprobe.blacklist=nouveau,i915" "nvidia_drm.fbdev=1" ]; loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 3; }; }; }; nix = { daemonCPUSchedPolicy = "batch"; daemonIOSchedClass = "idle"; daemonIOSchedPriority = 7; gc = { automatic = true; dates = "Sat *-*-* 03:00"; options = "--delete-older-than 30d"; }; optimise = { automatic = true; dates = ["04:00"]; }; settings = { auto-optimise-store = true; builders-use-substitutes = true; flake-registry = "/etc/nix/registry.json"; keep-going = true; log-lines = 30; max-jobs = "auto"; max-free = "${toString (10 * 1024 * 1024 * 1024)}"; min-free = "${toString (5 * 1024 * 1024 * 1024)}"; sandbox-fallback = false; sandbox = true; use-cgroups = true; use-xdg-base-directories = true; warn-dirty = false; system-features = [ "nixos-test" "kvm" "recursive-nix" "big-parallel" "gccarch-x86-64-v4" ]; allowed-users = [ "root" "@wheel" "nix-builder" ]; trusted-users = [ "root" "@wheel" "nix-builder" ]; extra-experimental-features = [ "flakes" # flakes "nix-command" # experimental nix commands "recursive-nix" # let nix invoke itself "ca-derivations" # content addressed nix "auto-allocate-uids" # allow nix to automatically pick UIDs, rather than creating nixbld* user accounts "cgroups" # allow nix to execute builds inside cgroups ]; substituters = [ "https://cache.nixos.org?priority=100" "https://hyprland.cachix.org" "https://nix-community.cachix.org" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; }; }; programs = { dconf.enable = true; fish.enable = true; gamemode.enable = true; gnupg.agent.enable = true; appimage = { enable = true; binfmt = true; }; hyprland = { enable = true; package = inputs.hyprland.packages.${pkgs.system}.hyprland; }; nh = { enable = true; flake = "/home/marshall/nix-config"; }; nix-ld = { enable = true; libraries = [pkgs.libGL]; }; obs-studio = { enable = true; enableVirtualCamera = true; }; steam = { enable = true; extraCompatPackages = [inputs.chaotic.packages.${pkgs.system}.proton-ge-custom]; }; }; networking = { firewall.enable = false; networkmanager.enable = true; hostName = "navis"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; useDHCP = lib.mkForce true; }; time = { hardwareClockInLocalTime = true; timeZone = "America/New_York"; }; services = { ddccontrol.enable = true; flatpak.enable = true; getty.autologinUser = "marshall"; gnome.gnome-keyring.enable = true; openssh.enable = true; spice-vdagentd.enable = true; udisks2.enable = true; btrfs.autoScrub = { enable = true; fileSystems = ["/dev/mapper/enc"]; }; libinput = { enable = true; touchpad.naturalScrolling = true; }; xserver = { enable = true; videoDrivers = ["nvidia"]; }; pipewire = { enable = true; pulse.enable = true; alsa = { enable = true; support32Bit = true; }; }; }; users = { mutableUsers = false; users.marshall = { hashedPasswordFile = config.age.secrets.passwd.path; isNormalUser = true; shell = pkgs.fish; extraGroups = [ "disk" "gamemode" "networkmanager" "tss" "wheel" ]; }; }; snowfallorg.users.marshall = { create = true; admin = true; }; hardware = { bluetooth.enable = true; i2c.enable = true; nvidia-container-toolkit.enable = true; graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ vaapiVdpau nvidia-vaapi-driver ]; }; nvidia = { package = config.boot.kernelPackages.nvidiaPackages.beta; modesetting.enable = true; powerManagement.enable = false; open = false; }; }; xdg.portal = { enable = true; xdgOpenUsePortal = true; config.common.default = "*"; extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; system.stateVersion = "24.05"; }