{ pkgs, config, inputs, lib, ... }: with lib // pkgs // inputs; { imports = [./hardware.nix]; security = { rtkit.enable = true; pam = { services.greetd.enableGnomeKeyring = true; loginLimits = [ { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; }; sudo.wheelNeedsPassword = false; }; console.catppuccin.enable = true; systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 marshall qemu-libvirtd -" ]; systemd.user.extraConfig = let path = lib.concatStringsSep ":" [ "/run/wrappers/bin" "/etc/profiles/per-user/%u/bin" "/nix/var/nix/profiles/default/bin" "/run/current-system/sw/bin" ]; in '' DefaultEnvironment="PATH=${path}" ''; age = { secrets.passwd.file = /etc/secrets/passwd.age; identityPaths = ["/persist/root/.ssh/id_ed25519"]; }; chaotic = { scx = { enable = true; scheduler = "scx_rusty"; }; steam.extraCompatPackages = [ luxtorpeda proton-ge-custom ]; }; virtualisation = { spiceUSBRedirection.enable = true; libvirtd = { enable = true; onBoot = "ignore"; onShutdown = "shutdown"; qemu = { package = qemu_kvm; swtpm.enable = true; runAsRoot = false; ovmf.enable = true; ovmf.packages = [OVMFFull.fd]; }; }; podman = { enable = true; dockerCompat = true; dockerSocket.enable = true; }; }; environment = { sessionVariables = { BROWSER = "firefox-nightly"; DIRENV_WARN_TIMEOUT = "100s"; EDITOR = "nvim"; TERMINAL = "wezterm"; }; systemPackages = [ agenix.packages.${system}.default gnome.nautilus internal.lightly-boehs-qt6 looking-glass-client snowfallorg.flake sound-theme-freedesktop virtio-win (warp-terminal.override {waylandSupport = true;}) winetricks wineWowPackages.staging xclip yt-dlp ]; persistence."/persist" = { hideMounts = true; directories = [ "/etc/NetworkManager" "/etc/secrets" "/etc/ssh" "/root/.ssh" "/var/lib/bluetooth" "/var/lib/libvirt" "/var/lib/nixos" "/var/lib/systemd/coredump" ]; files = ["/etc/machine-id"]; }; }; boot = { blacklistedKernelModules = ["nouveau"]; kernelPackages = linuxPackages_cachyos; supportedFilesystems = ["btrfs" "ntfs"]; initrd.systemd = { enable = true; emergencyAccess = true; # No password needed because of LUKS }; plymouth = { enable = true; catppuccin.enable = true; }; extraModprobeConfig = "options nvidia " + concatStringsSep " " [ "NVreg_UsePageAttributeTable=1" "NVreg_EnablePCIeGen3=1" "NVreg_RegistryDwords=RMUseSwI2c=0x01;RMI2cSpeed=100" ]; kernelParams = [ "intel_iommu=on" "iommu=pt" "kvm.ignore_msrs=1" "modprobe.blacklist=nouveau" ]; loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 20; }; }; }; nix = let mappedRegistry = pipe inputs [ (filterAttrs (_: isType "flake")) (mapAttrs (_: flake: {inherit flake;})) (x: x // {nixpkgs.flake = nixpkgs;}) ]; in { package = mkForce nixSuper; registry = mappedRegistry // optionalAttrs (config.nix.package == nixSuper) {default = mappedRegistry.nixpkgs;}; nixPath = mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry; daemonCPUSchedPolicy = "batch"; daemonIOSchedClass = "idle"; daemonIOSchedPriority = 7; gc = { automatic = true; dates = "Sat *-*-* 03:00"; options = "--delete-older-than 30d"; }; optimise = { automatic = true; dates = ["04:00"]; }; settings = { auto-optimise-store = true; builders-use-substitutes = true; flake-registry = "/etc/nix/registry.json"; keep-going = true; log-lines = 30; max-jobs = "auto"; sandbox-fallback = false; sandbox = true; system-features = ["nixos-test" "kvm" "recursive-nix" "big-parallel"]; use-cgroups = true; use-xdg-base-directories = true; warn-dirty = false; allowed-users = ["root" "@wheel" "nix-builder"]; trusted-users = ["root" "@wheel" "nix-builder"]; min-free = "${toString (5 * 1024 * 1024 * 1024)}"; max-free = "${toString (10 * 1024 * 1024 * 1024)}"; extra-experimental-features = [ "flakes" # flakes "nix-command" # experimental nix commands "recursive-nix" # let nix invoke itself "ca-derivations" # content addressed nix "auto-allocate-uids" # allow nix to automatically pick UIDs, rather than creating nixbld* user accounts "cgroups" # allow nix to execute builds inside cgroups ]; substituters = [ "https://cache.nixos.org?priority=100" "https://cache.privatevoid.net" "https://cuda-maintainers.cachix.org" "https://hyprland.cachix.org" "https://nix-community.cachix.org" "https://nyx.chaotic.cx/" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" ]; }; }; programs = { dconf.enable = true; fish.enable = true; gamemode.enable = true; steam.enable = true; gnupg.agent.enable = true; virt-manager.enable = true; hyprland = { enable = true; package = inputs.hyprland.packages.${pkgs.system}.hyprland; }; nh = { enable = true; flake = "/home/marshall/nix-config"; }; nix-ld = { enable = true; libraries = with pkgs; [ SDL SDL2 SDL2_image SDL2_mixer SDL2_ttf SDL_image SDL_mixer SDL_ttf alsa-lib at-spi2-atk at-spi2-core atk bzip2 cairo cups curlWithGnuTls dbus dbus-glib desktop-file-utils e2fsprogs expat flac fontconfig freeglut freetype fribidi fuse fuse3 gdk-pixbuf glew110 glib gmp gst_all_1.gst-plugins-base gst_all_1.gst-plugins-ugly gst_all_1.gstreamer gtk2 harfbuzz icu keyutils.lib libgcc libGL libGLU libappindicator-gtk2 libcaca libcanberra libcap libclang.lib libdbusmenu libdrm libgcrypt libgpg-error libidn libjack2 libjpeg libmikmod libogg libpng12 libpulseaudio librsvg libsamplerate libthai libtheora libtiff libudev0-shim libusb1 libuuid libvdpau libvorbis libvpx libxcrypt-legacy libxkbcommon libxml2 mesa nspr nss openssl p11-kit pango pixman python3 speex stdenv.cc.cc tbb udev vulkan-loader wayland xorg.libICE xorg.libSM xorg.libX11 xorg.libXScrnSaver xorg.libXcomposite xorg.libXcursor xorg.libXdamage xorg.libXext xorg.libXfixes xorg.libXft xorg.libXi xorg.libXinerama xorg.libXmu xorg.libXrandr xorg.libXrender xorg.libXt xorg.libXtst xorg.libXxf86vm xorg.libpciaccess xorg.libxcb xorg.xcbutil xorg.xcbutilimage xorg.xcbutilkeysyms xorg.xcbutilrenderutil xorg.xcbutilwm xorg.xkeyboardconfig xz zlib ]; }; }; networking = { useDHCP = mkDefault true; hostName = "navis"; firewall.enable = false; nameservers = ["1.1.1.1" "1.0.0.1"]; networkmanager.dns = "none"; networkmanager.enable = true; }; time = { hardwareClockInLocalTime = true; timeZone = "America/New_York"; }; services = { btrfs.autoScrub.enable = true; flatpak.enable = true; getty.autologinUser = "marshall"; gnome.gnome-keyring.enable = true; ollama.enable = true; openssh.enable = true; spice-vdagentd.enable = true; udisks2.enable = true; greetd = { enable = true; settings = rec { initial_session = { command = "${pkgs.hyprland}/bin/Hyprland"; user = "marshall"; }; default_session = initial_session; }; }; libinput = { enable = true; touchpad.naturalScrolling = true; }; xserver = { enable = true; videoDrivers = ["nvidia"]; }; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; }; users = { mutableUsers = false; users.marshall = { isNormalUser = true; extraGroups = ["wheel" "gamemode" "libvirtd" "qemu-libvirtd" "disk" "networkmanager"]; shell = fish; hashedPasswordFile = config.age.secrets.passwd.path; }; }; snowfallorg.users.marshall = { create = true; admin = true; home = { enable = true; config = import ./home.nix {inherit lib pkgs inputs;}; }; }; hardware = { bluetooth.enable = true; i2c.enable = true; opengl = { enable = true; driSupport32Bit = true; extraPackages = [ vaapiVdpau nvidia-vaapi-driver ]; }; nvidia-container-toolkit.enable = true; nvidia = { package = config.boot.kernelPackages.nvidiaPackages.beta; modesetting.enable = true; powerManagement.enable = true; prime = { sync.enable = true; intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; }; }; }; xdg.portal.enable = true; system.stateVersion = "24.05"; }