{ config, pkgs, ... }: { # [HARDWARE] imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; [ intel-ocl intel-compute-runtime intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl ]; }; hardware.bluetooth.enable = true; services.logind = { lidSwitch = "hibernate"; lidSwitchDocked = "ignore"; lidSwitchExternalPower = "hibernate"; }; # [BOOT / DISK ENCRYPTION] boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; device = "nodev"; efiSupport = true; enableCryptodisk = true; theme = ../shared/sayonara; }; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.initrd = { availableKernelModules = [ "aesni_intel" "cryptd" ]; secrets = { "/boot/key" = "/boot/key"; }; luks.mitigateDMAAttacks = true; luks.devices = { root = { device = "/dev/disk/by-uuid/91114176-b6cc-4454-89df-e2bf5c1fac0a"; keyFile = "/boot/key"; preLVM = true; }; }; }; # [NETWORKING] networking.hostName = "lambda"; networking.networkmanager = { enable = true; wifi.powersave = true; wifi.scanRandMacAddress = true; wifi.macAddress = "random"; }; # Xenia's router sucks networking.resolvconf.enable = true; networking.nameservers = [ "8.8.8.8" ]; networking.resolvconf.dnsExtensionMechanism = false; services.openssh = { enable = true; settings = { PasswordAuthentication = true; PermitRootLogin = "no"; }; }; # [NFS] fileSystems."/home/rachel/music" = { device = "rachel.cafe:/srv/music"; fsType = "nfs"; options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ]; }; # [LOCALE] time.timeZone = "Europe/Stockholm"; i18n.defaultLocale = "en_GB.UTF-8"; i18n.supportedLocales = [ "sv_SE.UTF-8/UTF-8" "en_GB.UTF-8/UTF-8" ]; console = { font = "LatGrkCyr-12x22"; keyMap = "us"; }; # [NIX] nix = { settings = { bash-prompt = "\\033[1m\\u\\033[0m@\\033[1m\\h\\033[0m: \\w\\n❄\\040"; experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; }; gc = { automatic = true; dates = "monthly"; options = "--delete-older-than 30d"; }; }; nixpkgs.config.allowUnfree = true; # [DESKTOP / XORG / WAYLAND] services.xserver = { enable = true; desktopManager.plasma5.enable = true; displayManager.startx.enable = true; layout = "fox,sus"; extraLayouts.sus = { description = "Swedish US"; languages = [ "se" ]; symbolsFile = ../shared/sus.xkb; }; extraLayouts.fox = { description = "Layout suitable to be used by a fox"; languages = [ "se" ]; symbolsFile = ../shared/fox.xkb; }; libinput = { enable = true; touchpad = { naturalScrolling = true; accelProfile = "flat" ; tapping = false; }; }; }; # [TTY] console.useXkbConfig = true; # [SOUND] sound.enable = false; services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; wireplumber.enable = true; }; # [PACKAGES / PROGRAMS] environment.systemPackages = with pkgs; [ git neovim ]; programs.gamemode = { enable = true; settings.general.renice = 20; }; programs.steam.enable = true; # [SERVICES] services.printing.enable = true; # [SECURITY / FIREWALL] networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ ]; programs.gnupg.agent = { enable = true; pinentryFlavor = "qt"; }; security.doas = { enable = true; extraRules = [{ runAs = "root"; groups = [ "wheel" ]; noPass = false; keepEnv = true; }]; }; # [USER / HOME MANAGER] users.users.rachel = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "video" "input" "audio" ]; }; # Done for gamemoderun security.pam.loginLimits = [ { domain = "rachel"; item = "nice"; "type" = "soft"; value = "-20"; } { domain = "rachel"; item = "nice"; "type" = "hard"; value = "-20"; } ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }