{
config,
lib,
pkgs,
outputs,
inputs,
...
}: {
imports = [
./hardware-configuration.nix
inputs.nix-gaming.nixosModules.pipewireLowLatency
];
# users
users.users.valerie = {
uid = 1337;
initialPassword = "giggle,iamsonaughty.";
home = "/home/valerie";
createHome = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
(builtins.readFile ./id_user.pub)
];
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"audio"
"docker"
"input"
"libvirtd"
"plugdev"
"video"
"adbusers"
"uinput"
];
};
users.users.root = {
shell = pkgs.zsh;
extraGroups = [];
openssh.authorizedKeys.keys = [
(builtins.readFile ./id_user.pub)
];
};
system.stateVersion = "24.05";
nixpkgs.config = {
allowUnfree = true;
cudaSupport = true;
};
nixpkgs.overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
nix = let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in {
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Opinionated: disable global registry
flake-registry = "";
# Workaround for https://github.com/NixOS/nix/issues/9574
nix-path = config.nix.nixPath;
# allowUnfree = true;
auto-optimise-store = true;
builders-use-substitutes = true;
keep-derivations = true;
keep-outputs = true;
trusted-users = ["root" "@wheel"];
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
# Opinionated: disable channels
channel.enable = false;
# Opinionated: make flake registry and nix path match flake inputs
registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
# system-wide pkgs
environment.systemPackages = builtins.attrValues {
inherit (pkgs) python3 fuse3 floorp localsend parsec-bin kanata bubblewrap;
inherit (pkgs.unstable) neovim;
};
# security
security = {
# don't ask password for wheel group, disk is encrypted with a secure password & ssh auth with password is disabled!
sudo.wheelNeedsPassword = false;
# enable trusted platform module 2 support
tpm2.enable = true;
};
# boot
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "waves";
networking.networkmanager.enable = true;
boot.supportedFilesystems = ["ntfs"];
# virtualisation
virtualisation.containers.cdi.dynamic.nvidia.enable = builtins.any (driver: driver == "nvidia") config.services.xserver.videoDrivers;
virtualisation.vmware.host.enable = true;
virtualisation.docker.enable = true;
# kanata
boot.kernelModules = ["uinput"];
services.udev.extraRules = ''
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput", GROUP="input", MODE="0660"
'';
# ssh
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
PasswordAuthentication = true;
UseDns = true;
X11Forwarding = false;
};
};
# sound
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
lowLatency = {
enable = true;
# defaults (USES nix-gaming PIPEWIRE LOW LATENCY MODULE!)
quantum = 64;
rate = 48000;
};
};
hardware.pulseaudio.enable = false;
# services (in general)
services.gvfs.enable = true;
services.gnome.gnome-keyring.enable = true;
services.libinput.enable = true;
services.printing.enable = true;
services.flatpak.enable = true;
# local name resolution
services.avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
};
system.nssModules = pkgs.lib.optional true pkgs.nssmdns;
system.nssDatabases.hosts = pkgs.lib.optionals true (pkgs.lib.mkMerge [
(pkgs.lib.mkBefore ["mdns4_minimal [NOTFOUND=return]"]) # before resolution
(pkgs.lib.mkAfter ["mdns4"]) # after dns
]);
# syncthing
services.syncthing = {
enable = true;
user = "valerie";
dataDir = "/home/valerie";
configDir = "/home/valerie/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"truenas" = {
id = "2HEHVRP-6Z4FBIB-MULQ6Y2-XP2IW6Q-WVOVKOR-HSJBZ3O-RUN7DZI-SAM2SAA";
autoAcceptFolders = true;
};
};
folders = {
"Explicit Sync" = {
path = "/home/valerie/sync";
devices = ["truenas"];
};
"zettelkasten" = {
path = "/home/valerie/zet";
devices = ["truenas"];
};
};
};
};
# adb
programs.adb.enable = true;
# console
console = {
earlySetup = true;
font = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz";
keyMap = lib.mkForce "us";
useXkbConfig = true; # use xkb.options in tty.
};
# fonts
fonts = {
enableDefaultPackages = false;
fontconfig = {
enable = true;
antialias = true;
defaultFonts = {
emoji = ["Noto Color Emoji"];
monospace = ["0xProto" "Intel One Mono" "Symbols Nerd Font" "Noto Color Emoji"];
serif = ["Alegreya" "Petrona" "Noto Serif" "Noto Color Emoji"];
sansSerif = ["Atkinson Hyperlegible" "Overpass" "Nunito" "Noto Color Emoji"];
};
hinting = {
enable = true;
autohint = false;
style = "full";
};
subpixel = {
lcdfilter = "default";
rgba = "rgb";
};
};
fontDir = {
enable = true;
decompressFonts = true;
};
packages = [
pkgs.noto-fonts
pkgs.noto-fonts-emoji
pkgs.intel-one-mono
pkgs._0xproto
pkgs.material-design-icons
(pkgs.google-fonts.override {fonts = ["Overpass" "Nunito" "Alegreya" "Petrona" "Atkinson Hyperlegible"];})
(pkgs.unstable.nerdfonts.override {fonts = ["NerdFontsSymbolsOnly"];})
];
};
# nvidia
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = {
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
offload = {
enable = true;
enableOffloadCmd = true;
};
};
};
# gui
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages =
(with pkgs; [
# for packages that are pkgs.*
gnome-tour
gnome-connections
])
++ (with pkgs.gnome; [
# for packages that are pkgs.gnome.*
epiphany # web browser
geary # email reader
evince # document viewer
]);
services.displayManager.cosmic-greeter.enable = false;
services.desktopManager.cosmic.enable = true;
# i18n
time.timeZone = "America/Indiana/Indianapolis";
i18n.defaultLocale = "en_US.UTF-8";
programs = {
less.enable = true;
# default zsh config if not configured using home-manager
zsh = {
enable = true;
enableCompletion = true;
autosuggestions.enable = true;
promptInit = ''
PS1='%B%1~%b %(#.#.$): '
'';
};
};
environment.pathsToLink = ["/share/zsh"];
# Enable nix ld
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
alsa-lib
at-spi2-atk
at-spi2-core
atk
readline
cairo
cups
curl
dbus
expat
fontconfig
freetype
fuse3
gdk-pixbuf
glib
gtk3
icu
libGL
libappindicator-gtk3
libdrm
libglvnd
libnotify
libpulseaudio
libunwind
libusb1
libuuid
libxkbcommon
libxml2
mesa
nspr
nss
openssl
pango
pipewire
stdenv.cc.cc
stdenv.cc.cc.lib
systemd
vulkan-loader
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxcb
xorg.libxkbfile
xorg.libxshmfence
fzf
zlib
libgit2
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
}