94 lines
2.4 KiB
Nix
94 lines
2.4 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
outputs,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./waves-hardware.nix
|
|
inputs.nix-gaming.nixosModules.pipewireLowLatency
|
|
./modules/nixos/virtualisation.nix
|
|
./modules/nixos/kanata.nix
|
|
./modules/nixos/services.nix
|
|
./modules/nixos/localnameresolution.nix
|
|
./modules/nixos/syncthing.nix
|
|
./modules/nixos/users.nix
|
|
./modules/nixos/adb.nix
|
|
./modules/nixos/console.nix
|
|
./modules/nixos/fonts.nix
|
|
./modules/nixos/nvidia.nix
|
|
./modules/nixos/gui.nix
|
|
./modules/nixos/i18n.nix
|
|
./modules/nixos/zsh.nix
|
|
];
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
nixpkgs.config = {
|
|
allowUnfree = true;
|
|
cudaSupport = true;
|
|
};
|
|
nixpkgs.overlays = [
|
|
outputs.overlays.additions
|
|
outputs.overlays.modifications
|
|
outputs.overlays.unstable-packages
|
|
];
|
|
nix = let
|
|
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
|
|
in {
|
|
settings = {
|
|
# Enable flakes and new 'nix' command
|
|
experimental-features = "nix-command flakes";
|
|
# Opinionated: disable global registry
|
|
flake-registry = "";
|
|
# Workaround for https://github.com/NixOS/nix/issues/9574
|
|
nix-path = config.nix.nixPath;
|
|
# allowUnfree = true;
|
|
auto-optimise-store = true;
|
|
builders-use-substitutes = true;
|
|
keep-derivations = true;
|
|
keep-outputs = true;
|
|
trusted-users = ["root" "@wheel"];
|
|
|
|
substituters = [
|
|
"https://cache.nixos.org"
|
|
"https://nix-community.cachix.org"
|
|
];
|
|
|
|
trusted-public-keys = [
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
];
|
|
};
|
|
# Opinionated: disable channels
|
|
channel.enable = false;
|
|
|
|
# Opinionated: make flake registry and nix path match flake inputs
|
|
registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
|
|
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
unstable.neovim
|
|
fuse3
|
|
floorp
|
|
localsend
|
|
parsec-bin
|
|
];
|
|
|
|
# security
|
|
security = {
|
|
sudo.wheelNeedsPassword = false; # don't ask password for wheel group, disk is encrypted with a secure password & ssh auth with password is disabled!
|
|
# enable trusted platform module 2 support
|
|
tpm2.enable = true;
|
|
};
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
networking.hostName = "waves";
|
|
networking.networkmanager.enable = true;
|
|
boot.supportedFilesystems = ["ntfs"];
|
|
}
|