{ depot, lib, pkgs, rebuilder, ... }: config: let inherit (depot.ops) secrets; nvidia-offload-profile = '' export __NV_PRIME_RENDER_OFFLOAD=1 export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 export __GLX_VENDOR_LIBRARY_NAME=nvidia export __VK_LAYER_NV_optimus=NVIDIA_only ''; nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" (nvidia-offload-profile + '' exec -a "$0" "$@" ''); in lib.fix (self: { boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" "tcp_bbr" ]; fileSystems = let zfs = device: { device = device; fsType = "zfs"; }; in { "/" = zfs "zpool/local/root"; "/nix" = zfs "zpool/local/nix"; "/tmp" = zfs "zpool/local/tmp"; "/var" = zfs "zpool/safe/var"; "/home" = zfs "zpool/safe/home"; "/persist" = zfs "zpool/safe/persist"; "/boot" = { device = "/dev/disk/by-label/NIXBOOT"; fsType = "vfat"; }; }; nix.maxJobs = lib.mkDefault 12; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.enableRedistributableFirmware = true; nixpkgs.config = { allowUnfree = true; }; nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Nuke everything on boot. boot.initrd.postDeviceCommands = lib.mkAfter '' zfs rollback -r zpool/local/root@blank ''; # Enable ZFS. boot.supportedFilesystems = [ "zfs" ]; boot.zfs.devNodes = "/dev/disk/by-partuuid"; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot = { enable = true; monthly = 1; }; # Enable HyperV guesting virtualisation.hypervGuest.enable = true; networking.hostName = "porcorosso"; networking.hostId = "1ee729a4"; # Boot faster. systemd.services.systemd-udev-settle.enable = false; systemd.services.NetworkManager-wait-online.enable = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. # Use NetworkManager instead. networking.useDHCP = false; networking.interfaces.eno1.useDHCP = false; networking.networkmanager.enable = true; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "us"; # Set your time zone. time.timeZone = "Europe/London"; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim pciutils nvidia-offload (steam.override { extraProfile = nvidia-offload-profile; }) rebuilder blackbox (mercurial.overridePythonAttrs (origAttrs: { propagatedBuildInputs = origAttrs.propagatedBuildInputs ++ [python3Packages.hg-evolve]; })) arcanist age ]; #hardware.nvidia.prime.offload.enable = true; #hardware.nvidia.prime = { # intelBusId = "PCI:0:2:0"; # nvidiaBusId = "PCI:1:0:0"; #}; hardware.u2f.enable = true; services.udev.packages = [ pkgs.libu2f-host ]; services.pcscd.enable = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "us"; services.xserver.libinput.enable = true; services.xserver.windowManager.i3.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.displayManager.gdm = { enable = true; wayland = true; }; programs.sway = { enable = true; extraPackages = with pkgs; [ swaylock # lockscreen swayidle xwayland # for legacy apps waybar # status bar mako # notification daemon kanshi # autorandr ]; }; programs.waybar.enable = true; hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; hardware.pulseaudio.support32Bit = true; # Define a user account. users.mutableUsers = false; users.users = { root.hashedPassword = secrets.passwordHashes.root; lukegb = { isNormalUser = true; uid = 1000; extraGroups = [ "wheel" "networkmanager" ]; hashedPassword = secrets.passwordHashes.root; }; }; boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; # Things to persist. services.openssh.hostKeys = [ { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; environment.etc = { "NetworkManager/system-connections" = { source = "/persist/etc/NetworkManager/system-connections/"; }; "nixos" = { source = "/persist/etc/nixos/"; }; }; systemd.tmpfiles.rules = [ #"L /etc/nixos - - - - /persist/etc/nixos" ]; # Enable Thunderbolt device management. services.hardware.bolt.enable = true; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "19.09"; # Did you read the comment? })