{ config, lib, pkgs, ... }: let inherit (config) host; # Resources palette = import ./resources/palette.nix; in { imports = [ ./components/system-backup.nix ./components/system-keyboard.nix ./components/system-locale.nix ./components/system-mail.nix ./components/system-networking.nix ./components/system-nix.nix ./components/system-printer.nix ./components/system-scanner.nix ./components/system-users.nix ./components/system-virtualization.nix ]; options.host = { local = lib.mkOption { type = lib.types.path; }; resources = lib.mkOption { type = lib.types.path; }; }; config = { # Boot allowedUnfree = [ "memtest86-efi" ]; boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.memtest86.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.plymouth.enable = true; # Swap zramSwap.enable = true; # Filesystems boot.initrd.luks = { gpgSupport = true; devices.pv = { device = "/dev/disk/by-partlabel/pv-enc"; allowDiscards = true; fallbackToPassword = true; gpgCard.encryptedPass = ./local/resources/luks-passphrase.gpg; gpgCard.publicKey = ./resources/andrew.asc; }; }; fileSystems."/".options = [ "compress=zstd:2" "discard=async" "noatime" ]; services.btrfs.autoScrub.enable = true; boot.cleanTmpDir = true; # Time time.timeZone = "America/Los_Angeles"; # Console console.packages = with pkgs; [ terminus_font ]; console.font = "ter-v32n"; console.colors = map (lib.removePrefix "#") (with palette; [ "#000000" red green yellow blue orange purple white gray red green yellow blue orange purple white ]); # Power systemd.ctrlAltDelUnit = "poweroff.target"; services.irqbalance.enable = true; # Authentication security.pam.u2f = { enable = true; appId = "pam://${host.name}"; authFile = host.local + "/resources/andrew.u2f"; control = "sufficient"; cue = true; }; # Authorization security.sudo.extraRules = [ { groups = [ "wheel" ]; commands = [ { command = "/run/current-system/sw/bin/btrfs balance start --enqueue -dusage=50 -musage=50 /"; options = [ "NOPASSWD" ]; } { command = "/run/current-system/sw/bin/nix-channel --update"; options = [ "NOPASSWD" ]; } { command = "/run/current-system/sw/bin/nixos-rebuild boot"; options = [ "NOPASSWD" ]; } { command = "/run/current-system/sw/bin/nixos-rebuild switch"; options = [ "NOPASSWD" ]; } { command = "/run/current-system/sw/bin/poweroff"; options = [ "NOPASSWD" ]; } ]; } ]; # SSH services.openssh = { enable = true; passwordAuthentication = false; }; # SMART monitoring services.smartd = { enable = true; notifications.mail.enable = true; }; # Firmware updates hardware.enableRedistributableFirmware = true; services.fwupd.enable = true; # Audio hardware.pulseaudio.enable = false; security.rtkit.enable = true; systemd.services.rtkit-daemon.serviceConfig.LogLevelMax = "notice"; services.pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; }; # OpenPGP services.pcscd.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # Graphical environment services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.gnome.excludePackages = with pkgs; [ gnome.epiphany gnome.geary gnome.gnome-calculator gnome.gnome-maps gnome.gnome-music gnome.gnome-weather gnome-photos ]; # Applications environment.localBinInPath = true; programs.zsh.enable = true; }; }