{ config, pkgs, lib, username, system, hostname, inputs, ... }: { imports = [ ./declarative-nm.nix ]; nix = { #garbage collection and cleanup stuff gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 7d"; }; #optimize the store optimise.automatic = true; #enable flakes! settings.experimental-features = [ "nix-command" "flakes" ]; }; #kernel options boot = { kernelPackages = pkgs.linuxPackages_cachyos-lto; kernel.sysctl = { #for profiling "kernel.perf_event_paranoid" = 1; "kernel.kptr_restrict" = 0; #dmesg shushhhhh "kernel.printk" = "2 4 1 7"; }; # Bootloader. loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; initrd = { compressor = "zstd"; compressorArgs = [ "-19" ]; }; }; environment.etc = { #override default nixos /etc/issue "issue".text = ""; }; services = { #fwupd for updating firmware fwupd = { enable = true; extraRemotes = [ "lvfs-testing" ]; }; #auto detect network printers avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; # Enable CUPS to print documents. printing = { enable = true; drivers = with pkgs; [ hplip ]; }; #disable fprintd (doesn't compile, idk) fprintd.enable = false; #Making sure mullvad works on boot mullvad-vpn.enable = true; }; # Set your time zone. time.timeZone = "America/New_York"; security = { #lets use doas and not sudo! doas.enable = true; sudo.enable = false; # Configure doas doas.extraRules = [ { users = [ username ]; keepEnv = true; persist = true; } ]; }; age.identityPaths = [ "/home/${username}/.ssh/id_ed25519" ]; age.secrets.primary-password = { file = ./secrets/primary-password.age; path = "/etc/secrets/primary-password"; }; #networking networking = import ./networking.nix { inherit hostname; }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; # Enable Bluetooth hardware.bluetooth = { enable = true; powerOnBoot = true; #Enable experimental features for battery % of bluetooth devices settings.General.Experimental = true; }; #apply gtk themes by enabling dconf programs.dconf.enable = true; # Enable sound with pipewire. hardware.pulseaudio.enable = false; # pipewire >>>>>>> pulseaudio security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this # jack.enable = true; }; # Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`) users.users.${username} = { isNormalUser = true; extraGroups = [ "networkmanager" "wheel" "video" "camera" "adbusers" ]; hashedPasswordFile = config.age.secrets.primary-password.path; }; services.gvfs.enable = true; programs.gphoto2.enable = true; programs.adb.enable = true; # Enable thermal data services.thermald.enable = true; services.pcscd.enable = true; programs.gnupg.agent = { enable = true; pinentryPackage = pkgs.pinentry-curses; enableSSHSupport = false; }; #System packages environment.systemPackages = with pkgs; [ mullvad-vpn #secureboot ctl sbctl dmidecode (inputs.agenix.packages.${pkgs.system}.default.override { ageBin = "${pkgs.rage}/bin/rage"; }) doas-sudo-shim glib usbutils libmtp ]; #wayland with electron/chromium applications environment.sessionVariables.NIXOS_OZONE_WL = "1"; system.stateVersion = "24.11"; }