{ lib, pkgs, inputs, outputs, config, ... }: { imports = [ inputs.home-manager.nixosModules.home-manager ./jawz.nix ../modules/modules.nix ]; system.stateVersion = "23.05"; sops = { defaultSopsFormat = "yaml"; defaultSopsFile = ../secrets/secrets.yaml; age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; }; home-manager = { backupFileExtension = "hbckup"; useUserPackages = true; useGlobalPkgs = true; extraSpecialArgs = { inherit inputs outputs; }; users.jawz = import ./home-manager.nix; }; time = { inherit (config.my) timeZone; hardwareClockInLocalTime = true; }; i18n = { defaultLocale = "en_CA.UTF-8"; extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; }; }; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; security = { polkit.enable = true; sudo = { enable = true; wheelNeedsPassword = false; }; pam.loginLimits = [ { domain = "*"; type = "soft"; item = "nofile"; value = "8192"; } ]; }; users = { mutableUsers = false; groups = { users.gid = 100; piracy.gid = 985; }; }; nixpkgs.config = { allowUnfree = true; permittedInsecurePackages = [ "aspnetcore-runtime-wrapped-6.0.36" "aspnetcore-runtime-6.0.36" "dotnet-runtime-6.0.36" "dotnet-sdk-wrapped-6.0.428" "dotnet-sdk-6.0.428" ]; }; nix = let featuresList = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-znver3" "gccarch-skylake" "gccarch-alderlake" ]; in { distributedBuilds = true; optimise.automatic = true; settings = { use-xdg-base-directories = true; auto-optimise-store = true; trusted-users = [ "jawz" "root" "nixremote" ]; system-features = featuresList; experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; substituters = [ "https://nix-gaming.cachix.org" "https://nixpkgs-python.cachix.org" "https://devenv.cachix.org" "https://cuda-maintainers.cachix.org" "https://ai.cachix.org" "https://cache.lix.systems" "https://cosmic.cachix.org" ]; trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" "cache.servidos.lat:om+P81I+m8Hawcvt1ydaSNVxGNnR0POJ8Wz+QVjQ3hA=" ]; }; }; documentation.enable = false; environment = { systemPackages = builtins.attrValues { inherit (pkgs) wget sops ; }; variables = let XDG_DATA_HOME = "\${HOME}/.local/share"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_CACHE_HOME = "\${HOME}/.cache"; in { # PATH inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME; XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_STATE_HOME = "\${HOME}/.local/state"; # DEV PATH PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history"; REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history"; WINEPREFIX = "${XDG_DATA_HOME}/wine"; # OPTIONS ELECTRUMDIR = "${XDG_DATA_HOME}/electrum"; WGETRC = "${XDG_CONFIG_HOME}/wgetrc"; XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose"; "_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java"; ORG_DEVICE = "workstation"; # WAYLAND WLR_NO_HARDWARE_CURSORS = 1; NIXOS_OZONE_WL = 1; PATH = [ "\${HOME}/.local/bin" ]; NH_USE_DOAS = 1; }; }; programs = { nh = { enable = true; flake = "/home/jawz/Development/NixOS"; clean = { enable = true; extraArgs = "--keep-since 3d"; }; }; gnupg.agent = { enable = true; enableSSHSupport = true; }; }; services = { udev.packages = [ pkgs.yubikey-personalization ]; smartd.enable = true; fstrim.enable = true; avahi = { enable = true; nssmdns4 = true; }; openssh = { enable = true; openFirewall = true; startWhenNeeded = true; settings = { PasswordAuthentication = false; PermitRootLogin = "prohibit-password"; KbdInteractiveAuthentication = false; }; }; }; fonts.fontconfig.enable = true; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; }