{ config, lib, pkgs, ... }: { # Kernel configuration boot = { kernelPackages = pkgs.linuxPackages_zen; kernelParams = [ "zfs.zfs_arc_max=1073741824 zfs.zfs_arc_meta_limit_percent=90" ]; kernelModules = [ "i915" "acpi_call" "kvm-intel" ]; extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; blacklistedKernelModules = [ "btusb" ]; supportedFilesystems = [ "zfs" ]; zfs.requestEncryptionCredentials = true; zfs.enableUnstable = true; }; # Intel CPU tweaks hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; services.fwupd.enable = true; hardware.opengl.extraPackages = with pkgs; [ vaapiIntel vaapiVdpau libvdpau-va-gl ]; # Bootloader configuration boot.loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 50; editor = false; }; timeout = 3; }; # Run Nix garbage collector and enable flakes nix = { autoOptimiseStore = true; gc = { automatic = true; options = "--delete-older-than 7d"; dates = "Tue 23:00"; }; extraOptions = '' keep-outputs = true keep-derivations = true gc-keep-outputs = true experimental-features = nix-command flakes ''; package = pkgs.nixUnstable; }; # Clean tmp directory on shutdown boot.cleanTmpDir = true; # Rotate logs after 7 days services.journald.extraConfig = "SystemMaxFiles=7"; # Allow propietary software and build packages with Pulseaudio support nixpkgs.config = { allowUnfree = true; pulseaudio = true; }; # Scrub zpool monthly services.zfs.autoScrub = { enable = true; interval = "monthly"; }; # Set timezone and synchronize NTP time.timeZone = "Europe/London"; services.chrony.enable = true; # NixOS version system.stateVersion = "20.09"; # Create coolneng user users.users.coolneng = { isNormalUser = true; home = "/home/coolneng"; extraGroups = [ "wheel" "video" "audio" "libvirtd" "lp" ]; shell = pkgs.fish; }; # Set shell and SSH for root user users.users.root = { shell = pkgs.fish; openssh.authorizedKeys.keys = ['' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvnfIsxGZWh+tU7OI60Tw3CyT+q3ghoETfRyWsXhioZ coolneng@panacea '']; }; # Auto-upgrade the system system.autoUpgrade = { enable = false; dates = "14:00"; }; # Specify secrets age.secrets = { soundcloud_api_key.file = secrets/soundcloud_api_key.age; wireguard.file = secrets/wireguard.age; }; # Import other configuration modules imports = [ ./modules/hardware-configuration.nix ./modules/software.nix ./modules/networking.nix ./modules/gui.nix ./modules/datasync.nix ./modules/audio.nix ./modules/development.nix ./modules/printing.nix ./modules/periodic.nix ./modules/power.nix ./modules/cachix.nix ./overlays/emacs.nix ]; }