{ config, pkgs, lib, ... }: { imports = [ ]; security = { acme.acceptTerms = true; protectKernelImage = true; rtkit.enable = true; sudo.wheelNeedsPassword = false; }; boot.kernelPackages = pkgs.linuxPackages_xanmod; boot.kernelParams = [ "nmi_watchdog=0" "systemd.watchdog-device/dev/watchdog" ]; boot.kernel.sysctl = { "net.ipv4.conf.default.log_martians" = 1; "net.ipv4.conf.all.log_martians" = 1; "net.ipv4.tcp_mtu_probing" = 1; "net.ipv4.tcp_syncookies" = 1; "net.ipv4.tcp_congestion_control" = "bbr2"; "net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.all.rp_filter" = 1; "net.ipv4.conf.all.accept_source_route" = 0; "net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0; "net.ipv4.conf.all.accept_redirects" = 0; "net.ipv4.conf.default.accept_redirects" = 0; "net.ipv4.conf.all.secure_redirects" = 0; "net.ipv4.conf.default.secure_redirects" = 0; "net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_redirects" = 0; "net.ipv6.conf.default.accept_redirects" = 0; "net.ipv4.tcp_rfc1337" = 1; }; # GRUB bootloader boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; version = 2; efiSupport = true; configurationLimit = 10; device = "nodev"; useOSProber = true; # device = "/dev/disk/by-uuid/7905-2E41"; extraEntries = '' menuentry "Reboot" { reboot } menuentry "Shutdown" { halt } ''; }; networking.networkmanager.enable = true; networking.useDHCP = false; networking.firewall.enable = true; i18n.defaultLocale = "en_US.UTF-8"; i18n.inputMethod.enabled = "kime"; console.font = "Lat2-Terminus16"; console.keyMap = "us"; time.timeZone = "Asia/Seoul"; environment.systemPackages = with pkgs; [ ]; services.openssh.enable = true; sound.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; hardware.bluetooth.enable = true; services.greetd = { enable = true; settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -c sway"; }; # https://github.com/apognu/tuigreet/issues/17 systemd.services.greetd.unitConfig.After = lib.mkOverride 0 [ "multi-user.target" ]; services.journald.extraConfig = lib.mkForce ""; systemd.extraConfig = "RebootWatchdogSec=5"; programs = { sway = { enable = true; wrapperFeatures.gtk = true; extraPackages = with pkgs; [ autotiling alacritty swaylock swayidle swaybg wayland-utils wl-clipboard grim slurp sway-contrib.grimshot waybar bemenu qt5.qtwayland xdg_utils ]; }; zsh.enable = true; zsh.enableCompletion = false; }; hardware.opengl.enable = true; hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; gtkUsePortal = true; extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; }; virtualisation.libvirtd.enable = true; users.users = { boopy = { isNormalUser = true; shell = pkgs.zsh; extraGroups = [ "wheel" "audio" "networkmanager" "libvirtd" ]; }; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "22.05"; # Did you read the comment? }