{ config, lib, pkgs, ... }: { imports = [ ]; security = { rtkit.enable = true; doas.enable = true; doas.wheelNeedsPassword = false; sudo.wheelNeedsPassword = false; }; boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; boot.kernelParams = [ "console=tty1" ]; boot.initrd.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.enableUnstable = true; boot.zfs.forceImportRoot = false; boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS # GRUB bootloader boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; efiSupport = true; configurationLimit = 10; device = "nodev"; useOSProber = true; copyKernels = true; gfxmodeEfi = "1920x1200"; fontSize = 32; }; # Erase your darlings. boot.initrd.postDeviceCommands = lib.mkAfter '' zfs rollback -r rpool/local/root@blank ''; # Enable microcode updates, etc hardware.enableRedistributableFirmware = true; networking.hostName = "haruka"; networking.hostId = "8425e349"; networking.networkmanager.enable = true; networking.firewall.enable = true; i18n.defaultLocale = "en_US.UTF-8"; # HiDPI console.earlySetup = lib.mkDefault true; console.font = lib.mkForce "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; services.xserver.dpi = 100; environment.variables = { GDK_SCALE = lib.mkDefault "2"; GDK_DPI_SCALE = lib.mkDefault "0.5"; }; console.keyMap = "us"; console.colors = [ "151515" "cf6a4c" "99ad6a" "dfa358" "8197bf" "b3a3ff" "8fbfdc" "cbc0ab" "333333" "d98870" "adbd88" "e5b579" "9aaccc" "c2b5ff" "a5cce3" "d5cdbc" ]; time.timeZone = "Asia/Tokyo"; environment.systemPackages = with pkgs; [ gcc git gnumake brightnessctl ]; services.zfs.trim.enable = true; services.zfs.autoScrub.enable = true; services.zfs.autoScrub.pools = [ "rpool" ]; # NOTE: `com.sun:auto-snapshot` property must be set to true on datasets you # wish to snapshot services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.flags = "-k -p --utc"; services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; services.openssh.hostKeys = [ { path = "/persist/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; #SOPSsops.secrets.borg-haruka-rolling-pass = { }; #SOPSservices.borgbackup.jobs.haruka-rolling = { #SOPSpaths = [ #SOPS"/persist" #SOPS"/home" #SOPS]; #SOPSexclude = [ #SOPS# Rust build files #SOPS"**/target" #SOPS]; #SOPSprune.keep = { #SOPSwithin = "1d"; #SOPSdaily = 7; #SOPSweekly = 4; #SOPSmonthly = 3; #SOPS}; #SOPSrepo = "20963@hk-s020.rsync.net:rolling/haruka"; #SOPSencryption.mode = "repokey-blake2"; #SOPSencryption.passCommand = "cat ${config.sops.secrets.borg-haruka-rolling-pass}"; #SOPSenvironment.BORG_RSH = "ssh -i /persist/ssh/ssh_host_ed25519_key"; #SOPS# use borg 1.0+ on rsync.net #SOPSenvironment.BORG_REMOTE_PATH = "/usr/local/bin/borg1/borg1"; #SOPSextraCreateArgs = "--verbose --stats --checkpoint-interval 600"; #SOPScompression = "auto,zstd"; #SOPSstartAt = "hourly"; #SOPSpersistentTimer = true; #SOPS}; #SOPSsystemd.services.borgbackup-job-haruka-rolling = { #SOPSpreStart = lib.mkBefore '' #SOPS# Wait until internet is reachable after resuming #SOPSuntil /run/wrappers/bin/ping rsync.net -c1 -q >/dev/null; do :; done #SOPS''; #SOPS}; services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; sound.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; hardware.bluetooth.enable = true; hardware.opentabletdriver.enable = true; hardware.trackpoint = { enable = true; device = "TPPS/2 Elan TrackPoint"; }; services.fwupd.enable = true; services.tlp = { enable = true; settings = { START_CHARGE_THRESH_BAT0 = 75; STOP_CHARGE_THRESH_BAT0 = 80; }; }; services.keyd-qol.enable = true; services.printing.enable = true; services.avahi.enable = true; services.avahi.nssmdns = true; environment.persistence."/persist".directories = [ "/etc/cups" ]; services.pcscd.enable = true; programs.dconf.enable = true; services.gnome.gnome-keyring.enable = true; # TODO: replace this with pass-secret-service? services.greetd = { enable = true; vt = 2; settings.default_session.command = "${pkgs.greetd.tuigreet}/bin/tuigreet -t -c sway"; }; systemd.extraConfig = "RebootWatchdogSec=5"; fonts = { fontDir.enable = true; packages = with pkgs; [ dina-font nanum sarasa-gothic tamzen siji jetbrains-mono twemoji-color-font emacs-all-the-icons-fonts (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) ]; fontconfig = { enable = true; defaultFonts = { serif = [ "Sarasa Gothic C" "Sarasa Gothic J" "Sarasa Gothic K" ]; sansSerif = [ "Sarasa Gothic C" "Sarasa Gothic J" "Sarasa Gothic K" ]; monospace = [ "Dina" "Terminus" "Iosevka Nerd Font" "JetBrainsMono Nerd Font" ]; emoji = [ "Siji" "Twitter Color Emoji" ]; }; }; }; programs = { sway.enable = true; sway.extraPackages = lib.mkForce [ ]; zsh.enable = true; zsh.enableCompletion = true; }; hardware.opengl.enable = true; hardware.opengl.driSupport = true; hardware.opengl.driSupport32Bit = true; hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; }; #SOPSsops.defaultSopsFile = ./secrets/secrets.yaml; #SOPSsops.secrets.root-password.neededForUsers = true; #SOPSsops.secrets.sefidel-password.neededForUsers = true; users.mutableUsers = false; fileSystems."/persist".neededForBoot = true; users.users = { #SOPSroot.passwordFile = config.sops.secrets.root-password.path; root.password = "1111"; sefidel = { isNormalUser = true; shell = pkgs.zsh; #SOPSpasswordFile = config.sops.secrets.sefidel-password.path; password = "1111"; extraGroups = [ "wheel" "audio" "networkmanager" ]; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.11"; # Did you read the comment? }