{ inputs, username, pkgs, lib, config, ... }: { imports = [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 inputs.disko.nixosModules.default (import ./disko.nix {device = "/dev/nvme0n1";}) ./hardware.nix ../common ../../modules/nixos/desktop ../../modules/nixos/desktop/awesome ../../modules/nixos/desktop/hyprland ../../modules/nixos/virtualisation ../../modules/nixos/steam.nix ]; nixpkgs.config.cudaSupport = true; networking = { hostName = "canopus"; networkmanager = { enable = true; wifi.powersave = false; }; firewall = { enable = true; allowedTCPPorts = [80 443 22 3000 6666 8081]; # Facilitate firewall punching allowedUDPPorts = [41641]; allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; }; }; boot = { binfmt.emulatedSystems = ["aarch64-linux"]; plymouth = { enable = true; theme = "spinner-monochrome"; themePackages = [ (pkgs.plymouth-spinner-monochrome.override {inherit (config.boot.plymouth) logo;}) ]; }; kernelParams = [ "quiet" "loglevel=3" "systemd.show_status=auto" "udev.log_level=3" "rd.udev.log_level=3" "vt.global_cursor_default=0" ]; consoleLogLevel = 0; initrd.verbose = false; kernelPackages = pkgs.linuxPackages_zen; supportedFilesystems = ["ntfs"]; initrd.systemd = { enable = lib.mkForce true; services.wipe-my-fs = { wantedBy = ["initrd.target"]; after = ["initrd-root-device.target"]; before = ["sysroot.mount"]; unitConfig.DefaultDependencies = "no"; serviceConfig.Type = "oneshot"; script = '' mkdir /btrfs_tmp mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp if [[ -e /btrfs_tmp/root ]]; then mkdir -p /btrfs_tmp/old_roots timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" fi delete_subvolume_recursively() { IFS=$'\n' for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do delete_subvolume_recursively "/btrfs_tmp/$i" done btrfs subvolume delete "$1" } for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively "$i" done btrfs subvolume create /btrfs_tmp/root umount /btrfs_tmp ''; }; }; loader = { systemd-boot = { enable = true; configurationLimit = 5; }; efi.canTouchEfiVariables = true; timeout = 1; }; }; hardware = { bluetooth.enable = true; bluetooth.powerOnBoot = true; graphics.enable32Bit = true; }; security = { sudo.wheelNeedsPassword = false; polkit.enable = true; rtkit.enable = true; }; systemd = { enableEmergencyMode = false; user = { services.polkit-gnome-authentication-agent-1 = { description = "polkit-gnome-authentication-agent-1"; wantedBy = ["graphical-session.target"]; wants = ["graphical-session.target"]; after = ["graphical-session.target"]; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; Restart = "on-failure"; RestartSec = 1; TimeoutStopSec = 10; }; }; }; }; programs = { ssh.startAgent = true; thunar = { enable = true; plugins = with pkgs.xfce; [thunar-archive-plugin thunar-volman]; }; nix-ld = { enable = true; package = pkgs.nix-ld-rs; }; nm-applet.enable = true; noisetorch.enable = true; }; services = { resolved.enable = true; flatpak.enable = true; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; logind = { extraConfig = "HandlePowerKey=suspend"; lidSwitch = "suspend"; lidSwitchExternalPower = "suspend"; }; xrdp = { enable = true; openFirewall = true; defaultWindowManager = "awesome"; audio.enable = true; }; syncthing = { enable = true; user = "tux"; dataDir = "/home/tux/"; openDefaultPorts = true; }; xserver = { enable = true; xkb = { layout = "in"; variant = "eng"; }; }; libinput.touchpad.naturalScrolling = true; # To use Auto-cpufreq we need to # disable TLP because it's enabled by nixos-hardware tlp.enable = false; auto-cpufreq = { enable = true; settings = { battery = { governor = "powersave"; turbo = "never"; scaling_min_freq = 400000; scaling_max_freq = 3800000; }; charger = { governor = "powersave"; turbo = "never"; scaling_max_freq = 3800000; }; }; }; blueman.enable = true; supergfxd = { enable = true; settings = { mode = "Integrated"; vfio_enable = false; vfio_save = false; always_reboot = false; no_logind = false; logout_timeout_s = 180; hotplug_type = "None"; }; }; asusd = { enable = true; enableUserService = true; asusdConfig = '' ( charge_control_end_threshold: 100, panel_od: false, mini_led_mode: false, disable_nvidia_powerd_on_battery: true, ac_command: "", bat_command: "", platform_policy_on_battery: Quiet, platform_policy_on_ac: Quiet, ppt_pl1_spl: None, ppt_pl2_sppt: None, ppt_fppt: None, ppt_apu_sppt: None, ppt_platform_sppt: None, nv_dynamic_boost: None, nv_temp_target: None, ) ''; profileConfig = '' ( active_profile: Quiet, ) ''; }; gvfs.enable = true; tumbler.enable = true; gnome.gnome-keyring.enable = true; tailscale = { enable = true; extraUpFlags = ["--login-server https://hs.tux.rs"]; }; mullvad-vpn = { enable = true; package = pkgs.mullvad-vpn; }; }; fonts.packages = with pkgs.nerd-fonts; [ fira-code jetbrains-mono ]; programs.fuse.userAllowOther = true; fileSystems."/persist".neededForBoot = true; environment.persistence."/persist" = { hideMounts = true; directories = [ "/var/log" "/var/lib/bluetooth" "/var/lib/tailscale" "/var/lib/nixos" "/etc/NetworkManager/system-connections" ]; files = [ # "/etc/machine-id" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" ]; }; home-manager.users.${username} = { imports = [ ./home.nix ]; }; system.stateVersion = "24.11"; }