{ pkgs, lib, config, ... }: with lib; with lib.metacfg; { imports = [ ./hardware-configuration.nix # ./ipu.nix ]; sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ]; sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml; sops.secrets."wg".mode = "0444"; sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml; sops.secrets."hosts".mode = "0444"; environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path; environment.etc."hosts.backup".source = config.sops.secrets."hosts".path; services.openssh = { enable = true; hostKeys = [ { path = "/var/lib/secrets/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/var/lib/secrets/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; }; hardware.bluetooth.input.General.ClassicBondedOnly = false; services.udev.extraRules = '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" ''; metacfg = { base.enable = true; gui.enable = true; nix-ld.enable = true; nix.enable = true; podman.enable = true; secureboot.enable = true; homeprinter.enable = true; system = { limits = { enable = true; nofileLimit = 32768; memlockLimit = 32768; }; }; # User configuration tools = { direnv.enable = true; }; user.extraGroups = [ "docker" "dialout" ]; }; nixpkgs.config.permittedInsecurePackages = [ "electron-27.3.11" ]; environment.systemPackages = with pkgs; [ azure-cli cloudflare-warp desktop-file-utils kubectl kubectx k9s attic-client ollama piper klavaro tipp10 gtypist logseq claude-code claude-desktop-with-fhs goose-cli aider-chat vscode uv # (vscode-with-extensions.override { # vscodeExtensions = with vscode-extensions; [ # rooveterinaryinc.roo-cline # rust-lang.rust-analyzer # github.copilot # ms-python.python # ms-azuretools.vscode-docker # ms-vscode-remote.remote-ssh # ]; # }) ]; zramSwap.enable = true; services.ratbagd.enable = true; services.resolved.enable = true; #services.resolved.dnssec = "allow-downgrade"; #services.resolved.extraConfig = '' # ResolveUnicastSingleLabel=yes #''; systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli virtualisation = { docker.enable = true; libvirtd.enable = true; podman.dockerCompat = false; }; system.autoUpgrade = { enable = true; operation = "boot"; allowReboot = false; }; services.trezord.enable = true; services.ollama = { enable = false; acceleration = "rocm"; environmentVariables = { HSA_OVERRIDE_GFX_VERSION = "10.1.0"; }; }; environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; # NIXOS_OZONE_WL = "1"; # DRI_PRIME = "pci-0000_24_00_0"; DRI_PRIME = "pci-0000_00_02_0"; }; system.stateVersion = "23.11"; }