{ pkgs, lib, ... }: with lib; with lib.metacfg; { imports = [ ./hardware-configuration.nix ./xremap.nix ]; boot.lanzaboote.pkiBundle = "/var/lib/sbctl"; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; networking.firewall.allowedTCPPorts = [ 1234 8000 ]; hardware.graphics = { enable = true; extraPackages = [ ] ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( with pkgs; [ rocmPackages.clr.icd ] ); }; systemd.tmpfiles.rules = let rocmEnv = pkgs.symlinkJoin { name = "rocm-combined"; paths = with pkgs.rocmPackages; [ rocblas hipblas clr ]; }; in [ "L+ /opt/rocm - - - - ${rocmEnv}" ]; powerManagement.cpuFreqGovernor = "performance"; services.openssh = { enable = true; }; services.tailscale.enable = true; services.resolved.enable = true; metacfg = { hardware.wooting.enable = true; base.enable = true; nix-ld.enable = true; nix.enable = true; secureboot.enable = true; build.enable = true; system = { limits = { enable = true; nofileLimit = 32768; memlockLimit = 32768; }; }; # User configuration tools = { direnv.enable = true; }; user.extraGroups = [ "docker" "dialout" "tss" ]; system.kernelTweaks.enable = true; }; system.autoUpgrade = { enable = true; operation = "boot"; allowReboot = false; }; # Additional kernel tuning beyond the module defaults boot.kernel.sysctl = { # Reduce swap usage (you have zram) "vm.swappiness" = 10; # Prefer keeping directory/inode caches "vm.vfs_cache_pressure" = 50; # Faster dirty page writeback "vm.dirty_ratio" = 10; "vm.dirty_background_ratio" = 5; }; # SSD TRIM support services.fstrim = { enable = true; interval = "weekly"; }; environment.systemPackages = with pkgs; [ attic-client azure-cli claude-code nvtopPackages.amd obsidian piper-tts uv ]; # zram swap with zstd compression for better performance zramSwap = { algorithm = "zstd"; memoryPercent = 50; }; services.ratbagd.enable = true; system.stateVersion = "25.11"; }