145 lines
2.6 KiB
Nix
145 lines
2.6 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
with lib;
|
|
with lib.metacfg;
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./xremap.nix
|
|
];
|
|
boot.lanzaboote.pkiBundle = "/var/lib/sbctl";
|
|
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
1234
|
|
8000
|
|
];
|
|
|
|
systemd.tmpfiles.rules =
|
|
let
|
|
rocmEnv = pkgs.symlinkJoin {
|
|
name = "rocm-combined";
|
|
paths = with pkgs.rocmPackages; [
|
|
rocblas
|
|
hipblas
|
|
clr
|
|
];
|
|
};
|
|
in [
|
|
"L+ /opt/rocm - - - - ${rocmEnv}"
|
|
];
|
|
|
|
powerManagement.cpuFreqGovernor = "performance";
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
};
|
|
|
|
services.tailscale.enable = true;
|
|
services.resolved.enable = true;
|
|
|
|
metacfg = {
|
|
hardware.wooting.enable = true;
|
|
base.enable = true;
|
|
gui.enable = true;
|
|
nix-ld.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = true;
|
|
homeprinter.enable = true;
|
|
build.enable = true;
|
|
|
|
system = {
|
|
limits = {
|
|
enable = true;
|
|
nofileLimit = 32768;
|
|
memlockLimit = 32768;
|
|
};
|
|
};
|
|
|
|
# User configuration
|
|
tools = {
|
|
direnv.enable = true;
|
|
};
|
|
user.extraGroups = [
|
|
"docker"
|
|
"dialout"
|
|
"tss"
|
|
];
|
|
system.kernelTweaks.enable = true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
operation = "boot";
|
|
allowReboot = false;
|
|
};
|
|
|
|
nixpkgs.config.permittedInsecurePackages = [
|
|
"electron-27.3.11"
|
|
];
|
|
|
|
# Additional kernel tuning beyond the module defaults
|
|
boot.kernel.sysctl = {
|
|
# Reduce swap usage (you have zram)
|
|
"vm.swappiness" = 10;
|
|
# Prefer keeping directory/inode caches
|
|
"vm.vfs_cache_pressure" = 50;
|
|
# Faster dirty page writeback
|
|
"vm.dirty_ratio" = 10;
|
|
"vm.dirty_background_ratio" = 5;
|
|
};
|
|
|
|
# SSD TRIM support
|
|
services.fstrim = {
|
|
enable = true;
|
|
interval = "weekly";
|
|
};
|
|
|
|
programs.steam = {
|
|
enable = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
attic-client
|
|
azure-cli
|
|
claude-code
|
|
claude-desktop-with-fhs
|
|
desktop-file-utils
|
|
gnome-terminal
|
|
gnome-remote-desktop
|
|
gtypist
|
|
k9s
|
|
klavaro
|
|
kubectl
|
|
kubectx
|
|
logseq
|
|
nvtopPackages.amd
|
|
obsidian
|
|
piper-tts
|
|
tipp10
|
|
uv
|
|
vscode
|
|
cider-2
|
|
opencode
|
|
];
|
|
|
|
# zram swap with zstd compression for better performance
|
|
zramSwap = {
|
|
algorithm = "zstd";
|
|
memoryPercent = 50;
|
|
};
|
|
|
|
services.ratbagd.enable = true;
|
|
|
|
virtualisation = {
|
|
libvirtd.enable = true;
|
|
docker.enable = true;
|
|
podman.dockerCompat = false;
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|