{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ]; # --- # Nix (enable flakes on the installed system) # --- nix.settings.experimental-features = [ "nix-command" "flakes" ]; # --- # Bootloader / kernel # --- boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Known-good baseline from niri-4screen.md boot.kernelParams = [ "intel_iommu=off" "dev_mem_signed_off=1" ]; # --- # Identity # --- networking.hostName = "sam-4screen-desktop"; time.timeZone = "Australia/Sydney"; # --- # Networking # --- networking.networkmanager.enable = true; networking.networkmanager.ensureProfiles.profiles."Wired connection 1" = { connection = { id = "Wired connection 1"; type = "802-3-ethernet"; interface-name = "enp0s31f6"; autoconnect = "true"; }; ethernet = { }; ipv4 = { method = "manual"; addresses = [ "192.168.20.27/24" ]; gateway = "192.168.20.1"; dns = "192.168.20.35;192.168.20.13;"; ignore-auto-dns = "true"; never-default = "false"; }; ipv6 = { method = "auto"; }; }; # --- # Users # --- programs.zsh.enable = true; users.users.sam = { isNormalUser = true; description = "Sam"; extraGroups = [ "wheel" "networkmanager" "docker" "video" "render" ]; shell = pkgs.zsh; }; # --- # SSH # --- services.openssh.enable = true; services.openssh.openFirewall = true; # Defaulting to keys-only for safety. If you explicitly want password auth for the migration, # flip this to true. services.openssh.settings.PasswordAuthentication = false; # --- # dconf (helps portals/GTK apps) # --- programs.dconf.enable = true; # --- # OpenGL (important for NVIDIA Wayland apps) # --- hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; # --- # Audio (PipeWire) # --- security.rtkit.enable = true; services.pipewire = { enable = true; pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; wireplumber.enable = true; }; # --- # Docker # --- virtualisation.docker.enable = true; # --- # Mounts # --- fileSystems."/data" = { device = "/dev/disk/by-uuid/27febd74-20aa-4a3a-92c1-6fdd1ad7e88e"; fsType = "ext4"; options = [ "nofail" "x-systemd.device-timeout=1s" ]; }; # --- # Niri + login (greetd) # --- services.greetd = { enable = true; settings = { default_session = { user = "greeter"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --remember --cmd ${ lib.escapeShellArg "${pkgs.niri}/bin/niri --session" }"; }; }; }; # Wayland portals (refine later if screencast needs a different backend) xdg.portal = { enable = true; extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; # Minimal system packages needed for the session and core usability environment.systemPackages = with pkgs; [ niri greetd.tuigreet xwayland wl-clipboard grim slurp ]; # --- # NVIDIA (simple, first-boot stable config; PRIME tuning later) # --- services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.modesetting.enable = true; hardware.nvidia.nvidiaSettings = true; # --- # NixOS release compatibility # --- system.stateVersion = "24.05"; }