{ pkgs, config, lib, inputs, flake, system, ... }: { imports = [ inputs.home-manager.nixosModules.home-manager inputs.nixos-facter-modules.nixosModules.facter inputs.disko.nixosModules.disko ./lanzaboote.nix ./tidal.nix ./sops.nix ./stylix.nix ./wireguard.nix ./gnome.nix ./tailscale.nix ./compliance.nix ./cinnamon.nix ]; time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; programs.ssh.startAgent = true; services = { xserver.enable = true; printing = { enable = true; drivers = [pkgs.hplip pkgs.gutenprint]; }; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; }; users.users.pim = { isNormalUser = true; extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"]; }; environment = { systemPackages = with pkgs; [ age borgbackup btop btrfs-progs curl dig exfat f3 fastfetch file git jq kubectl nmap poppler_utils # For pdfunite ripgrep sbctl silicon tree units vim wget yq ncdu lshw ]; }; system = { stateVersion = "23.05"; activationScripts.diff = '' if [[ -e /run/current-system ]]; then ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" fi ''; }; security = { rtkit.enable = true; sudo.extraConfig = '' Defaults timestamp_timeout=30 ''; }; nix = { package = pkgs.nixFlakes; settings.trusted-users = ["root" "pim"]; extraOptions = '' experimental-features = nix-command flakes ''; gc = { automatic = true; persistent = true; dates = "weekly"; options = "--delete-older-than 7d"; }; }; networking.useDHCP = lib.mkDefault true; virtualisation.docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "libfprint-2-tod1-goodix" ]; }; overlays = [ inputs.nur.overlay (final: _prev: { unstable = import inputs.nixpkgs-unstable { inherit system; config.allowUnfree = true; }; }) ]; }; boot = { kernelModules = ["kvm-intel" "cdrom"]; extraModulePackages = []; initrd = { availableKernelModules = ["sd_mod"]; kernelModules = []; }; kernel.sysctl = { "net.core.default_qdisc" = "fq"; "net.ipv4.tcp_congestion_control" = "bbr"; }; }; hardware = { cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; pulseaudio.enable = false; }; home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = {inherit flake inputs;}; users.pim.imports = ["${flake}/home-manager"]; }; }