{ config, lib, pkgs, ... }: { imports = [ ./hardware.nix ]; # Boot boot = { supportedFilesystems = [ "bcachefs" ]; loader.efi.canTouchEfiVariables = true; loader.systemd-boot.enable = lib.mkForce false; loader.limine = { enable = true; efiSupport = true; style.wallpapers = []; extraEntries = builtins.readFile ./limine.extra.conf; secureBoot.enable = true; }; initrd.systemd.enable = true; kernelPackages = pkgs.linuxPackages_latest; binfmt.emulatedSystems = [ "aarch64-linux" ]; initrd.kernelModules = [ "i915" ]; }; # Networking networking = { hostName = "riptide"; networkmanager = { enable = true; wifi.backend = "iwd"; }; firewall = { allowedUDPPorts = [ 51820 ]; }; wireguard.enable = true; wireguard.interfaces = { wg0 = { ips = [ "192.168.69.3/24" ]; privateKeyFile = "/root/wireguard-keys/private"; listenPort = 51820; peers = [ { publicKey = "gDSnymmeuX4a8az4kUHcoltMMHb8mdJCti/TYV62kwA="; allowedIPs = [ "192.168.69.0/24" ]; endpoint = "185.44.83.60:12345"; persistentKeepalive = 25; } ]; }; }; }; hardware.bluetooth.enable = false; hardware.bluetooth.powerOnBoot = false; # Services systemd.services.NetworkManager-wait-online.enable = false; services = { openssh.enable = true; openssh.openFirewall = true; openssh.settings.PasswordAuthentication = false; usbmuxd = { enable = true; package = pkgs.usbmuxd2; }; fwupd.enable = true; pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; # Graphical Settings desktopManager.plasma6.enable = true; displayManager.sddm = { enable = true; wayland.enable = true; wayland.compositor = "kwin"; }; xserver = { xkb.layout = "us"; xkb.variant = "dvorak"; }; gvfs.enable = true; }; # User Account Setup users.groups.plugdev = { }; users.users.sydney = { isNormalUser = true; extraGroups = [ "wheel" "wireshark" "plugdev" "adbusers" "libvirtd" ]; shell = pkgs.zsh; description = "Sydney"; packages = with pkgs; [ ghidra jujutsu zig_0_15 zed-editor fastfetch hyfetch firefox tmux texlive.combined.scheme-small (python3.withPackages ( ppkgs: with ppkgs; [ pwntools scapy pycryptodome ] )) thunderbird-latest libreoffice-qt6-fresh fragments vlc lean4 ripgrep clang-tools winetricks wineWowPackages.stable darktable zoom-us corefonts vistafonts kicad ghostty hut tor-browser ]; }; # System Packages and Fonts environment.systemPackages = with pkgs; [ kdePackages.sddm-kcm pciutils usbutils sbctl lutris ifuse libimobiledevice idevicerestore ]; fonts.packages = with pkgs; [ nerd-fonts.fira-code nerd-fonts.blex-mono noto-fonts-cjk-sans noto-fonts-emoji ibm-plex maple-mono.truetype-autohint ]; # Program Settings programs.adb.enable = true; programs.nix-ld.enable = true; programs.dconf.enable = true; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; # Misc security.rtkit.enable = true; hardware.graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ intel-compute-runtime intel-media-driver ocl-icd rocmPackages.clr.icd ]; extraPackages32 = with pkgs.pkgsi686Linux; [ intel-media-driver ]; }; virtualisation.libvirtd = { enable = true; qemu = { package = pkgs.qemu_kvm; runAsRoot = true; swtpm.enable = true; ovmf = { enable = true; packages = [(pkgs.OVMF.override { secureBoot = true; tpmSupport = true; }).fd]; }; }; }; system.stateVersion = "24.05"; }