{ config, lib, pkgs, modulesPath, suites, profiles, ... }: let btrfsPartPath = "/dev/disk/by-label/NIXOS"; btrfsOptions = ["compress-force=zstd" "noatime"]; btrfsDiff = pkgs.writeScriptBin "btrfs-diff" '' #!${pkgs.bash}/bin/bash set -euo pipefail sudo mkdir -p /mnt sudo mount -o subvol=/ ${btrfsPartPath} /mnt OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999) sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" | sed '$d' | cut -f17- -d' ' | sort | uniq | while read path; do path="/$path" if [ -L "$path" ]; then : # The path is a symbolic link, so is probably handled by NixOS already elif [ -d "$path" ]; then : # The path is a directory, ignore else echo "$path" fi done sudo umount /mnt ''; in { imports = suites.base ++ suites.work ++ [../profiles/network/networkmanager (modulesPath + "/installer/scan/not-detected.nix")] ++ (with profiles.nixos-hardware; [common-pc-ssd common-pc common-gpu-amd common-cpu-amd]); boot = { loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; }; kernelPackages = pkgs.linuxPackages_latest; supportedFilesystems = ["btrfs"]; initrd = { availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; kernelModules = ["amdgpu"]; }; kernelModules = ["kvm-amd"]; extraModulePackages = []; initrd.postDeviceCommands = pkgs.lib.mkBefore '' mkdir -p /mnt mount -o subvol=/ ${btrfsPartPath} /mnt btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do echo "deleting /$subvolume subvolume..." btrfs subvolume delete "/mnt/$subvolume" done && echo "deleting /root subvolume..." && btrfs subvolume delete /mnt/root echo "restoring blank /root subvolume" btrfs subvolume snapshot /mnt/root-blank /mnt/root umount /mnt ''; kernel.sysctl = { "fs.inotify.max_user_watches" = 524288; }; }; security.pam.loginLimits = [ { domain = "*"; type = "soft"; item = "nofile"; value = "524288"; } { domain = "*"; type = "hard"; item = "nofile"; value = "524288"; } ]; fileSystems."/" = { device = btrfsPartPath; fsType = "btrfs"; options = ["subvol=root"] ++ btrfsOptions; }; fileSystems."/home" = { device = btrfsPartPath; fsType = "btrfs"; options = ["subvol=home"] ++ btrfsOptions; }; #fileSystems."/media/archive" = { # device = "/dev/disk/by-uuid/f9b5f7f3-51e8-4357-8518-986b16311c71"; # fsType = "btrfs"; # options = btrfsOptions; #}; fileSystems."/nix" = { device = btrfsPartPath; fsType = "btrfs"; options = ["subvol=nix"] ++ btrfsOptions; }; fileSystems."/persist" = { device = btrfsPartPath; fsType = "btrfs"; options = ["subvol=persist"] ++ btrfsOptions; neededForBoot = true; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/5784-BBB1"; fsType = "vfat"; }; swapDevices = []; zramSwap = { enable = true; algorithm = "zstd"; }; nix.settings.max-jobs = lib.mkDefault 4; security = { mitigations.disable = true; allowSimultaneousMultithreading = false; # Deleting root subvolume makes sudo show lecture every boot sudo.extraConfig = '' Defaults lecture = never ''; rtkit.enable = true; }; sound.enable = false; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; media-session.enable = true; }; hardware = { opengl = { driSupport = true; driSupport32Bit = true; enable = true; extraPackages = with pkgs; [amdvlk libvdpau-va-gl vaapiVdpau libva vulkan-loader pipewire]; extraPackages32 = with pkgs.pkgsi686Linux; [libvdpau-va-gl vaapiVdpau libva vulkan-loader pipewire] ++ [pkgs.driversi686Linux.amdvlk]; }; pulseaudio = { enable = false; support32Bit = true; }; }; fonts = { enableDefaultFonts = true; fontconfig.enable = true; fonts = [pkgs.dejavu_fonts]; }; environment = { systemPackages = [btrfsDiff]; pathsToLink = ["/share/zsh"]; persistence."/persist" = { directories = ["/etc/nixos"]; files = ["/etc/machine-id"]; }; variables = { VK_ICD_FILENAMES = lib.mkForce "${pkgs.amdvlk}/share/vulkan/icd.d/amd_icd64.json:${pkgs.driversi686Linux.amdvlk}/share/vulkan/icd.d/amd_icd32.json"; }; sessionVariables = { VK_ICD_FILENAMES = lib.mkForce "${pkgs.amdvlk}/share/vulkan/icd.d/amd_icd64.json:${pkgs.driversi686Linux.amdvlk}/share/vulkan/icd.d/amd_icd32.json"; }; }; networking.interfaces.enp6s0.useDHCP = true; services = { ipfs = { enable = false; enableGC = true; autoMount = true; }; flatpak.enable = false; xserver = { videoDrivers = ["amdgpu"]; }; postgresql = { enable = false; enableTCPIP = true; authentication = lib.mkOverride 10 '' local all all trust host all all 0.0.0.0/0 md5 ''; settings = { listen_addresses = "*"; }; initialScript = pkgs.writeText "backend-initScript" '' CREATE ROLE patriot WITH LOGIN PASSWORD 'patriot' CREATEDB; CREATE DATABASE harmony; GRANT ALL PRIVILEGES ON DATABASE harmony TO patriot; ''; }; }; virtualisation = { podman.enable = false; libvirtd.enable = false; }; system.stateVersion = "20.09"; }