me like nix
1{ pkgs, lib, inputs, ... }:
2
3let
4 hasBerkeleyMono = inputs ? berkeley-mono;
5 berkeley-mono-typeface =
6 if hasBerkeleyMono then inputs.berkeley-mono.packages.${pkgs.system}.default else null;
7
8 # Steam/gamescope calls steamos-session-select when the user presses
9 # "Switch to Desktop". Without this script, the button does nothing.
10 # Returning 0 lets gamescope proceed to exit, returning to greetd/regreet.
11 steamos-session-select = pkgs.writeShellScriptBin "steamos-session-select" ''
12 echo "Switching session to: $1"
13 '';
14in
15{
16
17 nix.settings.experimental-features = [
18 "nix-command"
19 "flakes"
20 ];
21 nix.settings.download-buffer-size = 268435456;
22
23 hardware.bluetooth.enable = true;
24 hardware.bluetooth.powerOnBoot = true;
25 services.blueman.enable = true;
26
27 # Bootloader.
28 boot.loader.systemd-boot.enable = true;
29 boot.loader.efi.canTouchEfiVariables = true;
30
31 services.fwupd.enable = true;
32 # Use latest kernel.
33 boot.kernelPackages = pkgs.linuxPackages_latest;
34 boot.kernel.sysctl."kernel.task_delayacct" = 1;
35
36 # Fix USB disconnection issues with Dell U4025QW Thunderbolt dock
37 # Disables autosuspend and LPM for Dell hub (vendor ID: 1d5c, product ID: 5801)
38 # boot.kernelParams = [ "usbcore.quirks=1d5c:5801:gk" ];
39 # If USB disconnects persist, try disabling UCSI ACPI instead:
40 # boot.kernelParams = [ "module_blacklist=ucsi_acpi" ];
41
42 # Enable networking
43 networking.networkmanager.enable = true;
44 systemd.services.NetworkManager-wait-online.enable = false;
45
46 # Set your time zone.
47 # time.timeZone = "America/New_York";
48 time.timeZone = "America/Toronto";
49
50 # Select internationalisation properties.
51 i18n.defaultLocale = "en_US.UTF-8";
52
53 i18n.extraLocaleSettings = {
54 LC_ADDRESS = "en_US.UTF-8";
55 LC_IDENTIFICATION = "en_US.UTF-8";
56 LC_MEASUREMENT = "en_US.UTF-8";
57 LC_MONETARY = "en_US.UTF-8";
58 LC_NAME = "en_US.UTF-8";
59 LC_NUMERIC = "en_US.UTF-8";
60 LC_PAPER = "en_US.UTF-8";
61 LC_TELEPHONE = "en_US.UTF-8";
62 LC_TIME = "en_US.UTF-8";
63 };
64
65 # Font configuration
66 fonts = {
67 fontDir.enable = true;
68 fontconfig = {
69 enable = true;
70 defaultFonts = {
71 monospace =
72 lib.optionals hasBerkeleyMono [
73 "BerkeleyMono Nerd Font"
74 "BerkeleyMono"
75 ]
76 ++ [ "JetBrainsMono Nerd Font" ];
77 };
78 };
79 packages = lib.optionals hasBerkeleyMono [ berkeley-mono-typeface ];
80 };
81
82 programs.niri = {
83 enable = true;
84 };
85
86 catppuccin = {
87 enable = true;
88 flavor = "frappe";
89 };
90
91 programs.regreet = {
92 enable = true;
93 cageArgs = [ "-s" "-d" ];
94 settings.GTK.application_prefer_dark_theme = true;
95 theme = {
96 package = pkgs.catppuccin-gtk.override {
97 variant = "frappe";
98 accents = [ "lavender" ];
99 size = "standard";
100 };
101 name = "catppuccin-frappe-lavender-standard";
102 };
103 iconTheme = {
104 package = pkgs.catppuccin-papirus-folders.override {
105 flavor = "frappe";
106 accent = "lavender";
107 };
108 name = "Papirus-Dark";
109 };
110 cursorTheme = {
111 package = pkgs.catppuccin-cursors.frappeDark;
112 name = "catppuccin-frappe-dark-cursors";
113 };
114 };
115
116 # Scale regreet's greeter for HiDPI displays
117 services.greetd.settings.default_session.command = lib.mkForce
118 "${pkgs.dbus}/bin/dbus-run-session ${lib.getExe pkgs.cage} -s -d -- env GDK_SCALE=2 ${lib.getExe pkgs.greetd.regreet}";
119
120 # Enable CUPS to print documents.
121 services.printing.enable = true;
122
123 security.polkit.enable = true;
124 security.rtkit.enable = true;
125 services.pipewire = {
126 enable = true;
127 alsa.enable = true;
128 alsa.support32Bit = true;
129 pulse.enable = true;
130 # If you want to use JACK applications, uncomment this
131 #jack.enable = true;
132
133 # use the example session manager (no others are packaged yet so this is enabled by default,
134 # no need to redefine it in your config for now)
135 #media-session.enable = true;
136 };
137
138 services.gnome.gnome-keyring.enable = true;
139 security.pam.services.greetd.enableGnomeKeyring = true;
140
141 services.udisks2.enable = true;
142 services.tailscale.enable = true;
143 services.pcscd.enable = true; # Smart card daemon for Yubikey
144
145 security.pam.u2f = {
146 enable = true;
147 control = "sufficient";
148 cue = true;
149 settings = {
150 origin = "pam://nixos";
151 appid = "pam://nixos";
152 };
153 };
154 security.pam.services.sudo.u2fAuth = true;
155
156 programs.yubikey-touch-detector.enable = true;
157
158 # ZSA Keyboard udev rules for Oryx web flashing and live training
159 services.udev.extraRules = ''
160 # Rules for Oryx web flashing and live training
161 KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
162 KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
163
164 # Legacy rules for live training over webusb (Not needed for firmware v21+)
165 # Rule for all ZSA keyboards
166 SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"
167 # Rule for the Moonlander
168 SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"
169 # Rule for the Ergodox EZ
170 SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"
171 # Rule for the Planck EZ
172 SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"
173
174 # Wally Flashing rules for the Ergodox EZ
175 ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
176 ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
177 SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
178 KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
179
180 # Keymapp / Wally Flashing rules for the Moonlander and Planck EZ
181 SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
182 # Keymapp Flashing rules for the Voyager
183 SUBSYSTEMS=="usb", ATTRS{idVendor}=="3297", MODE:="0666", SYMLINK+="ignition_dfu"
184 # USB serial device access via Chrome/Chromium
185 KERNEL=="ttyUSB[0-9]*", MODE:="0666", GROUP="dialout"
186 KERNEL=="ttyACM[0-9]*", MODE:="0666", GROUP="dialout"
187 '';
188
189 # Define a user account. Don't forget to set a password with ‘passwd’.
190 users.groups.storage = { };
191 users.groups.plugdev = { };
192 users.users.sean = {
193 isNormalUser = true;
194 description = "Sean Aye";
195 extraGroups = [
196 "docker"
197 "networkmanager"
198 "wheel"
199 "video"
200 "disk"
201 "storage"
202 "input"
203 "plugdev"
204 "dialout"
205 ];
206 shell = pkgs.fish;
207 };
208
209 programs.steam = {
210 enable = true;
211 remotePlay.openFirewall = true;
212 gamescopeSession = {
213 enable = true;
214 args = [
215 "-r" "120"
216 "-R" "120"
217 ];
218 env = {
219 STEAM_DESKTOP_SESSION = "niri";
220 };
221 };
222 extraCompatPackages = with pkgs; [
223 proton-ge-bin
224 ];
225 };
226
227 programs.gamemode.enable = true;
228
229 programs.gamescope = {
230 enable = true;
231 capSysNice = false;
232 };
233
234 # Manually add the gamescope capability wrapper without triggering
235 # the steam module's setuid bwrap override (which zeros CapBnd
236 # inside the FHS sandbox, preventing games from launching)
237 security.wrappers.gamescope = {
238 owner = "root";
239 group = "root";
240 source = "${pkgs.gamescope}/bin/gamescope";
241 capabilities = "cap_sys_nice+pie";
242 };
243
244 programs.fish.enable = true;
245 programs._1password.enable = true;
246 programs._1password-gui = {
247 enable = true;
248 polkitPolicyOwners = [ "sean" ];
249 };
250
251 virtualisation.docker.enable = true;
252
253 # Allow unfree packages
254 nixpkgs.config.allowUnfree = true;
255
256 # List packages installed in system profile. To search, run:
257 # $ nix search wget
258 environment.systemPackages = with pkgs; [
259 wl-clipboard
260 steamos-session-select
261 ];
262 environment.variables = {
263 EDITOR = "hx";
264 VISUAL = "hx";
265 SUDO_EDITOR = "hx";
266 };
267}