{ pkgs, ... }:
{
environment.sessionVariables.NIXOS_OZONE_WL = "1"; # hint electron apps to use wayland:
nixpkgs.config.allowUnfree = true;
security.polkit.enable = true;
security.rtkit.enable = true;
programs.zsh.enable = true;
networking.firewall.enable = false;
programs.nix-ld.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.systemd-boot.netbootxyz.enable = true;
boot.loader.timeout = 1;
boot.loader.efi.canTouchEfiVariables = true;
systemd.extraConfig = "DefaultTimeoutStopSec=10s";
systemd.services.systemd-user-sessions.enable = false;
boot.tmp.cleanOnBoot = true;
powerManagement.enable = true;
services.thermald.enable = true;
services.pcscd.enable = true;
services.fwupd.enable = true;
services.gvfs.enable = true;
services.fstrim.enable = true;
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
iosevka
roboto
font-awesome
jetbrains-mono
nerd-fonts.fira-code
nerd-fonts.ubuntu
nerd-fonts.zed-mono
];
environment.systemPackages = with pkgs; [
virtiofsd
wget
curl
git
lm_sensors
wireguard-tools
# Podman
dive
podman-tui
docker-compose
];
nix.gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 2d";
};
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
};
services.resolved = {
enable = true;
fallbackDns = [ "1.1.1.1" "1.0.0.1" ];
};
networking.nameservers = ["1.1.1.1" "1.0.0.1"];
}