{config, ...}: let sources = import ./npins; pkgs = import sources.nixpkgs {}; in { boot = { initrd = { availableKernelModules = ["xhci_pci" "nvme" "sdhci_pci"]; systemd = { services.impermanent-btrfs = { description = "saves old root and makes new one"; unitConfig.DefaultDependencies = false; serviceConfig = { Type = "oneshot"; StandardOutput = "journal+console"; StandardError = "journal+console"; }; requiredBy = [ "initrd.target" ]; before = [ "sysroot.mount" ]; requires = [ "initrd-root-device.target" ]; after = [ "initrd-root-device.target" "local-fs-pre.target" ]; script = '' mkdir /btrfs_tmp mount ${config.fileSystems."/".device} /btrfs_tmp if [[ -e /btrfs_tmp/root ]]; then mkdir -p /btrfs_tmp/old_roots timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:$M:%S") mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" fi delete_subvolume_recursively() { IFS=$'\n' for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do delete_subvolume_recursively "/btrfs_tmp/$i" done btrfs subvolume delete "$1" } for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively "$i" done btrfs subvolume create /btrfs_tmp/root mkdir /btrfs_tmp/root/persist mkdir /btrfs_tmp/root/etc mount ${config.fileSystems."/persist".device} /btrfs_tmp/root/persist -o subvol=persist cp /btrfs_tmp/root/persist/etc/ssh /btrfs_tmp/root/etc/ssh -r umount /btrfs_tmp/root/persist rm -r /btrfs_tmp/root/persist umount /btrfs_tmp ''; }; extraBin = { "mkdir" = "${pkgs.coreutils}/bin/mkdir"; "date" = "${pkgs.coreutils}/bin/date"; "stat" = "${pkgs.coreutils}/bin/stat"; "mv" = "${pkgs.coreutils}/bin/mv"; "cp" = "${pkgs.coreutils}/bin/cp"; "rm" = "${pkgs.coreutils}/bin/rm"; "btrfs" = "${pkgs.btrfs-progs}/bin/btrfs"; }; }; }; kernelPackages = pkgs.linuxPackages_latest; kernelModules = ["kvm-intel"]; loader = { efi.canTouchEfiVariables = true; grub = { device = "nodev"; efiSupport = true; enable = true; extraEntries = '' menuentry "Guix" { search --set=drive1 --fs-uuid F425-55BA chainloader ($drive1)//EFI/Guix/grubx64.efi } ''; }; }; tmp.cleanOnBoot = true; }; documentation = { dev.enable = true; nixos.includeAllModules = true; }; environment.persistence."/persist" = { directories = [ "/etc/ly/custom-sessions" "/etc/NetworkManager/system-connections" "/etc/ssh" "/gnu" "/var/guix" "/var/log" "/var/lib/bluetooth" "/var/lib/nixos" "/var/lib/systemd/coredump" ]; enable = true; files = [ "/etc/ly/save.txt" "/etc/machine-id" ]; hideMounts = true; users.andromeda = { directories = [ ".backups" ".cache/guix" ".config/guix" ".gnupg" #".local/share/AAAAXY" ".local/share/Anki2" #".local/share/chat.fluffy.fluffychat" ".local/share/cinny" ".local/share/in.cinny.app" #".local/share/Mindustry" ".local/share/zoxide" ".ssh" "conf" "Downloads" "pp" ]; files = [".bash_history"]; }; }; fileSystems = { "/" = { device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7"; fsType = "btrfs"; options = ["subvol=root"]; }; "/boot" = { device = "/dev/disk/by-uuid/F425-55BA"; fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; "/nix" = { device = "/dev/disk/by-uuid/0e586651-36f4-42b0-99b3-3f0704a894d6"; fsType = "btrfs"; }; "/persist" = { device = "/dev/disk/by-uuid/5455cfb4-0efd-4f55-b496-d2cab3f419b7"; fsType = "btrfs"; neededForBoot = true; options = ["subvol=persist"]; }; }; hardware = { bluetooth = { enable = true; powerOnBoot = false; }; cpu.intel.updateMicrocode = true; enableRedistributableFirmware = true; }; home-manager = { backupFileExtension = "bak"; useGlobalPkgs = true; users.andromeda = import ./home.nix; }; i18n.defaultLocale = "de_DE.UTF-8"; imports = [ "${sources.Phoenix {inherit pkgs;}}/nix/module.nix" "${sources.agenix {inherit pkgs;}}/modules/age.nix" "${sources.impermanence {inherit pkgs;}}/nixos.nix" "${sources.home-manager {inherit pkgs;}}/nixos" ./secrets.nix ]; networking = { domain = "nixos"; hostName = "nixos"; firewall.enable = true; networkmanager.enable = true; }; nixpkgs = { config.allowUnfree = false; flake.source = sources.nixpkgs; hostPlatform = "x86_64-linux"; overlays = [ ( final: prev: { phoenix = (final.callPackage "${sources.Phoenix {inherit pkgs;}}/nix/package.nix" {}).overrideAttrs { patches = [./patches/change-default-search-engine.patch]; # default search to ddg html }; withPhoenix = firefoxPackage: firefoxPackage.override { extraPoliciesFiles = ["${final.phoenix}/policies.json"]; extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"]; }; } ) ]; }; nix = { settings = { experimental-features = ["nix-command" "flakes"]; substituters = ["https://cache.dataaturservice.se/spectrum/"]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU=" ]; trusted-users = ["@wheel"]; }; channel.enable = false; }; programs.sway.enable = true; services = { blueman.enable = true; displayManager = { enable = true; ly.enable = true; }; guix.enable = true; libinput.enable = true; openssh.enable = true; printing.enable = true; }; system.stateVersion = "26.05"; time.timeZone = "Europe/Berlin"; users = { mutableUsers = false; users.andromeda = { isNormalUser = true; hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path; extraGroups = [ "networkmanager" "wheel" "dialout" ]; }; }; zramSwap = { enable = true; priority = 100; algorithm = "zstd"; memoryPercent = 35; }; }