# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). {pkgs, ...}: { imports = [ ./config/sysctl.d/performance.nix ./config/sysctl.d/hardening.nix ]; boot.initrd = { systemd = { enable = true; dbus = { enable = true; }; tpm2.enable = true; }; }; boot.plymouth = { enable = true; theme = "tribar"; }; systemd = { tpm2.enable = true; oomd = { enable = true; enableRootSlice = true; enableSystemSlice = true; enableUserSlices = true; }; enableStrictShellChecks = true; }; boot.kernelPackages = pkgs.linuxPackages_cachyos; boot.kernelParams = [ "default_hugepagesz=1G" "hugepagesz=1G" "slab_nomerge" "init_on_alloc=1" "randomize_kstack_offset=on" "init_on_free=1" "page_alloc.shuffle=1" "pti=on" "vsyscall=none" "oops=panic" "module.sig_enforce=1" "mce=0" "quiet" "splash" "loglevel=0" ]; services.scx = { enable = true; package = pkgs.scx_git.rustscheds; scheduler = "scx_lavd"; extraArgs = ["--performance"]; }; boot.runSize = "100%"; boot.devSize = "100%"; boot.devShmSize = "100%"; boot.tmp.useTmpfs = true; boot.tmp.tmpfsSize = "100%"; boot.tmp.cleanOnBoot = true; fileSystems."/" = { fsType = "btrfs"; options = ["compress=zstd:6" "discard" "flushoncommit" "subvol=@"]; }; services.btrfs.autoScrub = { fileSystems = ["/"]; # Assuming root is formatted with Btrfs. interval = "daily"; enable = true; }; zramSwap = { enable = true; priority = 100; memoryPercent = 100; }; nix.gc = { automatic = true; options = "-d"; }; nix.optimise.automatic = true; nix.settings = { experimental-features = "cgroups dynamic-derivations flakes nix-command recursive-nix"; auto-optimise-store = true; http-connections = 0; download-buffer-size = 671088640; max-jobs = "auto"; sync-before-registering = true; use-cgroups = true; }; boot.initrd.kernelModules = ["amdgpu", "sha256", "sha512"]; # Processor settings for AMD hardware.cpu.amd = { sev.enable = true; updateMicrocode = true; ryzen-smu.enable = true; }; hardware.cpu.x86.msr.enable = true; # Bootloader. boot.loader.systemd-boot = { enable = true; edk2-uefi-shell = {enable = true;}; memtest86 = {enable = true;}; configurationLimit = 3; }; networking.tempAddresses = "default"; # Load AMD GPU drivers early hardware.amdgpu.initrd = { enable = true; }; hardware.amdgpu.opencl = { enable = true; }; # Graphics hardware.graphics = { enable = true; enable32Bit = true; }; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = ["amdgpu"]; services.xserver.updateDbusEnvironment = true; services.xserver.enableTearFree = true; security.rtkit.enable = true; programs.dconf.enable = true; xdg.portal = { enable = true; xdgOpenUsePortal = true; extraPortals = with pkgs; [ xdg-desktop-portal xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; config.common.default = "*"; }; environment.sessionVariables.NIXOS_OZONE_WL = "1"; services.dbus = { implementation = "broker"; }; services.xserver.displayManager.gdm = { enable = true; wayland = true; }; programs.uwsm.waylandCompositors = { niri = { prettyName = "Niri"; comment = "A scrollable-tiling Wayland compositor."; binPath = "/run/current-system/sw/bin/niri-session"; }; }; programs.niri = { enable = true; package = pkgs.niri_git; }; # SECURITY security = { tpm2 = { enable = true; }; # Having TPM2 is nice. polkit = { enable = true; }; protectKernelImage = true; forcePageTableIsolation = true; }; fonts = { enableGhostscriptFonts = true; enableDefaultPackages = true; fontDir = { enable = true; decompressFonts = true; }; fontconfig = { enable = true; antialias = true; useEmbeddedBitmaps = true; hinting = { enable = true; style = "full"; }; subpixel.rgba = "rgb"; }; }; }