# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). {pkgs, ...}: { imports = [ ./config/sysctl.d/performance.nix ./config/sysctl.d/hardening.nix ./config/pipewire/pipewire.nix ]; boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = [ "default_hugepagesz=1G" "hugepagesz=1G" ]; services.scx = { enable = true; scheduler = "scx_lavd"; extraArgs = ["--performance"]; }; boot.runSize = "100%"; boot.devSize = "100%"; boot.devShmSize = "100%"; boot.tmp.useTmpfs = true; boot.tmp.tmpfsSize = "100%"; boot.tmp.cleanOnBoot = true; fileSystems."/" = { fsType = "btrfs"; options = ["compress=zstd:6" "discard" "flushoncommit" "subvol=@"]; }; services.btrfs.autoScrub = { fileSystems = ["/"]; # Assuming root is formatted with Btrfs. interval = "daily"; enable = true; }; zramSwap = { enable = true; priority = 100; memoryPercent = 100; }; nix.gc = { automatic = true; options = "-d"; }; nix.optimise.automatic = true; nix.settings = { experimental-features = "cgroups dynamic-derivations flakes nix-command recursive-nix"; auto-optimise-store = true; http-connections = 0; download-buffer-size = 671088640; max-jobs = "auto"; sync-before-registering = true; use-cgroups = true; }; boot.initrd.kernelModules = ["amdgpu"]; # Processor settings for AMD hardware.cpu.amd = { sev.enable = true; updateMicrocode = true; }; # Bootloader. boot.loader.systemd-boot = { enable = true; edk2-uefi-shell = {enable = true;}; memtest86 = {enable = true;}; configurationLimit = 3; }; networking.tempAddresses = "default"; # Load AMD GPU drivers early hardware.amdgpu.initrd = { enable = true; }; hardware.amdgpu.opencl = { enable = true; }; # Graphics hardware.graphics = { enable = true; enable32Bit = true; }; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = ["amdgpu"]; services.xserver.updateDbusEnvironment = true; services.xserver.enableTearFree = true; qt = { platformTheme = "gnome"; }; # TLP services.power-profiles-daemon.enable = false; # We disable this because it sucks services.tlp.enable = true; services.tlp.settings = { CPU_DRIVER_OPMODE_ON_AC = "active"; CPU_DRIVER_OPMODE_ON_BAT = "active"; CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_BAT = "schedutil"; CPU_BOOST_ON_AC = 1; CPU_BOOST_ON_BAT = 0; PLATFORM_PROFILE_ON_AC = "performance"; PLATFORM_PROFILE_ON_BAT = "low-power"; DISK_IOSCHED = "kyber"; RADEON_DPM_PERF_LEVEL_ON_AC = "high"; WIFI_PWR_ON_AC = "off"; WIFI_PWR_ON_BAT = "off"; }; # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; programs.dconf.enable = true; xdg.portal = { enable = true; xdgOpenUsePortal = true; extraPortals = with pkgs; [ xdg-desktop-portal xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; config.common.default = "*"; }; environment.sessionVariables.NIXOS_OZONE_WL = "1"; services.dbus = { implementation = "broker"; }; # SECURITY security = { tpm2 = { enable = true; }; # Having TPM2 is nice. polkit = { enable = true; }; protectKernelImage = true; forcePageTableIsolation = true; }; systemd.tpm2.enable = true; fonts = { enableGhostscriptFonts = true; enableDefaultPackages = true; fontDir = { enable = true; decompressFonts = true; }; }; }