{ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; mypkgs = { url = "git+https://git.sys-con.ru/thek0tyara/nixpkgs-extension.git"; #url = "git+file:///home/thek0tyara/nixos-conf/custom/overlays"; inputs.nixpkgs.follows = "nixpkgs"; }; ragenix.url = "github:yaxitech/ragenix"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; niri-flake = { url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; dw-proton.url = "github:imaviso/dwproton-flake"; intel-hw.url = "github:MordragT/nixos"; nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; kernel-src = { # url = "git+https://gitlab.freedesktop.org/drm/tip.git?shallow=1"; url = "git+https://gitlab.freedesktop.org/drm/tip.git?rev=0be244ee3139de3578e9acc56e1b917a4bd162cd&shallow=1"; flake = false; }; sccache = { url = "github:mozilla/sccache"; inputs.nixpkgs.follows = "nixpkgs"; }; claude-code.url = "github:sadjow/claude-code-nix/latest"; }; outputs = inputs@{ nixpkgs, mypkgs, ragenix, home-manager, nix-index-database, niri-flake, intel-hw, nix-flatpak, kernel-src, sccache, claude-code, ... }: let system = "x86_64-linux"; # pkgs = nixpkgs.${system}.packages; pkgs = import nixpkgs { inherit system; overlays = [ sccache.overlays.default claude-code.overlays.default ]; }; in { nixosConfigurations.testenv = nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs; kernel-src = inputs.kernel-src; }; modules = [ ./custom/modules ragenix.nixosModules.default niri-flake.nixosModules.niri nix-index-database.nixosModules.default nix-flatpak.nixosModules.nix-flatpak ( { pkgs, pkgdefault, config, lib, ... }: { _module.args = { pkgdefault = pkg: pkg.packages.${pkgs.stdenv.hostPlatform.system}.default; }; nixpkgs.overlays = [ intel-hw.overlays.by-scope intel-hw.overlays.by-name mypkgs.overlays.default (import ./custom/override.nix) niri-flake.overlays.niri ]; hardware = { graphics = { enable = true; extraPackages = ( with pkgs; [ intel-media-driver intel-ocl vpl-gpu-rt intel-compute-runtime intel-compute-runtime.drivers ### intel-hw oneapi-ccl oneapi-dpl oneapi-math oneapi-tbb unified-memory-framework level-zero ] ); # ++ (with inputs.intel-hw.packages."${system}"; [ # # oneapi-dal # # oneapi-dpl # # oneapi-ccl # ]); # enable32Bit = true; }; enableRedistributableFirmware = true; }; nix.settings = { # keep-logs = true; trusted-users = [ "root" "thek0tyara" ]; sandbox = true; extra-sandbox-paths = [ "/run/sccache" "/var/cache/sccache" "/var/cache/sccache/nix-builds" "/var/cache/sccache/nix-builds/packages" "/var/cache/sccache/nix-builds/kernel" ]; download-buffer-size = 160000000; }; systemd.tmpfiles.rules = [ # setgid, to preserve group nixbld "d /var/cache/sccache 1777 root root - -" "d /var/cache/sccache/nix-builds 1777 root root - -" "d /var/cache/sccache/nix-builds/packages 1777 root root - -" "d /var/cache/sccache/nix-builds/kernel 1777 root root - -" ]; systemd.services.sccache = { description = "Shared sccache server for Nix builds"; after = [ "local-fs.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "simple"; User = "root"; Group = "nixbld"; RuntimeDirectory = "sccache"; RuntimeDirectoryMode = "0770"; UMask = "0007"; ExecStart = "${pkgs.sccache}/bin/sccache"; Restart = "always"; RestartSec = 2; }; environment = { SCCACHE_CONF = pkgs."sccache-config"; SCCACHE_SERVER_UDS = "/run/sccache/server.sock"; SCCACHE_IDLE_TIMEOUT = "0"; SCCACHE_START_SERVER = "1"; SCCACHE_NO_DAEMON = "1"; }; }; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = false; }; # kernelPackages = pkgs.linuxPackages_testing; extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback # amneziawg ]; kernelParams = [ "mitigations=off" ]; }; # nixpkgs.config.permittedInsecurePackages = [ # "olm-3.2.16" # ]; age = { secrets = { # "wg/syscon0.key".file = ./secrets/wg/syscon0.key.age; "github/token.ro.age" = { file = ./secrets/github/token.ro.age; owner = "root"; group = "wheel"; mode = "0440"; }; "openrouter-open.key.age" = { file = ./secrets/openrouter-open.key.age; owner = "root"; group = "wheel"; mode = "0440"; }; }; identityPaths = [ "/root/.ssh/id_ed25519" ]; }; environment = { sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; LLAMA_CACHE = "/home/thek0tyara/Downloads/llm"; # CCACHE_DIR = "/mnt/HDD_A_DATA/ccache"; # SCCACHE_DIR = "/home/thek0tyara/Documents/cache/sccache"; # LLVM = "1"; # UV_CACHE_DIR = ""; # PIP_CACHE_DIR = ""; # PYTHONPYCACHEPREFIX = ""; }; systemPackages = with pkgs; [ ### compiler # ccache sccache (pkgdefault inputs.ragenix) devenv htop ### storage btrfs-progs ### gpu vulkan-tools libva-utils intel-gpu-tools pciutils inxi mesa-demos xhost # llm # llama-cpp-vulkan ### development git nixpkgs-fmt nixfmt nixd nil android-tools ]; }; security = { polkit = { enable = true; extraConfig = '' polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.policykit.exec" && subject.isInGroup("wheel")) { var cmd = action.lookup("program"); if (cmd && cmd.match(/\/ls$/)) { return polkit.Result.YES; } } }); ''; }; rtkit.enable = true; sudo = { extraRules = [ { commands = [ { command = "/run/current-system/sw/bin/nix"; options = [ "NOPASSWD" ]; } { command = "/run/current-system/sw/bin/nix-env"; options = [ "NOPASSWD" ]; } ]; groups = [ "wheel" ]; } ]; }; wrappers.gdb-ptrace = { owner = "root"; group = "wheel"; permissions = "u+rx,g+rx,o-rwx"; capabilities = "cap_sys_ptrace+ep"; source = "${pkgs.gdb}/bin/gdb"; }; }; programs = { # ccache = { # enable = true; # cacheDir = "/home/thek0tyara/Documents/cache/ccache/"; # packageNames = [ # # "linux" # ]; # }; niri = { enable = true; package = pkgs.niri; }; nix-ld = { enable = true; libraries = with pkgs; [ stdenv.cc.cc.lib ]; }; obs-studio.enableVirtualCamera = true; steam = { enable = true; extraCompatPackages = [ inputs.dw-proton.packages.${system}.dw-proton ]; protontricks = { enable = true; }; }; traceroute.enable = true; ydotool = { # enable = true; group = "wheel"; }; }; services = { displayManager = { enable = true; defaultSession = "niri"; }; flatpak.enable = true; locate.enable = true; pipewire = { enable = true; pulse.enable = true; }; tor = { enable = true; client.enable = true; relay = { enable = true; role = "relay"; }; }; xserver = { enable = true; displayManager.lightdm.enable = true; xkb = { layout = "us,ru"; options = "grp:alt_shift_toggle"; }; }; zerotierone = { enable = true; localConf = { settings = { bind = [ "10.20.0.201" ]; }; }; }; }; } ) ./configuration.nix # home-manager.nixosModules.default { home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = { inherit inputs; }; users.thek0tyara = ./home.nix; }; } ]; }; # homeManager."thek0tyara@testenv" = home-manager.lib.homeManagerConfiguration { # inherit pkgs; # modules = [ # ragenix.homeManagerModules.default # ( # { config, ... }: # { # age.secrets = { # "openrouter-open.key.age" = { # file = ./secrets/openrouter-open.key.age; # # owner = "root"; # # group = "wheel"; # # mode = "0440"; # }; # }; # programs.fish = { # shellInit = '' # echo fuck # set -U OPENROUTER_API $(cat ${config.age.secrets."openrouter-open.key.age".path}) # ''; # }; # } # ) # ]; # }; }; }