{ config, lib, inputs, ... }: { imports = [ inputs.lix-module.nixosModules.default inputs.private.nixosModules.base ]; nix = { settings = { auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" "ca-derivations" ]; use-xdg-base-directories = true; trusted-public-keys = [ "nixbsd:gwcQlsUONBLrrGCOdEboIAeFq9eLaDqfhfXmHZs1mgc=" ]; trusted-substituters = [ "https://attic.mildlyfunctional.gay/nixbsd" ]; }; }; nixpkgs = { overlays = [ inputs.artemist.overlays.default inputs.fonts.overlays.default ]; config.allowUnfreePredicate = pkg: (pkg ? passthru && pkg.passthru ? font && pkg.passthru.font) || (builtins.elem (lib.getName pkg) [ "1password" "brscan5" "brscan5-etc-files" "celeste64" "corefonts" "google-chrome" "jlink" "makemkv" "steam" "steam-jupiter-original" "steam-unwrapped" "steam-jupiter-unwrapped" "steam-original" "steam-run" "steamdeck-hw-theme" "uhk-agent" "uhk-udev-rules" "unrar" ]); # oh god, i guess i only use matrix for public stuff though config.permittedInsecurePackages = [ "olm-3.2.16" ]; }; console = { keyMap = "us"; earlySetup = true; }; time.timeZone = "Etc/UTC"; environment.shellAliases.cp = "cp --reflink=auto --sparse=always"; networking.firewall.enable = false; programs.fish.enable = true; users = { users.artemis = { isNormalUser = true; description = "Artemis Tosini"; uid = 1000; extraGroups = [ "wheel" "artemis" ]; shell = "/run/current-system/sw/bin/fish"; # hashedPassword set in private }; groups.artemis.gid = config.users.users.artemis.uid; mutableUsers = false; }; security.sudo.execWheelOnly = true; systemd.extraConfig = "DefaultLimitCORE=infinity"; security.pam.loginLimits = [ { domain = "*"; item = "core"; type = "hard"; value = "infinity"; } ]; }