{ me, pkgs, auxiliaryPkgs, unstablePkgs, ... }: let inherit (builtins) filter elem; filterUnsupportedPackages = packages: filter (p: elem me.system (p.meta.platforms or [ me.system ])) packages; in { imports = [ ./nix.nix ./user.nix ./locale.nix ./vim.nix ./tmux.nix ./gnome.nix ./fonts.nix ./flatpak.nix ./libreoffice.nix ./electronics.nix ./hardware-keys.nix ./nix-ld.nix ]; services.envfs.enable = true; virtualisation = { libvirtd.enable = true; docker.enable = true; }; # fish enables this by default, # it makes every nixos rebuild very slow. documentation.man.generateCaches = false; documentation = { info.enable = true; doc.enable = true; dev.enable = true; nixos = { enable = true; includeAllModules = true; }; }; networking.hostName = me.name; # use corsac dns server networking.nameservers = let corsacTailnet = "100.64.100.100"; in [ corsacTailnet ]; services.resolved.enable = true; services = { acpid.enable = true; sysprof.enable = true; tailscale = { enable = true; useRoutingFeatures = "both"; extraUpFlags = [ "--ssh" ]; }; # sometimes needed for gnupg pcscd.enable = true; }; programs = { # steam requires the i386 package set, which obviously does not work on ARM. # TODO: pull out gaming related configuration (like steam) into a seperate module. # steam = { # enable = true; # remotePlay.openFirewall = true; # }; virt-manager.enable = true; fish.enable = true; git.enable = true; ghidra = { enable = true; package = auxiliaryPkgs.ghidra; gdb = true; }; wireshark = { enable = true; dumpcap.enable = true; usbmon.enable = true; }; adb.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; pinentryPackage = pkgs.pinentry-gnome3; }; }; # on desktop machines (a.k.a. minerals) we only use tailscale ssh # for access, so we don't generally have normal host keys, and # have to grab the ones tailscale uses. age.identityPaths = [ "/var/lib/tailscale/ssh/ssh_host_ed25519_key" ]; # TODO: the filter already does some good work, but we need some way to # pick out x86-only packages, so it is not as opaque as it currently is. # (who knows if muse-sounds-manager is actually installed, for example?) environment.systemPackages = (with pkgs; filterUnsupportedPackages [ file unzip jq dig htop wget screen dive gnupg pinentry-gnome3 age agenix minisign openssl cryptsetup pamtester bitwarden-desktop bitwarden-cli inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool sysprof wireshark seer mitmproxy hardinfo2 btrfs-assistant remmina trayscale vlc celluloid foliate calibre yt-dlp ffmpeg_7-full imagemagick handbrake mpv helvum gimp3 krita mypaint aseprite rnote fontforge-gtk blender inkscape obs-studio darktable davinci-resolve orca-slicer renderdoc audacity musescore muse-sounds-manager reaper # bitwigs bubblewrap configuration requires some non-ARM package sets. # bitwig-studio ungoogled-chromium librewolf lagrange senpai signal-desktop alpaca newsflash qemu_full virtiofsd openvpn openvpn3 update-resolv-conf transmission_4-gtk fragments xorg.xeyes wl-clipboard ripgrep hyperfine parallel just fzf bat delta eza fd tokei didyoumean universal-ctags compiledb graphviz python3 uv ruff nodejs_22 deno yarn rustc rustup cargo rustfmt go gopls delve go-task gotags golangci-lint meson cmake gnumake ninja gdb gcc clang clang-tools hare haredoc jdk maven gradle nil nixfmt-rfc-style nixpkgs-review nixpkgs-fmt nixpkgs-lint-community postgresql helix alacritty ghostty androidStudioPackages.dev winetricks bottles scrcpy apfs-fuse nfs-utils ubootTools dtc cloud-utils borgbackup pika-backup prismlauncher xonotic man-pages man-pages-posix ]) ++ (with unstablePkgs; [ claude-code gemini-cli ]) ++ (with auxiliaryPkgs; [ # TODO: need fixes for 25.05 # retroarch wine # TODO: ngfx (obviously) does not work on ARM, put it somewhere else # ngfx ]); environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn"; }