1  {
  2    config,
  3    lib,
  4    pkgs,
  5    inputs,
  6    ...
  7  }:
  8  {
  9    # Basic system configuration
 10    system.stateVersion = "24.05";
 11  
 12    # Hardware and boot configuration
 13    boot.loader.systemd-boot.enable = true;
 14    boot.loader.efi.canTouchEfiVariables = true;
 15    boot.initrd.availableKernelModules = [
 16      "xhci_pci"
 17      "ahci"
 18      "nvme"
 19      "usb_storage"
 20      "sd_mod"
 21    ];
 22    boot.kernelModules = [ "kvm-amd" ];
 23  
 24    # Hardware support
 25    hardware.enableAllFirmware = true;
 26    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.boot.initrd.enable;
 27    hardware.graphics.enable = true;
 28  
 29    # Audio
 30    security.rtkit.enable = true;
 31    services.pipewire = {
 32      enable = true;
 33      alsa.enable = true;
 34      alsa.support32Bit = true;
 35      pulse.enable = true;
 36    };
 37  
 38    # Networking
 39    networking = {
 40      hostName = "nixos-desktop";
 41      networkmanager.enable = true;
 42      firewall = {
 43        enable = true;
 44        allowedTCPPorts = [ 22 ]; # SSH
 45      };
 46    };
 47  
 48    # Timezone and locale
 49    time.timeZone = "America/New_York";
 50    i18n.defaultLocale = "en_US.UTF-8";
 51    i18n.extraLocaleSettings = {
 52      LC_ADDRESS = "en_US.UTF-8";
 53      LC_IDENTIFICATION = "en_US.UTF-8";
 54      LC_MEASUREMENT = "en_US.UTF-8";
 55      LC_MONETARY = "en_US.UTF-8";
 56      LC_NAME = "en_US.UTF-8";
 57      LC_NUMERIC = "en_US.UTF-8";
 58      LC_PAPER = "en_US.UTF-8";
 59      LC_TELEPHONE = "en_US.UTF-8";
 60      LC_TIME = "en_US.UTF-8";
 61    };
 62  
 63    # User configuration
 64    users.users.ay = {
 65      isNormalUser = true;
 66      description = "ay";
 67      extraGroups = [
 68        "wheel"
 69        "networkmanager"
 70        "docker"
 71        "audio"
 72        "video"
 73      ];
 74      shell = pkgs.nushell;
 75      openssh.authorizedKeys.keys = [
 76        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhuX+vkPM4C2GJtKkfgOm29QEcVs6s9oElroEYY8sCO ay@net-2.local"
 77      ];
 78    };
 79  
 80    # Enable home-manager
 81    home-manager = {
 82      useGlobalPkgs = true;
 83      useUserPackages = true;
 84      backupFileExtension = "backup";
 85  
 86      users.ay =
 87        { config, pkgs, ... }:
 88        {
 89          home.stateVersion = "24.05";
 90          home.homeDirectory = "/home/ay";
 91          home.username = "ay";
 92  
 93          # Ensure PATH includes home-manager packages
 94          home.sessionPath = [
 95            "$HOME/.nix-profile/bin"
 96            "/run/current-system/sw/bin"
 97          ];
 98        };
 99    };
100  
101    # Essential services
102    services.openssh = {
103      enable = true;
104      settings = {
105        PasswordAuthentication = false;
106        KbdInteractiveAuthentication = false;
107        PermitRootLogin = "no";
108      };
109    };
110  
111    # Desktop environment
112    services.xserver = {
113      enable = true;
114      displayManager.gdm.enable = true;
115      desktopManager.gnome.enable = true;
116      xkb = {
117        layout = "us";
118        variant = "";
119      };
120    };
121  
122    # Enable CUPS for printing
123    services.printing.enable = true;
124  
125    # Fonts
126    fonts.packages = with pkgs; [
127      nerd-fonts.jetbrains-mono
128      geist-mono
129      lexend
130    ];
131  
132    # Environment setup
133    environment = {
134      shells = [ pkgs.nushell ];
135      variables = {
136        SHELL = "${pkgs.nushell}/bin/nu";
137        EDITOR = "hx";
138      };
139  
140      # Make sure these packages are available system-wide
141      systemPackages = with pkgs; [
142        # Essential tools for initial setup
143        wget
144        curl
145        git
146        helix
147        nushell
148      ];
149    };
150  
151    unfree.allowedNames = [ "obsidian" ];
152  
153    # Add nushell to /etc/shells
154    environment.etc."shells".text = ''
155      /bin/sh
156      /bin/bash
157      /bin/zsh
158      ${pkgs.nushell}/bin/nu
159      /run/current-system/sw/bin/nu
160    '';
161  
162    # Nix configuration
163    nix.package = inputs.nix.packages.${pkgs.system}.default;
164    nix.settings = {
165      experimental-features = [
166        "nix-command"
167        "flakes"
168        "pipe-operators"
169      ];
170      trusted-users = [
171        "root"
172        "ay"
173      ];
174  
175      nixpkgs.config.allowBroken = true;
176  
177      # Performance settings
178      builders-use-substitutes = true;
179      http-connections = 50;
180      show-trace = true;
181      warn-dirty = false;
182  
183      # Substituters (binary caches)
184      extra-substituters = [
185        "https://cache.nixos.org/"
186        "https://nix-community.cachix.org/"
187      ];
188  
189      extra-trusted-public-keys = [
190        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
191        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
192      ];
193    };
194  
195    nix.gc = {
196      automatic = true;
197      dates = "weekly";
198      options = "--delete-older-than 3d";
199      persistent = true;
200    };
201  
202    nix.optimise = {
203      automatic = true;
204      dates = [ "weekly" ];
205    };
206  
207    # Security
208    security.sudo.wheelNeedsPassword = false;
209  
210    # Allow unfree packages (needed for some applications)
211    nixpkgs.config.allowUnfree = true;
212  
213    # System-wide programs
214    programs = {
215      gnupg.agent = {
216        enable = true;
217        enableSSHSupport = true;
218      };
219  
220      dconf.enable = true; # Needed for GNOME settings
221    };
222  }