{ config, lib, pkgs, modulesPath, ... }: let uvmsPkgs = pkgs.callPackage ../pkgs { }; waylandSock = "/run/user/1000/wayland-1"; env = { XDG_RUNTIME_DIR = "/run/user/1000"; WAYLAND_DISPLAY = "wayland-1"; MESA_LOADER_DRIVER_OVERRIDE = "zink"; # WAYLAND_DEBUG = "1"; # WAYLAND_DEBUG_PROXY = "1"; ELECTRON_OZONE_PLATFORM_HINT = "wayland"; MOZ_ENABLE_WAYLAND = "1"; QT_QPA_PLATFORM = "wayland"; # Qt Applications GDK_BACKEND = "wayland"; # GTK Applications XDG_SESSION_TYPE = "wayland"; # Electron Applications SDL_VIDEODRIVER = "wayland"; CLUTTER_BACKEND = "wayland"; NIXOS_OZONE_WL = "1"; }; in { imports = [ ../profiles/all.nix (modulesPath + "/profiles/minimal.nix") ]; system.stateVersion = "25.11"; networking.hostName = "dummy"; vmapps.enable = true; _module.args.inputs = import ../npins; # boot.isContainer = true; # boot.initrd.enable = true; boot.loader.grub.enable = false; boot.initrd.systemd.enable = true; services.logrotate.enable = false; services.udisks2.enable = false; system.tools.nixos-generate-config.enable = false; # system.activationScripts.specialfs = lib.mkForce ""; systemd.coredump.enable = false; # networking.firewall.enable = false; powerManagement.enable = false; boot.kexec.enable = false; # console.enable = false; # system.switch.enable = false; # services.udev.packages = lib.mkDefault [ ]; services.resolved.enable = false; systemd.services.generate-shutdown-ramfs.enable = lib.mkForce false; systemd.services.systemd-remount-fs.enable = lib.mkForce false; systemd.services.systemd-pstore.enable = lib.mkForce false; systemd.services.lastlog2-import.enable = lib.mkForce false; systemd.services.suid-sgid-wrappers.enable = lib.mkForce false; fileSystems."/" = lib.mkDefault { device = "rootfs"; # how does this work? does this assign a label to the tmpfs? fsType = "tmpfs"; options = [ "size=20%,mode=0755" ]; neededForBoot = true; }; boot.initrd.systemd.settings.Manager.DefaultTimeoutStartSec = 5; systemd.settings.Manager.DefaultTimeoutStopSec = 10; networking.useNetworkd = true; networking.nftables.enable = true; uvms.cloud-hypervisor.enable = true; systemd.sysusers.enable = false; services.userborn.enable = true; # nikstur it users.mutableUsers = false; users.groups.user = { }; users.users.user = { isNormalUser = true; password = "hacktheplanet!"; extraGroups = [ "video" "render" ]; }; users.users.root.password = "hacktheplanet!"; systemd.services."suid-sgid-wrappers".serviceConfig = { StandardOutput = "journal+console"; StandardError = "journal+console"; }; environment.variables = env; systemd.globalEnvironment = env; systemd.tmpfiles.settings."10-xdg" = { ${env.XDG_RUNTIME_DIR}.d = { user = "user"; group = "user"; mode = "0755"; }; }; systemd.sockets."wayland-proxy" = { listenStreams = [ waylandSock ]; socketConfig = { SocketUser = "user"; SocketGroup = "user"; FileDescriptorName = "wayland"; }; wantedBy = [ "sockets.target" ]; partOf = [ "wayland-proxy.service" ]; }; systemd.services."wayland-proxy" = { wantedBy = [ "default.target" ]; serviceConfig = { User = "user"; Group = "user"; ExecStart = "${lib.getExe pkgs.wayland-proxy-virtwl} --virtio-gpu"; # ExecStart = "${lib.getExe uvmsPkgs.wl-cross-domain-proxy} --listen-fd --filter-global wp_presentation"; ExecStartPre = [ "+/run/current-system/sw/bin/chmod 0666 /dev/dri/card0 /dev/dri/renderD128" ]; StandardOutput = "journal+console"; StandardError = "journal+console"; Restart = "on-failure"; RestartSec = 5; }; }; fonts.enableDefaultPackages = true; systemd.services."terminal" = { wantedBy = [ "multi-user.target" ]; wants = [ "wayland-proxy.service" ]; after = [ "wayland-proxy.service" ]; environment = env; serviceConfig = { User = "user"; WorkingDirectory = "/home/user"; ExecStart = lib.getExe pkgs.alacritty; StandardOutput = "journal+console"; StandardError = "journal+console"; }; }; boot.kernelModules = [ "drm" "virtio_gpu" ]; hardware.graphics.enable = true; # TODO: cmdline, kernel, initrd, fileSystems }