{ config, lib, pkgs, ... }: with lib; let cfg = config.nixfiles.modules.profiles.headful; in { config = mkIf cfg.enable { nixfiles.modules = { chromium.enable = true; firefox.enable = true; sound.enable = true; dwm.enable = mkDefault false; kde.enable = mkDefault true; xmonad.enable = mkDefault false; }; hm = { home.packages = with pkgs; [ calibre imv neochat tdesktop tor-browser ]; programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; }; boot = { kernelPackages = mkDefault pkgs.linuxPackages_latest; # There are (arguably) not a lot of reasons to keep mitigations enabled # for on machine that is not web-facing. First of all, to completely # mitigate any possible Spectre holes one would need to disable # Hyperthreading altogether which will essentially put one's computer into # the stone age by not being able to to effectively utilise multi-core its # multicore capabilities. Secondly, by enabling mitigations, we introduce # a plethora of performance overheads[1], which, albeit small, but still # contribute to the overall speed of things. This is however still poses a # security risk, which I am willing to take. # # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 kernelParams = ["mitigations=off"]; loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 10; }; }; }; hardware.opengl = { enable = true; driSupport = true; }; programs = { iftop.enable = true; mtr.enable = true; }; services = { # https://github.com/NixOS/nixpkgs/issues/135888 upower.enable = true; psd.enable = true; }; environment.systemPackages = with pkgs; [lm_sensors]; my.extraGroups = ["audio" "video" "input"]; }; }