{ nixpkgs, sops-nix, impermanence, home-manager, ... }: { systemd.network.netdevs."20-microbr".netdevConfig = { Kind = "bridge"; Name = "microbr"; }; systemd.network.networks."20-microbr" = { matchConfig.Name = "microbr"; addresses = [ { Address = "192.168.77.1/24"; } ]; networkConfig = { ConfigureWithoutCarrier = true; }; }; systemd.network.networks."21-microvm-tap" = { matchConfig.Name = "vm-*"; networkConfig.Bridge = "microbr"; }; networking.nat = { enable = true; internalInterfaces = [ "microbr" ]; externalInterface = "enp7e0"; }; networking.nftables = { enable = true; tables.nat = { family = "ip"; content = '' chain postrouting { type nat hook postrouting priority srcnat; iifname "microbr" masquerade } ''; }; }; microvm.vms = { "agent" = { pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) [ "claude-code" ]; }; config = let hostname = "agent"; mac = "02:00:00:00:00:07"; in { config, lib, pkgs, ... }: { imports = [ impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1; systemd.network = { enable = true; networks = { "10-net" = { matchConfig.MACAddress = mac; linkConfig.RequiredForOnline = "routable"; addresses = [ { Address = "192.168.77.2/24"; } ]; routes = [ { Gateway = "192.168.77.1"; Metric = 100; } { Destination = "103.69.224.4/32"; Gateway = "192.168.77.1"; } ]; }; }; }; systemd.user.services.wayland-proxy = { enable = true; description = "Wayland Proxy"; serviceConfig = with pkgs; { # Environment = "WAYLAND_DISPLAY=wayland-1"; ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland"; Restart = "on-failure"; RestartSec = 5; }; wantedBy = [ "default.target" ]; }; services.resolved.enable = false; environment.etc."resolv.conf".text = '' nameserver 10.2.0.1 ''; networking = { hostName = hostname; useNetworkd = true; useDHCP = false; firewall.enable = false; }; users.mutableUsers = false; users.users.root = { password = ""; home = "/root"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh" ]; }; users.users.user = { linger = true; home = "/home/user"; password = ""; group = "user"; isNormalUser = true; extraGroups = [ "video" ]; uid = 1000; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh" ]; }; users.groups.user.gid = 1000; environment.sessionVariables = { WAYLAND_DISPLAY = "/var/host/wayland-agent"; DISPLAY = ":0"; QT_QPA_PLATFORM = "wayland"; # Qt Applications GDK_BACKEND = "wayland"; # GTK Applications XDG_SESSION_TYPE = "wayland"; # Electron Applications SDL_VIDEODRIVER = "wayland"; CLUTTER_BACKEND = "wayland"; }; home-manager = { useGlobalPkgs = true; useUserPackages = true; users.user = { imports = [ ../home/nvim ../home/tmux.nix ]; home.username = "user"; home.homeDirectory = "/home/user"; home.stateVersion = "25.11"; home.enableNixpkgsReleaseCheck = false; xdg.configFile."containers/containers.conf".text = '' [engine] compose_warning_logs=false events_logger="file" [containers] log_driver="k8s-file" ''; xdg.configFile."lazygit/config.yml".text = lib.generators.toYAML { } { gui = { theme = { selectedLineBgColor = [ "reverse" ]; }; }; }; xdg.configFile."opencode/opencode.json".text = builtins.toJSON { "$schema" = "https://opencode.ai/config.json"; plugin = [ "opencode-antigravity-auth@latest" ]; provider = { google = { models = { antigravity-gemini-3-pro = { name = "Gemini 3 Pro (Antigravity)"; limit = { context = 1048576; output = 65535; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; variants = { low = { thinkingLevel = "low"; }; high = { thinkingLevel = "high"; }; }; }; antigravity-gemini-3-flash = { name = "Gemini 3 Flash (Antigravity)"; limit = { context = 1048576; output = 65536; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; variants = { minimal = { thinkingLevel = "minimal"; }; low = { thinkingLevel = "low"; }; medium = { thinkingLevel = "medium"; }; high = { thinkingLevel = "high"; }; }; }; antigravity-claude-sonnet-4-5 = { name = "Claude Sonnet 4.5 (Antigravity)"; limit = { context = 200000; output = 64000; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; }; antigravity-claude-sonnet-4-5-thinking = { name = "Claude Sonnet 4.5 Thinking (Antigravity)"; limit = { context = 200000; output = 64000; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; variants = { low = { thinkingConfig = { thinkingBudget = 8192; }; }; max = { thinkingConfig = { thinkingBudget = 32768; }; }; }; }; antigravity-claude-opus-4-5-thinking = { name = "Claude Opus 4.5 Thinking (Antigravity)"; limit = { context = 200000; output = 64000; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; variants = { low = { thinkingConfig = { thinkingBudget = 8192; }; }; max = { thinkingConfig = { thinkingBudget = 32768; }; }; }; }; antigravity-claude-opus-4-6-thinking = { name = "Claude Opus 4.6 Thinking (Antigravity)"; limit = { context = 200000; output = 64000; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; variants = { low = { thinkingConfig = { thinkingBudget = 8192; }; }; max = { thinkingConfig = { thinkingBudget = 32768; }; }; }; }; "gemini-2.5-flash" = { name = "Gemini 2.5 Flash (Gemini CLI)"; limit = { context = 1048576; output = 65536; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; }; "gemini-2.5-pro" = { name = "Gemini 2.5 Pro (Gemini CLI)"; limit = { context = 1048576; output = 65536; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; }; gemini-3-flash-preview = { name = "Gemini 3 Flash Preview (Gemini CLI)"; limit = { context = 1048576; output = 65536; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; }; gemini-3-pro-preview = { name = "Gemini 3 Pro Preview (Gemini CLI)"; limit = { context = 1048576; output = 65535; }; modalities = { input = [ "text" "image" "pdf" ]; output = [ "text" ]; }; }; }; }; }; }; home.packages = with pkgs; [ (writeShellApplication { name = "tmux-sessionizer"; runtimeInputs = [ tmux fzf ]; text = builtins.readFile ../home/bin/tmux-sessionizer; }) ]; custom.tmux.enable = true; custom.neovim = { enable = true; colorscheme = "rose-pine-moon"; hostname = hostname; }; programs.fish = { enable = true; plugins = [ { name = "puffer"; src = pkgs.fetchFromGitHub { owner = "nickeb96"; repo = "puffer-fish"; rev = "83174b0"; sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg="; }; } ]; interactiveShellInit = '' set fish_greeting bind ctrl-space "" ''; }; programs = { delta = { enable = true; options = { navigate = true; line-numbers = true; side-by-side = true; }; enableGitIntegration = true; }; git = { enable = true; lfs.enable = true; settings = { user = { email = "user@sandbox.dev"; name = "sandbox"; }; gpg.format = "ssh"; commit.gpgsign = true; tag.gpgsign = true; core = { editor = "nvim"; whitespace = "fix,only-indent-error,trailing-space,space-before-tab"; quotepath = false; }; diff = { algorithm = "histogram"; renames = "copies"; tool = "nvim"; }; difftool = { prompt = false; nvim.cmd = "nvim -d $LOCAL $REMOTE"; }; merge = { conflictstyle = "zdiff3"; tool = "nvim"; }; mergetool = { prompt = false; keepBackup = false; nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'"; }; init = { defaultBranch = "master"; }; push = { autoSetupRemote = true; default = "current"; }; pull = { rebase = true; }; fetch = { prune = true; }; help = { autocorrect = "prompt"; }; }; }; }; }; }; fileSystems = { "/.persist".neededForBoot = true; }; environment.systemPackages = with pkgs; [ xdg-utils coreutils jq git fzf claude-code neovim ripgrep fd podman-compose opencode lf lazygit ungoogled-chromium bat eza ffmpeg fira-code-symbols gh imagemagick luarocks wl-clipboard ]; hardware.graphics.enable = true; programs = { fish.enable = true; starship.enable = true; ssh = { knownHosts = { "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; }; }; }; environment.persistence."/.persist" = { enable = true; hideMounts = true; directories = [ "/var/lib/nixos" ]; files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" ]; users.root = { files = [ ".config/sops/age/keys.txt" ]; }; }; services = { openssh = { enable = true; ports = [ 22 ]; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = "yes"; AllowUsers = [ "user" "root" ]; }; }; getty = { autologinUser = "root"; autologinOnce = true; }; }; virtualisation = { containers.enable = true; podman = { enable = true; defaultNetwork.settings.dns_enabled = true; dockerCompat = true; }; }; environment.sessionVariables = { EDITOR = "nvim"; }; microvm = { hypervisor = "crosvm"; graphics.enable = true; vcpu = 20; mem = 16384; # socket = "control.sock"; interfaces = [ { id = "vm-${hostname}"; type = "tap"; mac = mac; } ]; volumes = [ { mountPoint = "/.persist"; image = "persist.img"; size = 1024 * 128; } { mountPoint = "/nix/.rw-store"; image = "nix-store.img"; size = 1024 * 128; } ]; writableStoreOverlay = "/nix/.rw-store"; shares = [ { proto = "virtiofs"; tag = "pictures"; source = "/home/user/pictures"; mountPoint = "/home/user/pictures"; } { proto = "virtiofs"; tag = "home"; source = "/data/vm/${hostname}"; mountPoint = "/home/user"; } { proto = "virtiofs"; tag = "ro-store"; source = "/nix/store"; mountPoint = "/nix/.ro-store"; } # { # proto = "virtiofs"; # tag = "xdg-host"; # source = "/run/user/1000"; # mountPoint = "/var/host"; # } # { # proto = "virtiofs"; # tag = "gpu"; # source = "/dev/dri"; # mountPoint = "/dev/dri"; # } ]; crosvm.extraArgs = [ "--disable-sandbox" ]; # qemu.extraArgs = [ # "-cpu" # "host" # "-vnc" # ":0" # "-vga" # "qxl" # "-device" # "virtio-keyboard" # "-usb" # "-device" # "usb-table,bus=usb-bus.0" # "-display" # "spice-app" # "-device" # "virtio-gpu" # "-spice" # "port=5900,disable-ticketing=on" # ]; }; system.stateVersion = "25.11"; }; }; }; }