dotfiles/systems/x86_64-linux/aspi/default.nix

{
  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
  # as well as the libraries available from your flake's inputs.
  lib,
  # An instance of `pkgs` with your overlays and packages applied is also available.
  pkgs,
  # You also have access to your flake's inputs.
  inputs,

  # Additional metadata is provided by Snowfall Lib.
  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
  system, # The system architecture for this host (eg. `x86_64-linux`).
  target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
  format, # A normalized name for the system target (eg. `iso`).
  virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
  systems, # An attribute map of your defined hosts.

  # All other arguments come from the system system.
  config,
  ...
}:
{
  imports = [ ./hardware-configuration.nix ];

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  boot.blacklistedKernelModules = [ "pcspkr" ]; # Disables "beep"

  networking.hostName = "aspi";
  networking.networkmanager.enable = true;

  topology.self = {
    hardware.info = "ThinkPad L430, 8GB RAM";
  };

  time.timeZone = "Europe/Berlin";

  modules = {
    sops.enable = true;
    nix-settings.enable = true;
    xserver-defaults.enable = true;
    keymap.enable = true;
    builder.enable = false;
    system.boot-efi.enable = true;
    sound.enable = true;

    locales.enable = true;
    # thunar.enable = true;
    pcmanfm.enable = true;

    i3.enable = true;
    gdm.enable = true;
    redshift.enable = true;

    # wayland.enable = true;
    # hyprland.enable = true;
    # tuigreet.enable = true;

    virtualbox.enable = true;
    users-julian.enable = true;
    syncthing = {
      enable = true;
      overrideSettings = false;
    };
    xdg-portal.enable = true;
    polkit.enable = true;
    keyring.enable = true;
  };

  users.mutableUsers = false;
  users.users.julian.hashedPasswordFile = config.sops.secrets."password/aspi".path;

  services.blueman.enable = true;
  services.upower.enable = true;

  programs.steam.enable = true;

  programs.dconf.enable = true;
  services.logind.lidSwitch = "lock";
  services.logind.lidSwitchDocked = "lock";

  programs.kdeconnect.enable = true;

  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput.enable = true;

  # This interface is started on boot / switch
  networking.wg-quick.interfaces = {
    julian = {
      configFile = "/etc/wireguard/julian.conf";
    };
  };

  # List services that you want to enable:
  services.openssh.enable = false;
  services.flatpak.enable = true;

  security.krb5.enable = true;
  security.krb5.settings = {
    # domain_realm = {
    #   ".julian-mutter.de" = "julian-mutter.de";
    #   "julian-mutter.de" = "julian-mutter.de";
    # };
    libdefaults = {
      default_realm = "julian-mutter.de";
      #   dns_lookup_realm = true;
      #   dns_lookup_kdc = true;
      #   ticket_lifetime = "24h";
      #   renew_lifetime = "7d";
    };
    realms = {
      "julian-mutter.de" = {
        kdc = [ "kerberos.julian-mutter.de" ];
        admin_server = "kerberos-admin.julian-mutter.de";
        default_domain = "julian-mutter.de";
      };
    };
  };

  virtualisation.docker.enable = true;

  # Do not alway generate man-cache, making builds much faster
  documentation.man.generateCaches = false;

  # MDNS on local network
  services.avahi = {
    enable = true;
    nssmdns4 = true;
  };

  # Packages needed as root
  environment.systemPackages = with pkgs; [
    vim
    htop
    mc
    xorg.xhost
    pavucontrol
    frajul.pulseaudio-popup
    gparted-xhost # needs to be installed as system package so it can be actually opened
    xclip

    brightnessctl
  ];

  # ======================== DO NOT CHANGE THIS ========================
  system.stateVersion = "24.05";
  # ======================== DO NOT CHANGE THIS ========================
}