nixos-config/hosts/yaseen/configuration.nix

{
  pkgs,
  lib,
  inputs,
  config,
  ...
}: let
  sshKeys = import ../../crypto/ssh-keys.nix;
in {
  imports = [
    # Defaults
    ./hardware-configuration.nix
    ../../common/base.nix
    ../../common/full-install.nix

    # Localization
    ../../common/locales/en.nix
    ../../common/locales/fr-keymap.nix

    # Hardware
    ../../common/hardware/intel-cpu.nix
    ../../common/hardware/tpm2.nix
    ../../common/hardware/wireless.nix
    # ../../common/hardware/nvidia-gpu.nix
    # ../../common/hardware/nvidia-gpu-offload.nix
    ../../common/hardware/ssd.nix
    ../../common/hardware/btrfs.nix

    # Software components
    ../../common/components/de/sddm.nix
    ../../common/components/de/plasma6.nix
    # ../../common/components/de/hyprland.nix

    # Programs
    ../../common/programs/steam.nix

    # Services
    # ../../common/services/auditd.nix
    ../../common/services/nix-gc.nix
    ../../common/services/opensnitch.nix
    # ../../common/services/adguardhome.nix
    ../../common/services/syncthing.nix
    ../../common/services/usbguard.nix
    ../../common/services/autoupgrade.nix

    # Home-manager
    ../../home/tasia/home.nix

    inputs.agenix.nixosModules.default
    ../../common/components/wifi-secrets.nix

    # Personal modules
    # ../../modules/nixos/tildefriends.nix
    ./yubikey.nix
  ];

  # RGB Keyboard backight
  boot.extraModulePackages = with config.boot.kernelPackages; [hid-ite8291r3];

  services.udev.extraRules = ''
    ACTION=="add", SUBSYSTEM=="leds", DEVPATH=="*:kbd_backlight", TEST=="color", ATTR{color}="fc4f05"
  '';

  # Nvidia GPU
  hardware.nvidia.prime = {
    intelBusId = "PCI:1:0:0";
    nvidiaBusId = "PCI:0:2:0";
  };

  networking = {
    hostName = "yaseen";

    firewall = {
      allowedTCPPorts = [
        # 8080 # ?
        80
        443
        3001
        8000
        # 8008 # ssb
        # 12345 # tildefriends
        # 13378 # audiobookshelf
      ];
      allowedUDPPorts = [
        # 8080 # ?
      ];
    };
  };

  users.users.tasia.openssh.authorizedKeys.keys = [
    sshKeys.tasia.yaseen
  ];

  virtualisation.docker.enable = true;
  services.flatpak.enable = true;

  services.syncthing = {
    user = "tasia";
    dataDir = lib.mkForce "/home/tasia/Sync/data";
    configDir = lib.mkForce "/home/tasia/Sync/configuration";
  };

  # Needed to build enry
  boot.binfmt.emulatedSystems = ["aarch64-linux"];

  environment.systemPackages = with pkgs; [
    inputs.tildefriends.packages.${system}.default

    osu-lazer-bin
    prismlauncher

    sherlock
    whois
    android-tools

    ripgrep
    lsd
    viu
    logseq
    nix-tree
    android-studio
    lutris

    # nheko
    iamb
    ladybird
    lynx

    chirp
    yubikey-manager

    inputs.agenix.packages.x86_64-linux.default
  ];

  fonts.packages = with pkgs; [
    (nerdfonts.override {fonts = ["CascadiaCode"];})
  ];

  programs.adb.enable = true;

  # services.ddclient = {
  #   enable = true;
  #   # usev6=if, if=wlp5s0
  #   configFile = pkgs.writeText "ddclient-config" ''
  #     usev6=webv6, web=dns.glauca.digital/checkip

  #     ipv6=yes
  #     ipv4=no

  #     protocol=dyndns2
  #     server=dns.glauca.digital
  #     login=
  #     password=
  #     hello.vulpecula.zone
  #   '';
  # };

  # services.nginx.enable = true;
  # services.nginx.virtualHosts."test.vulpecula.zone" = {
  #   # addSSL = true;
  #   # enableACME = true;
  #   root = "/www";
  # };
  # security.acme = {
  #   acceptTerms = true;
  #   defaults.email = "tasiaiso@proton.me";
  # };

  services.printing.drivers = [pkgs.cnijfilter2];

  # services.uptime-kuma.enable = true;
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
    "electron-27.3.11"
  ];

  # services.mattermost = {
  #   enable = true;
  #   siteUrl = "https://mattermost.example.com"; # Set this to the URL you will be hosting the site on.
  # };

  # todo: ci runner

  # services.ollama = {
  #   enable = true;
  #   # acceleration = "cuda";
  # };

  # services.gotosocial = {
  #   enable = true;
  #   setupPostgresqlDB = true;
  #   settings = {
  #     application-name = "My GoToSocial";
  #     host = "gotosocial.example.com";
  #     protocol = "http";
  #     bind-address = "127.0.0.1";
  #     port = 8080;
  #   };
  # };

  # environment.etc."nextcloud-admin-pass".text = "Devdevdev10!";
  # services.nextcloud = {
  #   enable = true;
  #   package = pkgs.nextcloud29;
  #   hostName = "localhost";
  #   config.adminpassFile = "/etc/nextcloud-admin-pass";
  # };

  services.rustdesk-server = {
    enable = true;
    openFirewall = true;
    relayIP = "100.91.88.2";
  };

  # virtualisation.waydroid.enable = true;

  # users.users.lol = {
  #   isNormalUser = true;
  #   description = "lol";
  #   extraGroups = [
  #     "networkmanager"
  #     # "wheel"
  #     # "syncthing"
  #     # "tss"
  #     # "dialout"
  #     # "vboxusers"
  #     # "adbusers"
  #   ];
  #   initialPassword = "password123";
  # };

  # netwobking
  # ipvx dns-search = "";
  # wifi mac-address-blacklist = "";
  # wifisec auth-alg = "open";

  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "23.11";
}