nixos-configuration/primus.nix

{ config, pkgs, inputs, ... }:

{
  imports =
  [
    ./primus-hardware.nix
    inputs.sops-nix.nixosModules.sops
  ];

  # Secrets
  sops.defaultSopsFile = ./secrets/secrets.yaml;
  sops.defaultSopsFormat = "yaml";
  sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt";

  # Bootloader (UEFI)
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.timeout = 1;

  # LUKS devices
  boot.initrd.luks.devices."luks-1ec6d49d-7a0b-4ac9-aaea-e8efc1c75ac0".device = "/dev/disk/by-uuid/1ec6d49d-7a0b-4ac9-aaea-e8efc1c75ac0";

  # Hostname
   networking.hostName = "primus";

  # WLAN
  networking.networkmanager.enable = true;

  # Bluetooth
  hardware.bluetooth.enable = true;

  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;
  programs.zsh.promptInit = "source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme";

  # i18n
  time.timeZone = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_GB.UTF-8";
  };

  # X11
  services.xserver.enable = true;

  # Plasma 6
  services.desktopManager.plasma6.enable = true;

  # Automatic login (to avoid entering a second pasword)
  services.displayManager.autoLogin.enable = true;
  services.displayManager.autoLogin.user = "alexuty";

  # Keyboard settings (xkb)
  services.xserver.xkb = {
    layout = "es,us";
    options = "grp:win_space_toggle";
  };

  # Keyboard settings (console)
  console.keyMap = "es";

  # Printing
  services.printing.enable = true;
  services.avahi = {
    enable = true;
    nssmdns4 = true;
    openFirewall = true;
  };
  services.printing.drivers = [
    #pkgs.hplipWithPlugin
    pkgs.gutenprint
    pkgs.gutenprintBin
  ];

  # Pipewire
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    audio.enable = true;
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Touchpad support
  services.libinput.enable = true;

  # Virtualization with virt-manager
  virtualisation.libvirtd.enable = true;
  programs.virt-manager.enable = true;
  virtualisation.spiceUSBRedirection.enable = true;

  # User account. Set a password with ‘passwd’
  users.users.alexuty = {
    isNormalUser = true;
    description = "Álex Santiago";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [];
  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Enable nix command and flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  programs.gnupg.agent.enable = true;

  # System packages
  environment.systemPackages = with pkgs; [ syncthing ];

  # OpenSSH daemon
  services.openssh.enable = true;

  #Tailscale
  services.tailscale.enable = true;
  
  # steam-run
  programs.steam.enable = true;

  # Android Containers
  virtualisation.waydroid.enable = true;

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 53317 8080 9090 ]; # LocalSend, Calibre
    allowedTCPPortRanges = [
      { from = 1714; to = 1764; } # KDE Connect
    ];
    allowedUDPPorts = [ 53317 8080 9090 ]; # LocalSend, Calibre
    allowedUDPPortRanges = [
      { from = 1714; to = 1764; } # KDE Connect
    ];
  };

  system.stateVersion = "23.11";

}