{ pkgs, config, inputs, ... }: let shellType = config.my.shell.type; krita-thumbnailer = pkgs.writeTextFile { name = "krita-thumbnailer"; destination = "/share/thumbnailers/kra.thumbnailer"; text = '' [Thumbnailer Entry] Exec=sh -c "${pkgs.unzip}/bin/unzip -p %i preview.png > %o" MimeType=application/x-krita; ''; }; in { imports = [ ./hardware-configuration.nix ../../config/base.nix ../../config/stylix.nix ../../environments/gnome.nix ]; my = import ./toggles.nix { inherit inputs; } // { nix.cores = 8; nix.maxJobs = 8; users.nixremote.enable = true; users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [ "nixserver" "nixminiserver" ]; }; home-manager.users.jawz.programs = { vscode = { enable = true; package = pkgs.code-cursor; }; ghostty = { enable = true; package = pkgs.ghostty; enableBashIntegration = shellType == "bash"; enableZshIntegration = shellType == "zsh"; installBatSyntax = true; installVimSyntax = true; settings.term = "xterm-256color"; }; }; networking = { hostName = "workstation"; firewall = { allowedTCPPorts = [ 6674 # ns-usbloader 8384 # syncthing ]; allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; }; }; users.users.jawz.packages = [ (pkgs.google-cloud-sdk.withExtraComponents [ pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin ]) ] ++ builtins.attrValues { inherit (pkgs) distrobox # install packages from other os gocryptfs # encrypted filesystem! shhh!!! vcsi # video thumbnails for torrents, can I replace it with ^? keypunch # practice typing google-cloud-sdk-gce ; }; environment = { pathsToLink = [ "share/thumbnailers" ]; systemPackages = builtins.attrValues { # thumbnail for heif files & videos inherit krita-thumbnailer; inherit (pkgs) libheif ffmpegthumbnailer bign-handheld-thumbnailer gnome-epub-thumbnailer podman-compose scrcpy ; inherit (pkgs.libheif) out; }; etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' bluez_monitor.properties = { ["bluez5.enable-sbc-xq"] = true, ["bluez5.enable-msbc"] = true, ["bluez5.enable-hw-volume"] = true, ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" } ''; }; programs = { kdeconnect = { enable = true; package = pkgs.gnomeExtensions.gsconnect; }; obs-studio = { enable = true; enableVirtualCamera = true; plugins = builtins.attrValues { inherit (pkgs.obs-studio-plugins) droidcam-obs obs-vkcapture obs-vaapi obs-tuna input-overlay ; }; }; }; security.pki.certificateFiles = [ ../../secrets/ssh/iqQCY4iAWO-ca.pem ../../secrets/ssh/root-private-ca.pem ]; services = { flatpak.enable = true; open-webui.enable = true; tailscale = { enable = true; useRoutingFeatures = "client"; extraUpFlags = [ "--accept-routes" "--shields-up" ]; }; scx = { enable = true; scheduler = "scx_lavd"; }; btrfs.autoScrub = { enable = true; fileSystems = [ "/" ]; }; protonmail-bridge = { enable = true; path = [ pkgs.gnome-keyring ]; }; ollama = { enable = true; acceleration = "cuda"; models = "/srv/ai/ollama"; }; postgresql = { enable = true; package = pkgs.postgresql_17; enableTCPIP = true; authentication = pkgs.lib.mkOverride 10 '' local all all trust host all all ${config.my.localhost}/32 trust host all all ::1/128 trust ''; ensureDatabases = [ "webref" ]; ensureUsers = [ { name = "webref"; ensureDBOwnership = true; } ]; }; }; }