NixOS/hosts/workstation/configuration.nix

{ pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ../../base.nix
    ../../gnome.nix
  ];
  my = {
    enableContainers = true;
    emacs.enable = true;
    apps = {
      art.enable = true;
      dictionaries.enable = true;
      fonts.enable = true;
      gaming.enable = true;
      internet.enable = true;
      multimedia.enable = true;
      office.enable = true;
      misc.enable = true;
    };
    dev = {
      haskell.enable = true;
      nix.enable = true;
      python.enable = true;
      gameDev.enable = true;
      sh.enable = true;
      javascript.enable = true;
    };
    shell = {
      exercism.enable = true;
      multimedia.enable = true;
      tools.enable = true;
    };
    services = {
      network.enable = true;
      nvidia.enable = true;
      printing.enable = true;
      sound.enable = true;
    };
    scripts = {
      tasks.enable = true;
      run.enable = true;
      split-dir.enable = true;
      download.enable = true;
      ffmpreg.enable = true;
      ffmpeg4discord.enable = true;
    };
  };
  sops.secrets = {
    "resilio/user" = { };
    "resilio/host" = { };
    "resilio/password" = { };
  };
  networking = {
    hostName = "workstation";
    firewall =
      let
        openPorts = [
          6674 # ns-usbloader
        ];
        openPortRanges = [
          {
            from = 1714; # kdeconnect
            to = 1764; # kdeconnect
          }
        ];
      in
      {
        allowedTCPPorts = openPorts;
        allowedUDPPorts = openPorts;
        allowedTCPPortRanges = openPortRanges;
        allowedUDPPortRanges = openPortRanges;
      };
  };
  nix.settings.cores = 16;
  nixpkgs = {
    hostPlatform = "x86_64-linux";
    config.permittedInsecurePackages = [ ];
  };
  users = {
    groups.nixremote.gid = 555;
    users = {
      jawz.packages = with pkgs; [
        distrobox # install packages from other os
        gocryptfs # encrypted filesystem! shhh!!!
        torrenttools # create torrent files from the terminal!
        vcsi # video thumbnails for torrents, can I replace it with ^?
      ];
      nixremote = {
        isNormalUser = true;
        createHome = true;
        group = "nixremote";
        home = "/var/nixremote/";
        openssh.authorizedKeys.keyFiles = [
          ../../secrets/ssh/ed25519_nixserver.pub
          ../../secrets/ssh/ed25519_nixminiserver.pub
        ];
      };
    };
  };
  environment.etc = {
    "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
      bluez_monitor.properties = {
          ["bluez5.enable-sbc-xq"] = true,
          ["bluez5.enable-msbc"] = true,
          ["bluez5.enable-hw-volume"] = true,
          ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
      }
    '';
  };
  programs = {
    kdeconnect = {
      enable = true;
      package = pkgs.gnomeExtensions.gsconnect;
    };
    obs-studio = {
      enable = true;
      enableVirtualCamera = true;
      plugins = with pkgs.obs-studio-plugins; [
        obs-vkcapture
        obs-vaapi
        obs-tuna
        looking-glass-obs
        input-overlay
        droidcam-obs
      ];
    };
  };
  services = {
    btrfs.autoScrub = {
      enable = true;
      fileSystems = [ "/" ];
    };
    protonmail-bridge = {
      enable = true;
      path = [ pkgs.gnome-keyring ];
    };
    resilio = {
      enable = true;
      useUpnp = true;
      enableWebUI = true;
      httpPass = "Uplifting-Proofs-Eggshell-Molecule-Wriggly-Janitor3-Padded-Oxidizing";
      deviceName = "Oversweet3834";
      httpLogin = "Oversweet3834";
      httpListenPort = 9876;
      httpListenAddr = "0.0.0.0";
      directoryRoot = "/resilio";
    };
  };
}