peter-nixos/configuration.nix

{ config, pkgs, updatePkgs, unstablePkgs, nixos-hardware, ... }:
let
  keys = import ./ssh-keys.nix;
in
{
  imports = [
    ./hardware-configuration.nix
    ./sunshine.nix
    nixos-hardware.nixosModules.framework-11th-gen-intel
  ];

  networking = {
    hostId = "7be305c3";
    hostName = "sandy";
    networkmanager.enable = true;
  };

  # Xander, uncomment this line to update the kernel to 6.10.~
  # boot.kernelPackages = pkgs.linuxPackages_6_10;
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };

  time.timeZone = "America/Chicago";

  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_ADDRESS = "en_US.UTF-8";
      LC_IDENTIFICATION = "en_US.UTF-8";
      LC_MEASUREMENT = "en_US.UTF-8";
      LC_MONETARY = "en_US.UTF-8";
      LC_NAME = "en_US.UTF-8";
      LC_NUMERIC = "en_US.UTF-8";
      LC_PAPER = "en_US.UTF-8";
      LC_TELEPHONE = "en_US.UTF-8";
      LC_TIME = "en_US.UTF-8";
    };
  };

  nixpkgs.config.allowUnfree = true;

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  programs.zsh.enable = true;

  services = {
    openssh = {
      enable = true;
      settings = {
        X11Forwarding = true;
      };
    };
    tailscale.enable = true;
    zfs.autoSnapshot.enable = true;
    hardware.bolt.enable = true;
    nscd.enable = true;
    blueman.enable = true;

    xrdp = {
      enable = true;
      defaultWindowManager = "startplasma-x11";
      openFirewall = true;
    };

    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };

    xserver = {
      enable = true;
      displayManager.lightdm.enable = true;
      displayManager.startx.enable = true;
      desktopManager.plasma5.enable = true;
      desktopManager.mate.enable = true;
      xkb = {
        layout = "us";
        variant = "";
      };
    };

    displayManager = {
      defaultSession = "mate";
      autoLogin = {
        enable = true;
        user = "peter";
      };
    };

    # emacs = {
    #   enable = true;
    #   install = true;
    #   startWithGraphical = true;
    # };

    avahi = {
      enable = true;
      nssmdns4 = true;
      openFirewall = true;
      publish = {
        enable = true;
        userServices = true;
      };
    };

    printing = {
      enable = true;
      listenAddresses = [ "*:631" ];
      allowFrom = [ "all" ];
      browsing = true;
      defaultShared = true;
      openFirewall = true;
      drivers = with pkgs; [
        epson-escpr2 epson-escpr epson-201106w
        gutenprint
      ];
    };

    fwupd.enable = true;
  };

  sound.enable = true;
  hardware = {
    pulseaudio.enable = false;
    printers = {

    };
    bluetooth = {
      enable = true;
      powerOnBoot = true;
    };
  };

  security.pam.services.kwallet = {
    name = "kwallet";
    enableKwallet = true;
  };

  security = {
    rtkit.enable = true;
    sudo.wheelNeedsPassword = false;
  };

  users.users.nshields = {
    isNormalUser = true;
    shell = pkgs.zsh;
    description = "Nikolai Shields";
    extraGroups = [ "lp" "docker" "networkmanager" "wheel" "podman" ];
    openssh.authorizedKeys.keys = keys.nshields;
  };

  users.users.benson = {
    isNormalUser = true;
    shell = pkgs.bash;
    description = "Benson Chu";
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = keys.benson;
  };

  users.users.hodgson = {
    isNormalUser = true;
    shell = pkgs.zsh;
    description = "[Ralph] Peter Hodgson";
    extraGroups = [ "lp" "wheel" ];
    openssh.authorizedKeys.keys = keys.hodgson;
  };

  users.users.peter = {
    isNormalUser = true;
    shell = pkgs.zsh;
    description = "Peter Hodgson";
    extraGroups = [ "lp" "wheel" "input" ];
    openssh.authorizedKeys.keys = keys.hodgson;
  };

  users.users.zander = {
    isNormalUser = true;
    shell = pkgs.bash;
    description = "Alexander Thannhauser";
    extraGroups = [ "lp" "wheel" "input" ];
    openssh.authorizedKeys.keys = keys.zander;
  };

  environment.systemPackages = with pkgs; [
    gnome.gnome-tweaks
    gnome.networkmanager-openconnect
    nss
    htop
    sssd
    nsss
    wl-clipboard
    unscd
    glibc
    glib
    openconnect
    libsForQt5.plasma-thunderbolt

    # essential
    git
    vim
    emacs
    tmux
    updatePkgs.signal-desktop
    gcc
    tree

    # emacs dependencies
    ispell
    ripgrep
    cmake
    gnumake
    libtool

    # browsers
    updatePkgs.google-chrome
    updatePkgs.firefox
    lynx
    updatePkgs.chromium
    updatePkgs.zoom-us

    # networking
    curl
    wget
    nmap
    bind

    # Other
    racket
    ruby
    (python311.withPackages (pythonPackages: with pythonPackages; [
      urwid
    ]))

    (pkgs.callPackage ./mfcl2690dw/default.nix { })

    tigervnc
  ];

  networking.firewall.allowedTCPPorts = [ 22 ];
  networking.firewall.allowedUDPPorts = [ ];
  networking.firewall.enable = true;

  networking.hosts = {
    "10.0.0.142" = ["BRWBCF4D445BCC3.local"];
  };

  system.stateVersion = "24.11"; # Did you read the comment?
}