nix-config/modules/nixos-common.nix

{
  pkgs,
  inputs,
  ...
}: {
  # ------------ System ------------

  imports = [
    ./mullvad.nix
  ];

  programs.fish.enable = true;

  users.users.tacocat = {
    isNormalUser = true;
    extraGroups = ["wheel" "networkmanager" "audio" "video" "bluetooth" "kvm" "docker"];
    home = "/home/tacocat";
    description = "Aria Nolan";
  };

  boot.loader = {
    efi.canTouchEfiVariables = false;
    grub = {
      efiSupport = true;
      configurationLimit = 10;
      device = "nodev";
    };
  };

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  networking.networkmanager = {
    enable = true;
    dns = "none";
  };
  networking.resolvconf.extraConfig = ''
    name_servers="1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001"
    name_server_blacklist="129.21.3.17 129.21.4.18 2620:8d:8000:0:aba:ca:daba:ec"
  '';
  networking.firewall.allowedTCPPorts = [2234];

  # Sound
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    pulse.enable = true;
    jack.enable = true;
  };

  # Services/Hardware
  hardware.opentabletdriver.enable = true;
  hardware.bluetooth.enable = true;
  services.blueman.enable = true;
  services.printing.enable = true;
  services.geoclue2.enable = true;
  services.fwupd.enable = true;
  security.rtkit.enable = true;
  # services.resolved.enable = true;
  services.udisks2.enable = true;
  services.pcscd.enable = true;
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };
  services.mpd = {
    enable = true;
    user = "tacocat";
    musicDirectory = "/data/music";
    startWhenNeeded = true;
    extraConfig = ''
      audio_output {
        type          "pipewire"
        name          "Pipewire sound server"
      }

      replaygain      "track"
    '';
  };
  systemd.services.mpd.environment = {
    # https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609
    XDG_RUNTIME_DIR = "/run/user/1000";
    # User-id must match above user. MPD will look inside this directory for
    # the PipeWire socket.
  };
  virtualisation.docker.enable = true;
  services.udev.extraRules = ''
    # 0d28:0204 DAPLink
    SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", ATTR{idProduct}=="0204", MODE:="666"
  '';

  services.syncthing = {
    enable = true;
    user = "tacocat";
    dataDir = "/home/tacocat";
    configDir = "/home/tacocat/.config/syncthing";
    settings = {
      devices = {
        bicep = {
          id = "3EPQMGY-4ZY2MCG-A43QZ5E-IKZ3CL4-AD25LCZ-YNMZTVS-OCSMU54-ZTGFYAR";
          autoAcceptFolders = true;
        };
        jwst = {
          id = "7LY5XXK-4F7MKFG-6ZCP5QH-24WT3LX-NODOWUP-JXRFAKP-MARTKOA-QJRW3QM";
          autoAcceptFolders = true;
        };
        echo = {
          id = "LW6Z6CI-PDKQUZG-725FF6F-GUZ6GH2-SFHVXVZ-37YJUC4-7ZW4EMP-TC4REAZ";
          autoAcceptFolders = true;
        };
      };
      folders = {
        "/data/homework" = {
          id = "homework";
          devices = ["bicep" "jwst" "echo"];
        };
        "/data/books" = {
          id = "books";
          devices = ["bicep" "jwst" "echo"];
        };
        "/data/music" = {
          id = "music";
          devices = ["bicep" "jwst" "echo"];
        };
        "/var/lib/mpd" = {
          id = "mpd state";
          devices = ["bicep" "jwst" "echo"];
        };
      };
    };
  };

  # ------------ Nix ------------

  nix.settings = {
    experimental-features = ["nix-command" "flakes"];
    auto-optimise-store = true;
    trusted-users = ["root" "tacocat"];
  };

  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 1w";
  };

  nixpkgs.config = {
    allowUnfree = true;
  };

  programs.nix-index.enable = true;
  programs.command-not-found.enable = false;

  # ------------ Software ------------

  environment = {
    systemPackages = with pkgs; [
      screen
      distrobox
      udiskie
      pyocd
      vim
      exfat
      encfs
      ntfs3g
      gnutls
      inputs.agenix.packages.${system}.default
    ];
    # remove nano
    defaultPackages = with pkgs; [
      perl
      rsync
      strace
    ];
  };

  programs.sway = {
    enable = true;
    wrapperFeatures.gtk = true;
    extraPackages = with pkgs; [
      swaylock
      swayidle
      brightnessctl
      wl-mirror
    ];
  };

  programs.waybar.enable = true;
  programs.steam.enable = true;
  programs.steam.remotePlay.openFirewall = true;
  # programs.steam.gamescopeSession =  {
  # enable = true;
  # args = [
  #   "-f"
  #   "--expose-wayland"
  # ];
  # };
  programs.gamemode.enable = true;
  # programs.gamescope.enable = true;

  programs.ssh.startAgent = true;
  programs.gnupg.agent = {
    enable = true;
    # pinentryFlavor = "curses";
    # enableSSHSupport = true;
  };

  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = with pkgs; [
      xdg-desktop-portal-gtk
    ];
  };

  gtk.iconCache.enable = true;

  # ------------ Graphics ------------

  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
  };
}