nixos-configuration/roles/workstation.nix

{ config, pkgs, builtins, ... }:

{
  nixpkgs.config.allowUnfree = true;

  nix = {
    # for ihp
    trustedUsers = [ "root" "me" ];
    # package = pkgs.nixUnstable;
    # extraOptions = ''
      # experimental-features = nix-command flakes
    # '';
  };

  boot = {
    # function keys on keychron keyboard won't work otherwise
    # extraModprobeConfig = "options hid_apple fnmode=2";
    kernel.sysctl = {
      "module.hid_apple.parameters.fnmode" = 2;
    };
    # use latest kernel
    kernelPackages = pkgs.linuxPackages_latest;
    # Use the systemd-boot EFI boot loader.
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
    # mount tmp as tmpfs
    tmpOnTmpfs = true;

    initrd.luks.devices = {
      root = {
        device = "/dev/nvme0n1p2";
        preLVM = true;
      };
    };

    # loopback webcam
    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
  };

  networking.hostName = "w1n5t0n"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.eno1.useDHCP = true;

  networking.networkmanager.enable = true;

  services.unbound.enable = true;

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_GB.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "eu";
  # };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    arandr
    glibcLocales
    keepassxc
    lxappearance
    networkmanagerapplet
    nextcloud-client
    pavucontrol
    termite
    vim
    which

    xfce.thunar
    xfce.thunar-volman
    # mounting external devices in thunar
    gvfs

    # loopback webcam
    linuxPackages.v4l2loopback
  ];

    # mounting external devices as user
  services.udisks2.enable = true;

  # required for nextcloud
  services.gnome.gnome-keyring.enable = true;

  virtualisation.docker = {
    enable = true;
    # enableNvidia = true;
  };

  # virtualisation.podman = {
  #   enable = true;
  #   dockerCompat = true;
  #   dockerSocket.enable = true;
  # };
  # virtualisation.lxd.enable = true;
  # virtualisation.virtualbox.host.enable = true;
  # virtualisation.virtualbox.host.enableExtensionPack = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
    pinentryFlavor = "curses";
  };

  # List services that you want to enable:

  # faster entropy generation
  services.haveged.enable = true;

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [
    # barrier
    24800 42829
    # pulseaudio over network
    # 16001 4713
  ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound.
  sound.enable = true;
  hardware = {
    pulseaudio = {
      enable = true;
      # stop mumble from muting other processes
      extraConfig = "unload-module module-role-cork";
      # tcp = {
      #   enable = true;
      #   anonymousClients.allowAll = true;
      # };
    };
    opengl = {
	driSupport32Bit = true;
	extraPackages = with pkgs; [
            rocm-opencl-icd
            rocm-opencl-runtime
        ];
    };
  };

  # set keyboard layout
  environment.sessionVariables = {
    XKB_DEFAULT_OPTIONS = "caps:escape";
    XKB_DEFAULT_LAYOUT  = "eu";
  };

  # Enable the X11 windowing system.
  services.xserver = {
    enable = true;

    layout = "eu";
    xkbOptions = "caps:escape";

    displayManager = {
      defaultSession = "none+i3";
      lightdm.enable = true;
    };

    windowManager.i3 = {
      enable = true;
      extraPackages = with pkgs; [
        dmenu
        rofi
        i3status
        i3lock
        i3blocks
      ];
    };
  };

  # required for i3
  environment.pathsToLink = [ "/libexec" ]; # links /libexec from derivations to /run/current-system/sw

  # Enable touchpad support.
  # services.xserver.libinput.enable = true;

  # Enable the KDE Desktop Environment.
  # services.xserver.displayManager.sddm.enable = true;
  # services.xserver.desktopManager.plasma5.enable = true;

  # enable zsh globally
  programs.zsh.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.me = {
    shell = pkgs.zsh;
    createHome = true;
    isNormalUser = true;
    extraGroups = [
      "adbusers"
      "audio"
      "davfs2"
      "disk"
      "docker"
      "networkmanager"
      "plugdev"
      "users"
      "uucp"
      "vboxusers"
      "video"
      "wheel"
    ];
  };

  # systemd.services.home-manager-me.preStart = ''
  #   ${pkgs.nix}/bin/nix-env -i -E
  #   '';

  fonts.fonts = with pkgs; [
    font-awesome-ttf
    nerdfonts
    noto-fonts-cjk
    powerline-fonts
  ];

  # Enable NTFS support
  boot.supportedFilesystems = [ "ntfs" ];

  security.sudo = {
    extraConfig = "Defaults insults";
  };

  imports =
    [
      ./subroles/dev.nix
      ./subroles/entertainment.nix
      ./subroles/internet.nix
      ./subroles/office.nix
      ./subroles/photography.nix
      ./subroles/reversing.nix
      ./subroles/university.nix
    ];
}