{ config, pkgs, ... }: { nixpkgs.config.permittedInsecurePackages = [ "zotero-6.0.27" "electron-25.9.0" ]; nixpkgs.config.allowUnfree = true; boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; fonts.packages = with pkgs; [ noto-fonts font-awesome ]; security.polkit.enable = true; hardware.bluetooth.enable = true; services.blueman.enable = true; # Enable sound with pipewire. sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; xdg = { portal = { config.common = { default = "*"; }; enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ]; }; }; virtualisation.libvirtd.enable = true; programs.virt-manager.enable = true; security.pam.services.swaylock = {}; networking.networkmanager.enable = true; # enable nitrokeys services.udev.packages = [ pkgs.nitrokey-udev-rules ]; programs = { ssh.startAgent = false; gnupg.agent = { enable = true; pinentryPackage = pkgs.pinentry-qt; enableSSHSupport = true; }; }; environment.systemPackages = [ (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {}) pkgs.chromium ]; environment.sessionVariables = { # only needed for Sway XDG_CURRENT_DESKTOP = "sway"; }; services.getty.autologinUser = "dm"; programs.dconf.enable = true; services.syncthing = { enable = true; user = "dm"; dataDir = "/home/dm/Documents"; configDir = "/home/dm/Documents/.config/syncthing"; }; # syncthing ports networking.firewall.allowedTCPPorts = [ 22000 ]; networking.firewall.allowedUDPPorts = [ 22000 21027 ]; # automount usb services.gvfs.enable = true; services.udisks2.enable = true; services.devmon.enable = true; virtualisation.docker.enable = true; networking.firewall.trustedInterfaces = [ "docker0" ]; users.users.dm.extraGroups = [ "docker" ]; }