nixos-flake/hosts/workstation.nix

{ config, pkgs, ... }:

{
    nixpkgs.config.permittedInsecurePackages = [
        "zotero-6.0.27"
        "electron-25.9.0"
    ];
    nixpkgs.config.allowUnfree = true;

    boot.initrd.secrets = {
        "/crypto_keyfile.bin" = null;
    };

    hardware.opengl = {
        enable = true;
        driSupport = true;
        driSupport32Bit = true;
    };

    fonts.packages = with pkgs; [
        noto-fonts
            font-awesome
    ];

    security.polkit.enable = true;

    hardware.bluetooth.enable = true;
    services.blueman.enable = true;

    # Enable sound with pipewire.
    sound.enable = true;
    hardware.pulseaudio.enable = false;
    security.rtkit.enable = true;
    services.pipewire = {
        enable = true;
        alsa.enable = true;
        alsa.support32Bit = true;
        pulse.enable = true;
    };

    xdg = {
        portal = {
            config.common = {
                default = "*";
            };
            enable = true;
            extraPortals = with pkgs; [
                xdg-desktop-portal-wlr
                xdg-desktop-portal-gtk
            ];
        };
    };

    virtualisation.libvirtd.enable = true;
    programs.virt-manager.enable = true;

    security.pam.services.swaylock = {};
    networking.networkmanager.enable = true;

    # enable nitrokeys
    services.udev.packages = [ pkgs.nitrokey-udev-rules ];
    programs = {
        ssh.startAgent = false;
        gnupg.agent = {
            enable = true;
            pinentryPackage = pkgs.pinentry-qt;
            enableSSHSupport = true;
        };
    };

    environment.systemPackages = [
      (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {})
        pkgs.chromium
    ];
    environment.sessionVariables = {
        # only needed for Sway
        XDG_CURRENT_DESKTOP = "sway"; 
    };
    services.getty.autologinUser = "dm";
    programs.dconf.enable = true;

    services.syncthing = {
        enable = true;
        user = "dm";
        dataDir = "/home/dm/Documents";
        configDir = "/home/dm/Documents/.config/syncthing";
    };
    # syncthing ports
    networking.firewall.allowedTCPPorts = [ 22000 ];
    networking.firewall.allowedUDPPorts = [ 22000 21027 ];

    # automount usb
    services.gvfs.enable = true;
    services.udisks2.enable = true;
    services.devmon.enable = true;

    virtualisation.docker.enable = true;
    networking.firewall.trustedInterfaces = [ "docker0" ];
    users.users.dm.extraGroups = [ "docker" ];
}