nixos-flake/hosts/workstation.nix

{ config, pkgs, ... }:

{
    nixpkgs.config.permittedInsecurePackages = [
        "zotero-6.0.27"
    ];

# Bootloader.
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    boot.initrd.secrets = {
        "/crypto_keyfile.bin" = null;
    };

    nix.settings.experimental-features = [ "nix-command" "flakes" ];
    boot.kernelPackages = pkgs.linuxPackages_latest;

    hardware.opengl.enable = true;

    networking.networkmanager.enable = true;

    time.timeZone = "Europe/Berlin";

    i18n.defaultLocale = "en_US.UTF-8";

    i18n.extraLocaleSettings = {
        LC_ADDRESS = "de_DE.UTF-8";
        LC_IDENTIFICATION = "de_DE.UTF-8";
        LC_MEASUREMENT = "de_DE.UTF-8";
        LC_MONETARY = "de_DE.UTF-8";
        LC_NAME = "de_DE.UTF-8";
        LC_NUMERIC = "de_DE.UTF-8";
        LC_PAPER = "de_DE.UTF-8";
        LC_TELEPHONE = "de_DE.UTF-8";
        LC_TIME = "de_DE.UTF-8";
    };

    fonts.packages = with pkgs; [
        noto-fonts
            font-awesome
    ];

    security.polkit.enable = true;

    hardware.bluetooth.enable = true;
    services.blueman.enable = true;

# Enable sound with pipewire.
    sound.enable = true;
    hardware.pulseaudio.enable = false;
    security.rtkit.enable = true;
    services.pipewire = {
        enable = true;
        alsa.enable = true;
        alsa.support32Bit = true;
        pulse.enable = true;
    };

    security.pam.services.swaylock = {};

    services.openssh = {
        enable = true;
        settings = {
            PasswordAuthentication = false;
            KbdInteractiveAuthentication = false;
        };
    };

    users.users.dm = {
        isNormalUser = true;
        description = "Daniel Meiburg";
        extraGroups = [ "networkmanager" "wheel" "dialout"];
        packages = with pkgs; [
        ];
        openssh.authorizedKeys.keys = [
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJipJtCrYUPokjppDdz97XHo2vEDBUzgvUU33Wst6AWt openpgp:0xF3D173A6"
        ];
    };

# enable nitrokeys
    services.udev.packages = [ pkgs.nitrokey-udev-rules ];
    programs = {
        ssh.startAgent = false;
        gnupg.agent = {
            pinentryFlavor = "qt";
            enable = true;
            enableSSHSupport = true;
        };
    };

    nixpkgs.config.allowUnfree = true;

    environment.systemPackages = with pkgs; [
    ];
    programs.neovim = {
        enable = true;
        viAlias = true;
        vimAlias = true;
        defaultEditor = true;
    };
    programs.fish.enable = true;
    services.getty.autologinUser = "dm";
    programs.dconf.enable = true;

    nix.gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };

    services.syncthing = {
        enable = true;
        user = "dm";
        dataDir = "/home/dm/Documents";
        configDir = "/home/dm/Documents/.config/syncthing";
        overrideDevices = true;     # overrides any devices added or deleted through the WebUI
        overrideFolders = true;     # overrides any folders added or deleted through the WebUI
        settings = {
            devices = {
                "phone" = { id = "P6ZJ5WK-SBKAYYS-IYBBA37-ARCGHFA-3JJVOLH-2B3PO57-GA3EQKZ-ULWDQAV"; };
            };
            folders = {
                "notes" = {        # Name of folder in Syncthing, also the folder ID
                    path = "/home/dm/Documents/notes";    # Which folder to add to Syncthing
                    devices = [ "phone" ];      # Which devices to share the folder with
                };
            };
        };
    };

    # automount usb
    services.gvfs.enable = true;
    services.udisks2.enable = true;
    services.devmon.enable = true;
}