nix-config/hosts/default.nix

{ lib, pkgs, ... }:
let
  timezone = "America/Chicago";
in
{
  imports = [
    ../share
  ];

  # Enable nix flakes and nix-command tools
  nix = {
    settings = {
      warn-dirty = lib.mkForce false;
      experimental-features = lib.mkForce [
        "nix-command"
        "flakes"
      ];
    };

    # Garbage collect automatically every week
    gc.automatic = lib.mkDefault true;
    gc.options = lib.mkDefault "--delete-older-than 30d";

    optimise.automatic = lib.mkDefault true;
  };

  # Configure nixpkgs
  # Enable non free
  nixpkgs.config.allowUnfree = lib.mkForce true;

  # Hardware configs
  hardware = {
    # Bluetooth
    bluetooth.enable = lib.mkDefault true;

    # Enable all firmware
    enableAllFirmware = lib.mkForce true;

    # Disable pulse audio in favor of pipewire
    pulseaudio.enable = lib.mkForce false;
  };

  # Services configs
  services = {
    openssh.enable = lib.mkDefault true;

    # Enable firmware updates
    fwupd.enable = lib.mkForce true;

    fstrim.enable = lib.mkDefault true;

    pcscd.enable = lib.mkDefault true;

    # Enable CUPS to print documents.
    printing.enable = lib.mkDefault true;

    # configure pipewire
    pipewire = {
      enable = lib.mkDefault true;
      alsa.enable = lib.mkDefault true;
      alsa.support32Bit = lib.mkDefault true;
      pulse.enable = lib.mkDefault true;
    };
  };

  # Time config
  time = {
    # Set your time zone.
    timeZone = timezone;
  };

  boot = {
    # Enable AppImage
    binfmt.registrations.appimage = {
      wrapInterpreterInShell = lib.mkDefault false;
      interpreter = "${pkgs.appimage-run}/bin/appimage-run";
      recognitionType = "magic";
      offset = 0;
      mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
      magicOrExtension = "\\x7fELF....AI\\x02";
    };
  };

  programs = {
    zsh.enable = lib.mkDefault true;
    gnupg.agent = {
      enable = lib.mkDefault true;
      # pinentryPackage = pkgs.pinentry-curses;
      # pinentryPackage = lib.mkForce pkgs.pinentry-qt;
      enableSSHSupport = lib.mkDefault true;
    };
  };

  environment.systemPackages = with pkgs; [
    nixd
    pinentry-curses
  ];

  # users.mutableUsers = lib.mkDefault false;

  # Security config
  security = {

    wrappers."mount.nfs" = {
      setuid = true;
      owner = "root";
      group = "root";
      source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
    };

    rtkit.enable = lib.mkDefault true;

    # configure sudo
    sudo = {
      enable = lib.mkDefault true;
      extraRules = [
        {
          commands = [
            {
              command = "${pkgs.systemd}/bin/systemctl suspend";
              options = [ "NOPASSWD" ];
            }
            {
              command = "${pkgs.systemd}/bin/reboot";
              options = [ "NOPASSWD" ];
            }
            {
              command = "${pkgs.systemd}/bin/poweroff";
              options = [ "NOPASSWD" ];
            }
          ];
          groups = [ "wheel" ];
        }
      ];
    };
  };
}