nix-dotfiles/freya/configuration.nix

{ pkgs, lib, ... }:
with lib; {
  boot = {
    # kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
  };

  console = {
    font = "Lat2-Terminus16";
    keyMap = "it";
  };

  environment = {
    pathsToLink = [ "/share/zsh" ];
    systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; };
  };

  i18n.defaultLocale = "it_IT.UTF-8";

  programs = {
    dconf.enable = true;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    zsh = {
      enable = true;
      syntaxHighlighting.enable = true;
    };
  };

  networking = {
    hostName = "freya";
    # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
    networkmanager.enable = true;
    useDHCP = false;
  };

  time.timeZone = "Europe/Rome";

  services = {
    avahi = {
      enable = true;
      openFirewall = true;
      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles = {
        ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
      };
    };
    # bazarr = { enable = true; openFirewall = true; group = "users"; };
    # blueman.enable = true;
    dbus.packages = [ pkgs.dconf ];
    gnome.gnome-keyring.enable = true;

    openssh = {
      enable = true;
      openFirewall = true;
      permitRootLogin = "no";
      passwordAuthentication = false;
    };
  };

  users.users = {
    bertof = {
      isNormalUser = true;
      extraGroups = [
        "audio"
        "input"
        "docker"
        "libvirtd"
        "network"
        "networkmanager"
        "usb"
        "video"
        "wheel"
      ];
      shell = pkgs.zsh;
    };
    # tiziano = {
    #   isNormalUser = true;
    #   openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
    # };
    # jellyfin.extraGroups = [ "video" ];
  };

  security.sudo.extraConfig = ''
    Defaults pwfeedback
  '';

  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
    flags = [ "--flake gitlab:bertof/nix-dotfiles" ];
  };

  system.stateVersion = "22.05";
}