nix-dotfiles/instances/freya/configuration.nix

{ pkgs, lib, ... }: {

  console = { font = "Lat2-Terminus16"; keyMap = "it"; };

  environment = {
    pathsToLink = [ "/share/zsh" ];
    systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; };
  };

  hardware = {
    bluetooth = { enable = true; package = pkgs.bluezFull; };
    opengl = { enable = true; driSupport = true; };
    raspberry-pi."4" = {
      # audio.enable = true; # AUDIO
      # fkms-3d.enable = true; # GPU
    };
  };

  i18n.defaultLocale = "it_IT.UTF-8";

  networking.hostName = "freya";
  networking.firewall = {
    enable = true;
    allowPing = true;
    allowedTCPPorts = [
      # 445 # SAMBA
      # 139 # SAMBA
      # 5357 # SAMBA-WSDD
      # 8123 # HOME ASSISTANT
      8384 # SYNCTHING
      # 8385 # SYNCTHING
    ];
    allowedUDPPorts = [
      137 # SYNCTHING
      138 # SYNCTHING
      # 3702 # SAMBA-WSDD
    ];
    # extraCommands =
    #   "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
  };

  programs = {
    dconf.enable = true;
    gnupg.agent = { enable = true; enableSSHSupport = true; };
    zsh.enable = true;
  };

  security.sudo.extraConfig = ''
    Defaults pwfeedback
  '';

  services = {
    avahi = {
      enable = true;
      openFirewall = true;
      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
    };
    blueman.enable = true;
    dbus.packages = [ pkgs.dconf ];
    gnome.gnome-keyring.enable = true;
    openssh = { enable = true; openFirewall = true; };
    # xserver = {
    #   enable = true;
    #   desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; };
    # };


    bazarr = { enable = true; openFirewall = true; group = "users"; };
    fail2ban = { enable = true; bantime-increment.enable = true; };
    jellyfin = { enable = true; openFirewall = true; group = "users"; };
    prowlarr = { enable = true; openFirewall = true; };
    radarr = { enable = true; openFirewall = true; group = "users"; };
    sonarr = { enable = true; openFirewall = true; group = "users"; };
    lidarr = { enable = true; openFirewall = true; group = "users"; };
    transmission = { enable = true; openFirewall = true; group = "users"; }
      // { settings = { download-dir = "/mnt/raid/condiviso/Torrent"; incomplete-dir = "/mnt/raid/condiviso/Torrent/.incomplete"; }; };

    snapper.configs =
      let
        common = { TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; };
      in
      {
        bertof = lib.recursiveUpdate common { SUBVOLUME = "/mnt/raid/bertof/"; ALLOW_USERS = [ "bertof" ]; };
        tiziano = lib.recursiveUpdate common { SUBVOLUME = "/mnt/raid/tiziano/"; ALLOW_USERS = [ "tiziano" ]; };
        condiviso = lib.recursiveUpdate common { SUBVOLUME = "/mnt/raid/condiviso"; ALLOW_USERS = [ "bertof" "tiziano" ]; };
      };
  };


  time.timeZone = "Europe/Rome";

  users.users = {
    bertof = {
      isNormalUser = true;
      extraGroups = [
        "audio"
        "input"
        "docker"
        "libvirtd"
        "network"
        "networkmanager"
        "usb"
        "video"
        "wheel"
      ];
      shell = pkgs.zsh;
    };
  };

  system.stateVersion = "22.11";
}