dotfiles/hosts/Aloria/default.nix

{
  pkgs,
  lib,
  inputs,
  config,
  ...
}: let
  serverIP = "10.0.0.1";
in {
  imports = [
    (import ../Common/default.nix {inherit inputs pkgs config;})
    (import ../Common/desktop.nix {inherit inputs pkgs config;})
    (import ../Common/nfs.nix {inherit pkgs serverIP;})
    (import ../Common/zfs.nix {inherit inputs pkgs config;})
  ];

  hardware.graphics.extraPackages = [
    pkgs.intel-compute-runtime
    pkgs.intel-media-driver
  ];

  zramSwap.enable = true;
  services.upower.enable = true;
  services.logind.settings.Login = {
    HandlePowerKey = "suspend";
  };
  services.throttled.enable = true;
  services.thinkfan.enable = true;
  services.thinkfan.settings = {
    sensors = [
      # Search for 'coretemp' anywhere in /sys/class/hwmon
      {
        hwmon = "/sys/class/hwmon";
        name = "coretemp";
        indices = [1];
      }

      # Search for 'acpitz'
      {
        hwmon = "/sys/class/hwmon";
        name = "acpitz";
        indices = [1];
      }

      # Search for 'nvme'
      {
        hwmon = "/sys/class/hwmon";
        name = "nvme";
        indices = [1];
      }
    ];

    fans = [
      {tpacpi = "/proc/acpi/ibm/fan";}
    ];

    levels = [
      [0 0 45]
      [1 42 55]
      [2 50 60]
      [3 56 68]
      [5 64 78]
      [7 76 95]
    ];
  };

  programs.steam = {
    enable = true;
    gamescopeSession.enable = true;
  };

  networking.hostId = "4e859062";
  networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  networking.enableIPv6 = false;
  networking.wireless.iwd.enable = true;
  networking.wireless.iwd.settings = {
    IPv6 = {
      Enabled = false;
    };
    Settings = {
      AutoConnect = true;
    };
  };

  systemd.services.fprintd = {
    wantedBy = ["multi-user.target"];
    serviceConfig.Type = "simple";
  };
  services.fprintd = {
    enable = true;
    # tod = {
    #     enable = true;
    # };
  };
  security.pam.services.sudo.fprintAuth = true;

  # virtualisation
  virtualisation.libvirtd.enable = true;
  virtualisation.spiceUSBRedirection.enable = true;
  programs.virt-manager.enable = true;
  users.users.user.extraGroups = ["libvirtd"];

  services.tlp = {
    enable = true;
    settings = {
      START_CHARGE_THRESH_BAT0 = 40; # 40 and bellow it starts to charge
      STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
    };
  };

  systemd.network.enable = true;
  networking.useNetworkd = true;
  systemd.network.config.networkConfig = {
    ManageForeignRoutingPolicyRules = false;
    ManageForeignRoutes = false;
    SpeedMeter = true;
  };
  systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;

  networking.wg-quick.interfaces = {
    Tunnel = {
      address = ["10.0.0.5/24"];
      privateKeyFile = "/home/user/.secrets/Wireguard/Aloria.key";
      listenPort = 51820;
      autostart = false;
      postUp = "resolvectl dns Tunnel 10.0.0.1; resolvectl domain Tunnel ~thomasave.be;";
      dns = ["10.0.0.1"];
      peers = [
        {
          publicKey = "/9ppjm3yeD0duDvxrqgcHscHmftXko+0s2RbivNEy2c=";
          allowedIPs = ["0.0.0.0/0" "::/0"];
          endpoint = "external.thomasave.be:13231";
          persistentKeepalive = 25;
        }
      ];
    };
    OPNsense = {
      address = ["10.0.0.5/24"];
      privateKeyFile = "/home/user/.secrets/Wireguard/Aloria.key";
      listenPort = 51820;
      autostart = true;
      postUp = "resolvectl dns OPNsense 10.0.0.1; resolvectl domain OPNsense ~thomasave.be;";
      dns = ["10.0.0.1"];
      peers = [
        {
          publicKey = "/9ppjm3yeD0duDvxrqgcHscHmftXko+0s2RbivNEy2c=";
          allowedIPs = ["10.0.0.1/8" "192.168.1.2/32"];
          endpoint = "external.thomasave.be:13231";
          persistentKeepalive = 25;
        }
      ];
    };
    GCP = {
      address = ["10.5.0.5/24"];
      privateKeyFile = "/home/user/.secrets/Wireguard/GCP.key";
      listenPort = 51820;
      autostart = false;
      postUp = "resolvectl dns GCP 1.1.1.1;resolvectl dns wlan0 1.1.1.1;";
      peers = [
        {
          publicKey = "NEBNE4Czf2MkZF2X5aVhmofENH1uXjDpvXjIMJvfMFA=";
          allowedIPs = ["0.0.0.0/0"];
          endpoint = "35.201.231.151:443";
          persistentKeepalive = 25;
        }
      ];
    };
  };
  systemd.services."wg-quick-OPNsense" = {
    serviceConfig = {
      Restart = "on-failure";
      RestartSec = "2s";
    };
    unitConfig.StartLimitIntervalSec = 0;
  };
  services.usbmuxd.enable = true;
  environment.systemPackages = with pkgs; [
    libcamera
    ifuse
    libimobiledevice
    scrcpy
    v4l-utils
  ];
  boot.kernel.sysctl = {
    "net.ipv6.conf.all.disable_ipv6" = 1;
    "net.ipv6.conf.default.disable_ipv6" = 1;
    "net.ipv6.conf.lo.disable_ipv6" = 1;
  };
}