nix-configs/instances/theseus/configuration.nix

{
  config,
  pkgs,
  inputs,
  lib,
  ...
}:
let
  unfuckWifi = pkgs.writeShellScript "unfuckWifi" ''
    modprobe -r mt7921e
    modprobe mt7921e
  '';
in
{
  # containers.podmantest = {
  #   privateNetwork = true;
  #   enableTun = true;
  #   additionalCapabilities = [
  #     "CAP_NET_ADMIN"
  #     "CAP_MKNOD"
  #     "CAP_BPF"
  #     "CAP_DAC_READ_SEARCH"
  #     "CAP_SYS_RESOURCE"
  #     "CAP_SYS_ADMIN"
  #   ];
  #   hostAddress = "192.168.100.10";
  #   localAddress = "192.168.100.11";
  #   config =
  #     { ... }:
  #     {
  #       virtualisation.oci-containers.containers.test = {
  #         image = "docker.io/library/nginx";
  #         ports = [
  #           "80:80"
  #           "443:443"
  #         ];
  #       };
  #     };
  # };
  # networking.nat.enable = true;
  # networking.nat.internalInterfaces = [ "ve-+" ];
  # networking.nat.externalInterface = "enp195s0f4u1u3";

  nixpkgs.system = "x86_64-linux";
  imports = [ ./hardware-configuration.nix ];
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  # TODO: remove when turning on impermanence
  sops.gnupg.sshKeyPaths = [ "/etc/ssh/ssh_host_rsa_key" ];

  home-manager.users.${config.xyno.system.user.name} = (
    { ... }:
    {
      xyno.borgmatic.enable = true;
    }
  );
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 35963 ];
  security.wrappers.unfuck-wifi = {
    owner = "root";
    group = "root";
    setuid = true;
    source = unfuckWifi;
  };

  environment.systemPackages = with pkgs; [
    aerc
    oama # required for aerc
    libsecret # required for oama
    easyeffects
    jabref
    glib # rider wants gsettings
    krita
    strawberry
    pandoc
    tectonic
    rquickshare
    unstable.supersonic-wayland
    nheko
    anki-bin
    gimp3
    anytype
    monero-gui
    pencil2d
    python311Packages.brother-ql
    ptouch-print
    hledger

    super-productivity
  ];
  environment.variables."LEDGER_FILE" = "~/docs/hledger/main.journal";

  time.timeZone = "Europe/Berlin";

  # orcaslicer
  networking.firewall.allowedTCPPorts = [
    1880
    2021
    4711
  ];
  networking.firewall.allowedUDPPorts = [
    1880
    5353
    2021
  ];

  services.tailscale.enable = true;
  services.tailscale.useRoutingFeatures = "client";
  xyno.common.enable = true;
  xyno.desktop.common-programs.enable = true;
  xyno.hardware.kmonad.enable = true;
  xyno.hardware.smartcard.enable = true;
  xyno.presets.cli.enable = true;
  xyno.presets.gui.enable = true;
  xyno.presets.development.enable = true;
  xyno.presets.home-manager.enable = true;
  xyno.system.user.enable = true;
  services.openssh.enable = true;
  xyno.user-services.syncthing = {
    enable = true;
    tray = true;
  };
  xyno.networking.networkd = {
    enable = true;
    enableWifi = true;
  };
  # xyno.desktop.easyeffects.enable = true;
  # xyno.desktop.fcitx5.enable = true;
  hardware.bluetooth.enable = true;
  services.blueman.enable = true;
  services.power-profiles-daemon.enable = true;
  programs.kdeconnect.enable = true;

  system.stateVersion = "24.11";
}