nix/hosts/nxs/default.nix

{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware.nix
    ../../modules/system/boot.nix
    ../../modules/system/nvidia.nix
    ../../modules/system/hardware.nix
    ../../modules/system/desktop.nix
    ../../modules/system/power-management.nix
  ];

  # System settings
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nixpkgs.config.allowUnfree = true;
  system.stateVersion = "25.05";

  # Networking
  networking = {
    hostName = "nxs";
    networkmanager.enable = true;
    firewall.enable = true;
  };

  # Localization
  time.timeZone = "Europe/Rome";

  # Virtualization
  virtualisation.docker = {
    enable = true;
    enableOnBoot = true;
  };
  virtualisation = {
    containers.enable = true;
    podman = {
      enable = true;
      defaultNetwork.settings.dns_enabled = true; # Required for containers under podman-compose to be able to talk to each other.
    };
  };

  nix.settings = {
    substituters = [
      "https://cache.nixos-cuda.org"
    ];
    trusted-public-keys = [
      "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M="
    ];
  };

  # Users
  programs.fish.enable = true;
  users.users.narrator = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "docker"
      "sudo"
      "uucp"
      "lp"
      "adm"
      "input"
      "uinput"
      "docker"
      "lxd"
      "libvirtd"
      "vboxsf"
      "vboxusers"
      "wireshark"
      "networkmanager"
      "network"
      "audio"
      "storage"
      "libvirtd"
      "video"
      "podman"
      "render"
    ];
    shell = pkgs.fish;
    packages = with pkgs; [ tree ];
  };

  # System packages
  environment.systemPackages = with pkgs; [
    vim
    gnupg
    wget
    cryptsetup
    xorg.xinit
    os-prober
    fish
    htop
    fzf
    curl
    git
    pinentry-curses
    lightdm
    i3
    awesome

    (ollama.override {
      acceleration = "cuda";
    })
    blueman
  ];

  # Services
  services = {
    openssh.enable = true;
    timesyncd.enable = true;
    pcscd.enable = true;
  };

  # Programs
  programs = {
    firefox.enable = true;
    ssh.startAgent = true;
    gnupg.agent.enable = true;
  };

  # Security
  security.sudo.wheelNeedsPassword = false;

  # Documentation
  documentation.man.generateCaches = false;
}