nixos-config/hosts/generic.nix

{ config, lib, pkgs, python3Packages, ... }:

let
  home-manager = builtins.fetchGit {
    url = "https://github.com/nix-community/home-manager.git";
    rev = "35a24648d155843a4d162de98c17b1afd5db51e4";
    ref = "release-21.05";
  };
in
{
  # Install home-manager
  imports = [
    "${home-manager}/nixos"
    ../modules/users # For system.singleUser
  ];
  home-manager.useGlobalPkgs = true;
  
  time.timeZone = "Europe/Berlin";

  networking = {
    useDHCP = false; # Done by the network manager
    networkmanager.enable = false;
  };

  i18n.defaultLocale = "en_GB.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de";
  };

  users = {
    mutableUsers = false;

    extraUsers = {
      root = {
	      # Disable root login
	      hashedPassword = "*";
      };

      # Users configured in vm.nix, nishimiya.nix or miku.nix
    };
  };

  environment = {
    systemPackages = with pkgs; [
      htop
      firejail
      vim
      git # Otherwise we cannot install home-manager
      git-crypt
      gnupg
      python3
    ];

    sessionVariables = {
      # Prevent us from having to always type it out
      NIXOS_CONFIG = "/home/${config.system.singleUser}/Development/Personal/nixos-config/hosts/${config.networking.hostName}.nix";
    };
  };

  # We don't tolerate non-free software, except for Steam and Linux firmware
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "firmwareLinuxNonfree" "steam" "steam-original" "steam-runtime" "discord" ];

  services = {
    connman = {
      enable = true;
      extraFlags = [ "--nodnsproxy" ];
    };

    # TODO: Is this correct? Maybe run once
    timesyncd.enable = false;

    printing.enable = lib.mkDefault false;
    avahi.enable = false;
  };

  # To allow users to use firejail
  programs.firejail.enable = true;
  
  security.sudo.extraConfig = ''
    Defaults env_keep += "NIXOS_CONFIG"
  '';
  
  system.stateVersion = "21.05";
}