{ config, pkgs, lib, self, ... }: with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { imports = [ ./configuration.nix ./virtualisation ./factorio ]; config = { hardware.cpu.amd.updateMicrocode = true; hardware.opengl.extraPackages = with pkgs; [ rocm-opencl-icd rocm-opencl-runtime ]; pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeOffset = 115075072; pub-solar.paperless.sync.masterNode = false; age.secrets."drone-runner-exec-config" = { file = "${self}/secrets/drone-runner-exec-config"; mode = "400"; owner = psCfg.user.name; }; pub-solar.docker-ci-runner = { enable = true; runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; }; pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004"; services.openssh.openFirewall = true; networking.firewall.allowedTCPPorts = [443] ++ ( if psCfg.sway.vnc.enable then [5901] else [] ); networking.firewall.allowedUDPPorts = [43050]; environment.systemPackages = with pkgs; [ wayvnc drone-docker-runner stdenv.cc.cc.lib pkgs.hplip ]; age.secrets."vnc-key.pem" = { file = "${self}/secrets/vnc-key-chocolatebar.pem"; mode = "400"; owner = psCfg.user.name; }; age.secrets."vnc-cert.pem" = { file = "${self}/secrets/vnc-cert-chocolatebar.pem"; mode = "400"; owner = psCfg.user.name; }; pub-solar.sway.vnc.enable = true; services.printing.drivers = [ pkgs.cups-brother-hl3140cw ]; home-manager.users."${psCfg.user.name}" = { xdg.configFile = mkIf psCfg.sway.enable { "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; }; home.sessionVariables = { NIX_CC = "${pkgs.stdenv.cc}"; }; }; # For OpenProject development with https security.pki.certificates = [ (builtins.readFile ./step-roots.pem) ]; }; }