system/users/jan/default.nix

{ config, pkgs, lib, inputs, globalData, ... }:

{
  imports = [./davmail.secret.nix];

  nixpkgs.overlays = lib.mkAfter [
    inputs.nil.overlays.nil
    inputs.wired.overlays.default
  ];

  programs.zsh.enable = true;

  nix.settings.trusted-users = lib.mkAfter [ "jan" ];

  age.secrets.users-jan-passfile.file = ./users-jan-passfile.age;
  users.users.jan = {
    isNormalUser = true;
    extraGroups = [
      "wheel" # Enable ‘sudo’ for the user.
      (lib.mkIf config.networking.networkmanager.enable "networkmanager")
      (lib.mkIf config.virtualisation.docker.enable "docker")
      (lib.mkIf config.services.transmission.enable "transmission")
      (lib.mkIf config.services.kubo.enable config.services.kubo.group)
      (lib.mkIf config.programs.adb.enable "adbusers")
      (lib.mkIf config.programs.adb.enable "plugdev")
      (lib.mkIf config.hardware.pulseaudio.systemWide "pulse-access")
    ];
    shell = pkgs.zsh;
    hashedPasswordFile = config.age.secrets.users-jan-passfile.path;

    openssh.authorizedKeys.keys = globalData.publicKeys.users.jan;
  };

  users.groups.plugdev = lib.mkIf config.programs.adb.enable { };

  networking.firewall.allowedUDPPorts =
    let lanMouseCfg = config.home-manager.users.jan.local.services.lan-mouse;
    in lib.optional lanMouseCfg.enable lanMouseCfg.settings.port;

  # Required to use MS Exchange in aerc
  services.davmail = {
    enable = true;
    url = "https://outlook.office365.com/EWS/Exchange.asmx";
    config.davmail = {
      allowRemote = false;
      ssl = {
        nosecurecaldav = false;
        nosecureimap = false;
        nosecureldap = false;
        nosecuresmtp = false;
      };
      mode = "O365Manual";
    };
  };

  home-manager.users.jan = {
    imports = [
      ./accounts.secret.nix
      ./git
    ];

    ################################################################################
    # Configs
    ################################################################################

    local.keyboard = {
      enable = true;
      variant = "dvorak,";
    };

    local.window-manager = {
      xmonad.enable = lib.mkDefault true;
      polybar.enable = lib.mkDefault true;
    };

    xdg.enable = lib.mkDefault true;

    local.shell.enable = lib.mkDefault true;


    ################################################################################
    # Programs
    ################################################################################

    local.programs.terminals = {
      wezterm.enable = lib.mkDefault config.local.window-manager.xmonad.enable;
      foot.enable = lib.mkDefault (!config.local.window-manager.xmonad.enable);
    };

    local.programs.editors.neovim = {
      enable = lib.mkDefault true;
      defaultEditor = lib.mkDefault true;
      ltex.enable = lib.mkDefault true;
    };

    local.programs.file-managers.vifm.enable = lib.mkDefault true;

    local.programs.aerc.enable = lib.mkDefault true;

    local.programs.communication = {
      telegram.enable = lib.mkDefault true;
      matrix.enable = lib.mkDefault true;
      simplex-chat.enable = lib.mkDefault (config.local.system.kernel != "hardened");
    };

    local.programs.dev-tools = {
      base.enable = lib.mkDefault true;
      nix.enable = lib.mkDefault true;
      web.enable = lib.mkDefault true;
      psql = {
        enable = lib.mkDefault true;
        package = lib.mkDefault pkgs.postgresql_14;
      };
      eza.enable = lib.mkDefault true;
      direnv.enable = lib.mkDefault true;
      zoxide.enable = lib.mkDefault true;
    };

    local.programs.share-files.croc.enable = lib.mkDefault true;

    local.programs.flameshot.enable = lib.mkDefault true;

    ################################################################################
    # Services
    ################################################################################

    local.services.wired.enable = lib.mkDefault true;

    local.services.lan-mouse = {
      # x11 input capture not available: not implemented
      enable = lib.mkDefault false;
      settings = {
        # releaseBind = [ "KeyLeftCtrl" "KeyLeftShift" "KeyF1" ];
        port = lib.mkDefault 32000;
        frontend = "cli";
      };
    };

    services.pass-secret-service = lib.mkIf config.local.programs.pass.enable {
      enable = true;
      storePath = config.home-manager.users.jan.home.sessionVariables.PASSWORD_STORE_DIR;
    };
    home.sessionVariables = lib.mkIf config.local.programs.pass.enable {
      PASSWORD_STORE_DIR = "${config.home-manager.users.jan.xdg.dataHome}/pass/store";
    };

    ################################################################################
    # Packages
    ################################################################################

    home.packages = with pkgs.unstable; [
      image-roll
      # vlc

      # tools
      procs
      bottom
    ];

    home.file = {
      "pictures/wallpapers" = {
        source = ./wallpapers;
        recursive = true;
      };
    };

    home.stateVersion = config.system.stateVersion;
  };
}