Surface-Nixos/application-configuration.nix

{ lib, pkgs, ... }:
{
  users.users.caleb = {
    packages = with pkgs;
      [
        # apps
        firefox
        ungoogled-chromium
        kate
        qalculate-qt
        keepassxc
        libsForQt5.krdc
        libreoffice-qt
        isoimagewriter
        qdirstat
        signal-desktop
        monero-gui
        tor-browser-bundle-bin
        yubikey-manager-qt
        libsForQt5.kdeconnect-kde
        obsidian

        # virtualisation
        podman-compose
      ];
  };

  # kde connect
  networking.firewall = {
    enable = true;
    allowedTCPPortRanges = [
      { from = 1714; to = 1764; } # KDE Connect
    ];
    allowedUDPPortRanges = [
      { from = 1714; to = 1764; } # KDE Connect
    ];
  };

  # install Steam
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };

  # yubikey
  services.pcscd.enable = true;

  # podman and libvirt
  programs.virt-manager.enable = true;
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };

    # enable libvirt
    spiceUSBRedirection.enable = true;
    libvirtd = {
      enable = true;
      qemu = {
        package = pkgs.qemu_kvm;
        runAsRoot = true;
        swtpm.enable = true;
        ovmf = {
          enable = true;
          packages = [
            (pkgs.OVMF.override {
              secureBoot = true;
              tpmSupport = true;
            }).fd
          ];
        };
      };
    };
  };
  users.users.caleb.extraGroups = [ "libvirtd" ];
}