Surface-Nixos/application-configuration.nix

{ lib, pkgs, ... }:
{
  users.users.caleb = {
    packages = with pkgs;
      [
        # apps
        firefox
        kate
        qalculate-qt
        keepassxc
        libsForQt5.krdc
        libreoffice-qt
        isoimagewriter
        qdirstat
        signal-desktop
        monero-gui
        tor-browser-bundle-bin
        yubikey-manager-qt
        gparted
        libsForQt5.kdeconnect-kde
        obsidian

        # flatpak
        flatpak
        gnome.gnome-software

        # virtualisation
        podman-compose
      ];
  };

  environment.systemPackages = with pkgs; [
    openjdk8
  ];

  # kde connect
  networking.firewall = { 
    enable = true;
    allowedTCPPortRanges = [ 
      { from = 1714; to = 1764; } # KDE Connect
    ];  
    allowedUDPPortRanges = [ 
      { from = 1714; to = 1764; } # KDE Connect
    ];  
  };

  # install Steam
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };

  # yubikey
  services.pcscd.enable = true;

  # flatpak for bluebubbles client
  services.flatpak.enable = true;

  # podman
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };

    # enable libvirt
    libvirtd = {
      enable = true;
      qemu = {
        package = pkgs.qemu_kvm;
        runAsRoot = true;
        swtpm.enable = true;
        ovmf = {
          enable = true;
          packages = [(pkgs.OVMF.override {
            secureBoot = true;
            tpmSupport = true;
          }).fd];
        };
      };
    };
  };
  users.users.caleb.extraGroups = [ "libvirtd" ];
}