nix/hosts/snowbelle/configuration.nix

{ config, lib, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../users/users.nix
      ../../modules/system/default.nix
      ../../modules/homelab/default.nix
    ];

  modules = {
    system = {
      ssh.enable = true;
      sops.enable = true;
      docker.enable = true;
      syncthing.enable = true;
#        syncthing.mode = "server";
      tailscale.enable = true;
      nvidia.enable = true;
    };
    homelab = {
      zfs.enable = true;
      smb.enable = true;
      nfs.enable = true;
    };
  };

  # enable users
  users = {
    blake.enable = true;
  };

  # use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # setup hostname and networking stack
  networking.hostName = "snowbelle"; # Define your hostname.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.

  # set timezone
  time.timeZone = "America/Chicago";

  # define shell
  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;

  # package install list
  environment.systemPackages = with pkgs; [
    vim 
    rsync
    wget
    git
    iptables
    nettools
    neofetch
    btop
    age
    nvidia-container-toolkit
  ];

  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;
    settings = {
      General = {
        Experimental = true;
        ControllerMode = "dual";
      };
    };
  };

  # allow proprietary packages
  nixpkgs.config.allowUnfree = true;

  # ld fix
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
    # Add any missing dynamic libraries for unpackaged 
    # programs here, NOT in environment.systemPackages
  ];

  # enable flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [
    22      # ssh
    80      # http
    111     # portmapper for nfs
    139     # smb
    443     # https
    445     # cifs
    1883
    2049    # nfs
    2222    # syncthing
    3030    # jellyfin
    3131    # audiobookshelf
    3232    # 
    3333    # qbittorrent
    3434    # yacreader
    3535    # prowlarr
    3636    # sonarr
    3737    # radarr
    3838    # bazarr
    3939    # flaresolverr
    3923    # copyparty
    4141    # hass
    4142    # mqtt
    4242    # immich
    4444    # gitea
    5050    # kiwix
    5656    # archivebox
    7070    # vaultwarden
    7567    # gitea ssh
    7777    # glance
    8080    # nginx webui
    8181    # uptime kuma
    25777   # minecraft
    25565
    25566
    25567
  ];

  networking.firewall.allowedUDPPorts = [ 51820 ];
  # Or disable the firewall altogether.
  networking.firewall.enable = true;

  system.stateVersion = "25.05"; # Did you read the comment?

}