chiasson-nix/modules/hosts/14900k/configuration.nix

{ self, inputs, ... }: {
  flake.nixosModules."14900kConfiguration" =
    { self, config, pkgs, ... }:
    {
      imports = [
        self.nixosModules."14900kHardware"
        inputs.home-manager.nixosModules.home-manager
        inputs.sops-nix.nixosModules.sops

        self.nixosModules.system
        self.nixosModules.desktop
        self.nixosModules.users

        self.nixosModules."client-services"
        ./_private/platform.nix
        ./_private/nvidia.nix
        ./_private/peripherals.nix
        # ./_private/printing-epson.nix
        ./_private/displays.nix
        ./_private/jellyfin-nfs-export.nix
      ];

      sops = {
        defaultSopsFile = ../../../secrets/secrets.yaml;
        defaultSopsFormat = "yaml";
        age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      };

      sops.secrets."caching/attic/token" = {
        owner = "olivier";
        group = "users";
        mode = "0400";
      };

      sops.secrets."users/olivier/hashedPassword".neededForUsers = true;
      sops.secrets."swiftshare/API_KEY" = {
        owner = "olivier";
        group = "users";
        mode = "0400";
      };
services.cloudflare-warp.enable = true;

      # Intel iGPU video acceleration (VA-API / QSV via oneVPL).
      # This fixes common NixOS issues like `vaInitialize failed` and missing QSV encoders in apps.
      hardware.graphics = {
        enable = true;
        extraPackages = with pkgs; [
          intel-media-driver # iHD (Gen8+)
          vpl-gpu-rt # oneVPL runtime (QSV)
          libvdpau-va-gl
        ];
      };

      environment.sessionVariables = {
        LIBVA_DRIVER_NAME = "iHD";
        # Force VA-API to use the Intel iGPU render node (otherwise libva may pick NVIDIA and iHD fails).
        LIBVA_DRM_DEVICE = "/dev/dri/renderD128";
      };

      chiasson.system.caching.attic = {
        enable = true;
        cacheName = "nixos-new";
        endpoint = "http://192.168.2.238:8080/";
        publicKey = "nixos-new:8NySIcT0HP7KvGQKgBRWoWESxxRA8BVYo8S85UNpNX0=";
        tokenFile = config.sops.secrets."caching/attic/token".path;
        push.enable = true;
        userCli.enable = true;
      };

      chiasson.desktop = {
        niri.enable = true;
        defaultSession = "niri";
        shell = "dms";
        shells.dms = {
          rebuildCommand = [
            "sudo"
            "nixos-rebuild"
            "switch"
            "--flake"
            ".#14900k"
          ];
          enableRbwLockToggle = true;
        };
      };

      chiasson.system = {
        # libvirt/QEMU + VFIO; host uses Intel iGPU for Niri while NVIDIA is passed through (see
        # `_private/nvidia.nix`, `_private/displays.nix`). If your GPU is not RTX 2070-class IDs, set
        # `chiasson.system.vm.gpuPassthrough.vfioIds` from `lspci -nn` (GPU + HDA functions in the same group).
        vm = {
          enable = true;
          gpuPassthrough.enable = false;
        };

        audio.enable = true;
        docker.enable = true;
        gaming.enable = true;
        gaming.steam.steamTinkerLaunch.enable = true;

        monitorInput.enable = true;

        flatpak.enable = true;

        palera1n.enable = true;
        uconsoleKernelBuilder.enable = true;

        extraPackages = with pkgs; [
          sops
          nodejs_22
          ffmpeg
          bento4
          yt-dlp

          # Native install (avoid flatpak sandbox issues for QSV/VAAPI).
          handbrake

          # Diagnostics
          libva-utils # vainfo
        ];
   

        networking = {
          hostName = "nixdesk";
          networkManager.enable = true;
        };
        librepods.enable = true;
      };

      chiasson.users.enabled = [ "olivier" ];

      chiasson.users.extraModules.olivier = [
        self.homeManagerModules.wisdomFilebrowsersDolphin
        self.homeManagerModules.wisdomTerminalsKitty
        self.homeManagerModules.wisdomBrowsersEdge
        self.homeManagerModules.wisdomBrowsersFlow
        self.homeManagerModules.wisdomBrowsersOrion
        self.homeManagerModules.wisdomEditorsCursor
        self.homeManagerModules.wisdomEditorsObsidian
        self.homeManagerModules.wisdomShellYazi
        self.homeManagerModules.wisdomShellFish
        self.homeManagerModules.wisdomShellOhMyPosh
        self.homeManagerModules.wisdomAppsDiscord
        self.homeManagerModules.wisdomAppsSpotify
        self.homeManagerModules.wisdomAppsLocalsend
        self.homeManagerModules.wisdomAppsPokeclicker
        self.homeManagerModules.wisdomDesktopScreenshot
        self.homeManagerModules.wisdomDesktopGtkQtTheming
        {
          programs.git = {
            enable = true;
            userName = "OlivierChiasson";
            userEmail = "olivierchiasson@hotmail.fr";
          };

          chiasson.home = {
            extraPackages = [ pkgs.parsec-bin ];

            shell = {
              fish.enable = true;
              yazi.enable = true;
              ohMyPosh.enable = true;
            };

            terminals.kitty.enable = true;

            filebrowsers.dolphin.enable = true;

            browsers.edge.enable = true;
            browsers.flow.enable = false;
            browsers.orion.enable = true;

            editors.cursor.enable = true;
            editors.obsidian.enable = true;

            apps = {
              discord.enable = true;
              spotify.enable = true;
              spotify.openDiscoveryFirewall = true;
              localsend.enable = true;
              pokeclicker.enable = true;
            };

            desktop = {
              screenshot = {
                enable = true;
                swiftshareApiKeyFile = "/run/secrets/swiftshare/API_KEY"; #TODO[epic=sops] redo this by passing sops file output directly
              };
              theming.enable = true;
            };
          };
        }
      ];
    };
}