nix-config/users/leyla/default.nix

{
  lib,
  config,
  inputs,
  ...
}: let
  cfg = config.nixos.users.leyla;
in {
  options.nixos.users.leyla = {
    isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
    isTerminalUser = lib.mkEnableOption "install applications intended for terminal use";
    hasGPU = lib.mkEnableOption "installs gpu intensive programs";
  };

  config = {
    nixpkgs.config.allowUnfree = true;

    sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) {
      "passwords/leyla" = {
        neededForUsers = true;
        sopsFile = "${inputs.secrets}/user-passwords.yaml";
      };
    };

    users.users.leyla = (
      if (cfg.isDesktopUser || cfg.isTerminalUser)
      then {
        isNormalUser = true;
        extraGroups = (
          ["networkmanager" "wheel"]
          ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers"
        );

        hashedPasswordFile = config.sops.secrets."passwords/leyla".path;

        openssh = {
          authorizedKeys.keys = [
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
          ];
        };
      }
      else {
        isSystemUser = true;
      }
    );

    services = {
      # ollama = {
      #   enable = cfg.hasGPU;
      #   acceleration = "cuda";
      # };

      # TODO: this should reference the home directory from the user config
      openssh.hostKeys = [
        {
          comment = "leyla@" + config.networking.hostName;
          path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519";
          rounds = 100;
          type = "ed25519";
        }
      ];
    };

    programs = {
      steam = lib.mkIf cfg.isDesktopUser {
        enable = true;
        remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
        dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer
        localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
      };

      noisetorch.enable = cfg.isDesktopUser;

      adb.enable = cfg.isDesktopUser;
    };
  };
}