nix/modules/nixos/programs.nix

{ config, pkgs, ... }:

{

	# services.displayManager.lightdm = {
	# 	enable = true;
	# 	autoLogin = {
	# 		relogin = true;
	# 		minimumUid = 1000;
	# 	};
	# 	package = pkgs.kdePackages.sddm;
	# };

	# services.displayManager.autoLogin = {
	# 	enable = true;
	# 	user = "ocbwoy3";
	# };

	# services.displayManager.defaultSession = "hyprland";

	programs.gamemode.enable = true;
	services.usbmuxd.enable = true;

	programs.nix-ld.enable = true;
	programs.nix-ld.libraries = with pkgs; [
		c-ares ffmpeg gtk3 http-parser libevent libvpx libxslt minizip nss re2 snappy libnotify libappindicator-gtk3
	];

	services.fail2ban = {
		enable = true;
		# Ban IP after 5 failures
		maxretry = 5;
		ignoreIP = [
			"10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"
		];
	};

	services.openssh = {
		enable = true;
		ports = [ 22 ];
		settings = {
			PasswordAuthentication = false;
			KbdInteractiveAuthentication = false;
			PermitRootLogin = "no";
			AllowUsers = [ "ocbwoy3" "git" ];
		};
		# fucks up ssh connections from iphone if you enable this
		# settings = {
		# 	KexAlgorithms = [ "curve25519-sha256@libssh.org" ];
		# 	Ciphers = [ "chacha20-poly1305@openssh.com" ];
		# 	Macs = [ "hmac-sha2-512-etm@openssh.com" ];
		# };
	};

	security.sudo-rs.enable =  true;
	security.sudo-rs.configFile = ''
		%wheel ALL=(ALL) ALL
		Defaults pwfeedback
	'';

	services.dbus = {
		enable = true;
		packages = [ pkgs.gcr ];
	};

	services.pcscd.enable = true;
	programs.gnupg = {
		# enable = true;
		agent = {
			enable = true;
			pinentryPackage = pkgs.pinentry-gnome3;
		};
	};

}