# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, flake-inputs, ... }:

{
  networking.networkmanager.enable = false;

  virtualisation = {
    kvmgt.enable = true;
    libvirtd = {
      enable = true;
      qemu = {
        runAsRoot = true;
        verbatimConfig = ''
          cgroup_device_acl = ["/dev/kvmfr0", "/dev/kvm"]
        '';
	    swtpm = {
	      enable = true;
	    };
      };
    };
    containers = {
      enable = true;
      policy = {
        default = [ { type = "insecureAcceptAnything"; } ];
        transports = {
          docker-daemon = {
            "" = [ { type = "insecureAcceptAnything"; } ];
          };
        };
      };
    };
  };

  hardware.nvidia-container-toolkit.enable = true;

  services.openssh.enable = true;
  networking.firewall.enable = true;

  environment.systemPackages = [ pkgs.nfs-utils ];
  services.openiscsi = {
    enable = true;
    name = "${config.networking.hostName}-initiatorhost";
  };

  systemd.network.wait-online.enable = lib.mkDefault false;
  networking.useDHCP = false;
  #services.tcsd.enable = true;

  security.sudo = {
    enable = true;
    extraRules = [
      { users = [ "%wheel" ];
        commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
      }
    ];
  };
}