nixcfg/systems/aarch64-linux/rnix/default.nix

{ pkgs, lib, ... }:
with lib;
with lib.metacfg;
{
  imports = [
    ./hardware-configuration.nix
  ];

  services.spice-autorandr.enable = true;
  services.spice-vdagentd.enable = true;

  metacfg = {
    base.enable = true;
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = false;

    system = {
      limits = {
        enable = true;
        nofileLimit = 32768;
        memlockLimit = 32768;
      };
    };

    tools = {
      direnv.enable = true;
    };
    user.extraGroups = [
      "docker"
      "dialout"
    ];
  };

  services.xrdp.enable = true;
  services.xrdp.defaultWindowManager = "${pkgs.gnome-session}/bin/gnome-session";
  services.xrdp.openFirewall = true;

  # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
  # If no user is logged in, the machine will power down after 20 minutes.
  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
  systemd.targets.hybrid-sleep.enable = false;

  environment.systemPackages = with pkgs; [
    azure-cli
    desktop-file-utils
    kubectl
    kubectx
    k9s
    attic-client
    piper
    gnome-remote-desktop
    nodejs
    cachix
    claude-code
  ];

  security.tpm2.enable = false;
  security.tpm2.abrmd.enable = false;

  services.ratbagd.enable = true;

  services.resolved.enable = true;
  #services.resolved.dnssec = "allow-downgrade";
  services.resolved.extraConfig = ''
    ResolveUnicastSingleLabel=yes
  '';

  virtualisation = {
    docker.enable = true;
    podman.dockerCompat = false;
    libvirtd.enable = false;
  };

  system.autoUpgrade = {
    enable = true;
    operation = "boot";
    allowReboot = false;
  };

  virtualisation.rosetta.enable = true;

  system.stateVersion = "23.11";
}