mio-ops/modules/roles/desktop/default.nix

# Desktop role
{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.roles.desktop;
in {
  options.roles.desktop = {
    enable = mkEnableOption "to enable the desktop role.";
  };
  config = mkIf (cfg.enable) {
    boot.loader.systemd-boot = {
      enable = true;
      configurationLimit = 5;
    };
    environment.systemPackages = with pkgs; [
      brave # Privacy-oriented browser
      chromium
      element-desktop # A feature-rich client for Matrix.org
      evince # document viewer
      gnome-tweaks # A tool to customize advanced GNOME 3 options
      krita # A free and open source painting application
      libreoffice-fresh # Comprehensive, professional-quality productivity suite
      mplayer # A movie player that supports many video formats
      nextcloud-client # Nextcloud desktop client
      pavucontrol # PulseAudio Volume Control
      pwgen # Password generator
      rsync
      shotwell # Photo organizer
      signal-desktop # Private, simple, and secure messenger
      usbutils # Tools for working with USB devices, such as lsusb
      xorg.libxcb # X C binding
    ];
    fonts.packages = with pkgs; [
      nerdfonts # Iconic font aggregator, collection, & patcher
    ];
    networking = {
      networkmanager.enable = true; # Enables network support via NetworkManager.
      firewall.enable = true;
    };
    nix.settings = {
      substituters = ["https://cosmic.cachix.org/"];
      trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
    };
    services = {
      acpid.enable = true; # A daemon for delivering ACPI events to userspace programs
      blueman.enable = true; # GTK-based Bluetooth Manager
      devmon.enable = true; # Enable external device automounting.`
      displayManager = {
        defaultSession = "cosmic"; # Set GNOME as the default session
      };
      libinput = {
        enable = true; # Enable touchpad support.
        touchpad = {
          tapping = true;
          tappingButtonMap = "lrm"; # Set the touchpad button mappeing
        };
      };
      pipewire = {
        enable = true;
        alsa = {
          enable = true;
          support32Bit = true;
        };
        pulse.enable = true;
      };
      udev.packages = [
        pkgs.android-udev-rules # Android udev rules list
      ];
      udisks2.enable = true; # Enable udisks2
    };
    security.rtkit.enable = true; # realtime scheduling for sound

    # Configure common hardware settings
    hardware = {
      pulseaudio = {
        enable = false;
      };
      bluetooth = {
        enable = true; # Enable bluetooth
        settings = {
          General = {
            Enable = "Source,Sink,Media,Socket";
            NoPlugin = "sap";
          };
          Policy = {AutoEnable = "true";};
        };
      };
      graphics.enable = true;
    };

    # Configure libreWolf and Chromium
    nixpkgs.config = {allowUnfree = true;};

    profiles.cosmicDesktop.enable = true;

    programs = {
      chromium = {
        enable = true;
        homepageLocation = "https://start.duckduckgo.com/";
      };
      firefox = {
        enable = true;
        package = pkgs.librewolf;
        policies = {
          DisableTelemetry = true;
          DisableFirefoxStudies = true;
          Preferences = {
            "cookiebanners.service.mode" = 2; # Block cookie banners
            "cookiebanners.service.mode.privateBrowsing" = 2; # Block cookie banners in private browsing
            "privacy.donottrackheader.enabled" = true;
            "privacy.fingerprintingProtection" = true;
            "privacy.resistFingerprinting" = true;
            "privacy.trackingprotection.emailtracking.enabled" = true;
            "privacy.trackingprotection.enabled" = true;
            "privacy.trackingprotection.fingerprinting.enabled" = true;
            "privacy.trackingprotection.socialtracking.enabled" = true;
            "webgl.disabled" = false;
          };
          ExtensionSettings = {
            "CanvasBlocker@kkapsner.de" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/canvasblocker/latest.xpi";
              installation_mode = "force_installed";
            }; # prevents fingerprinting when webgl is enabled
            "CookieAutoDelete@kennydo.com" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/cookie-autodelete/latest.xpi";
              installation_mode = "force_installed";
            }; # cookie deletion
            "floccus@handmadeideas.org" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi";
              installation_mode = "force_installed";
            }; # bookmark sync
            "jid1-MnnxcxisBPnSXQ@jetpack" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
              installation_mode = "force_installed";
            }; # privacy
            "jid1-ZAdIEUB7XOzOJw@jetpack" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/duckduckgo-for-firefox/latest.xpi";
              installation_mode = "force_installed";
            }; # private search
            "uBlock0@raymondhill.net" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
              installation_mode = "force_installed";
            }; # add blocking
            "{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
              install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
              installation_mode = "force_installed";
            }; # password management
          };
        };
      };
    };

    # Groups to add
    users.groups = {
      audio.members = ["craige" "fiona" "hamish" "logan" "xander"];
      libvirtd.members = ["craige" "fiona" "hamish" "logan" "xander"];
      networkmanager.members = ["craige" "fiona" "hamish" "logan" "xander"];
    };
  };
}