# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }: 

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
  # legacy boot
  #boot.loader.grub.enable = true;
  #boot.loader.grub.device = "/dev/sda";
  #boot.loader.grub.useOSProber = true;
 
  # UEFI boot
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";

  # secure boot
  boot.bootspec.enable = true;

  # ZRAM
  zramSwap.enable = true;
  zramSwap.memoryPercent = 50;

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  boot.kernelPackages = pkgs.linuxPackages_xanmod_stable;
  boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];

  networking.hostName = "test-dell"; # Define your hostname.
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "America/New_York";
  
  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # opengl hardware 
  hardware.opengl.enable = true;

  # Enable the KDE Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;
  programs.kdeconnect.enable = true;

  # Configure keymap in X11
  services.xserver.layout = "us";
  #services.xserver.xkbVariant = "colemak,";
  #services.xserver.xkbOptions = "grp:win_space_toggle";

  # Enable CUPS to print documents.
  services.printing.enable = true;
  services.avahi.enable = true;
  services.avahi.nssmdns = true;
  services.avahi.openFirewall = true;
  services.printing.drivers = [ pkgs.hplip ];

  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    jack.enable = true;
  
    # use the example session manager (no others are packaged yet so this is en>
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  services.xserver.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.vincent = {
    isNormalUser = true;
    initialHashedPassword = "$y$j9T$60d2ruHdjJT4EZAUcS3GW.$e1xmxQrRFTr2RUld3G2blpBUSALlG047ygAnkmk2JaA";
    extraGroups = [ "wheel" "networkmanager" "lp" "audio" "video" "cdrom" "libvirt" "kvm" "input" ]; 
  };

  nix.extraOptions = ''experimental-features = nix-command flakes'';

  nixpkgs.config.permittedInsecurePackages = [
    "electron-12.2.3"
  ];
  
  nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    xdg-desktop-portal-gtk
    clamav
    tailscale
    linuxHeaders
    steam-run
    qgnomeplatform
    open-dyslexic
    glibc
    cron
    btop
    neofetch
    topgrade
    # VM manager
    gnome.gnome-boxes
    OVMF
    # remote access
    sunshine
    # backup
    pika-backup
    # kde apps
    libsForQt5.discover
    libsForQt5.sddm-kcm
    libsForQt5.kaccounts-integration
    libsForQt5.kaccounts-providers
    libsForQt5.accounts-qt
    libsForQt5.ark
    # editors
    libsForQt5.kate
    nano
    # office apps
    onlyoffice-bin
    trilium-desktop
    celluloid
    libsForQt5.elisa
    # mirosoft font alitrnative
    carlito
    caladea
    gelasio
    comic-relief
    noto-fonts
    # battery saving packages
    auto-cpufreq
    tlp
    # binary ELF interpreter
    patchelf
    binutils
    # package manager
    git
    wget
    flatpak
    podman
    distrobox
    # web browser
    librewolf
    #captive browser
    captive-browser
  ];

  # captive browser options
  programs.captive-browser.enable = true;
  programs.captive-browser.interface = "wlp2s0";

  # sunshine udev rules
  services.udev.extraRules = ''
      Sunshine
      KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
    '';
  # sunshine service  
  systemd.user.services.sunshine = {
    description = "sunshine remote desktop";
    script = "/run/current-system/sw/bin/sunshine";
    wantedBy = [ "multi-user.target" ]; # starts after login
  };
  systemd.user.services.sunshine.enable = true;

  # v4l2loopback
  boot.kernelModules = [ "v4l2loopback" ];

  # flatpak
  xdg.portal.enable = true;
  services.flatpak.enable = true;

  # packagekit
  services.packagekit.enable = true;

  # enable libvirt and USB redirect
  virtualisation.libvirtd.enable = true;
  programs.dconf.enable = true;
  virtualisation.spiceUSBRedirection.enable = true;
  virtualisation.libvirtd.qemu.ovmf.enable = true;
  
  # enable podman
  virtualisation.podman = {
     enable = true;

      dockerCompat = true;
    };

  environment.shellInit = ''
  [ -n "$DISPLAY" ] && xhost +si:localuser:$USER || true
  '';
  
  # iio screen rotation
  hardware.sensor.iio.enable = true;
  
  # makemkv fix
  boot.initrd.kernelModules = [ "sg" ];
  
  # battery saving services enable
  services.auto-cpufreq.enable = true;
  services.tlp.enable = true;
  services.power-profiles-daemon.enable = false;
  # enable the tailscale service
  services.tailscale.enable = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  # clamAV
  services.clamav.updater.enable = true;
  services.clamav.daemon.enable = true;

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  services.openssh.enable = false;
  
  # auto clean
  nix.optimise.automatic = true;
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 15d";
  };

  # auto update
  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = true;
  system.autoUpgrade.rebootWindow = {
    lower = "01:00";
    upper = "05:00";
  };
  
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 
     22
     8384
     22000
     24800
     21116
     7236
     7250
     47984
     47989
     47990
     48010
  ];
  networking.firewall.allowedUDPPorts = [
    22000
    21027
    24800
    5353
    5900
    3689
    5353
    7236
    47998
    47999
    48000
    48002
  ];
  networking.firewall.allowedTCPPortRanges = [ 
     {
       from = 1714;
       to = 1764;
     }
  ];
  networking.firewall.allowedUDPPortRanges = [ 
     {
       from = 1714;
       to = 1764;
     }
  ];
  networking.firewall.rejectPackets = true;
  # networking.firewall.allowedUDPPorts = [ 21116 ];
  # Or disable the firewall altogether.
  networking.firewall.checkReversePath = "loose";

  services.fail2ban.enable = true;
  networking.firewall.enable = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?

}