nix-dotfiles/hosts/randolph/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, edit, tepid-client-services, flakelib, ... }: # fix this this is awful

{
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ../../snippets/samba.nix
  ];

  ################################################
  # SECTION 1: BASIC SYSTEM SOFTWARE CONFIGURATION
  ################################################

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_6_6.override {
  #   argsOverride = rec {
  #     src = pkgs.fetchurl {
  #           url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
  #           sha256 = "sha256-2NlUBPje63/2mSwN+FUCUGLp6Bgrym2qJ+8uknXSd0k=";
  #     };
  #     version = "6.12.23";
  #     modDirVersion = "6.12.23";
  #     };
  # });

  boot.kernelParams = [
      # "amdgpu.sg_display=0"
      # "amdgpu.dcdebugmask=0x10"
  ];

  # Enable flakes.
  nix = { settings.experimental-features = [ "nix-command" "flakes" ]; };

  # Enable unfree packages.
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.permittedInsecurePackages = [
    "dotnet-runtime-7.0.20"
  ];

  networking.hostName = "randolph"; # Define your hostname.
  networking.networkmanager.enable =
    true; # Easiest to use and most distros use this by default.

  networking.firewall =
  let kdeConnectPorts = {
      from = 1714;
      to = 1764;
  }; in
  {
    allowedTCPPortRanges = [
      kdeConnectPorts
    ];
    allowedUDPPortRanges = [
      kdeConnectPorts
    ];
  };

  services.resolved = {
    enable = true;
    dnssec = "true";
    domains = [ "~." ];
    fallbackDns = [ "9.9.9.9" "149.112.112.112" ];
  };

  # Set your time zone.
  time.timeZone = "America/Montreal";

  # Select internationalization properties.
  i18n.defaultLocale = "fr_CA.UTF-8";
  i18n.supportedLocales = [
    "en_CA.UTF-8/UTF-8"
    "fr_CA.UTF-8/UTF-8"
  ];
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
    # useXkbConfig = true; # use xkb.options in tty.
  };

  # Enable screensharing
  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
    config.common.default = "*";
  };

  # Home manager: make user home-manager configs use system nixpkgs
  home-manager.useGlobalPkgs = true;

  # Enable mozilla VPN
  services.mozillavpn.enable = true;

  ###################################
  # SECTION 2: HARDWARE CONFIGURATION
  ###################################

  # Set login and power management options
  services.logind.lidSwitch = "suspend";
  services.logind.lidSwitchDocked =
    "ignore"; # when an external monitor is plugged in
  services.logind.powerKey = "ignore"; # handle this WM side
  services.logind.powerKeyLongPress = "poweroff";

  # Enable graphics.
  hardware.graphics.enable = true;
  # hardware.graphics.package = (
  #   pkgs.mesa.overrideAttrs rec {
  #    version = "24.3.4";

  #    src = pkgs.fetchFromGitLab {
  #      domain = "gitlab.freedesktop.org";
  #      owner = "mesa";
  #      repo = "mesa";
  #      rev = "mesa-${version}";
  #      hash = "sha256-1RUHbTgcCxdDrWjqB0EG4Ny/nwdjQHHpyPauiW/yogU=";
  #    };
  # });

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable SANE for scanning.
  hardware.sane = {
    enable = true;
    extraBackends = [ pkgs.epkowa ];
  };

  # Enable udisks (handles storage devices, e.g. usb flash drives)
  services.udisks2.enable = true;

  # Enable sound.
  security.rtkit.enable = true; # needed for pipewire
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Enable fingerprint reader
  services.fprintd.enable = true;

  # Enable Bluetooth.
  hardware.bluetooth.enable = true;

  # Enable power management
  # services.upower = { enable = true; };

  ###################################################
  # SECTION 3: USERSPACE CONFIG AND OPTIONAL SOFTWARE
  ###################################################

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.alice = {
    isNormalUser = true;
    home = "/home/alice";
    extraGroups = [ "wheel" "networkmanager" "video" "scanner" "lp" ]
      ++ [ "adbusers" ]; # Enable 'sudo' for the user.
    initialPassword = "manysuchcases";
    shell = pkgs.zsh;
  };
  home-manager.users.alice = import ./home.nix;
  home-manager.extraSpecialArgs = {
    inherit edit tepid-client-services flakelib;
  };

  # Make sure swaylock works (defined in home.nix)
  security.pam.services.swaylock = { };

  # Make sure suspend actually happens
  # what this does is set the time it waits before sleeping to 10 (default 30)
  # default is 30 for, say, if you plug in an external monitor after shutting the lid
  services.logind.extraConfig = ''
    InhibitDelayMaxSec=10
  '';

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    # neovim
    greetd.tuigreet
    ntfs3g
    kakoune
    git
    gay # very important, do not remove
  ];

  services.greetd = {
    enable = true;
    settings = {
      default_session = {
        command = "${pkgs.lib.getExe pkgs.greetd.tuigreet} --cmd 'zsh -c sway'";
      };
    };
  };

  # Add Steam, which cannot be installed through home manager (boo!)
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true; # Open ports in the firewall for Remote Play
    # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
  };

  # Enable dconf; necessary for some programs
  programs.dconf.enable = true;

  # Enable gvfs; handles trash
  services.gvfs.enable = true;

  # Enable tailscale
  services.tailscale.enable = true;

  # Enable adb
  programs.adb.enable = true;

  # Enable zsh; necessary to switch
  programs.zsh.enable = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?

}