nix-dotfiles/hosts/randolph/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

{
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];

  ################################################
  # SECTION 1: BASIC SYSTEM SOFTWARE CONFIGURATION
  ################################################

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.kernelParams = [
      "amdgpu.sg_display=0"
  ];

  # Enable flakes.
  nix = { settings.experimental-features = [ "nix-command" "flakes" ]; };

  networking.hostName = "randolph"; # Define your hostname.
  networking.networkmanager.enable =
    true; # Easiest to use and most distros use this by default.

  networking.firewall =
  let kdeConnectPorts = {
      from = 1714;
      to = 1764;
  }; in
  {
    allowedTCPPortRanges = [
      kdeConnectPorts
    ];
    allowedUDPPortRanges = [
      kdeConnectPorts
    ];
  };

  # Set your time zone.
  time.timeZone = "Australia/Melbourne";

  # Select internationalization properties.
  i18n.defaultLocale = "fr_CA.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
    # useXkbConfig = true; # use xkb.options in tty.
  };

  # Enable screensharing
  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
    config.common.default = "*";
  };

  # Home manager: make user home-manager configs use system nixpkgs
  home-manager.useGlobalPkgs = true;

  # Enable mozilla VPN
  services.mozillavpn.enable = true;

  ###################################
  # SECTION 2: HARDWARE CONFIGURATION
  ###################################

  # Set login and power management options
  # services.logind.lidSwitch = "suspend";
  # services.logind.lidSwitchDocked =
  #   "ignore"; # when an external monitor is plugged in
  # services.logind.powerKey = "ignore"; # handle this WM side
  # services.logind.powerKeyLongPress = "poweroff";

  # Enable graphics.
  hardware.graphics.enable = true;

  # Allow users in group "video" to modify backlight
  # services.udev.extraRules = ''
  #   ACTION=="add", SUBSYSTEM=="backlight" KERNEL=="amdgpu_bl0", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/amdgpu_bl0/brightness"
  #   ACTION=="add", SUBSYSTEM=="backlight" KERNEL=="amdgpu_bl0", RUN+="${pkgs.coreutils}/bin/chmod g+w /sys/class/backlight/amdgpu_bl0/brightness"
  # '';

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable udisks (handles storage devices, e.g. usb flash drives)
  # services.udisks2.enable = true;

  # Enable sound.
  security.rtkit.enable = true; # needed for pipewire
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Enable fingerprint reader
  services.fprintd.enable = true;

  # Enable Bluetooth.
  hardware.bluetooth.enable = true;

  # Enable power management
  # services.upower = { enable = true; };

  ###################################################
  # SECTION 3: USERSPACE CONFIG AND OPTIONAL SOFTWARE
  ###################################################

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.alice = {
    isNormalUser = true;
    home = "/home/alice";
    extraGroups = [ "wheel" "networkmanager" "video" ]
      ++ [ "adbusers" ]; # Enable 'sudo' for the user.
    initialPassword = "manysuchcases";
    shell = pkgs.zsh;
  };
  home-manager.users.alice = import ./home.nix;

  # Make sure swaylock works (defined in home.nix)
  # security.pam.services.swaylock = { };

  # Make sure suspend actually happens
  # what this does is set the time it waits before sleeping to 10 (default 30)
  # default is 30 for, say, if you plug in an external monitor after shutting the lid
  services.logind.extraConfig = ''
    InhibitDelayMaxSec=10
  '';

  # Allow steam to run nonfree 
  # nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
  #   "steam" "steam-original" "steam-run" "zoom-5.16.10.668"
  # ];
  nixpkgs.config.allowUnfreePredicate = _: true;
  nixpkgs.overlays = [
    (final: prev: {
      fprintd = prev.fprintd.overrideAttrs (old: {
        mesonCheckFlags = (old.mesonCheckFlags or [ ]) ++ [
          # PAM related checks are timing out
          "--no-suite"
          "fprintd:TestPamFprintd"
        ];
      });
    })
  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    # neovim
    ntfs3g
    kakoune
    git
    gay # very important, do not remove
  ];

  # Add Steam, which cannot be installed through home manager (boo!)
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true; # Open ports in the firewall for Remote Play
    # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
  };

  # Enable dconf; necessary for some programs
  programs.dconf.enable = true;

  # Enable gvfs; handles trash
  services.gvfs.enable = true;

  # Enable tailscale
  services.tailscale.enable = true;

  # Enable adb
  programs.adb.enable = true;

  # Enable zsh; necessary to switch
  programs.zsh.enable = true;

  # Enable KDE Plasma 6
  services.xserver.enable = true;
  services.desktopManager.plasma6.enable = true;
  services.displayManager.sddm.enable = true;
  services.displayManager.sddm.wayland.enable = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?

}