config/configuration.nix

{ config, pkgs, lib, ... }:

{
  #nixpkgs.overlays = overlays;
  nixpkgs.config.allowUnfreePredicate = (pkg: true);
  nixpkgs.config.allowUnfree = true;
  system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default

  # TODO: can i make this non-string?
  nix.extraOptions = ''
    experimental-features = nix-command flakes
	'';

  # TODO: move to pbsds home
  programs.ssh.extraConfig = ''
    Host *.ntnu.no *.pvv.org
      User pederbs
  '';

  # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
  nix.settings.auto-optimise-store = true;
  #nix.optimize.automatic = true; # periodic optimization
  nix.gc.automatic = true;
  nix.gc.dates = "weekly";
  nix.gc.options = "--delete-older-than 30d";

  imports = [
    ./cachix.nix
    (if builtins.pathExists ./hardware-configuration.nix
      then ./hardware-configuration.nix # results of hardware scan
      else {}
    )

    ./profiles/web
    ./profiles/web/index
    ./profiles/web/cinny
    ./profiles/web/element
    ./profiles/web/flexget
    ./profiles/web/gitea
    ./profiles/web/hydra
    ./profiles/web/invidious
    ./profiles/web/jellyfin
    ./profiles/web/libreddit
    ./profiles/web/mattermost
    ./profiles/web/navidrome
    ./profiles/web/netdata
    ./profiles/web/nitter
    ./profiles/web/ntopng
    ./profiles/web/owncast
    ./profiles/web/paperless
    ./profiles/web/polaris
    ./profiles/web/resilio
    ./profiles/web/roundcube
    ./profiles/web/thelounge
    ./profiles/web/vaultwarden
    ./profiles/web/webdav-zotero
    #./profiles/web/convos
    #./profiles/web/cryptpad
    #./profiles/web/galene
    #./profiles/web/graphana
    #./profiles/web/hedgedoc
    #./profiles/web/home-assistant
    #./profiles/web/jitsi-meet
    #./profiles/web/kukkee
    #./profiles/web/matrix-synapse
    #./profiles/web/shlink
    #./profiles/web/sourcegraph

    ./profiles/web/pdoc
    ./profiles/web/linktree-pbsds
    ./profiles/web/refleksjon-no
    ./profiles/web/roroslyd-no
    #./profiles/web/trivial-gradios
    #./profiles/web/censordodge
    #./profiles/web/openspeedtest

    ./profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
    ./profiles/code-remote
    ./profiles/remote-builders #
    ./profiles/nfs/reidun.nix # NFS mounts
    ./profiles/autossh-reverse-tunnels
    #./profiles/xrdp

    ./users
    #./users/pbsds
    ./users/all.nix
  ];

  # TODO: remove? Move to where relevant
  nixpkgs.overlays = [
    /** /
    (final: prev: {
      mapcrafter          = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
      mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
    })
    /**/
  ];

  # Allow unstable packages.
  nixpkgs.config.packageOverrides = pkgs: {
    unstable = import <nixos-unstable> {
      config = config.nixpkgs.config;
    };
    # TODO: nur
  };

  # enable opengl (headless)
  hardware.opengl.enable = true;
  #hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
  hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];

  # run/build weird binaries
  boot.binfmt.emulatedSystems = [
    "wasm32-wasi"
    "wasm64-wasi"
    "x86_64-windows"
    "aarch64-linux"
    "riscv64-linux"
    #"x86_64-darwin"
    #"aarch64-darwin"
  ];

  services.thermald.enable = true;

  # Bootloader

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  boot.loader.grub.useOSProber = true;


  # Virtualization

  virtualisation.podman.enable = true;
  # TODO: are these default since 22.11?
  virtualisation.podman.dockerCompat = true; # alias docker to podman
  virtualisation.oci-containers.backend = "podman";


  # Networking

  networking = {
    # Enable networking
    networkmanager.enable = true;
    #wireless.enable = true;  # Enables wireless support via wpa_supplicant.
    #iwd.enable = true

    hostName = "noximilien"; # Define your hostname.
    domain = "pbsds.net";

    interfaces.eno1.ipv4.addresses = [
      { address = "192.168.1.9"; prefixLength = 24; }
    ];

    nameservers = [
      "192.168.1.254"
      "8.8.8.8"
    ];
    defaultGateway = {
      address = "192.168.1.254";
      interface = "eno1";
    };

    #useDHCP = true;
  };

  # firewall
  services.fail2ban.enable = true;
  networking.firewall.enable = true; # default
  #networking.firewall.allowedTCPPorts = [ ... ];
  #networking.firewall.allowedUDPPorts = [ ... ];


  # Time zone and internationalisation properties.

  time.timeZone = "Europe/Oslo";
  i18n.defaultLocale = "en_US.utf8";
  i18n.extraLocaleSettings.LC_ADDRESS        = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_MEASUREMENT    = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_MONETARY       = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_NAME           = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_NUMERIC        = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_PAPER          = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_TELEPHONE      = "nb_NO.utf8";
  i18n.extraLocaleSettings.LC_TIME           = "nb_NO.utf8";
  console.keyMap              = "no";
  services.xserver.layout     = "no";
  services.xserver.xkbVariant = "";


  # Installed system packages
  # $ nix search FOOBAR

  # TODO: prune this, make home-manager deal with the majority
  environment.systemPackages = with pkgs; [
    lsof
    lshw
    htop
    file
    tmux
    #parallel # already provided by moreutils
    pwgen
    git
    nmap
    rsync
    bind.dnsutils
    graphviz
    dialog
    cowsay
    gnused
    gnumake
    coreutils-full
    moreutils
    binutils
    diffutils
    findutils
    usbutils
    bash-completion
    curl
    wget
    strace
    killall

    zip
    unrar
    unzip
    atool
    p7zip
    bzip2
    gzip
    atool

    micro
    aspell
    aspellDicts.en
    aspellDicts.nb
    vimv
    dos2unix
    #rmate # TODO: add to nixpkgs
    pandoc
    cargo
    cargo-edit
    sqlite
    #sshuttle
    visidata

    weston
    cage
    vimix-gtk-themes
    flat-remix-icon-theme
    xclip
    feh

    sshfs

    glances
    zenith
    fzf
    tealdeer # tldr
    entr
    axel aria
    bat
    xe # xargs alternative
    sd # sed alternative
    fd # find alternative
    silver-searcher # `ag`
    ripgrep
    jq
    yq
    htmlq
    sysz
    du-dust # du alternative
    ncdu    # Disk usage analyzer with an ncurses interface

    gh
    hub

    cachix
    nix-output-monitor
    nix-prefetch
    nix-top
    #nix-index
    nix-tree
    nixfmt
    alejandra

  ];

  # TODO: somehow make this root only?
  # TODO: zsh
  programs.bash.shellInit = ''
    if command -v fzf-share >/dev/null; then
      source "$(fzf-share)/key-bindings.bash"
      source "$(fzf-share)/completion.bash"
    fi
  '';

  # TODO: make this root only?
  programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
  environment.variables."EDITOR"  = "micro";

  # TODO: remove? Move?
  programs.dconf.enable = true;

  # System fonts
  # Nice to have when X-forwading on headless machines

  fonts.fonts = with pkgs; [
    noto-fonts # includes Cousine
    noto-fonts-cjk
    noto-fonts-emoji
    noto-fonts-extra
    dejavu_fonts
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  #programs.mtr.enable = true;
  #programs.gnupg.agent = {
  #  enable = true;
  #  enableSSHSupport = true;
  #};


  # OpenSSH

  services.openssh.enable = true;
  services.openssh.forwardX11 = true;



  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}