nixos/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:
let 
	sources = import ./nix/sources.nix;
	git_https = "https://git.libre.moe";
in
{
  imports =
    [ # Include the results of the hardware scan.
	./hardware-configuration.nix
    ];

	# tpm2 functionality
	security.tpm2 = {
		enable = true;
		pkcs11.enable = true;
		tctiEnvironment.enable = true;
	};

  # Use the systemd-boot EFI boot loader.
 	boot = {
		kernelPackages = pkgs.linuxPackages_zen;
		#extraModulePackages = [
		#	config.boot.kernelPackages.ddcci-driver	# ddcci-driver
		#];
		#kernelModules = [ 
		#	"ddcci-driver"	# Brightness Controll (even on OLEDS)
		#	"i2c-dev"		# Brightness Controll (even on OLEDS)
		#];
		#kernelParams = [ "module_blacklist=i915" "nvidia_drm.modeset=1" ];
		#kernelPatches = [ {
		#	name = "hdr";
		#	patch = null;
		#	extraConfig = ''
		#		AMD_PRIVATE_COLOR y
		#	'';
		#	} ];
		#extraModprobeConfig = ''
		#	options nvidia_drm modes.et=1 fbdev=1
		#	options nvidia NVreg_PreserveVideoMemoryAllocations=1
		#'';
		loader = {
			efi.canTouchEfiVariables = true;
			efi.efiSysMountPoint = "/boot";
			#systemd-boot = {
			#	consoleMode = "max";
			#	memtest86.enable = true;
			#};
			grub =  {
				enable = true;
				efiSupport = true;
				device = "nodev";
			};
		};
		initrd.systemd.enable = true;
	};

	# Filesystems
	fileSystems =
	{
		#"/share" = {
		#	options = [
		#		"nofail"
		#	];
		#};
	};

	# Graphics 
	hardware = {
		graphics = {
			enable = true;
			enable32Bit = true;
			extraPackages = with pkgs; [
				vpl-gpu-rt	# newer gpus
				intel-media-sdk	# older gpus
			];
		};	
		bluetooth.enable = true;
		#nvidia	= {
		#	modesetting.enable = true; # required
		#	powerManagement.enable = false; # Experimental
		#	open = false; # Support limited to Turing and later: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
		#	nvidiaSettings = true; # accessible via nvidia-settings
		#	package = config.boot.kernelPackages.nvidiaPackages.stable;
		#};
	};

networking = 
{
	hostName = "Zuse2"; # Define your hostname
	networkmanager.enable = true;
	wireless.userControlled.enable = true;
	#nameservers = [
	#	"127.0.0.1"
	#	"::1"
	#	"192.168.178.1"
	#	"fd00::b2f2:8ff:fe44:3002"
	#	"2a02:8071:6240:2400:b2f2:8ff:fe44:3002"
	#	"1.1.1.3"
	#	"1.0.0.3"
	#	"2606:4700:4700::1113"
	#	"2606:4700:4700::1003"
	#];
};
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.

  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  # Windows compat
  time.hardwareClockInLocalTime = true;

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
  	#keyMap = "us";
  	useXkbConfig = true; # use xkb.options in tty.
  };

  # Enable the X11 windowing system.
services.xserver = {
	enable = true;

	#videoDrivers = [ "nvidia" ];
	excludePackages = with pkgs; [
		xterm	# why the fuck is this garbage even shipped?
	];

	# Configure keymap in X11
	xkb.layout = "de";
	xkb.options = "eurosign:e,caps:escape";

	# DWM (minimal Xorg Fallback)
	windowManager.dwm =  {
		enable = true;
		package = pkgs.dwm.override {
			patches = [
				(pkgs.fetchpatch{
					url = "${git_https}/KomuHome/dwm-patches/raw/branch/stable/config.h.diff";
					sha256 = "sha256-82cjMhSHEbLfh9O3xXC6+W1EtgEZoC/a+8x7Ad/7W48=";
				})
			];
		};
	};


};

# Display Manager
services.displayManager.sddm = 
{
	enable = true;
	autoNumlock = true; # Enable NumLock at login
	wayland.enable = true;
	theme = "catppuccin-mocha";
	package = pkgs.kdePackages.sddm;
};

services.xserver.displayManager.startx.enable = true;

# GNOME Keyring
services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true;
security.pam.services.hyprlock.enableGnomeKeyring = true;

# Bluetooth managment
services.blueman.enable = true;

# Enable CUPS to print documents.
services.printing.enable = true;

  # Enable sound.
  # hardware.pulseaudio.enable = true;
  # OR
security.rtkit.enable = true;
services.pipewire = {
	enable = true;
	alsa.enable = true;
	alsa.support32Bit = true;
	pulse.enable = true;
	jack.enable = true;
};

# udev
services.udev.extraRules = ''
	KERNEL=="i2c-[0-9]*", GROUP="i2c"
  '';

# Linux Torrents
services.transmission = {
		enable = true;
		webHome = pkgs.flood-for-transmission;
	};

# (p)locate, quickly find files
services.locate.package = {
	enable = true;
	locate = pkgs.plocate;
	services.locate.localuser = null;
};

services.languagetool.enable = true;

security.krb5 = {
	enable = true;
	settings = {
		libdefaults = {
    		default_realm = "UNI-PADERBORN.DE";
			forwardable = true;
			ticket_lifetime = "10h";
			renew_lifetime = "7d";
			dns_lookup_realm = true;
			dns_lookup_kdc = true;
		};
	};
};

  # Enable touchpad support (enabled default in most desktopManager).
  # services.libinput.enable = true;


# /share
users.groups.share = {};

# /steam group
users.groups.steam = {};

# i2c group for udev
users.groups.i2c = {};

# Create or adjust /share and /steam
systemd.tmpfiles.rules = [
	"q	/steam					774	root	steam"
	"Z	/steam					774	-		steam"
	"v	/share					774	root	share"
	"Z	/share					774	-		share"
	"q	/home/leon/Downloads	770	leon	users	1d"
];

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.leon = {
	isNormalUser = true;
	extraGroups = [
		"wheel"			# enable sudo root-access
		"tss"			# enable access to tpm
		"steam"			# /steam
		"share" 		# /share
		"audio"			# audio
		"video" 		# video
		"i2c"			# needed for ddcci
		"docker"		# Docker Root
		"libvirtd"		# virtualization
		"transmission"		# Linux Torrents
	];
	shell = pkgs.zsh;
  };

  users.users.kiosk = {
  	isNormalUser = true;
	home = "/var/kiosk";
	homeMode = "700";
	extraGroups = ["audio"];
  };

# Font Config
fonts =  {
	enableDefaultPackages = true;
	packages = with pkgs; [
		fira			# My favorite font
		fira-code-nerdfont	# My favorite programming font
		fira-code-symbols	# My favorite programming glyphs
		fira-math		# My favorite math font
	];

	fontconfig = 
	{
		defaultFonts = {
			serif = [ "Liberation Serif" ];
			sansSerif = [ "Fira Sans" ];
			monospace = [ "Fira Code" "Fira Mono" ];
		};
	};
};

# Environment Variables
environment.sessionVariables = rec {
	NIXOS_OZONE_WL 				= "1";
	XDG_CACHE_HOME  			= "$HOME/.cache";
	XDG_CONFIG_HOME 			= "$HOME/.config";
	XDG_DATA_HOME   			= "$HOME/.local/share";
	XDG_STATE_HOME  			= "$HOME/.local/state";
	XDG_BIN_HOME    			= "$HOME/.local/bin";
	XDG_DESKTOP_DIR				= "$HOME/Desktop";
	XDG_DOCUMENTS_DIR			= "$HOME/Documents";
	XDG_DOWNLOAD_DIR			= "$HOME/Downloads";
	XDG_MUSIC_DIR				= "$HOME/Music";
	XDG_PICTURES_DIR			= "$HOME/Pictures";
	XDG_PUBLICSHARE_DIR			= "$HOME/Public";
	XDG_TEMPLATES_DIR			= "$HOME/Templates";
	XDG_VIDEOS_DIR				= "$HOME/Videos";
	XDG_RUNTIME_DIR 			= "/run/user/$UID";
	GRIM_DEFAULT_DIR			= "$XDG_PICTURE_DIR/Screenshots";
	PATH = [ 
		"${XDG_BIN_HOME}"
	];
};

environment.etc.crypttab = {
	mode = "0600";
	text = ''
	# <volume-name> <encrypted-device> [key-file] [options]
	swap	/dev/disk/by-uuid/48a41300-6d83-4968-9248-a819d17fee3c - tpm2-device=auto
	'';
};

  # List packages installed in system profile. To search, run:
  # $ nix search wget
	nixpkgs.config.allowUnfree = true;
	#nixpkgs.config.segger-jlink.acceptLicense = true;
		environment.systemPackages = with pkgs; [
		xorg.xauth									# Dependency of startx (??)
		home-manager								# Nix's Home-Manager
		egl-wayland									# NVIDIA compat
		nvidia-vaapi-driver							# NVIDIA compat
		catppuccin-cursors.mochaDark # Catppuccin Mouse Cursors
		(catppuccin-sddm.override {
      		flavor = "mocha";
      		font  = "Fira Sans";
      		fontSize = "9";
      		#backgroundbin = "$XDG_PICTURES_DIR/Wallpapers/current";
      		loginBackground = true;
      		})
		networkmanagerapplet # Network Manager GUI
	];
	
	programs = {
		hyprland = {
			enable = true;
			xwayland.enable = true;
		};
		steam = {
			enable = true;
			remotePlay.openFirewall = true;
			gamescopeSession.enable = true;
			extraCompatPackages = [ pkgs.proton-ge-bin ];
		};

		nix-ld = {
			enable = true;
			libraries = with pkgs; [
			    # Add any missing dynamic libraries for unpackaged programs
			    # here, NOT in environment.systemPackages
				libGL	# FO:LONDON Downgrader
				libgcc	# " + steamcmd
			];
		};
		virt-manager.enable = true;
		seahorse.enable = true;
		zsh.enable = true;
		neovim.enable = true;
		git.enable = true;
	};
	
	xdg.portal = {
		enable = true;
	};


# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
	enable = true;
	enableSSHSupport = true;
};

security.polkit = {
	enable = true;
	extraConfig = ''
    polkit.addRule(function(action, subject) {
      if (
        subject.isInGroup("users")
          && (
            action.id == "org.freedesktop.login1.reboot" ||
            action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
            action.id == "org.freedesktop.login1.power-off" ||
            action.id == "org.freedesktop.login1.power-off-multiple-sessions"
          )
        )
      {
        return polkit.Result.YES;
      }
    })
  '';
  };

system.userActivationScripts.linktosharedfolder.text = ''
  if [[ ! -h "$XDG_MUSIC_DIR" ]]; then
    ln -s "/share/Music" "$XDG_MUSIC_DIR"
  fi
'';

virtualisation.docker = {
	enable = true;
	storageDriver = "btrfs";
	rootless = {
		enable = true;
		setSocketVariable = true;
	};
};

virtualisation.libvirtd.enable = true;


# Man pages
documentation.dev.enable = true;

nix.settings.experimental-features = [ "nix-command" "flakes" ]; 

# Chaotic Nyx
# https://www.nyx.chaotic.cx/
# Here be dragons!
#chaotic.hdr = 
#{
#	enable = true;
#	specialisation.enable = true;
#};

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.05"; # Did you read the comment?
}