nixos-config/nix-config/host/oldie/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  config,
  lib,
  pkgs,
  materusArgs,
  mkk,
  ...
}:

{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];

  # Use the systemd-boot EFI boot loader.
  boot.tmp.useTmpfs = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  boot.loader.grub = {
    enable = true;
    efiSupport = true;
    gfxmodeEfi = "1920x1080";
    gfxmodeBios = "1920x1080";
    device = "nodev";
    useOSProber = true;
    memtest86.enable = true;
  };
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = true;
    open = true;
    nvidiaSettings = true;
    package = config.boot.kernelPackages.nvidiaPackages.stable;
  };
  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      libva-vdpau-driver
      nvidia-vaapi-driver
      libvdpau-va-gl
    ];
    extraPackages32 = with pkgs; [
      libva-vdpau-driver
      nvidia-vaapi-driver
      libvdpau-va-gl
    ];
  };
  # Use latest kernel.
  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
  networking.hostName = "oldie"; # Define your hostname.
  environment.systemPackages = with pkgs; [
    neovim
    nano
    fastfetch
    brave
  ];
  environment.enableAllTerminfo = true;
  environment.pathsToLink = [
    "/share/zsh"
    "/share/bash-completion"
    "/share/fish"
  ];
  # Configure network connections interactively with nmcli or nmtui.
  networking.networkmanager.enable = true;
  programs.firefox.enable = true;
  programs.java.enable = true;
  services.flatpak.enable = true;
  hardware.bluetooth.enable = true;
  services.gvfs.enable = true;
  programs.kdeconnect.enable = true;
  services.fstrim = {
    enable = true;
    interval = "weekly";
  };
  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
    extraPackages = with pkgs; [
      vlc
      libva
      libva-utils
      libva-vdpau-driver
      mesa
      mesa-demos
      libvdpau-va-gl
      nss
      materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
    ];
    extraCompatPackages = [
      pkgs.proton-ge-bin
    ];
    package = pkgs.steam.override {
      extraEnv = {
        PRESSURE_VESSEL_FILESYSTEMS_RW = "\${XDG_RUNTIME_DIR}/wivrn/comp_ipc";
        #PRESSURE_VESSEL_IMPORT_OPENXR_1_RUNTIMES="1";
      };
      extraLibraries =
        p: with p; [
        ];
    };
  };
  fonts.packages = [
    pkgs.dejavu_fonts
    pkgs.freefont_ttf
    pkgs.gyre-fonts
    pkgs.liberation_ttf
    pkgs.unifont

    pkgs.noto-fonts
    pkgs.noto-fonts-color-emoji
    pkgs.noto-fonts-cjk-sans
    pkgs.noto-fonts-cjk-serif
    pkgs.wqy_zenhei
    pkgs.corefonts
    pkgs.hack-font
    pkgs.nerd-fonts.hack

    pkgs.ubuntu-classic
    pkgs.monocraft
    pkgs.nerd-fonts.droid-sans-mono
    pkgs.nerd-fonts.meslo-lg
    pkgs.nerd-fonts.profont
    pkgs.nerd-fonts.fira-code
  ];
  fonts.enableDefaultPackages = lib.mkDefault true;

  fonts.fontconfig.enable = lib.mkDefault true;
  fonts.fontconfig.cache32Bit = lib.mkDefault true;

  fonts.fontconfig.defaultFonts.sansSerif = [
    "Noto Sans"
    "DejaVu Sans"
    "WenQuanYi Zen Hei"
    "Noto Color Emoji"
  ];
  fonts.fontconfig.defaultFonts.serif = [
    "Noto Serif"
    "DejaVu Serif"
    "WenQuanYi Zen Hei"
    "Noto Color Emoji"
  ];
  fonts.fontconfig.defaultFonts.emoji = [
    "Noto Color Emoji"
    "OpenMoji Color"
  ];
  fonts.fontconfig.defaultFonts.monospace = [
    "Hack Nerd Font"
    "Noto Sans Mono"
    "WenQuanYi Zen Hei Mono"
  ];

  fonts.fontDir.enable = lib.mkDefault true;

  nixpkgs.config.allowUnfree = true;
  nix.settings = {
    experimental-features = lib.mkMerge [
      [
        "nix-command"
        "flakes"
      ]
    ];
    auto-optimise-store = true;
    trusted-users = [
      "root"
      "@wheel"
    ];

    substituters = [
      "https://nix-community.cachix.org"
      "https://cache.nixos.org/"
      "https://nixerus.cachix.org/"
    ];
    trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
    ];
  };

  # Set your time zone.
  time.timeZone = "Europe/Warsaw";
  users.users.materus = {
    isNormalUser = true;
    extraGroups = [
      "audio"
      "video"
      "render"
      "pipewire"
      "wheel"
      "networkmanager"
      "input"
      "kvm"
      "libvirt-qemu"
      "libvirt"
      "libvirtd"
      "podman"
      "scanner"
      "lp"
    ];
    #shell = pkgs.zsh;
    description = "Mateusz Słodkowicz";
    #openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
    #hashedPasswordFile = config.sops.secrets."users/materus".path;
  };

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  users.defaultUserShell = pkgs.zsh;
  programs.zsh = {
    enable = true;
    enableGlobalCompInit = false;
    interactiveShellInit = ''
      if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
        source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
      fi
    '';
    promptInit = "";
  };

  # Select internationalisation properties.
  i18n.defaultLocale = "pl_PL.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "pl";
    useXkbConfig = false; # use xkb.options in tty.
  };

  programs.git = {
    enable = true;
    lfs.enable = true;
  };
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = false;
    enableBrowserSocket = true;
  };

  # Enable the X11 windowing system.
  services.xserver.enable = false;
  services.displayManager = {
    autoLogin.enable = true;
    autoLogin.user = "materus";
    plasma-login-manager.enable = true;
  };
  services.desktopManager.plasma6.enable = true;
  services.desktopManager.plasma6.enableQt5Integration = true;
  xdg.portal.enable = true;
  xdg.portal.wlr.enable = true;
  xdg.portal.xdgOpenUsePortal = true;
  xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
  environment.plasma6.excludePackages = with pkgs.kdePackages; [
    kwallet
    kwalletmanager
    kwallet-pam
  ];

  programs.ssh.startAgent = true;

  services.syncthing = {
    enable = true;
    user = "materus";
    dataDir = "/home/materus";
  };

  # Configure keymap in X11
  # services.xserver.xkb.layout = "us";
  # services.xserver.xkb.options = "eurosign:e,caps:escape";

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # services.pulseaudio.enable = true;
  # OR
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    audio.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    systemWide = true;
    jack.enable = true;
  };
  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
    dockerSocket.enable = true;
  };
  virtualisation.libvirtd = {
    enable = true;
    onBoot = "ignore";
    onShutdown = "shutdown";
    qemu.runAsRoot = true;
    qemu.swtpm.enable = true;
    qemu.package = pkgs.qemu_full;
  };
  environment.sessionVariables = rec {
    XDG_CACHE_HOME = "\${HOME}/.cache";
    XDG_CONFIG_HOME = "\${HOME}/.config";
    XDG_BIN_HOME = "\${HOME}/.local/bin";
    XDG_DATA_HOME = "\${HOME}/.local/share";

    #SSH_ASKPASS_REQUIRE = "prefer";

    STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";

    MOZ_USE_XINPUT2 = "1";
    PATH = [ "\${XDG_BIN_HOME}" ];
  };

  environment.shellInit = ''
    if ! [ -z "$DISPLAY" ]; then ${pkgs.xhost}/bin/xhost +si:localuser:root &> /dev/null; fi;
    if ! [ -z "$DISPLAY" ]; then ${pkgs.xhost}/bin/xhost +si:localuser:$USER &> /dev/null; fi;
  '';
  security.sudo = {
    enable = true;
    extraConfig = ''
      Defaults pwfeedback
    '';
  };
  i18n.inputMethod.enable = true;
  i18n.inputMethod.type = "fcitx5";
  i18n.inputMethod.fcitx5.addons = [
    pkgs.qt6Packages.fcitx5-configtool
    pkgs.fcitx5-lua
    pkgs.fcitx5-mozc
    pkgs.kdePackages.fcitx5-qt
  ];

  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  # users.users.alice = {
  #   isNormalUser = true;
  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
  #   packages = with pkgs; [
  #     tree
  #   ];
  # };

  # programs.firefox.enable = true;

  # List packages installed in system profile.
  # You can use https://search.nixos.org/ to find more packages (and options).
  # environment.systemPackages = with pkgs; [
  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #   wget
  # ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    24800
    5900
    5357
    4656
    #region Syncthing
    22000
    config.services.syncthing.relay.statusPort
    config.services.syncthing.relay.port
    #endregion
  ];
  networking.firewall.allowedUDPPorts = [
    24800
    5900
    3702
    4656
    #region Syncthing
    22000
    21027
    #endregion
  ];

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.

  hardware.uinput.enable = true;
  hardware.steam-hardware.enable = true;

  sops.templates."networkmanager.env".content = ''
    WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
  '';
  networking.networkmanager.ensureProfiles.environmentFiles = [
    config.sops.templates."networkmanager.env".path
  ];
  networking.networkmanager.ensureProfiles.profiles = {
    wg0 = {
      connection = {
        id = "PodKos";
        type = "wireguard";
        interface-name = "wg-podkos";
      };
      wireguard = {
        private-key = "$WIREGUARD_PRIVATEKEY";
      };
      "wireguard-peer.${mkk.wireguard.peers.valkyrie.pubKey}" = {
        endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
        allowed-ips = "${mkk.wireguard.ip-masks.main};${mkk.wireguard.ip-masks.guest};${mkk.wireguard.ip-masks.asia};${mkk.wireguard.peers.valkyrie.ip}/32;";
        persistent-keepalive = "20";
      };
      ipv4 = {
        address1 = "${mkk.wireguard.peers.oldie.ip}/32";
        dns = "${mkk.wireguard.peers.valkyrie.ip};";
        method = "manual";
        never-default = "true";
      };
      ipv6 = {
        addr-gen-mode = "stable-privacy";
        method = "disabled";
      };
      proxy = { };
    };
  };

  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "26.05"; # Did you read the comment?

}