dotfiles/.config/configuration.nix

{ config, lib, pkgs, ... }:

let
  my-python3-packages = python3-packages: with python3-packages; [
    pip setuptools
    z3
    requests
    beautifulsoup4
    tkinter
    lxml
    pyside2
    markdown
    psutil

    scipy
    numpy
    pillow
  ];
  #my-python2-packages = python2-packages: with python2-packages; [
  #  pip setuptools
  #  cython
  #  pygame
  #  numpy
  #  pillow
  #  pyopengl
  #  pyopengl-accelerate
  #];
  python3-with-my-packages = pkgs.python3.withPackages my-python3-packages;
  #python2-with-my-packages = pkgs.python2.withPackages my-python2-packages;  
  linuxPackages = pkgs.linuxPackages_5_10;
  mpvPlus = pkgs.mpv-with-scripts.override {
    scripts = [ pkgs.mpvScripts.mpris ];
  };
  microsoftErgonomicKeyboard = pkgs.callPackage /home/arne/nixpkgs/microsoft-ergonomic-keyboard { kernel = linuxPackages.kernel; };
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  nix.autoOptimiseStore = true;

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernelPackages = linuxPackages;
  #boot.kernelPatches = [
  #  {
  #    name = "fixup MS keyboard";
  #    patch = /home/arne/src/linux-5.10.62/0001-change-it.patch;
  #  }
  #];
  boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback microsoftErgonomicKeyboard ];
  boot.kernelModules = [ "v4l2loopback" "nct6775" "hid_microsoft_ergonomic" ];
  boot.kernelParams = [ "mitigations=off" "amdgpu.noretry=0" ];
  boot.kernel.sysctl = {
    # enable Alt+SysRq commands
    "kernel.sysrq" = 1;
    "vm.swappiness" = 1;
    "net.ipv4.ip_forward" = 1;
    # silence kernel warning
    "fs.suid_dumpable" = 0;
  };
  # disable coredumps
  systemd.coredump.extraConfig = ''
    Storage=none
  '';
  security.pam.loginLimits = [
    { domain = "*"; item = "core"; type = "hard"; value = "0"; }
  ];
  # /tmp should be a tmpfs
  boot.tmpOnTmpfs = true;

  hardware.cpu.amd.updateMicrocode = true;
  hardware.mcelog.enable = true;
  services.fstrim.enable = true;
  services.journald.extraConfig = "SystemMaxUse=100M";

  #hardware.bluetooth.enable = true;

  networking.useDHCP = false;
  networking.interfaces.enp39s0.useDHCP = true;
  #networking.interfaces.enp42s0f3u2.useDHCP = false;
  #networking.interfaces.enp42s0f3u2.proxyARP = true;
  #networking.interfaces.enp42s0f3u2.ipv4.routes = [
  #  {
  #    address = "10.0.0.0";
  #    prefixLength = 24;
  #  }
  #];
  #networking.interfaces.enp42s0f3u2.ipv4.addresses = [
  #  {
  #    address = "10.0.0.1";
  #    prefixLength = 24;
  #  }
  #];
  networking.hostName = "nixOS";
  #networking.hosts = {
  #  "10.0.0.2" = [ "arne-ThinkPad-T410" ];
  #};
  networking.firewall.logRefusedConnections = false;
  networking.firewall.rejectPackets = true;
  networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ];
  networking.firewall.allowedTCPPortRanges = [
    # KDE Connect
    { from = 1714; to = 1764; }
  ];
  networking.firewall.allowedUDPPorts = [ 12975 ];
  networking.firewall.allowedUDPPortRanges = [
    # KDE Connect
    { from = 1714; to = 1764; }
  ];
  # Or disable the firewall altogether.
  #networking.firewall.enable = false;

  security.sudo.extraConfig = ''
    Defaults insults
    Defaults timestamp_timeout=10
  '';

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "de_DE.UTF-8";
  console = {
    keyMap = "dvorak";
  };
  environment.sessionVariables = {
    XDG_CONFIG_HOME = "$HOME/.config";
    XDG_CACHE_HOME = "$HOME/.cache";
    XDG_DATA_HOME = "$HOME/.local/share";

    KDEHOME = "$HOME/.config/kde";
    KDESYCOCA = "$HOME/.cache/kdesycoca";
    KDE_HOME_READONLY = "1";
    KDE_UTF8_FILENAMES = "1";
    ANDROID_SDK_HOME = "$HOME/.cache";
    GRADLE_USER_HOME = "$HOME/.cache/gradle";
    XCOMPOSECACHE = "$HOME/.cache/X11/xcompose";
  };
  environment.extraInit = ''
    export XAUTHORITY=/tmp/Xauthority
    [ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY"
  '';
  environment.etc = {
    "zshenv.local" = {
      text = ''
        ZDOTDIR=$HOME/.config/zsh
      '';
      mode = "0444";
    };
    "sysconfig/lm_sensors".text = ''
      HWMON_MODULES="nct6775"
    '';
    #"adobe/mms.cfg".text = ''
    #  AllowListUrlPattern=*://kongregate.com
    #  AllowListUrlPattern=*://*.kongregate.com
    #'';
  };

  services.xserver.enable = true;
  services.xserver.enableCtrlAltBackspace = true;
  services.xserver.libinput.enable = true;
  #services.xserver.libinput.accelProfile = "flat";
  services.xserver.layout = "dvorak-custom";
  services.xserver.extraLayouts = {
    dvorak-custom = {
      description = "Dvorak customized";
      languages = [ "eng" ];
      symbolsFile = /home/arne/.config/dvorak-custom;
    };
  };
  services.xserver.autoRepeatDelay = 183;
  services.xserver.autoRepeatInterval = 33;
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.displayManager.job.logToJournal = true;
  services.xserver.desktopManager.plasma5.enable = true;
  xdg.portal.enable = true;
  xdg.portal.gtkUsePortal = true;

  fonts.enableDefaultFonts = true;
  fonts.fonts = with pkgs; [
    noto-fonts-emoji
    liberation_ttf
    cozette
    font-awesome
  ];

  virtualisation.docker.enable = true;
  virtualisation.docker.logDriver = "journald";
  #virtualisation.anbox.enable = true;

  # services.printing.enable = true;
  services.trilium-server.enable = true;
  #services.trilium-server.dataDir = "/home/arne/.local/share/trilium-sync-server-data";
  #services.trilium-server.host = "192.168.178.21";
  services.trilium-server.port = 12783;
  services.boinc.enable = true;
  services.vnstat.enable = true;
  services.gitlab-runner.enable = true;
  services.gitlab-runner.services = {
    shell = {
      registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration";
      executor = "shell";
      buildsDir = "/tmp/builds_dir";
    };
    #shell2 = {
    #  registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv";
    #  executor = "shell";
    #};
  };
  services.openvpn.servers = {
    kit-split = {
     config = ''
       config /home/arne/Documents/KIT/kit-split.ovpn
     '';
     autoStart = false;
     };
    kit = {
      config = ''
        config /home/arne/Documents/KIT/kit.ovpn
      '';
      autoStart = false;
      };
  };
  # services.logmein-hamachi.enable = true;

  sound.enable = false;
  #hardware.pulseaudio.enable = false;
  #hardware.pulseaudio.support32Bit = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # this does not exist (yet?)
    #pulse.support32Bit = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };

  hardware.opengl.enable = true;
  hardware.opengl.driSupport = true;
  hardware.opengl.driSupport32Bit = true;
  hardware.opengl.extraPackages = with pkgs; [ amdvlk vaapiVdpau libvdpau-va-gl ];
  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];

  users.users.arne = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" "adbusers" "wireshark" "audio" ];
    shell = pkgs.zsh;
  };

  nixpkgs.config = {
    allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [
      "minecraft-launcher"
      "steam"
      "steam-original"
      "steam-runtime"
      "mathematica"
      "idea-ultimate"
      "android-studio-stable"
    ];
    packageOverrides = super: let self = super.pkgs; in {
      maven = super.maven.override {
        jdk = super.pkgs.jdk11;
      };
      # remove openssl/curl
      rustup = super.rustup.overrideAttrs (attrs: rec {
        buildInputs = [ super.pkgs.zlib ];
        cargoBuildFlags = [ "--no-default-features --features no-self-update,reqwest-backend,reqwest-rustls-tls" ];
        doCheck = false;
      });
    };
  };
  programs.steam.enable = true;
  programs.zsh.enable = true;
  programs.zsh.enableGlobalCompInit = false;
  programs.zsh.interactiveShellInit = ''
    source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh
  '';
  programs.command-not-found.enable = false;
  programs.adb.enable = true;
  programs.wireshark.enable = true;
  programs.wireshark.package = pkgs.wireshark;
  programs.gnupg.agent = {
    enable = true; 
    enableSSHSupport = false;
    pinentryFlavor = "qt";
  };
  # do not show unlock prompt on login
  security.pam.services.sddm.enableKwallet = lib.mkOverride 0 false;
  environment.systemPackages = with pkgs; [
    # standard utilities
    coreutils
    gzip
    manpages
    dnsutils
    vim htop curl wget file zsh git git-branchless
    tree killall
    # premium utilities
    jq tmux
    ripgrep
    ripgrep-all
    p7zip
    iotop
    img2pdf
    pdftk
    exa
    fd
    zoxide
    fzf
    entr
    oxipng
    ffmpeg_4

    # programming environments
    #geckodriver
    #python2-with-my-packages
    python3-with-my-packages
    jdk8
    #visualvm
    rustup
    cargo-outdated cargo-edit
    #jupyter
    vscodium
    jetbrains.idea-ultimate
    #androidStudioPackages.stable
    #nodejs
    gcc10 gnumake cmake
    llvmPackages_11.bintools

    # cplex
    key

    # CLI applications
    lynx
    droidcam
    sqlite
    borgbackup
    nix-tree rnix-hashes
    #gallery-dl
    yt-dlp
    #plantuml
    #tectonic
    docker-compose
    qemu
    graphviz

    # GUI applications
    sqlitebrowser
    (gimp-with-plugins.override { plugins = [ gimpPlugins.gmic ]; })
    firefox
    thunderbird
    ungoogled-chromium
    keepassxc
    josm
    #anki
    tor-browser-bundle-bin
    mathematica
    gparted
    trilium-desktop
    qdirstat
    filelight
    libreoffice-fresh
    qbittorrent
    tdesktop
    alacritty
    okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect kmag
    plasma5Packages.kruler
    kdeconnect
    plasma-vault
    ksshaskpass
    notepadqq
    mpvPlus

    #xorg.xkbcomp
    xorg.xrandr
    #evtest
    lm_sensors

    xclip
    ntfs3g
    cryptsetup pinentry-qt
    cdrkit
    vnstat
    aspellDicts.de
    hunspellDicts.de-de
    #texlive.combined.scheme-full
    linuxPackages.perf
    perf-tools
    smartmontools
    #libfaketime
    #afl

    # Games
    multimc
    #minecraft
    #logmein-hamachi

    update-resolv-conf # for OpenVPN configs

    # List of packages to get on demand
    #wineWowPackages.full
    #winetricks
  ];
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
}