dotfiles/.config/configuration.nix

{ config, pkgs, ... }:

let
  my-python3-packages = python3-packages: with python3-packages; [
    pip setuptools
    z3
    requests
    beautifulsoup4
    tkinter
    lxml
    pyside2
    markdown
    psutil
  ];
  #my-python2-packages = python2-packages: with python2-packages; [
  #  pip setuptools
  #  cython
  #  pygame
  #  numpy
  #  pillow
  #  pyopengl
  #  pyopengl-accelerate
  #];
  python3-with-my-packages = pkgs.python3.withPackages my-python3-packages;
  #python2-with-my-packages = pkgs.python2.withPackages my-python2-packages;
  linuxPackages = pkgs.linuxPackages_5_10;
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernelPackages = linuxPackages;
  boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
  boot.kernelModules = [ "v4l2loopback" ];
  boot.kernelParams = [ "mitigations=off" ];
  boot.kernel.sysctl = {
    # enable Alt+SysRq commands
    "kernel.sysrq" = 1;
    "vm.swappiness" = 1;
    "net.ipv4.ip_forward" = 1;
    # silence kernel warning
    "fs.suid_dumpable" = 0;
  };
  # disable coredumps
  systemd.coredump.extraConfig = ''
    Storage=none
  '';
  security.pam.loginLimits = [
    { domain = "*"; item = "core"; type = "hard"; value = "0"; }
  ];
  # /tmp should be a tmpfs
  boot.tmpOnTmpfs = true;

  hardware.cpu.amd.updateMicrocode = true;
  services.fstrim.enable = true;
  services.journald.extraConfig = "SystemMaxUse=100M";

  networking.useDHCP = false;
  networking.interfaces.enp39s0.useDHCP = true;
  networking.hostName = "nixOS";
  networking.firewall.logRefusedConnections = false;
  networking.firewall.rejectPackets = true;
  networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ];
  networking.firewall.allowedTCPPortRanges = [
    # KDE Connect
    { from = 1714; to = 1764; }
  ];
  networking.firewall.allowedUDPPorts = [ 12975 ];
  networking.firewall.allowedUDPPortRanges = [
    # KDE Connect
    { from = 1714; to = 1764; }
  ];
  # Or disable the firewall altogether.
  #networking.firewall.enable = false;

  security.sudo.extraConfig = ''
    Defaults insults
    Defaults timestamp_timeout=-1
  '';

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "de_DE.UTF-8";
  console = {
    keyMap = "dvorak";
  };
  environment.sessionVariables = {
    XDG_CONFIG_HOME = "$HOME/.config";
    XDG_CACHE_HOME = "$HOME/.cache";
    XDG_DATA_HOME = "$HOME/.local/share";

    KDEHOME = "$HOME/.config/kde";
    KDESYCOCA = "$HOME/.cache/kdesycoca";
    KDE_HOME_READONLY = "1";
    KDE_UTF8_FILENAMES = "1";
    ANDROID_SDK_HOME = "$HOME/.cache";
    GRADLE_USER_HOME = "$HOME/.cache/gradle";
    MATHEMATICA_USERBASE = "$HOME/.cache/mathematica";
    XCOMPOSECACHE = "$HOME/.cache/X11/xcompose";
  };
  environment.extraInit = ''
    export XAUTHORITY=/tmp/Xauthority
    [ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY"
  '';
  environment.etc = {
    "zshenv.local" = {
      text = ''
        ZDOTDIR=$HOME/.config/zsh
      '';
      mode = "0444";
    };
    "sysconfig/lm_sensors".text = ''
      HWMON_MODULES="nct6775"
    '';
    #"adobe/mms.cfg".text = ''
    #  AllowListUrlPattern=*://kongregate.com
    #  AllowListUrlPattern=*://*.kongregate.com
    #'';
  };

  services.xserver.enable = true;
  services.xserver.enableCtrlAltBackspace = true;
  services.xserver.libinput.enable = true;
  services.xserver.layout = "us";
  services.xserver.xkbVariant = "dvorak";
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;
  xdg.portal.enable = true;
  xdg.portal.gtkUsePortal = true;
  
  fonts.enableDefaultFonts = true;
  fonts.fonts = with pkgs; [
    noto-fonts-emoji
    liberation_ttf
  ];

  virtualisation.docker.enable = true;
  virtualisation.docker.logDriver = "journald";
  #virtualisation.anbox.enable = true;

  # services.printing.enable = true;
  services.boinc.enable = true;
  services.vnstat.enable = true;
  services.gitlab-runner.enable = true;
  services.gitlab-runner.services = {
    shell = {
      registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration";
      executor = "shell";
    };
    shell2 = {
      registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv";
      executor = "shell";
    };
  };
  services.openvpn.servers = {
    kit-split = {
     config = ''
       config /home/arne/Documents/KIT/kit-split.ovpn
     '';
     autoStart = false;
     };
    kit = {
      config = ''
        config /home/arne/Documents/KIT/kit.ovpn
      '';
      autoStart = false;
      };
  };
  # services.logmein-hamachi.enable = true;

  sound.enable = true;
  hardware.pulseaudio.enable = true;
  hardware.pulseaudio.support32Bit = true;

  hardware.opengl.enable = true;
  hardware.opengl.driSupport = true;
  hardware.opengl.driSupport32Bit = true;
  hardware.opengl.extraPackages = with pkgs; [ amdvlk vaapiVdpau libvdpau-va-gl ];
  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];

  users.users.arne = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" "adbusers" ];
    shell = pkgs.zsh;
  };

  nixpkgs.config = {
    allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [
      "minecraft-launcher"
      "steam"
      "steam-original"
      "steam-runtime"
      "mathematica"
      "idea-ultimate"
      "android-studio-stable"
      #"logmein-hamachi"
    ];
    packageOverrides = super: let self = super.pkgs; in {
      maven = super.maven.override {
        jdk = super.pkgs.jdk11;
      };
      # remove tesseract and ImageMagick
      ripgrep-all = super.ripgrep-all.overrideDerivation (attrs: {
        postInstall = ''
          wrapProgram $out/bin/rga \
            --prefix PATH ":" "${super.pkgs.lib.makeBinPath [ super.pkgs.pandoc super.pkgs.poppler_utils super.pkgs.ripgrep ]}"
        '';
        doInstallCheck = false;
      });
      qbittorrent = super.qbittorrent.overrideAttrs (attrs: rec {
        version = "4.3.4.1";
        src = pkgs.fetchFromGitHub {
          owner = "qbittorrent";
          repo = "qbittorrent";
          rev = "release-4.3.4.1"; # TODO: is there some reason this also has to be specified?
          sha256 = "0hpv99ky077h5rvxxd76l5xv99ivqa1hq6739jp1gvl4w6w3cbgc";
        };
      });
      # remove openssl
      #rustup = super.rustup.overrideAttrs (attrs: rec {
      #  buildInputs = [ super.pkgs.zlib ];
      #  # this does not actually work due to #103130
      #  cargoBuildFlags = [ "--no-default-features" "--features" "no-self-update" "reqwest-backend" "reqwest-rustls-tls" ];
      #  doCheck = false;
      #});
    };
  };
  programs.steam.enable = true;
  programs.zsh.enable = true;
  programs.zsh.enableGlobalCompInit = false;
  programs.adb.enable = true;
  programs.gnupg.agent = { 
    enable = true; 
    enableSSHSupport = true;
    pinentryFlavor = "qt";
  };
  environment.systemPackages = with pkgs; [
    # standard utilities
    coreutils
    gzip
    gcc
    manpages
    dnsutils
    vim htop curl wget file zsh git
    tree killall
    # premium utilities
    jq tmux
    ripgrep
    ripgrep-all
    p7zip
    iotop
    img2pdf
    pdftk
    fd
    zoxide
    fzf
    entr
    oxipng
    ffmpeg_4

    # programming environments
    geckodriver
    #python2-with-my-packages
    python3-with-my-packages
    jdk11 maven visualvm
    rustup
    jupyter
    vscodium
    jetbrains.idea-ultimate
    #androidStudioPackages.stable
    nodejs

    # CLI applications
    lynx
    droidcam
    sqlite
    borgbackup
    nix-tree
    gallery-dl
    youtube-dl
    plantuml
    tectonic
    docker-compose
    qemu
    graphviz

    # GUI applications
    sqlitebrowser
    gimp
    firefox
    thunderbird
    keepassxc
    josm
    anki
    tor-browser-bundle-bin
    mathematica
    gparted
    trilium-desktop
    qdirstat
    filelight
    libreoffice-fresh
    filezilla
    qbittorrent
    tdesktop
    yakuake okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect
    kdeApplications.kruler
    kdeconnect
    plasma-vault
    ksshaskpass
    notepadqq
    mpv
    bitcoin

    xorg.xkbcomp
    xorg.xrandr
    lm_sensors

    xclip
    ntfs3g
    cryptsetup pinentry-qt
    wineWowPackages.full
    winetricks
    cdrkit
    vnstat
    aspellDicts.de
    hunspellDicts.de-de
    #texlive.combined.scheme-full
    linuxPackages.perf
    perf-tools
    smartmontools
    libfaketime
    afl

    # Games
    multimc
    minecraft
    #logmein-hamachi

    update-resolv-conf
  ];
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
}