{ config, pkgs, ... }:

let
  my-python-packages = python-packages: with python-packages; [
    pip setuptools
    z3
    requests
    beautifulsoup4
    tkinter
    lxml
    pyside2
    markdown
    psutil
  ];
  my-python2-packages = python2-packages: with python2-packages; [
    pip setuptools
    cython
    pygame
    numpy
    pillow
    pyopengl
    pyopengl-accelerate
  ];
  python-with-my-packages = pkgs.python3.withPackages my-python-packages;
  python2-with-my-packages = pkgs.python2.withPackages my-python2-packages;
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernelPackages = pkgs.linuxPackages_5_10;
  boot.extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ];
  boot.kernelModules = [ "v4l2loopback" ];
  boot.kernelParams = [ "mitigations=off" ];
  boot.kernel.sysctl = {
    # enable Alt+SysRq commands
    "kernel.sysrq" = 1;
    "vm.swappiness" = 1;
    "net.ipv4.ip_forward" = 1;
    # silence kernel warning
    "fs.suid_dumpable" = 0;
  };
  # disable coredumps
  systemd.coredump.extraConfig = ''
    Storage=none
  '';
  security.pam.loginLimits = [
    { domain = "*"; item = "core"; type = "hard"; value = "0"; }
  ];
  # /tmp should be a tmpfs
  boot.tmpOnTmpfs = true;

  hardware.cpu.amd.updateMicrocode = true;
  services.fstrim.enable = true;
  services.journald.extraConfig = "SystemMaxUse=100M";

  networking.useDHCP = false;
  networking.interfaces.enp39s0.useDHCP = true;
  networking.hostName = "nixOS";
  networking.firewall.logRefusedConnections = false;
  networking.firewall.rejectPackets = true;
  networking.firewall.allowedTCPPorts = [ 12783 12975 25565 ];
  networking.firewall.allowedUDPPorts = [ 12975 ];
  # Or disable the firewall altogether.
  #networking.firewall.enable = false;

  security.sudo.extraConfig = ''
    Defaults insults
    Defaults timestamp_timeout=-1
  '';

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "de_DE.UTF-8";
  console = {
    keyMap = "dvorak";
  };
  environment.sessionVariables = {
    XDG_CONFIG_HOME = "$HOME/.config";
    XDG_CACHE_HOME = "$HOME/.cache";
    XDG_DATA_HOME = "$HOME/.local/share";

    KDEHOME = "/home/arne/.config/kde";
    KDESYCOCA = "/home/arne/.cache/kdesycoca";
    KDE_HOME_READONLY = "1";
    KDE_UTF8_FILENAMES = "1";
    ANDROID_SDK_HOME = "/home/arne/.cache";
    GRADLE_USER_HOME = "/home/arne/.cache/gradle";
    MATHEMATICA_USERBASE = "/home/arne/.cache/mathematica";
    XCOMPOSECACHE = "/home/arne/.cache/X11/xcompose";
  };
  environment.extraInit = ''
    export XAUTHORITY=/tmp/Xauthority
    [ -e ~/.Xauthority ] && mv -f ~/.Xauthority "$XAUTHORITY"
  '';
  environment.etc = {
    "zshenv.local" = {
      text = ''
        ZDOTDIR=$HOME/.config/zsh
      '';
      mode = "0444";
    };
    "sysconfig/lm_sensors".text = ''
      HWMON_MODULES="nct6775"
    '';
    #"adobe/mms.cfg".text = ''
    #  AllowListUrlPattern=*://kongregate.com
    #  AllowListUrlPattern=*://*.kongregate.com
    #'';
  };

  services.xserver.enable = true;
  services.xserver.enableCtrlAltBackspace = true;
  services.xserver.libinput.enable = true;
  services.xserver.layout = "us";
  services.xserver.xkbVariant = "dvorak";
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;
  xdg.portal.enable = true;
  xdg.portal.gtkUsePortal = true;
  
  fonts.enableDefaultFonts = true;
  fonts.fonts = with pkgs; [
    noto-fonts-emoji
    liberation_ttf
  ];

  # services.printing.enable = true;
  services.boinc.enable = true;
  services.vnstat.enable = true;
  services.gitlab-runner.enable = true;
  services.gitlab-runner.services = {
    shell = {
      registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration";
      executor = "shell";
    };
    shell2 = {
      registrationConfigFile = "/home/arne/Documents/gitlab-runner-registration-kv";
      executor = "shell";
    };
  };
  services.openvpn.servers = {
    kit-split = {
     config = ''
       config /home/arne/Documents/KIT/kit-split.ovpn
     '';
     autoStart = false;
     };
    kit = {
      config = ''
        config /home/arne/Documents/KIT/kit.ovpn
      '';
      autoStart = false;
      };
  };
  # services.logmein-hamachi.enable = true;

  sound.enable = true;
  hardware.pulseaudio.enable = true;
  hardware.pulseaudio.support32Bit = true;

  hardware.opengl.enable = true;
  hardware.opengl.driSupport = true;
  hardware.opengl.driSupport32Bit = true;
  hardware.opengl.extraPackages = with pkgs; [ amdvlk vaapiVdpau libvdpau-va-gl ];
  hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];

  users.users.arne = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" "adbusers" ];
    shell = pkgs.zsh;
  };

  nixpkgs.config = {
    allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [
      "minecraft-launcher"
      "steam"
      "steam-original"
      "steam-runtime"
      "mathematica"
      "idea-ultimate"
      "android-studio-stable"
      "logmein-hamachi"
    ];
    packageOverrides = super: let self = super.pkgs; in {
      # remove tesseract and ImageMagick
      ripgrep-all = super.ripgrep-all.overrideDerivation (attrs: {
        postInstall = ''
          wrapProgram $out/bin/rga \
            --prefix PATH ":" "${super.pkgs.lib.makeBinPath [ super.pkgs.pandoc super.pkgs.poppler_utils super.pkgs.ripgrep ]}"
        '';
        doInstallCheck = false;
      });
    };
  };
  # programs.steam.enable = true;
  programs.zsh.enable = true;
  programs.zsh.enableGlobalCompInit = false;
  programs.adb.enable = true;
  programs.gnupg.agent = { 
    enable = true; 
    enableSSHSupport = true;
    pinentryFlavor = "qt";
  };
  environment.systemPackages = with pkgs; [
    # standard utilities
    coreutils
    gzip
    gcc
    manpages
    dnsutils
    vim htop curl wget file zsh git
    tree killall
    # premium utilities
    jq tmux
    ripgrep
    ripgrep-all
    p7zip
    iotop
    img2pdf
    pdftk
    fd
    zoxide
    fzf
    entr
    oxipng
    ffmpeg_4

    # programming environments
    geckodriver
    python2-with-my-packages
    python-with-my-packages
    jdk14 maven visualvm
    rustup
    jupyter
    vscodium
    jetbrains.idea-ultimate
    androidStudioPackages.stable

    # CLI applications
    lynx
    droidcam
    sqlite
    borgbackup
    nix-tree
    gallery-dl
    youtube-dl
    plantuml

    # GUI applications
    sqlitebrowser
    gimp
    firefox
    thunderbird
    keepassxc
    josm
    anki
    tor-browser-bundle-bin
    mathematica
    gparted
    trilium-desktop
    qdirstat
    filelight
    libreoffice-fresh
    filezilla
    qbittorrent
    tdesktop
    yakuake okular akregator kwalletmanager gwenview ark kcalc kcolorchooser kompare k3b kcharselect
    kdeApplications.kruler
    kdeconnect
    plasma-vault
    ksshaskpass
    notepadqq

    xorg.xkbcomp
    xorg.xrandr
    lm_sensors

    xclip
    ntfs3g
    cryptsetup pinentry-qt
    logmein-hamachi
    mpv
    wineWowPackages.full
    winetricks
    cdrkit
    vnstat
    aspellDicts.de
    hunspellDicts.de-de
    bitcoin
    qemu
    docker-compose
    update-resolv-conf
    texlive.combined.scheme-full
    tectonic
    linuxPackages_5_10.perf
    perf-tools
    smartmontools
    nodejs
    libfaketime
    afl

    multimc
    minecraft

    update-resolv-conf
    openssl
  ];
  virtualisation.docker.enable = true;
  virtualisation.docker.logDriver = "journald";

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
}