nixos_flake_config/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{
  config,
  pkgs,
  lib,
  caps2esc,
  nix-xilinx,
  sops-nix,
  ...
}: {
  imports = [];

  system.stateVersion = "23.05";
  system.autoUpgrade.enable = false;

  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
  sops.secrets."peerix/private" = {
    sopsFile = ./secrets/peerix.yaml;
  };

  nix = {
    optimise.automatic = true;
    gc.automatic = true;
    gc.options = "--delete-older-than 7d";
    package = pkgs.nixUnstable;
    settings = {
      experimental-features = ["nix-command" "flakes"];
      trusted-public-keys = [
        "binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
      ];
    };
  };

  boot = {
    extraModulePackages = with config.boot.kernelPackages; [usbip];
    initrd.compressor = "zstd";
    initrd.kernelModules = ["amdgpu"];
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = ["psmouse.synaptics_intertouch=0"];
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot.editor = false;
    loader.systemd-boot.enable = true;
    readOnlyNixStore = true;
    supportedFilesystems = ["btrfs"];
    tmp.useTmpfs = true;
  };

  security = {
    rtkit.enable = true;
    allowSimultaneousMultithreading = true;
    sudo.enable = true;
    doas.enable = true;
    doas.extraRules = [
      {
        users = ["akill"];
        keepEnv = true;
        persist = true;
      }
    ];
  };

  powerManagement = {
    enable = true;
  };

  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [80 443];
    };

    hostName = "nixy";
    nameservers = ["127.0.0.1" "::1"];
    dhcpcd.extraConfig = "nohook resolv.conf";

    extraHosts = ''
      192.168.88.230 mediabox.lan
      192.168.88.230 jellyfin.mediabox.lan
      192.168.88.230 deluge.mediabox.lan
      192.168.88.230 binarycache.mediabox.lan
      192.168.88.231 workstation.lan
      192.168.88.1   router.lan
    '';

    networkmanager = {
      enable = true;
      dns = "none";
      wifi.backend = "iwd";
    };

    wireless.iwd = {
      enable = true;
      settings = {
        General = {
          AddressRandomization = "network";
          #EnableNetworkConfiguration = true;
        };
      };
    };
  };

  time.timeZone = "Europe/Sarajevo";

  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [nix-xilinx.overlay];
  environment = {
    homeBinInPath = true;
    variables = {
      PATH = "$HOME/.cargo/bin";
    };
  };

  programs = {
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    zsh.enable = true;
    firejail.enable = true;
    adb.enable = true;
    wireshark.enable = true;
    sway.enable = true;
  };

  # List services that you want to enable:
  systemd = {
    services = {
      "caps2esc" = {
        description = "Intercepts keyboard udev events";
        wants = ["systemd-udevd.service"];
        wantedBy = ["multi-user.target"];
        serviceConfig.Nice = -20;
        script = ''
          ${pkgs.interception-tools}/bin/intercept \
          -g /dev/input/by-path/platform-i8042-serio-0-event-kbd | \
          ${caps2esc.defaultPackage.x86_64-linux}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput   \
          -d /dev/input/by-path/platform-i8042-serio-0-event-kbd   \
        '';
      };
    };

    extraConfig = ''
      DefaultTimeoutStartSec=30s
      DefaultTimeoutStopSec=30s
    '';
  };

  services = {
    acpid.enable = true;
    btrfs.autoScrub.enable = true;
    dbus.enable = true;
    fstrim.enable = true;
    fwupd.enable = true;
    ntp.enable = true;
    openssh.enable = true;
    printing.enable = true;

    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };

    xserver = {
      enable = true;
      dpi = 144;
      libinput.enable = true;
      desktopManager.xterm.enable = false;
      displayManager = {
        lightdm.enable = false;
        startx.enable = true;
        defaultSession = "none+i3";
      };
      windowManager.i3.enable = true;
    };

    udev = {
      packages = [pkgs.openocd pkgs.rtl-sdr pkgs.openhantek6022];
      extraRules = ''
        #Xilinx FTDI
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"

        #Xilinx Digilent
        ATTR{idVendor}=="1443", MODE:="666"
        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
      '';
    };

    tlp = {
      enable = true;
    };

    actkbd = {
      enable = true;
      bindings = [
        {
          keys = [113];
          events = ["key"];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
        }

        {
          keys = [114];
          events = ["key" "rep"];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
        }

        {
          keys = [115];
          events = ["key" "rep"];
          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
        }

        {
          keys = [224];
          events = ["key"];
          command = "${pkgs.light}/bin/light -U 5";
        }

        {
          keys = [225];
          events = ["key"];
          command = "${pkgs.light}/bin/light -A 5";
        }
      ];
    };

    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        ipv6_servers = true;
        require_dnssec = true;

        sources.public-resolvers = {
          urls = [
            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
          ];
          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
        };
      };
    };

    nix-serve = {
      enable = false;
      secretKeyFile = "/var/cache-priv-key.pem";
    };

    journald.extraConfig = ''
      SystemMaxUse=50M
    '';

    logind.extraConfig = ''
      KillUserProcesses=yes
    '';
  };

  fonts = {
    fontconfig = {
      cache32Bit = true;
      allowBitmaps = true;
      useEmbeddedBitmaps = true;
      defaultFonts = {
        monospace = ["JetBrainsMono"];
      };
    };

    fonts = with pkgs; [
      dejavu_fonts
      dina-font
      fira-code
      fira-code-symbols
      font-awesome
      font-awesome_4
      inconsolata
      iosevka
      jetbrains-mono
      liberation_ttf
      noto-fonts
      noto-fonts-cjk
      noto-fonts-emoji
      proggyfonts
      siji
      terminus_font
      terminus_font_ttf
      ubuntu_font_family
    ];
  };

  virtualisation = {
    containers.storage.settings = {
      storage = {
        driver = "btrfs";
        graphroot = "/var/lib/containers/storage";
        runroot = "/run/containers/storage";
      };
    };
    podman = {
      enable = true;
      autoPrune.enable = true;
      dockerCompat = true;
    };
  };

  sound.enable = true;

  hardware = {
    bluetooth = {
      enable = true;
      settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
    };

    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
      extraPackages = with pkgs; [];
    };
  };

  zramSwap = {
    enable = false;
    algorithm = "zstd";
  };

  users.users.akill = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"];
  };
}