nixconfigs/common/default.nix

{ config, pkgs, lib, inputs, ... }:

let
  unstable = inputs.nixos-unstable;

in
{
  imports =
    [
      ./packages.nix
      ./nitrokey.nix
    ];

  services.davfs2.enable = true;

  # try newer kernels
  #boot.kernelPackages = pkgs.linuxPackages_latest;


  # exfat support
  #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];

  # make the boot look good
  boot.plymouth.enable = true;

  # configure console
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de";
  };

  # Select internationalisation properties.
  i18n = {
    defaultLocale = "de_DE.UTF-8";
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.bash.enableCompletion = true;
  programs.wireshark =
    {
      enable = true;
      package = pkgs.wireshark;
    };

  programs.adb.enable = true;

  # programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  programs.ssh.startAgent = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
  networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect
  # FIXME: kdeconnect module
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  networking.networkmanager = { 
    enable = true;
    # FIXME: move into own file, use SOPS for secrets
    ensureProfiles.profiles = {
    "37C3" = {
      connection = {
        id = "37C3";
        type = "wifi";
        interface-name = "wlan0";
      };
      wifi = {
        mode = "infrastructure";
        ssid = "37C3";
      };
      wifi-security = {
        auth-alg = "open";
        key-mgmt = "wpa-eap";
      };
      "802-1x" = {
        anonymous-identity = "37C3";
        eap = "ttls;";
        identity = "37C3";
        password = "37C3";
        phase2-auth = "pap";
        altsubject-matches = "DNS:radius.c3noc.net";
        ca-cert = "${builtins.fetchurl {
          url = "https://letsencrypt.org/certs/isrgrootx1.pem";
          sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
        }}";
      };
      ipv4 = {
        method = "auto";
      };
      ipv6 = {
        addr-gen-mode = "default";
        method = "auto";
      };
    };
  };
};

  services.avahi.enable = true;

  # Enable CUPS to print documents.
  services.printing =
    {
      enable = true;
      drivers = [ pkgs.hplip ];
    };
  # scanners
  hardware.sane =
    {
      enable = true;
      extraBackends = [ pkgs.hplip ];
    };

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio = {
    enable = true;
    # decouple pulseaudio application and sink volumes
    daemon.config = { flat-volumes = "no"; };
    # C3D2 hq music
    zeroconf.discovery.enable = true;
    zeroconf.publish.enable = true;
  };


  # Bluetooth
  hardware.bluetooth = {
    enable = true;
    settings.General.Disable = "Headset"; # disable headset profile
  };
  hardware.pulseaudio = {
    package = pkgs.pulseaudioFull;
  };


  # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  services.xserver.layout = "de";
  services.xserver.xkbOptions = "eurosign:e";

  # Enable touchpad support.
  services.xserver.libinput.enable = true;

  # while libinput also supports graphic tablets, enable more-specific wacom driver
  services.xserver.wacom.enable = true;

  # Enable the KDE Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  # dconf required for several Gnome applications
  programs.dconf.enable = true;
  
  programs.firefox.enable = true;   # enables support for automatically setting additionsl nativeMessagingHosts

  # Flatpak support
  services.flatpak.enable = true;
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];

  # Define a user account. Don't forget to set a password with `passwd`.
  users.users.spiollinux = {
    isNormalUser = true;
    uid = 1000;
    extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ];
    shell = pkgs.zsh;
  };

  # enable virtualbox support
  virtualisation.virtualbox.host = {
    enable = true;
    #enableExtensionPack = true;
  };
  # allow PUEL license
  nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
  users.extraGroups.vboxusers.members = [ "spiollinux" ];

  programs.zsh =
    {
      enable = true;
      autosuggestions.enable = true;
    };

  # profile sync daemon
  services.psd.enable = true;

  services.smartd =
    {
      enable = true;
      devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }];
    };

  fonts = {
    fontDir.enable = true;
    fontconfig.enable = true;
    fontconfig.includeUserConf = true;
  };

  # Enable all sysrq functions (useful to recover from some issues):
  boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)

  nix = {
    # expose all flake inputs through nix Path and registry
    registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // {
      nixpkgs.flake = inputs.nixpkgs;
    };
    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
  # keep build-time deps around for offline-rebuilding
    settings = {
      # keep around all inputs necessary for offline-rebuilding the system
      keep-outputs = true;
      keep-derivations = true;
      trusted-users = [ "spiollinux" ];
      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
      # use all cores for building
      cores = 0;
    };
  };
  # override tmpdir for daemon
  #systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";

  # remote builders
  #nix.buildMachines = [
  #  {
  #    hostName = "build01.nix-community.org";
  #    sshUser = "ssh-ng://schmittlauch";
  #    sshKey = "/root/.ssh/remote_builder_key";
  #    system = "x86_64-linux";
  #    maxJobs = 64;
  #    supportedFeatures = [
  #      "big-parallel"
  #      "kvm"
  #      "nixos-test"
  #    ];
  #  }
  #];
  programs.ssh.knownHosts."build01.nix-community.org".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";

  # package debugging
  # programs.sysdig.enable = true;

  # declarative containers
  containers = {
    #  hash2PubSim = import ./Hash2PubTestbed.nix
    #    {
    #      inherit pkgs config;
    #      experimentUid = config.users.users.spiollinux.uid;
    #      projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
    #    };
  };

  # stop NetworkManager from managing virtual interfaces
  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];


}