nixconfigs/common/default.nix

{
  config,
  pkgs,
  lib,
  ...
}:

let
  inputs = config.inputInjection.flake-inputs;
  unstable = inputs.nixos-unstable;
in
{
  imports = [
    ./packages.nix
    ./nitrokey.nix
    ./nix-settings.nix
  ];

  services.davfs2.enable = true;

  # exfat support
  #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];

  # make the boot look good
  boot.plymouth.enable = true;

  # configure console
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de";
  };

  # Select internationalisation properties.
  i18n = {
    defaultLocale = "de_DE.UTF-8";
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.bash.enableCompletion = true;
  programs.wireshark = {
    enable = true;
    package = pkgs.wireshark;
  };

  programs.adb.enable = true;

  programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  programs.ssh.startAgent = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  networking.firewall.allowedTCPPortRanges = [
    {
      from = 1714;
      to = 1764;
    }
  ];
  networking.firewall.allowedUDPPortRanges = [
    {
      from = 1714;
      to = 1764;
    }
  ]; # for KDE connect
  # FIXME: kdeconnect module
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  networking.networkmanager = {
    enable = true;
    # FIXME: move into own file, use SOPS for secrets
    ensureProfiles.profiles = {
      "37C3" = {
        connection = {
          id = "37C3";
          type = "wifi";
          interface-name = "wlan0";
        };
        wifi = {
          mode = "infrastructure";
          ssid = "37C3";
        };
        wifi-security = {
          auth-alg = "open";
          key-mgmt = "wpa-eap";
        };
        "802-1x" = {
          anonymous-identity = "37C3";
          eap = "ttls;";
          identity = "37C3";
          password = "37C3";
          phase2-auth = "pap";
          altsubject-matches = "DNS:radius.c3noc.net";
          ca-cert = "${builtins.fetchurl {
            url = "https://letsencrypt.org/certs/isrgrootx1.pem";
            sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
          }}";
        };
        ipv4 = {
          method = "auto";
        };
        ipv6 = {
          addr-gen-mode = "default";
          method = "auto";
        };
      };
    };
  };

  services.avahi.enable = true;

  # Enable CUPS to print documents.
  services.printing = {
    enable = true;
    drivers = [ pkgs.hplip ];
  };
  # scanners
  hardware.sane = {
    enable = true;
    extraBackends = [ pkgs.hplip ];
  };

  # Enable sound.
  hardware.pulseaudio = {
    enable = true;
    # decouple pulseaudio application and sink volumes
    daemon.config = {
      flat-volumes = "no";
    };
    # C3D2 hq music
    zeroconf.discovery.enable = true;
    zeroconf.publish.enable = true;
  };

  # Bluetooth
  hardware.bluetooth = {
    enable = true;
    settings.General.Disable = "Headset"; # disable headset profile
  };
  hardware.pulseaudio = {
    package = pkgs.pulseaudioFull;
  };

  # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option
  # Enable the X11 windowing system.
  services.xserver.enable = true;
  services.xserver.layout = "de";
  services.xserver.xkbOptions = "eurosign:e";

  # Enable touchpad support.
  services.xserver.libinput.enable = true;

  # while libinput also supports graphic tablets, enable more-specific wacom driver
  services.xserver.wacom.enable = true;

  # Enable the KDE Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  # dconf required for several Gnome applications
  programs.dconf.enable = true;

  programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts

  # Flatpak support
  services.flatpak.enable = true;
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];

  # Define a user account. Don't forget to set a password with `passwd`.
  users.users.spiollinux = {
    isNormalUser = true;
    uid = 1000;
    extraGroups = [
      "vboxusers"
      "wheel"
      "networkmanager"
      "scanner"
      "lp"
      "wireshark"
      "dialout"
      "cdrom"
      "input"
      "adbusers"
    ];
    shell = pkgs.zsh;
  };

  # enable virtualbox support
  virtualisation.virtualbox.host = {
    enable = true;
    #enableExtensionPack = true;
  };
  # allow PUEL license
  nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
  users.extraGroups.vboxusers.members = [ "spiollinux" ];

  programs.zsh = {
    enable = true;
    autosuggestions.enable = true;
  };

  # profile sync daemon
  services.psd.enable = true;

  fonts = {
    fontDir.enable = true;
    fontconfig.enable = true;
    fontconfig.includeUserConf = true;
  };

  # Enable all sysrq functions (useful to recover from some issues):
  boot.kernel.sysctl."kernel.sysrq" = 1; # NixOS default: 16 (only the sync command)

  nix.settings.trusted-users = [ "spiollinux" ];
  # override tmpdir for daemon
  #systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";

  # remote builders
  #nix.buildMachines = [
  #  {
  #    hostName = "build01.nix-community.org";
  #    sshUser = "ssh-ng://schmittlauch";
  #    sshKey = "/root/.ssh/remote_builder_key";
  #    system = "x86_64-linux";
  #    maxJobs = 64;
  #    supportedFeatures = [
  #      "big-parallel"
  #      "kvm"
  #      "nixos-test"
  #    ];
  #  }
  #];
  programs.ssh.knownHosts."build01.nix-community.org".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";

  # package debugging
  # programs.sysdig.enable = true;

  # declarative containers
  containers = {
    #  hash2PubSim = import ./Hash2PubTestbed.nix
    #    {
    #      inherit pkgs config;
    #      experimentUid = config.users.users.spiollinux.uid;
    #      projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
    #    };
  };

  # stop NetworkManager from managing virtual interfaces
  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
}