boxen/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

let
  local = import ./local.nix { inherit config pkgs lib; };
  hostName = local.networking.hostName;
  host-config = ./machines + "/${hostName}.nix";
  optionalPath = path: lib.lists.optional (builtins.pathExists path) path;
in
{
  imports =
    [
      <home-manager/nixos>
      ./hardware-configuration.nix
      ./local.nix
    ]
    ++ optionalPath host-config;
  system.stateVersion = "20.03"; # Leave this alone (see configuration.nix(5))

  nixpkgs.config.allowUnfree = true;

  # Users ####################################################################
  users.users.jez = {
    isNormalUser = true;
    group = "jez";
    extraGroups = [ "wheel" "video" ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keyFiles = [ ./data/yubikey_ssh.pub ];
  };
  users.groups.jez = { };
  users.users.elly.isNormalUser = true;

  home-manager.users.jez = import ./home/jez/home.nix;

  environment.shells = with pkgs; [ bashInteractive bash fish zsh ];

  # Networking ###############################################################
  networking = {
    useDHCP = false;
    networkmanager.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22000 # SyncThing
      ];
      allowedUDPPorts = [
        21027 # SyncThing
      ];
    };
  };

  services.avahi = {
    enable = true;
    nssmdns = true;
    publish = { enable = true; addresses = true; };
  };

  services.openssh.enable = true;

  # Security #################################################################
  security.wrappers = {
    ping = {
      source = "${pkgs.iputils.out}/bin/ping";
      owner = "nobody";
      group = "nogroup";
      capabilities = "cap_net_raw+ep";
    };
  };

  # Localisation #############################################################
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  # General ##################################################################
  environment.systemPackages = with pkgs; [
    wget vim git tree iputils

    refind
  ];

  documentation = {
    man.generateCaches = true;
    dev.enable = true;
  };

  # Desktop environment ####################################################
  hardware.opengl.driSupport32Bit = true;

  services.xserver = {
    enable = true;
    layout = "us";
    libinput.enable = true;
    displayManager.lightdm = {
      enable = true;
      greeters.enso.enable = true;
      extraSeatDefaults = ''
        greeter-hide-users = false
      '';
    };
    desktopManager.gnome3.enable = true;
  };
  programs.sway = {
    enable = true;
    wrapperFeatures.gtk = true;
  };
  services.dbus.packages = [ pkgs.gnome3.dconf ];

  services.printing.enable = true;

  sound.enable = true;
  hardware.pulseaudio.enable = true;

  # Location #################################################################
  location.provider = "geoclue2";
  services.geoclue2.enable = true;

  # Services #################################################################
  services.accounts-daemon.enable = true;

  services.pcscd = {
    enable = true;
    plugins = [ pkgs.ccid ]; # Needed for GPG + Yubikey
  };

  virtualisation.docker.enable = true;
  virtualisation.libvirtd.enable = true;
  users.groups.libvirtd.members = [ "jez" ];
  # see https://github.com/xeji/nixpkgs/blob/1894a2ace97cc61cf833f712581d31cf2c650c35/pkgs/development/libraries/spice-gtk/default.nix#L39
  security.wrappers.spice-client-glib-usb-acl-helper.source =
    "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";

  services.netdata.enable = true;

}