# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

let
  # local = import ./local.nix { inherit config pkgs lib; };
  # hostName = local.networking.hostName;
  # host-config = ./machines + "/${hostName}.nix";
  # optionalPath = path: lib.lists.optional (builtins.pathExists path) path;
in {
  imports = [
    # <home-manager/nixos>
    # ./hardware-configuration.nix
    # ./local.nix
    ./cachix.nix
  ]; # ++ optionalPath host-config;

  documentation.info.enable = lib.mkForce false;

  # Nix ######################################################################
  system.stateVersion = "20.03"; # Leave this alone (see configuration.nix(5))

  nixpkgs.config = {
    allowUnfree = true;
    joypixels.acceptLicense = true;
    packageOverrides = pkgs: {
      nur = import (builtins.fetchTarball
        "https://github.com/nix-community/NUR/archive/master.tar.gz") {
          inherit pkgs;
        };
    };
  };
  nixpkgs.overlays = [
    #   (self: super: { libvirt = (import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/066676b839a217f6b1b5d8ab05842604d33b7258.tar.gz") {}).libvirt; })
  ];

  nix = {
    package = pkgs.nixUnstable;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
    autoOptimiseStore = true;
    gc = {
      automatic = true;
      dates = "12:00";
      options = "--delete-older-than 14d";
    };
  };

  # Kernel ###################################################################
  boot = {
    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
    kernelModules = [ "v4l2loopback" ];
    kernel.sysctl = {
      "net.core.rmem_max" = 2500000;
      "vm.swappiness" = 10;
    };
  };

  # Users ####################################################################
  users.users.jez = {
    isNormalUser = true;
    group = "jez";
    extraGroups = [ "wheel" "video" "audio" "networkmanager" ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keyFiles = [ ./data/yubikey_ssh.pub ];
  };
  users.groups.jez = { };
  users.users.elly.isNormalUser = true;

  # home-manager.users.jez = import ./home/jez/home.nix;

  environment.shells = with pkgs; [ bashInteractive bash fish zsh ];

  # Networking ###############################################################
  networking = {
    useDHCP = false;
    networkmanager.enable = true;
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22000 # SyncThing
      ];
      allowedUDPPorts = [
        21027 # SyncThing
      ];
    };
  };

  services.avahi = {
    enable = true;
    nssmdns = true;
    publish = {
      enable = true;
      addresses = true;
    };
  };

  services.openssh.enable = true;
  programs.mosh.enable = true;

  # Bluetooth ################################################################
  hardware.bluetooth = {
    enable = true;
    package = pkgs.bluezFull;
  };
  services.blueman.enable = true;

  # Security #################################################################
  security.wrappers = {
    ping = {
      source = "${pkgs.iputils.out}/bin/ping";
      owner = "nobody";
      group = "nogroup";
      capabilities = "cap_net_raw+ep";
    };
  };

  # Localisation #############################################################
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.UTF-8";
  console = {
    font = "ter-124n";
    packages = [ pkgs.terminus_font ];
    keyMap = "us";
  };

  # General ##################################################################
  environment.systemPackages = with pkgs; [
    cachix

    wget
    vim
    git
    mercurial
    tree
    iputils
    ripgrep

    refind
    terminus_font
  ];

  documentation = {
    man.generateCaches = true;
    dev.enable = true;
  };

  # Desktop environment ####################################################
  hardware.opengl.driSupport32Bit = true;

  services.xserver = {
    enable = true;
    layout = "us";
    libinput.enable = true;
    displayManager.lightdm = {
      enable = true;
      greeters.enso.enable = true;
      extraSeatDefaults = ''
        greeter-hide-users = false
        greeter-show-manual-login = true
      '';
    };
    desktopManager.gnome.enable = true;
    displayManager.sessionPackages = let
      emacs-caged-desktop =
        pkgs.writeTextDir "share/wayland-sessions/emacs-caged.desktop" ''
          [Desktop Entry]
          Name=Emacs, Caged
          Comment=Just emacs, nothing else
          Exec=${pkgs.cage}/bin/cage -- ${pkgs.emacs}/bin/emacs
          Type=Application
        '';
      emacs-caged = emacs-caged-desktop.overrideAttrs
        (oldattrs: { passthru.providedSessions = [ "emacs-caged" ]; });
    in [ emacs-caged ];
  };
  programs.sway = {
    enable = true;
    wrapperFeatures.gtk = true;
  };
  services.dbus.packages = [ pkgs.gnome3.dconf ];

  xdg.portal = {
    enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
  };

  services.printing.enable = true;

  services.flatpak.enable = true;

  # Sound ####################################################################
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    pulse.enable = true;
  };
  security.rtkit.enable = true;

  # Fonts ####################################################################
  fonts.fonts = with pkgs; [
    iosevka
    fira
    fira-code
    merriweather
    gentium
    gentium-book-basic
    open-sans
    joypixels
    noto-fonts-emoji
    font-awesome
  ];

  # Location #################################################################
  location = {
    provider = "manual";
    # Somewhere roughly in the North of England
    latitude = 54.0;
    longitude = 1.0;
  };

  # Services #################################################################
  services.accounts-daemon.enable = true;

  services.pcscd = {
    enable = true;
    plugins = [ pkgs.ccid ]; # Needed for GPG + Yubikey
  };

  virtualisation.docker.enable = true;
  virtualisation.libvirtd.enable = true;
  virtualisation.spiceUSBRedirection.enable = true;
  users.groups.libvirtd.members = [ "jez" ];
  # see https://github.com/xeji/nixpkgs/blob/1894a2ace97cc61cf833f712581d31cf2c650c35/pkgs/development/libraries/spice-gtk/default.nix#L39
  security.wrappers.spice-client-glib-usb-acl-helper.source =
    "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";

  services.netdata.enable = true;

  # Hardware #################################################################
  services.udev.extraRules = ''
    # Atmel DFU
    ### ATmega16U2
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2fef", TAG+="uaccess"
    ### ATmega32U2
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff0", TAG+="uaccess"
    ### ATmega16U4
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff3", TAG+="uaccess"
    ### ATmega32U4
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff4", TAG+="uaccess"
    ### AT90USB64
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ff9", TAG+="uaccess"
    ### AT90USB128
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2ffb", TAG+="uaccess"

    # Input Club
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1c11", ATTRS{idProduct}=="b007", TAG+="uaccess"

    # STM32duino
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="0003", TAG+="uaccess"
    # STM32 DFU
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"

    # BootloadHID
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05df", TAG+="uaccess"

    # USBAspLoader
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="05dc", TAG+="uaccess"

    # ModemManager should ignore the following devices
    # Atmel SAM-BA (Massdrop)
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="6124", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"

    # Caterina (Pro Micro)
    ## Spark Fun Electronics
    ### Pro Micro 3V3/8MHz
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9203", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ### Pro Micro 5V/16MHz
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9205", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ### LilyPad 3V3/8MHz (and some Pro Micro clones)
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9207", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ## Pololu Electronics
    ### A-Star 32U4
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="0101", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ## Arduino SA
    ### Leonardo
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ### Micro
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ## Adafruit Industries LLC
    ### Feather 32U4
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000c", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ### ItsyBitsy 32U4 3V3/8MHz
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000d", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ### ItsyBitsy 32U4 5V/16MHz
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="239a", ATTRS{idProduct}=="000e", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ## dog hunter AG
    ### Leonardo
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0036", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
    ### Micro
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="2a03", ATTRS{idProduct}=="0037", TAG+="uaccess", ENV{ID_MM_DEVICE_IGNORE}="1"
  '';

}