# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:
let
  user = "matt";
  hostname = "matt-nixos";
  timezone = "America/Chicago";
  # discover-wrapper is needed as of 1/24/24 since PackageKit does not work correctly so this removes error messages.
  discover-wrapped = pkgs.symlinkJoin
    {
      name = "discover-flatpak-backend";
      paths = [ pkgs.libsForQt5.discover ];
      buildInputs = [ pkgs.makeWrapper ];
      postBuild = ''
        wrapProgram $out/bin/plasma-discover --add-flags "--backends flatpak"
      '';
    };
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./cachix.nix
    ];

  # Enable nix flakes and nix-command tools
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Configure bootloader with lanzaboot and secureboot
  boot = {
    loader = {
      systemd-boot = {
        enable = false;
        configurationLimit = 2;
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
      settings = {
        default = "@saved";
        console-mode = "max";
      };
      configurationLimit = 2;
    };
    
    # Override kernel to latest
    kernelPackages = pkgs.linuxPackages_latest;

    kernelParams = [
      "quiet" "amdgpu.ppfeaturemask=0xffffffff"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;

    # Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023
    kernel.sysctl."net.ipv4.tcp_mtu_probing" = 1;

    # Enable AppImage
    binfmt.registrations.appimage = {
      wrapInterpreterInShell = false;
      interpreter = "${pkgs.appimage-run}/bin/appimage-run";
      recognitionType = "magic";
      offset = 0;
      mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
      magicOrExtension = ''\x7fELF....AI\x02'';
    };
  };

  # Hardware configs
  hardware = {
    # Bluetooth
    bluetooth.enable = true;

    # Xbox controllers
    xpadneo.enable = true;

    # Steam udev rules for remote play
    steam-hardware.enable = true;

    # Enable all firmware
    enableAllFirmware = true;

    # Disable pulse audio in favor of pipewire
    pulseaudio.enable = false;
    
    opengl.enable = true;
    # Enables support for 32bit libs that steam uses
    opengl.driSupport32Bit = true; 
  };

  # Services configs
  services = {
    # Enable firmware updates
    fwupd.enable = true;
    
    # Enable the X11 windowing system.
    xserver = {
      enable = true;
    
      # Enable the Plasma 6 Desktop Environment.
      displayManager = {
        sddm.enable = true;
        defaultSession = "plasma";
      };
      desktopManager.plasma6.enable = true;
    };
    
    # Enable CUPS to print documents.
    printing.enable = true;
    
    # configure pipewire
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };

    # enable auto discovery of printers
    avahi = {
      enable = true;
      nssmdns4 = true;
      openFirewall = true;
    };

    # Enable Flatpak
    flatpak.enable = true;

    flatpak.packages = [
      "com.discordapp.Discord"
      "com.spotify.Client"
      "com.visualstudio.code"
      "it.mijorus.gearlever"
      "org.libreoffice.LibreOffice"
      "net.davidotek.pupgui2" # Proton-Up Qt
      "io.github.prateekmedia.appimagepool"
    ];
  };

  # Networking configs
  networking = {
    hostName = hostname;

    # Enable Network Manager
    networkmanager.enable = true;
  };

  # Time config
  time = {
    # Set your time zone.
    timeZone = timezone;
    hardwareClockInLocalTime = true;
  }
  
  # xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];

  # Security config
  security = {
    rtkit.enable = true;

    # configure sudo
    sudo = {
      enable = true;
      extraRules = [{
        commands = [
          {
            command = "${pkgs.systemd}/bin/systemctl suspend";
            options = [ "NOPASSWD" ];
          }
          {
            command = "${pkgs.systemd}/bin/reboot";
            options = [ "NOPASSWD" ];
          }
          {
            command = "${pkgs.systemd}/bin/poweroff";
            options = [ "NOPASSWD" ];
          }
          {
            command = "/home/matt/nix-config/reset_wifi";
            options = [ "NOPASSWD" ];
          }
        ];
        groups = [ "wheel" ];
      }];
    };

    # Configure polkit
    polkit = {
      enable = true;
      extraConfig = ''
        polkit.addRule(function(action, subject) {
          if ((action.id == "org.corectrl.helper.init" ||
              action.id == "org.corectrl.helperkiller.init") &&
              subject.local == true &&
              subject.active == true &&
              subject.isInGroup("wheel")) {
                  return polkit.Result.YES;
          }
        });
    '';
    };
  };

  # Configure environment
  environment = {
    # List packages installed in system profile. To search, run:
    # $ nix search wget
    systemPackages = with pkgs; [
      vim
      wget
      nano
      os-prober
      efibootmgr
      git
      sbctl
      gparted
      discover-wrapped
      pciutils
      papirus-icon-theme
      vulkan-tools
      aspell
      aspellDicts.en
      aspellDicts.en-computers
      aspellDicts.en-science
      aha
      clinfo
      neofetch
      gamescope
      mangohud
      goverlay
      heroic
    ];

    # Force radv
    variables.AMD_VULKAN_ICD = "RADV";
  };

  # Configure programs
  programs = {
    fish.enable = true;
    java.enable = true;
    corectrl.enable = true;

    # Steam
    steam = {
      enable = true;
      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
    };
  };

  # Configure nixpkgs
  nixpkgs = {
    config = {
      # Enable non free
      allowUnfree = true;

      permittedInsecurePackages = [
        # allow insecure electron for etcher
        "electron-19.1.9"
      ];

      packageOverrides = pkgs: {
        steam = pkgs.steam.override {
          extraPkgs = pkgs: with pkgs; [
            xorg.libXcursor
            xorg.libXi
            xorg.libXinerama
            xorg.libXScrnSaver
            libpng
            libpulseaudio
            libvorbis
            stdenv.cc.cc.lib
            libkrb5
            keyutils
          ];
        };
      };
    };
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users."${user}" = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user.
    shell = pkgs.fish;
    packages = with pkgs; [
      firefox
      tree
      lm_sensors
      vmware-horizon-client
      etcher
    ];
  };

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?

}