# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:
let
  user = "admin";
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  hostname = "jallen-nas";
  timezone = "America/Chicago";
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration-nas.nix
      ./nas-samba/samba.nix
      ./nas-apps/swag.nix
      ./nas-apps/jellyfin.nix
      ./nas-apps/sonarr.nix
      ./nas-apps/radarr.nix
      ./nas-apps/sabnzbd.nix
      ./nas-apps/mariadb.nix
      ./nas-apps/nextcloud.nix
      ./nas-apps/collabora.nix
      ./nas-apps/jellyseerr.nix
    ];

  # Enable nix flakes and nix-command tools
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Configure bootloader with lanzaboot and secureboot
  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 2;
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };
    
    # Override kernel to latest
    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;

    kernelParams = [
      "nohibernate"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;

    supportedFilesystems = [ "zfs" ];

    zfs.extraPools = [ "junk" ];
    zfs.requestEncryptionCredentials = false;
  };

  # Hardware configs
  hardware = {
    # Bluetooth
    bluetooth.enable = true;

    # Enable all firmware
    enableAllFirmware = true;

    # Disable pulse audio in favor of pipewire
    pulseaudio.enable = false;
    
    # Nvidia
    nvidia = {
      package = config.boot.kernelPackages.nvidiaPackages.beta;
      
      # Modesetting is required.
      modesetting.enable = true;

      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
      powerManagement.enable = false;

      # Fine-grained power management. Turns off GPU when not in use.
      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
      powerManagement.finegrained = false;

      # Use the NVidia open source kernel module (not to be confused with the
      # independent third-party "nouveau" open source driver).
      # Support is limited to the Turing and later architectures. Full list of 
      # supported GPUs is at: 
      # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
      # Only available from driver 515.43.04+
      # Currently alpha-quality/buggy, so false is currently the recommended setting.
      open = false;

      # Enable the Nvidia settings menu,
      # accessible via `nvidia-settings`.
      nvidiaSettings = true;
    };
    
    # Enable OpenGL
    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
    };
  };

  # Services configs
  services = {
    openssh.enable = true;

    # Enable firmware updates
    fwupd.enable = true;
    
    # Enable the X11 windowing system.
    xserver = {
      enable = true;

      # Load nvidia driver for Xorg and Wayland
      videoDrivers = ["nvidia"];
    
      # Enable the Plasma 6 Desktop Environment.
      displayManager = {
        sddm.enable = true;
        defaultSession = "plasmawayland";
      };
      desktopManager.plasma5.enable = true;
    };
    
    # Enable CUPS to print documents.
    printing.enable = true;
    
    # configure pipewire
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };

    # Set to enable Flatpak
    flatpak.enable = false;

    # Enable RDP
    xrdp = {
      enable = true;
      defaultWindowManager = "startplasma-x11";
      openFirewall = true;
    };

    avahi = {
      enable = true;
      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        hinfo = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles = { # TODO is this needed?
        smb = ''
          <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
          <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
          <service-group>
            <name replace-wildcards="yes">%h</name>
            <service>
              <type>_smb._tcp</type>
              <port>445</port>
            </service>
          </service-group>
        '';
      };
    };
  };

  systemd.services = {
    nas-mounts = {
      path = [ pkgs.zfs pkgs.bash ];
      script = ''
        if test -d /mnt/ssd/ssd_app_data; then
          echo "NAS ZFS Pools Mounted."
        else
          zpool import -f "MainPool"
          zpool import -f "SSD"
          zfs load-key -L file:///root/main-pool.key "MainPool"
          zfs load-key -L file:///root/ssd.key "SSD"
          zfs mount -a
          echo "NAS ZFS Pools Mounted."
        fi
      '';
      wantedBy = [ "multi-user.target" ];
    };

    glances-server = {
      path = [ pkgs.bash pkgs.glances ];
      script = ''
        #!/user/bin/env bash
        glances -w
      '';
      wantedBy = [ "multi-user.target" ];
    };
  };

  # Networking configs enp7s0
  networking = {
    hostName = hostname;

    hostId = "4b501480";

    # Enable Network Manager
    networkmanager.enable = true;

    firewall = {
      enable = true;
      allowPing = true;
      extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; # TODO is this needed?
      allowedTCPPorts = [ 80 443 61208 ];
      allowedUDPPorts = [ 80 443 61208 ];
    };
  };

  # Time config
  time = {
    # Set your time zone.
    timeZone = timezone;
  };

  # Configure environment
  environment = {
    # List packages installed in system profile. To search, run:
    # $ nix search wget
    systemPackages = with pkgs; [
      vim
      wget
      nano
      efibootmgr
      sbctl
      pciutils
      vulkan-tools
      clinfo
      glances
      python3
      nix-ld
      binutils
      gcc
      nodejs-18_x
    ];
  };

  # Configure programs
  programs = {
    fish.enable = true;
    virt-manager.enable = true;
    nix-ld.enable = true;
  };

  # Configure nixpkgs
  nixpkgs = {
    config = {
      # Enable non free
      allowUnfree = true;

      permittedInsecurePackages = [
        # ...
      ];
    };
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users = {
    # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
    mutableUsers = false;
    groups.jallen-nas.gid = 1000; # create nas group cause truenas perms

    # Admin account
    users."${user}" = {
      isNormalUser = true;
      extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" "nas-apps" "jallen-nas" ]; # Enable ‘sudo’ for the user.
      initialHashedPassword = password;
      shell = pkgs.fish;
      openssh.authorizedKeys.keys = [
        # macBook
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
        # desktop windows
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
      ];
      packages = with pkgs; [
        neofetch
        git
        parted
        aspell
        aspellDicts.en
        aspellDicts.en-computers
        aspellDicts.en-science
        aha
        papirus-icon-theme
        firefox
      ];
    };

    # Nix app account
    users.nix-apps = {
      isSystemUser = true;
      uid = 911;
      group = "jallen-nas";
      extraGroups = [ "jallen-nas" ]; # Enable ‘sudo’ for the user.
      hashedPassword = password;
    }; 
  };

  # Virtualisation
  virtualisation = {
    docker = {
      enable = true;
      enableNvidia = true;
      enableOnBoot = true;
    };

    libvirtd.enable = true;
  };

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?

}