nix-config/systems/aarch64-linux/macbook-pro-nixos/default.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  lib,
  pkgs,
  namespace,
  ...
}:
{
  imports = [
    ./boot.nix
    ./filesystems.nix
    ./hardware-configuration.nix
    ./services.nix
  ];

  hardware.xone.enable = true;

  nix.settings.extra-platforms = [ "x86_64-linux" ];
  boot.binfmt.emulatedSystems = [ "x86_64-linux" ];

  hardware.asahi = {
    enable = true;
    peripheralFirmwareDirectory = ./firmware;
    setupAsahiSound = true;
  };

  # Workaround for Apple BCM Bluetooth firmware not sending completion ACKs.
  # Without this, WirePlumber spams "Missing completion reports for packet:
  # Bluetooth adapter firmware bug?" and audio over BT is unreliable.
  hardware.bluetooth.settings = {
    Policy = {
      AutoEnable = true;
    };
  };

  services.pipewire.wireplumber.extraConfig = {
    "51-bluetooth-apple-fix" = {
      "monitor.bluez.properties" = {
        "bluez5.msbc-support" = false;
        "bluez5.sbc-xq-support" = false;
        "bluez5.hw-offload-sco" = false;
      };
    };
  };

  ${namespace} = {
    headless.enable = false;

    sops.enable = true;

    impermanence = {
      enable = true;
      # extraDirectories = [
      #   {
      #     directory = "/var/cache/ccache";
      #     user = "nobody";
      #     group = "nobody";
      #     mode = "u=rwx,g=rwx,o=rx";
      #   }
      # ];
    };
    user = {
      name = "matt";
      hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
      extraGroups = [
        "scanner"
        "lp"
        "video"
        "i2c"
      ];
      packages = with pkgs; [
        firefox
        tree
        git
        box64
        prismlauncher
        distrobox
      ];
    };

    desktop = {
      hyprland = {
        enable = false;
        wallpaperSource = "bing";
      };
      plasma = {
        enable = lib.mkForce true;
        wallpaper.enable = true;
      };
    };
    hardware = {
      battery = {
        enable = true;
        battery = "/sys/class/power_supply/macsmc-battery/charge_control_end_threshold";
      };
    };
    network = {
      hostName = "macbook-pro-nixos";
      ipv4 = {
        method = "auto";
        interface = "wlan0";
      };
      firewall = {
        allowedUDPPorts = [
          1990
          2021
        ];
      };
    };
    services = {
      nebula = {
        enable = true;
        secretsPrefix = "macbook-pro-nixos/nebula";
        secretsFile = lib.snowfall.fs.get-file "secrets/mac-secrets.yaml";
        hostSecretName = "macbook-pro-nixos";
      };
    };
    wallpaper = {
      enable = true;
    };
  };

  nixpkgs.config.allowUnsupportedSystem = true;

  virtualisation = {
    libvirtd.enable = true;
    # efi = {
    #   OVMF = (pkgs.OVMF.override {
    #     secureBoot = true;
    #   });
    # };
    waydroid.enable = false;
    # - CONFIG_ANDROID_BINDER_IPC is not enabled!
    # - CONFIG_ANDROID_BINDERFS is not enabled
  };

  systemd.services.virt-secret-init-encryption.enable = false;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages =
    with pkgs;
    [
      # apfs-fuse
      # apfsprogs
      aria2
      asahi-bless
      asahi-btsync
      asahi-nvram
      asahi-wifisync
      cabextract
      erofs-utils
      fex
      micro
      muvm
      squashfuse
      squashfsTools
      unzip
      vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
      virt-manager
      wget

      (pkgs.OVMF.override {
        secureBoot = true;
      })
    ]
    ++ (with pkgs.${namespace}; [
      omnissa
    ]);

  environment.sessionVariables = {
    DBX_CONTAINER_MANAGER = "podman";
    GSK_RENDERER = "opengl";
  };
}