# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix

      ./extraDefs/dwierz.nix
      ./extraDefs/qbittorrent.nix

      ./media.nix
      ./wireguard.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.kernelModules = ["iwlwifi"];
  boot.kernelPackages = pkgs.linuxPackages_latest;

  swapDevices = [
    {
      device = "/.swapfile";
    }
  ];

  fileSystems."/media/data" = {
    device = "/dev/disk/by-uuid/1471ffef-3931-455a-9baa-4e5d6cefade9";
    fsType = "xfs";
  };

  # Intel drivers are not installed by default?
  hardware.graphics.extraPackages = [ pkgs.intel-media-driver ];

  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = true;

  boot.tmp.cleanOnBoot = true;

  networking.hostName = "desert";

  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.wireless.networks.LiberteCoffret = {
    psk = "jawamzapreszczaju";
  };

  # Set your time zone.
  time.timeZone = "Europe/Paris";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    # keyMap = "us";
    useXkbConfig = true; # use xkbOptions in tty.
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.morj = {
    isNormalUser = true;
    home = "/home/morj";
    uid = 1000;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.

    hashedPassword = "$y$j9T$BEGu8zUOrXKy1E85rYdG81$Xbh6MYoubldqtKcmK1d.v8AAJHh3VSSpMtchrnlnli1";

    openssh.authorizedKeys.keys = [
      ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDL4w7NX9hzjY2EQn/ruxx89781trSoY1y0F0M7iXqA8uif513WupqisD5zY9CCOwCWLlu1FegcR9MKJjsP2EKxk/NWIVjNBQZWg1qgAu0uZGhZ0hDdfDCzARSRrJQHdOFjzoJTBC4ZO6qENbmY9x8KXuamNMsWvDIaMdXycMU5yLku648VwbOYMcZ3srop5gXoX7j/9pys96nRodNl7PXTQU5vm3C2R97/L9aZEg/+TvlvmIhcW/lRJm1JIDTicfDvH0VzIxuxH5srrinfomeQpya5E6djs5ei65H5gtrQUzfmfpCbVBdCsEz7ba7RuXk3J8W/RB7dRP77nkUe+Ga3mIomJtZTRGqlllQPY/bWkj1koZnXc04cEsUW9yDoz99x30qPJU44D2P0v5Mb1uWPwVfnkMIhnRn50RUUSsh2mjzrzsiH6vv8vzQSTuX2Aqk5KQBIJDpQ4wkYn4AjBD11PqrxaEOTGW5dVCtkHPparahYj9UYI9nT7TIqhu5uN/s= morj@ravenous''
      ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC05KwRH+jx64JoouieeUlZnIY8FjocY0wBTzWLH+s4hq7zT5sNlNo/8N4z3TlFsLzQtR1L41EyTi+XcYCkQHCksATFCLr/jN35wt5dETBenDOXo/wlohQFSPI+1GBgi3koYzJWbixGz8vby7t5dxrebGqMh40qGaKM51C5jBhYgReYjcL8eW0x97zdIOhK8bXAhJGRCDo5Ng3PLdwNuo6wnJAZpI2rhFyU625z+d+7sI50CTTMoG+sLPouwd9QYFcUEgYJADxiaSH1pP+qXCT9cZzWqQTwSg28a/a1oj30IOMxa5KfL0P4XGblaGHOvNHsv67zkCUy68n+/IP4B8gJhUhVVWS1gaEB+RxViZOk0H6pSLTHc9hxOA9v7TdxqV//ezncwgNled9/YWrXP2zQ9us9Tw1CE//WmR0BM+P09FIRKkv+1EradVINy8YPH4kit4rK37nFETpnlPiBt41a4+xPb0TBm4qt1yEBOa9er6D2rVcLKnOXWvbgLKFk5q0= morj@MacBook-Pro''
    ];
  };

  users.groups.morj = {
    gid = 1000;
  };

  environment.systemPackages = with pkgs; [
    neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    curl
  ];
  programs.neovim.defaultEditor = true;

  # List services that you want to enable:

  services.openssh.enable = true;
  services.avahi = {
    enable = true;
    openFirewall = true;
    nssmdns4 = true;
    nssmdns6 = true; # needs testing. Docs says it might cause waiting for timeouts
    publish.enable = true;
    publish.addresses = true;
    publish.domain = true;
    publish.userServices = true;
  };

  # Sound

  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Graphics

  services.xserver.enable = false;

  # Net services

  # NFS shares
  services.nfs.server = {
    enable = true;
    exports = ''
      /media/data   192.168.1.0/24(insecure,rw,sync,no_subtree_check)
    '';
  };

  # Firewall
  networking.firewall.allowedTCPPorts = [
    # port for general sploits
    1337
    # NFS
    2049
    # dwierz
    80
  ];

  # Remote nixos build

  nix.distributedBuilds = true;
  nix.buildMachines = [
    {
      hostName = "ravenous.local";
      sshUser = "morj";

      system = "x86_64-linux";
      protocol = "ssh-ng";
      maxJobs = 4;
      speedFactor = 16;
      supportedFeatures = ["big-parallel" "benchmark"];
    }
  ];
  # hopefully fixes a problem with copy-closure and singatures
  nix.settings.trusted-users = [ "morj" ];


  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
}