# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

# Nix Reference Manual:  
# https://nixos.org/manual/nix/stable/
# NixOS Packages / Options:
# https://search.nixos.org/packages?

# Other things to consider:
#   Telegraf 

{ lib, config, pkgs, ... }: {
  imports =
    [ 
      # Desktop Environments
      ./desktops/gnome.nix
      
      # Software
      ./software/firefox.nix

      # Services
      ./services/openssh.nix
      ./services/promtail.nix
      ./services/fail2ban.nix
      ./services/telegraf.nix
    ];

  # Define the default sops file:
  sops.defaultSopsFile = ./secrets/secrets.yaml;

  # Keep the system up-to-date automatically
  system = {
    autoUpgrade = {
      enable = true;
      allowReboot = false;
      channel = https://channels.nixos.org/nixos-23.05;
    };
  };

  # Bootloader
  boot.loader.efi.canTouchEfiVariables = true;
  boot.tmp.cleanOnBoot = true;

  # Plymouth splash screen 
  boot.plymouth.enable = true;
  boot.initrd.systemd.enable = true;
  boot.kernelParams = ["quiet"];

  # SecureBoot
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote.enable = true;
  boot.lanzaboote.pkiBundle = "/etc/secureboot";

  # Enable networking
  networking = {
    networkmanager = { 
      enable = true;
    };

    # Password set via wpa_supplicant command
    # https://nixos.org/manual/nixos/unstable/index.html#sec-wireless
    wireless.networks = { # Use nix-sops for this
      copeland-5g.psk = config.sops.secrets.wireless.copeland-5g.psk.path;
    };

    enableIPv6 = false;
    firewall = { 
      enable = true;
      allowedTCPPorts = [  ];
      allowedUDPPorts = [  ];
      trustedInterfaces = [ "tailscale0" ];
    };
  };

  # Set your time zone.
  time.timeZone = "Asia/Tokyo";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.albert = {
    isNormalUser = true;
    description = "Albert J. Copeland";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [
      firefox
      bitwarden
      steam
      lutris
      vlc
      vscodium
    ];
  };

  # Allow unfree packages 
  nixpkgs.config.allowUnfree = true;

  # Enable flakes:  https://nixos.wiki/wiki/Flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # List packages installed in system profile
  environment.systemPackages = with pkgs; [
    # Secureboot
    sbctl

    # Bash powerline
    powerline-go

    # General packages
    # https://github.com/gvolpe/dconf2nix
    dconf2nix
    wget
    neovim
    git
    curl
    htop
    iftop
    nload
    iotop
    glxinfo
    tailscale
    neofetch
    gnupg
    fail2ban
  ];

  # Enable various system services
  services = {
    tailscale.enable = true;
  };

  # Garbage collection -- Keep the system clean
  nix.gc = {
    automatic = true;
    dates = "daily";
    options = "--delete-older-than 7d";
  };

  # Fonts
  fonts = {
    fontconfig = {
      defaultFonts = {
        emoji =     [ "Noto Color Emoji" ];
        monospace = [ "JetBrainsMono Nerd Font" "Cascadia Code" "Sarasa Mono SC" ];
        sansSerif = [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
        serif =     [ "Arimo Nerd Font" "Sarasa Gothic SC" ];
      };
      includeUserConf = false;
    };

    fonts = with pkgs; [
      cascadia-code
      (nerdfonts.override { fonts = [ "Arimo" "JetBrainsMono" ]; })
      noto-fonts-emoji
      sarasa-gothic
    ];
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?
}