# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{
  config,
  pkgs,
  ...
}: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];

  # Secret management
  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
  sops.secrets.wg-priv = {
    sopsFile = ../../secrets/monolith/wg.yaml;
    key = "privateKey";
  };
  sops.secrets.spotifyShortcutsClientId = {
    sopsFile = ../../secrets/spotify-shortcuts.yaml;
    key = "clientId";
  };
  sops.secrets.spotifyShortcutsClientSecret = {
    sopsFile = ../../secrets/spotify-shortcuts.yaml;
    key = "clientSecret";
  };

  # Users
  users.users.jonas = {
    isNormalUser = true;
    description = "Jonas";
    hashedPassword = ""; # passwordless login (sudo is now unusable without specifying NOPASSWD)
    extraGroups = ["networkmanager" "wheel" "docker" "dialout"];
  };
  security.sudo.wheelNeedsPassword = false;
  users.groups.data = {
    gid = 1001;
    members = ["jonas"];
  };
  users.defaultUserShell = pkgs.zsh;
  programs.zsh.enable = true;

  # fonts
  fonts.packages = with pkgs; [
    fira
    fira-code-symbols
    nerd-fonts.fira-code
  ];

  # hive modules
  hive.nix-scripts.enable = true;
  hive.displayManager.name = "sddm";
  hive.themes.layan.enable = true;
  hive.plasma.enable = true;
  hive.kwallet.enable = true;
  hive.kwallet.forUsers = ["jonas"];
  hive.virt-manager.enable = true;
  hive.virt-manager.forUsers = ["jonas"];
  hive.bluetooth.enable = true;
  hive.sound.enable = true;
  hive.sound.noisetorch = true;
  hive.yubikey.enable = true;
  hive.services.kdeconnect.enable = true;
  hive.wg.client.enable = true;
  hive.wg.client.privateKeyFile = config.sops.secrets.wg-priv.path;
  hive.wg.client.peer = "monolith";
  hive.programs.games.enable = true;
  hive.programs.games.dayz = true;
  hive.programs.games.lutris = true;
  hive.programs.games.steam = true;
  hive.programs.games.wine = true;
  hive.programs.creative = {
    enable = true;
    image-management = true;
    image-editing = true;
    image-raw-processing = true;
    video-editing-light = true;
    video-editing-heavy = true;
    daws = true;
  };
  hive.programs.spotify-shortcuts = {
    enable = true;
    clientIdSopsKey = config.sops.secrets.spotifyShortcutsClientId.name;
    clientSecretSopsKey = config.sops.secrets.spotifyShortcutsClientSecret.name;
  };

  # system packages
  environment.systemPackages = with pkgs; [
    age
    alejandra
    arduino
    borgbackup
    borgmatic
    chromium
    discord
    docker
    docker-compose
    feh
    firefox
    git
    gramps
    insomnia
    libreoffice
    mosquitto
    mpv
    mupdf
    nextcloud-client
    nh
    nix-index
    nix-output-monitor
    obsidian
    openhantek6022
    qalculate-qt
    qdirstat
    qtpass
    ranger
    sops
    spotify
    vim
    vlc
    vscode
    wget
    zoom
    zotero
  ];
  nixpkgs.config.permittedInsecurePackages = [
    "electron-25.9.0" # required by obsidian
  ];
  services.udev.packages = [pkgs.openhantek6022];
  virtualisation.docker.enable = true;

  # Corsair drivers
  hardware.ckb-next.enable = true;

  # dpi correction
  services.xserver.dpi = 91;
  environment.variables = {
    ## Used by GTK 3
    # `GDK_SCALE` is limited to integer values
    GDK_SCALE = "1";
    # Inverse of GDK_SCALE
    GDK_DPI_SCALE = "1";

    # Used by Qt 5
    QT_AUTO_SCREEN_SCALE_FACTOR = "1";

    _JAVA_OPTIONS = "-Dsun.java2d.uiScale=1";
  };
  # Expose variables to graphical systemd user services
  services.xserver.displayManager.importedVariables = [
    "GDK_SCALE"
    "GDK_DPI_SCALE"
    "QT_AUTO_SCREEN_SCALE_FACTOR"
  ];

  # Enable OpenGL
  hardware.graphics = {
    enable = true;
    enable32Bit = true;
    extraPackages = [pkgs.rocmPackages.clr];
  };

  # Load nvidia driver for Xorg and Wayland
  services.xserver.videoDrivers = ["nvidia"];

  hardware.nvidia = {
    # Modesetting is required.
    modesetting.enable = true;

    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
    # Enable this if you have graphical corruption issues or application crashes after waking
    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
    # of just the bare essentials.
    powerManagement.enable = false;

    # Fine-grained power management. Turns off GPU when not in use.
    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
    powerManagement.finegrained = false;

    # Use the NVidia open source kernel module (not to be confused with the
    # independent third-party "nouveau" open source driver).
    # Support is limited to the Turing and later architectures. Full list of
    # supported GPUs is at:
    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
    # Only available from driver 515.43.04+
    open = false;

    # Enable the Nvidia settings menu,
    # accessible via `nvidia-settings`.
    nvidiaSettings = true;

    # Optionally, you may need to select the appropriate driver version for your specific GPU.
    package = config.boot.kernelPackages.nvidiaPackages.stable;
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.11"; # Did you read the comment?

  # gc settings and binary caches
  nix = {
    settings = {
      substituters = [
        "https://aseipp-nix-cache.freetls.fastly.net"
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      experimental-features = ["nix-command" "flakes"];
      auto-optimise-store = true;
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
  };

  # boot
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.plymouth.enable = true;
  boot.initrd.systemd.enable = true;
  boot.supportedFilesystems = ["ntfs"];

  # Configure console keymap
  console.keyMap = "de";

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };

  networking.firewall.enable = true;
  networking.hostName = "monolith"; # Define your hostname.
  networking.extraHosts = ''
    127.0.0.1 monolith
  '';

  # Enable networking
  networking.networkmanager.enable = true;

  # printing
  services.printing.enable = true;

  # ld-fix
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = [
    # Add any missing dynamic libraries for unpackaged programs
    # here, NOT in environment.systemPackages
  ];
}