infra/krops/london/configuration.nix

{ config, pkgs, ... }:

let
  # bash script to let dbus know about important env variables and
  # propagate them to relevent services run at the end of sway config
  # see
  # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist
  # note: this is pretty much the same as  /etc/sway/config.d/nixos.conf but also restarts  
  # some user services to make sure they have the correct environment variables
  dbus-sway-environment = pkgs.writeTextFile {
    name = "dbus-sway-environment";
    destination = "/bin/dbus-sway-environment";
    executable = true;

    text = ''
      dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
      systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
      systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
    '';
  };

  # currently, there is some friction between sway and gtk:
  # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland
  # the suggested way to set gtk settings is with gsettings
  # for gsettings to work, we need to tell it where the schemas are
  # using the XDG_DATA_DIR environment variable
  # run at the end of sway config
  configure-gtk = pkgs.writeTextFile {
    name = "configure-gtk";
    destination = "/bin/configure-gtk";
    executable = true;
    text = let
      schema = pkgs.gsettings-desktop-schemas;
      datadir = "${schema}/share/gsettings-schemas/${schema.name}";
    in ''
      export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS
      gnome_schema=org.gnome.desktop.interface
      gsettings set $gnome_schema gtk-theme 'Dracula'
    '';
  };


in

{
  imports =
    [
      ./hardware-configuration.nix
      ./cachix.nix
      ./wayland.nix
    ];

  # Bootloader
  boot = {
    loader = {
      grub = {
        enable = true;
        device = "nodev";
        useOSProber = true;
        efiSupport = true;
        enableCryptodisk = true;
      };
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
    };
    binfmt.emulatedSystems = [ "aarch64-linux" ];
    extraModulePackages = with pkgs; [
      config.boot.kernelPackages.v4l2loopback
    ];
    kernelPackages = pkgs.linuxPackages_zen;
    kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback" ];

    initrd.secrets = {
      "/crypto_keyfile.bin" = null;
    };
    initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
      device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
      keyFile = "/crypto_keyfile.bin";
    };
  };

  hardware.cpu.amd.updateMicrocode = true;

  nix = {
    settings = {
      experimental-features = [ "nix-command" "flakes" ];
      auto-optimise-store = true;
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 15d";
    };
  };
  nixpkgs.config.allowUnfree = true;
  systemd.services.NetworkManager-wait-online.enable = false;
  networking = {
    hostName = "LONDON";
    networkmanager.enable = true;
    firewall = {
      enable = true;
      allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
      allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
      allowedTCPPorts = [ 7000 7100 ];
      allowedUDPPorts = [ 6000 6001 7011 ];
      trustedInterfaces = [ "tailscale0" ];
      checkReversePath = "loose";
    };
    nftables.enable = true;
  };

  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.utf8";

  services = {
    dbus.enable = true;
    yubikey-agent.enable = true;
    udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
    tailscale.enable = true;
    pcscd.enable = true;
    mullvad-vpn.enable = true;
    xserver = {
      layout = "us";
      xkbVariant = "";
      videoDrivers = [ "nvidia" ];
      enable = true;
      displayManager = {
        gdm.wayland = true;
        sddm.enable = true;
      };
      desktopManager.plasma5.enable = true;
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;
    };
    printing = {
      enable = true;
      drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
    };
    avahi = {
      nssmdns = true;
      enable = true;
      publish = {
        enable = true;
        userServices = true;
        domain = true;
      };
    };
  };

  hardware = {
    opengl = {
      enable = true;
      driSupport = true;
      driSupport32Bit = true;
    };
    nvidia = {
      modesetting.enable = true;
      nvidiaSettings = true;
    };
    sane.enable = true;
    sane.extraBackends = [ pkgs.epkowa ];
    pulseaudio.enable = false;
  };

  xdg = {
    portal = {
      enable = true;
      extraPortals = with pkgs; [
        xdg-desktop-portal-wlr
        xdg-desktop-portal-gtk
      ];
    };
  };

  programs = {
    zsh.enable = true;
    fish.enable = true;
    nix-ld.enable = true;
    dconf.enable = true;
    steam = {
      enable = true;
      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
      dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
    };
    gnupg.agent = {
	    enable = true;
	    pinentryFlavor = "gnome3";
	    enableSSHSupport = false;
	  };
  };
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.gsimmer = {
    shell = pkgs.fish;
    isNormalUser = true;
    description = "Gabriel Simmer";
    extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" ];
    packages = with pkgs; [
      firefox-wayland
      vim
      lm_sensors
    ];
  };

  virtualisation = {
    docker = {
      enable = true;
      enableNvidia = true;
      rootless = {
        enable = true;
        setSocketVariable = true;
      };
    };
    libvirtd.enable = true;
  };

  fonts.packages = with pkgs; [
    ibm-plex
    jetbrains-mono
    emojione
  ];

  environment = {
    shells = with pkgs; [ zsh fish ];
    systemPackages = with pkgs; [
      os-prober
      tailscale
      cifs-utils
      pinentry-curses
      noisetorch
      nix-output-monitor
      pinentry-qt
      xdg-utils
      dracula-theme
      dbus-sway-environment
      yubikey-touch-detector
      i3pystatus (python310.withPackages(ps: with ps; [ i3pystatus keyring ]))
    ];
  };  

  # -- Sway Stuff --
  systemd.user.targets.sway-session = {
    description = "Sway compositor session";
    documentation = [ "man:systemd.special(7)" ];
    bindsTo = [ "graphical-session.target" ];
    wants = [ "graphical-session-pre.target" ];
    after = [ "graphical-session-pre.target" ];
  };

  programs.sway = {
    enable = true;
    extraOptions = [ "--unsupported-gpu" ];
    wrapperFeatures.gtk = true;
    extraPackages = with pkgs; [
      bemenu
      swaylock
      swayidle
      xwayland
      mako
      kanshi
      grim
      slurp
      wl-clipboard
      wf-recorder
      (python310.withPackages(ps: with ps; [ i3pystatus keyring ]))
    ];
    extraSessionCommands = ''
      export SDL_VIDEODRIVER=wayland
      export QT_QPA_PLATFORM=wayland
      export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
      export _JAVA_AWT_WM_NONREPARENTING=1
      export MOZ_ENABLE_WAYLAND=1
      export WLR_RENDERER=vulkan
    '';
  };


  hardware.opengl.extraPackages = with pkgs; [
    # trying to fix `WLR_RENDERER=vulkan sway`
    vulkan-validation-layers 
  ];

  # configuring kanshi
  systemd.user.services.kanshi = {
    description = "Kanshi output autoconfig ";
    wantedBy = [ "graphical-session.target" ];
    partOf = [ "graphical-session.target" ];
    environment = { XDG_CONFIG_HOME="/home/mschwaig/.config"; };
    serviceConfig = {
      # kanshi doesn't have an option to specifiy config file yet, so it looks
      # at .config/kanshi/config
      ExecStart = ''
      ${pkgs.kanshi}/bin/kanshi
      '';
      RestartSec = 5;
      Restart = "always";
    };
  };

  security = {
    polkit.enable = true;
    rtkit.enable = true;
  };
  system.stateVersion = "23.05"; # Did you read the comment?

}