nix/common.nix

{
  pkgs,
  pkgs-unstable,
  ...
}: {
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # enable sysrq support for REISUB
  boot.kernel.sysctl."kernel.sysrq" = "1";

  # Enable networking
  networking.networkmanager.enable = true;

  # setup magicdns for tailscale
  networking.nameservers = ["100.100.100.100" "1.1.1.1" "8.8.8.8"];
  networking.search = ["hummingbird-stork.ts.net"];
  networking.firewall.allowedUDPPorts = [
    # tailscale magicdns
    53
  ];

  # Set your time zone.
  time.timeZone = "Europe/Paris";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "fr_FR.UTF-8";
    LC_IDENTIFICATION = "fr_FR.UTF-8";
    LC_MEASUREMENT = "fr_FR.UTF-8";
    LC_MONETARY = "fr_FR.UTF-8";
    LC_NAME = "fr_FR.UTF-8";
    LC_NUMERIC = "fr_FR.UTF-8";
    LC_PAPER = "fr_FR.UTF-8";
    LC_TELEPHONE = "fr_FR.UTF-8";
    LC_TIME = "fr_FR.UTF-8";
  };

  # Enable the X11 windowing system.
  # You can disable this if you're only using the Wayland session.
  services.xserver.enable = true;

  # emable xmonad
  services.xserver.windowManager.xmonad.enable = true;

  # Enable the KDE Plasma Desktop Environment.
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;

  # does this add river to sddm menu?
  programs.river.enable = true;

  # Configure keymap in X11
  services.xserver = {
    xkb = {
      layout = "us";
      variant = "";
      options = "ctrl:nocaps";
    };
  };

  # Configure console keymap
  console.keyMap = "fr";

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    wireplumber.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.khais = {
    createHome = true;
    initialPassword = "asunarovow";
    isNormalUser = true;
    description = "Khaïs COLIN";
    extraGroups = ["networkmanager" "wheel" "podman" "libvirtd" "music" "cdrom" "scanner" "lp"];
    shell = pkgs.fish;
  };
  # access to /pile/Music
  users.groups.music = {};

  users.users.guest = {
    createHome = true;
    isNormalUser = true;
    description = "Guest Account";
    extraGroups = ["networkmanager"];
    shell = pkgs.zsh;
    packages = with pkgs; [
      mpv
      vlc
    ];
  };

  # Install firefox.
  programs.firefox.enable = true;

  # chroot jail
  programs.firejail.enable = true;

  # shell
  programs.zsh.enable = true;
  programs.fish.enable = true;

  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
    localNetworkGameTransfers.openFirewall = true;
  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # allow specific insecure packages
  nixpkgs.config.permittedInsecurePackages = [
    # needed for archivebox. Maintainer says that none of the cve are in code paths used by archivebox
    "python3.12-django-3.1.14"
  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    neovim
    home-manager
    git
    gnumake
    cifs-utils
    tailscale
    wluma
    # man pages
    man-pages
    man-pages-posix
    # kde
    kdePackages.kate
    kdePackages.plasma-workspace
    kdePackages.dolphin
    # fix kde apps having no icons
    kdePackages.qtsvg
    thunderbird-128
    # for screen sharing
    xdg-desktop-portal
    xdg-desktop-portal-kde
  ];

  # set user environment variables
  environment.sessionVariables = {
    # I don't know what this does, but it is needed for wluma to work correctly.
    # It will also slightly increase cpu usage (on wayland compositors), but shouldn't be too bad.
    WLR_DRM_NO_MODIFIERS = 1;
    # fix dolphin file associations not working
    XDG_MENU_PREFIX = "plasma-";
    # fix cursor size for some apps
    XCURSOR_SIZE = 24;
    # fix screen sharing
    XDG_CURRENT_DESKTOP = "river";
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # font configuration
  fonts = {
    packages = with pkgs; [
      nerdfonts
      ibm-plex
      cm_unicode
    ];
    fontconfig = {
      defaultFonts = {
        monospace = ["VictorMono NF Medium"];
        sansSerif = ["IBM Plex Sans"];
        serif = ["CMU Serif"];
      };
    };
  };

  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
    extraUpFlags = ["--ssh"];
  };

  # enable wluma for automatic brightness adjustment
  systemd.user.services.wluma = {
    enable = true;
    description = "Adjusting screen brightness based on screen contents and amount of ambient light";
    after = ["graphical-session.target"];
    partOf = ["graphical-session.target"];
    serviceConfig = {
      ExecStart = "${pkgs.wluma}/bin/wluma";
      Restart = "always";
    };
    wantedBy = ["graphical-session.target"];
  };

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  # enable manpages documentation
  documentation = {
    man = {
      enable = true;
      generateCaches = true;
    };
    info.enable = true;
    dev.enable = true; # linux man-pages project, dev documenation
  };

  # enable docker virtualization
  virtualisation.podman = {
    enable = true;
    # create alias mapping docker to podman
    dockerCompat = true;
    dockerSocket.enable = true;
  };

  # enable VAAPI and intel QSV
  # enable vaapi
  nixpkgs.config.packageOverrides = pkgs: {
    vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
  };
  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver
      intel-vaapi-driver
      libvdpau-va-gl
      vaapiVdpau
      intel-compute-runtime
      pkgs-unstable.vpl-gpu-rt
      intel-media-sdk
    ];
  };

  # enable hardware acceleration for qemu
  virtualisation.libvirtd.enable = true;
  programs.virt-manager.enable = true;
  virtualisation.spiceUSBRedirection.enable = true;

  services.syncthing = {
    enable = true;
    user = "khais";
    configDir = "/home/khais/.config/syncthing";
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?

  # flakes
  nix.settings.experimental-features = ["nix-command" "flakes"];

  # automatically collect garbage
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 60d";
  };

  # enable support for non-nix executables
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = [
    pkgs.libjpeg8
    pkgs.libGL
    pkgs.freetype
    pkgs.libvorbis
    pkgs.libogg
    pkgs.libpulseaudio
    pkgs.vulkan-loader
    pkgs.xorg.libX11
    pkgs.xorg.libxcb
    pkgs.xorg.libXrandr
  ];

  # bluetooth
  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = true;
  # gui for configuration
  services.blueman.enable = true;
  hardware.bluetooth.settings = {
    General = {
      # support for modern headsetes
      Enable = "Source,Sink,Media,Socket";
      # show battery level
      Experimental = true;
    };
  };

  # bluetooth mpris play-pause media control
  systemd.user.services.mpris-proxy = {
    description = "Mpris proxy";
    after = [ "network.target" "sound.target" ];
    wantedBy = [ "default.target" ];
    serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
  };

  # scanner
  # https://nixos.wiki/wiki/Scanners
  hardware.sane.enable = true;
  hardware.sane.drivers.scanSnap.enable = true;

  home-manager.backupFileExtension = "backup";
}