nix-da/hosts/marr/configuration.nix

# vim:fileencoding=utf-8:foldmethod=marker
{
  pkgs,
  inputs,
  username,
  pubkeys,
  ...
}:
{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ../../modules
    ./home.nix
  ];

  modules.system = {
    networking = {
      bluetooth.enable = true;
      wifi.enable = true;
    };
    type = {
      graphical.enable = true;
      workstation.enable = true;
      gaming.enable = true;
    };
  };

  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.initrd.luks.devices."luks-7adaa102-d438-4e9e-9972-4a3c91b887b3".device = "/dev/disk/by-uuid/7adaa102-d438-4e9e-9972-4a3c91b887b3";

  hardware.graphics.enable = true;

  # Configure keymap in X11
  services.xserver.xkb = {
    layout = "fr";
    variant = "";
  };
  xdg.mime.enable = true;
  services.pipewire.enable = true;
  systemd.sleep.extraConfig = ''
    HibernateDelaySec=1200
  '';

  programs.pulseview.enable = true;

  specialisation = {
    gpu.configuration = {
      imports = [ inputs.nixos-hardware.nixosModules.dell-xps-15-9510-nvidia ];
    };
  };

  age.identityPaths = [
    "/etc/ssh/ssh_host_ed25519_key"
  ];

  programs = {
    dconf.enable = true;
    steam.enable = true;
    fish.enable = true;
    firefox.enable = true;
    thunderbird.enable = true;
    sway.enable = true;
  };

  services = {
    tailscale = {
      enable = true;
      extraUpFlags = [
        "--ssh"
        "--advertise-tags"
        "tag:client"
        "--login-server"
        "https://hs.ccnlc.eu"
      ];
    };
  };

  services.greetd = {
    enable = true;
    settings = {
      default_session = {
        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd \"sway --unsupported-gpu\"";
        user = "greeter";
      };
    };
  };
  age.secrets.rustypaste = {
    file = ../../secrets/rustypaste.age;
  };
  #: Virtualisation {{{
  virtualisation.docker = {
    enable = false;
    enableOnBoot = false;
    rootless = {
      enable = true;
      setSocketVariable = true;
    };
  };

  virtualisation.libvirtd.enable = true;
  programs.virt-manager.enable = true;
  #: }}}

  #: Power Consumption {{{

  services.logind = {
    lidSwitch = "suspend-then-hibernate";
    powerKey = "hibernate";
  };

  services.thermald.enable = true;

  services.tlp = {
    enable = false;
    settings = {
      #        CPU_SCALING_GOVERNOR_ON_AC = "performance";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";

      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      #        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";

      #        CPU_MIN_PERF_ON_AC = 0;
      #       CPU_MAX_PERF_ON_AC = 100;
      CPU_MIN_PERF_ON_BAT = 0;
      CPU_MAX_PERF_ON_BAT = 20;

      #Optional helps save long term battery health
      START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge
      STOP_CHARGE_THRESH_BAT0 = 80; # 80 and above it stops charging
    };
  };

  services.upower = {
    enable = true;
    criticalPowerAction = "Hibernate";
  };
  #:}}}

  services = {
    dbus.enable = true;
    fwupd.enable = true;
    gvfs.enable = true;
    printing.enable = true;
  };

  xdg.portal.enable = true;

  modules.media.enableAll = true;
  # Configure console keymap
  console.keyMap = "fr";

  users = {
    defaultUserShell = pkgs.fish;
    users.${username} = {
      isNormalUser = true;
      createHome = true;
      extraGroups = [
        "networkmanager"
        "wheel"
        "audio"
        "libvirtd"
        "dialout" # Necessary for serial port interactions
      ];
      openssh.authorizedKeys.keys = [ pubkeys.ny ];
    };
  };

  services.gnome.gnome-keyring.enable = true;

  environment.variables = {
    ELECTRON_OZONE_PLATFORM_HINT = "auto";
    MOZ_ENABLE_WAYLAND = 1;
  };

  security.polkit.enable = true;

  services.openssh = {
    enable = true;
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    shared-mime-info
    fish
    git
    htop
    nextcloud-client
    kdeconnect
    eza
    bat
    glib
    wireguard-tools
    dconf
    pwvucontrol
    xdg-utils
    brightnessctl
    pop-icon-theme
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
}