nixos-conf/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  config,
  # lib,
  pkgs,
  # inputs,
  ...
}:

{
  nixpkgs.config.allowUnfree = true;

  imports = [
    ./hardware-configuration.nix
  ];

  fileSystems = {
    "/mnt/gentoo" = {
      device = "/dev/disk/by-label/NVME_GENTOO";
      fsType = "ext4";
      neededForBoot = false;
    };
    "/mnt/HDD_A_DATA" = {
      device = "/dev/disk/by-label/HDD_A_DATA";
      fsType = "ext4";
      neededForBoot = false;
    };
    "/mnt/HDD_B_1TB" = {
      device = "/dev/disk/by-label/HDD_B_1TB";
      fsType = "ext4";
      neededForBoot = false;
    };
    # dirmounts
    "/home/thek0tyara/Documents" = {
      depends = [ "/mnt/HDD_B_1TB" ];
      device = "/mnt/HDD_B_1TB/home-backup/Documents";
      fsType = "none";
      options = [ "bind" ];
      neededForBoot = false;
    };
    "/home/thek0tyara/Downloads" = {
      depends = [ "/mnt/HDD_B_1TB" ];
      device = "/mnt/HDD_B_1TB/home-backup/Downloads";
      fsType = "none";
      options = [ "bind" ];
      neededForBoot = false;
    };
    "/home/thek0tyara/.cache" = {
      depends = [ "/mnt/HDD_A_DATA" ];
      device = "/mnt/HDD_A_DATA/_CACHE";
      fsType = "none";
      options = [ "bind" ];
      neededForBoot = false;
    };
    "/home/thek0tyara/.lmstudio" = {
      depends = [ "/mnt/HDD_A_DATA" ];
      device = "/mnt/HDD_A_DATA/_LMSTUDIO";
      fsType = "none";
      options = [ "bind" ];
      neededForBoot = false;
    };
    "/home/thek0tyara/.local/share/PrismLauncher" = {
      depends = [ "/home/thek0tyara/Documents" ];
      device = "/home/thek0tyara/Documents/games/minecraft/PrismLauncher";
      fsType = "none";
      options = [ "bind" ];
      neededForBoot = false;
    };
  };

  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      auto-optimise-store = true;
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.nixos.org"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
    };
    extraOptions = "!include ${config.age.secrets."github/token.ro.age".path}";
  };

  networking = {
    hostName = "testenv";
    nameservers = [ "10.20.0.1" ];
    enableIPv6 = false;
    hosts."127.0.0.1" = [ "domain.local" ];
  };
  systemd.network.networks."enp5s0" = {
    matchConfig.Name = "enp5s0";
    address = [ "10.20.0.201/24" ];
    routes = [ { Gateway = "10.20.0.1"; } ];
    linkConfig.RequiredForOnline = "no";
  };

  # networking.wireguard = {
  #   interfaces = {
  #     # wg200 = {
  #     #   ips = [
  #     #     "10.20.0.201/32"
  #     #   ];
  #     #   peers = [
  #     #     {
  #     #       allowedIPs = [
  #     #         "10.20.0.0/24"
  #     #       ];
  #     #       endpoint = "10.20.0.1:51821";
  #     #       persistentKeepalive = 15;
  #     #       publicKey = "EskQEQkC/5t/RyYzrmHLj0HpaiDTEOPgBkbqRcC2d1g=";
  #     #     }
  #     #   ];
  #     #   privateKeyFile = config.age.secrets."wg/syscon0.key".path;
  #     # };
  #     # syscon0 = {
  #     #   ips = [
  #     #     "10.1.1.200/32"
  #     #   ];
  #     #   peers = [
  #     #     {
  #     #       allowedIPs = [
  #     #         "10.0.0.0/16"
  #     #         "100.0.0.0/24"
  #     #         "10.1.1.0/24"
  #     #       ];
  #     #       endpoint = "87.251.77.150:60886";
  #     #       persistentKeepalive = 15;
  #     #       publicKey = "uWoxsevoib1+mX3qAtogSxX2M3R6hSu4AfG+nEFgh2I=";
  #     #       #publicKeyFile = ""; # why not you stupid bastard?
  #     #     }
  #     #   ];
  #     #   privateKeyFile = config.age.secrets."wg/syscon0.key".path;
  #     # };
  #   };
  # };
  time.timeZone = "Europe/Kiev";

  i18n.defaultLocale = "en_US.UTF-8";

  fonts.packages = with pkgs; [
    noto-fonts
    noto-fonts-cjk-sans
    noto-fonts-color-emoji
    liberation_ttf
    font-awesome
  ];

  # users.defaultUserShell = pkgs.fish;
  users.users.thek0tyara = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "disk"
      "dialout"
      "video"
      "render"
      "docker"
      "kvm"
      "libvirt"
      "input"
      "users"
      "plugdev"
      "lxc"
      "pipewire"
    ];
    packages = with pkgs; [
      swaybg
      # swayimg
      fuzzel
      gamescope
      telegram-desktop
      ladybird
      # krita # BOOST BROKE, FUCK
      meld
      pavucontrol
      pwvucontrol
      ffmpegthumbnailer
      libsForQt5.qt5.qtwayland
      qt6Packages.qt6ct
      lxappearance
      ncdu
      ffmpeg-full
      mpv
      xdotool
      tree
      hyperfine
      nmap
    ];
  };

  programs = {
    gnome-terminal.enable = true;
    # thunar.enable = true; # TODO: replace
    winbox = {
      enable = true;
      package = pkgs.winbox4;
    };
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
  };

  services = {
    openssh.enable = true;
    xrdp = {
      # enable = true;
      audio.enable = true;
      sslKey = "/secrets/xrdp/key.pem"; # TODO move those
      sslCert = "/secrets/xrdp/cert.pem"; # TODO move those
    };
  };

  networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  system.stateVersion = "25.11";
}