nixos/nixos.nix

# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  ...
}: {
  # You can import other NixOS modules here
  imports = [
    # If you want to use modules your own flake exports (from modules/nixos):
    # outputs.nixosModules.example

    # Or modules from other flakes (such as nixos-hardware):
    # inputs.hardware.nixosModules.common-cpu-amd
    # inputs.hardware.nixosModules.common-ssd

    # You can also split up your configuration and import pieces of it here:
    # ./users.nix
  ];

  nixpkgs = {
    # You can add overlays here
    overlays = [
      # Add overlays your own flake exports (from overlays and pkgs dir):

      # You can also add overlays exported from other flakes:
      # neovim-nightly-overlay.overlays.default

      # Or define it inline, for example:
      # (final: prev: {
      #   hi = final.hello.overrideAttrs (oldAttrs: {
      #     patches = [ ./change-hello-to-hi.patch ];
      #   });
      # })
    ];
    # Configure your nixpkgs instance
    config = {
      # Disable if you don't want unfree packages
      allowUnfree = true;
    };
  };

  # This will add each flake input as a registry
  # To make nix3 commands consistent with your flake
  nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);

  # This will additionally add your inputs to the system's legacy channels
  # Making legacy nix commands consistent as well, awesome!
  nix.nixPath = ["/etc/nix/path"];
  environment.etc =
    lib.mapAttrs'
    (name: value: {
      name = "nix/path/${name}";
      value.source = value.flake;
    })
    config.nix.registry;

  nix.settings = {
    # Enable flakes and new 'nix' command
    experimental-features = "nix-command flakes";
    # Deduplicate and optimize nix store
    auto-optimise-store = true;
  };

  # use linux-cachy from the nyx repo.
  # is this actually "required"? no, not really. but i can have it, so why not?
  # see nyx: https://www.nyx.chaotic.cx/
  # see cachyos: https://github.com/CachyOS/linux-cachyos
  boot.kernelPackages = pkgs.linuxPackages_cachyos;

  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Enable networking
  networking.networkmanager.enable = true;

  # we're using/prioritizing dnscrypt!
  networking.nameservers = [ "127.0.0.1" "::1" ];
  # resolved and others conflicts with setting dns here
  networking.resolvconf.enable = pkgs.lib.mkForce false;
  networking.dhcpcd.extraConfig = "nohook resolv.conf";
  services.resolved.enable = false;
  # also ensuring that networkmanager doesn't modify dns settings
  networking.networkmanager.dns = "none";

  # dnscrypt settings
  services.dnscrypt-proxy2 = {
    enable = true;
    settings = {
      ipv6_servers = true;
      require_dnssec = true;

      sources.public-resolvers = {
        # of course, sourcing from the main public lists
        urls = [
          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
        ];
        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
      };

      # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
      # prioritize quad9, then adguard, and cloudflare as last resort
      server_names = [ "quad9-dnscrypt-ip4-filter-pri" "quad9-doh-ip4-port443-filter-pri" "quad9-doh-ip6-port443-filter-pri" "adguard-dns-doh" "adguard-dns-ipv6" "cloudflare" "cloudflare-ipv6" ];
    };
  };

  systemd.services.dnscrypt-proxy2.serviceConfig = {
    StateDirectory = "dnscrypt-proxy";
  };

  # enable plymouth because it looks cool :)))
  boot.plymouth = {
    enable = true;
    theme = "bgrt";
  };

  # Enable CUPS to print documents.
  services.printing = {
    enable = true;
    drivers = with pkgs; [ canon-cups-ufr2 ];
  };
  services.avahi.enable = true;
  services.avahi.nssmdns4 = true;

  # so, funny thing i learned - "xserver" is basically the blanket term for all gui stuff in nixos.
  # this really confuses me, because i'm trying to keep xorg out of this install and only wayland in.
  # i may miss some spots though.
  # see: https://www.reddit.com/r/NixOS/comments/17ia1g8/i_dont_understand_nixoss_wayland_setup/
  # EDIT: they changed it !!!!

  services.xserver.enable = true;

  # use sddm and only use its wayland session
  services.displayManager.sddm.enable = true;
  services.displayManager.sddm.wayland.enable = true;
  # default to plasma wayland session
  services.displayManager.defaultSession = "plasma";
  # gyattde rizzma 6
  services.desktopManager.plasma6 = {
    enable = true;
  };

  programs.xwayland.enable = true;
  # we use flatpak
  programs.firefox.enable = false;

  # Configure keymap in X11
  services.xserver.xkb = {
    layout = "us";
  };

  # don't install some of the default packages since i don't need them
  environment.plasma6.excludePackages = with pkgs.kdePackages; [
    plasma-browser-integration
  ];

  environment.variables = {
    # wayland related
    NIXOS_OZONE_WL = "1";
    # custom sudo prompt for the xds
    SUDO_PROMPT = "[sudo] stick out your gyatt for the rizzler: ";
  };

  fonts = {
    packages = with pkgs; [
      noto-fonts
      liberation_ttf
      fira
      unifont
      (nerdfonts.override { fonts = [ "JetBrainsMono" "Iosevka" "FiraCode" "DroidSansMono" ]; })
      noto-fonts-color-emoji
    ];
    fontconfig.defaultFonts = {
      emoji = [ "Noto Color Emoji" ];
    };
  };

  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # wireplumber exists so, lets *not* use the example session
    wireplumber.enable = true;
  };

  # flatpaks
  # TODO: unsure if i should even bother using flatpaks in a configuration/distro like this...
  # maybe i can fully embrace flatpaks once i've figured out how to remove default packages
  services.flatpak.remotes = lib.mkOptionDefault [{
    name = "flathub-system";
    location = "https://dl.flathub.org/repo/flathub.flatpakrepo";
  }];

  services.flatpak.update.auto.enable = true;
  services.flatpak.uninstallUnmanaged = true;
  # flatpak system packages
  services.flatpak.packages = [
    "org.mozilla.firefox"
    "org.mozilla.Thunderbird"
    "com.ulduzsoft.Birdtray"
    "org.libreoffice.LibreOffice"
    "org.gimp.GIMP"
    "org.inkscape.Inkscape"
    "org.qbittorrent.qBittorrent"
  ];

  environment.systemPackages = with pkgs; [
    git
    wget fzf
    curl curlHTTP3
    virt-manager
    pinentry-curses
    kitty wezterm
    bibata-cursors
    papirus-icon-theme
    (catppuccin-papirus-folders.override { flavor = [ "mocha" ]; accent = [ "green" ]; })
    (catppuccin-kde.override { flavour = [ "mocha" ]; accents = [ "green" ]; winDecStyles = [ "modern" ]; })
  ];

  # we like flatpaks
  services.flatpak.enable = true;

  # steam
  programs.steam.enable = true;

  # android debugging tools
  programs.adb.enable = true;

  # gnupg is basically required for everything i use
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  # virtualization stuff
  virtualisation.libvirtd = {
    enable = true;
    #qemu.runAsRoot = false;
    qemu.swtpm.enable = true;
  };
  virtualisation.spiceUSBRedirection.enable = true;

  # waydroid
  virtualisation.waydroid.enable = true;

  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "23.11";
}