nixos-config/configuration.nix

# Edit this configuration file to define what should be installed on your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  config,
  lib,
  pkgs,
  inputs,
  ...
}:

let
  myRizin = pkgs.rizin.passthru.withPlugins (plugins: [
    plugins.jsdec
    plugins.rz-ghidra
  ]);
in
{
  imports = [
    ./hardware-configuration.nix
    ./services/virtual.nix
    ./services/x.nix
    ./services/timer.nix
    ./services/sound.nix
    ./services/ollama.nix
  ];

  nixpkgs.overlays = [
    (import ./overlays/bambu-studio.nix)
  ];

  nixpkgs.config.allowUnfree = true;

  services.nfs.server = {
    enable = true;
    exports = ''
      /home/vagrant *(rw,sync,no_subtree_check,no_root_squash)
    '';
  };

  networking.bridges."lxcbr0".interfaces = [ ];
  networking.interfaces."lxcbr0".ipv4.addresses = [
    {
      address = "10.0.3.1";
      prefixLength = 24;
    }
  ];

  services.netbird.enable = true;

  # Enable NAT so the container can reach the Debian repos
  networking.nat = {
    enable = true;
    internalInterfaces = [ "lxcbr0" ];
    externalInterface = "enp5s0"; # Check 'ip link' for your actual interface name
  };

  services.resolved = {
    enable = true;
    dnssec = "true";
  };
  networking.nameservers = [
    "1.1.1.1"
    "8.8.8.8"
  ];

  boot.loader = {
    systemd-boot.enable = false;
    efi = {
      canTouchEfiVariables = true;
      efiSysMountPoint = "/boot/efi";
    };
    grub = {
      efiSupport = true;
      device = "nodev";
      extraConfig = ''
        GRUB_DEFAULT=saved
        GRUB_SAFEDEFAULT=false
      '';
      useOSProber = true;
    };
  };

  security.sudo = {
    enable = true;
    extraRules = [
      {
        users = [ "allen" ];
        commands = [
          {
            command = "/run/current-system/sw/bin/systemctl reboot --force";
            options = [ "NOPASSWD" ];
          }
        ];
      }

      {
        commands = [
          {
            command = "${pkgs.grub2}/bin/grub-reboot";
            options = [ "NOPASSWD" ];
          }
        ];
        groups = [ "wheel" ];
      }
    ];
  };

  security.pam.loginLimits = [
    {
      domain = "*";
      type = "soft";
      item = "nofile";
      value = "32768";
    }
    {
      domain = "*";
      type = "hard";
      item = "nofile";
      value = "65537";
    }
  ];

  networking.hostName = "haskell"; # Define your hostname.

  programs.steam.enable = true;
  programs.fuse.enable = true;

  programs.fish.enable = true;
  programs.nix-ld = {
    enable = true;
    libraries = import ./modules/ld.nix { inherit pkgs; };
  };

  time.timeZone = "Asia/Seoul";

  i18n.defaultLocale = "en_US.UTF-8";

  i18n.supportedLocales = [
    "en_US.UTF-8/UTF-8"
  ];

  i18n.inputMethod = {
    type = "fcitx5";
    enable = true;
    fcitx5.addons = with pkgs; [
      fcitx5-gtk
      fcitx5-hangul
    ];
  };
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkb.options in tty.
  # };

  services.udev.packages = with pkgs; [
    libwacom
    rtl-sdr
    platformio-core.udev
  ];

  services.flatpak.enable = true;

  services.usbmuxd = {
    enable = false;
    package = pkgs.usbmuxd2;
  };

  fonts.packages = with pkgs; [ nerd-fonts.monaspace ];

  # Enable touchpad support (enabled default in most desktopManager).
  # services.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.allen = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "incus-admin"
      "wireshark"
      "podman"
      "dialout"
    ]; # Enable ‘sudo’ for the user.
    shell = pkgs.nushell;
    home = "/home/allen";
    packages = with pkgs; [ tree ];
  };

  users.groups.libvirtd.members = [ "allen" ];
  users.groups.plugdev.members = [ "allen" ];

  programs.firefox.enable = true;
  programs.wireshark.enable = true;
  services.printing.enable = true;

  environment.sessionVariables = {
    NIXOS_OZONE_WL = "1";
  };

  # List packages installed in system profile.
  # You can use https://search.nixos.org/ to find more packages (and options).
  environment.systemPackages = with pkgs; [
    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    pkg-config
    wget
    openssl
    gnome-tweaks
    xf86_input_wacom
    glfw
    libimobiledevice
    ifuse
    git
    bash
    libopus
    xmousepasteblock
    libglvnd
    libGL
    openal
    myRizin
    libgit2
    ntfs3g
    inputs.helix.packages."${pkgs.system}".helix
    bambu-studio
  ];

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  programs.hyprland.enable = true;

  environment.variables = {
    LD_LIBRARY_PATH = lib.makeLibraryPath (
      with pkgs;
      [
        libglvnd
        libGL
        glfw
        pulseaudio
        libgit2
      ]
    );
  };

  environment.variables.EDITOR = "vim";

  services.openssh.enable = true;

  networking.firewall.enable = false;

  system.stateVersion = "25.05"; # Did you read the comment?

}