# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).


{ config, pkgs, lib, ... }:

{
  imports =
    [ 
      ./packages/default.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.kernelPackages = pkgs.linuxPackages_zen;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Enable the X11 windowing system.
  services.xserver.enable = false;

  # Enable CUPS to print documents.
  services.printing.enable = true;


  services.avahi = {
    enable = true;
    nssmdns4 = true;
    openFirewall = true;
  };

  # Swaylock allow to unlock
  security.pam.services.swaylock = {};
  security.sudo.wheelNeedsPassword=false;
  security.rtkit.enable = true;
  services.gnome.gnome-keyring.enable = true;
  services.usbmuxd.enable = true;
  services.pipewire = {
    enable = true;
    pulse.enable = true;
    alsa.enable = true;
  };

  programs.zsh.enable = true;
  programs.openvpn3.enable = true;
  programs.hyprland.enable = true;


  programs.neovim = {
    enable = true;
    viAlias = true;
    vimAlias = true;
    defaultEditor = true;
    configure = {
      customRC = builtins.readFile ./config/neovim/init.vim;
      packages.myVimPackage = with pkgs.vimPlugins; {
        start = [ 
	  nvim-lspconfig
	  nvim-cmp
	  cmp-nvim-lsp
	  luasnip
	  cmp_luasnip
	  tokyonight-nvim
	  vim-lsp-cxx-highlight
	];
      };
    };
  };

  boot.kernel.sysctl."kernel.sched_rt_runtime_us" = -1;

  
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem ( lib.getName pkg) [
      "osu-lazer"
      ];

  users.mutableUsers = false;
  users.users = { 
    stitchynyan = {
      isNormalUser = true;
      shell = pkgs.zsh;
      home = "/home/stitchynyan";
      description = "Personal user";
      extraGroups = [ "wheel" "networkmanager" "kvm" "libvirt" "audio" ];
      initialHashedPassword = "$y$j9T$rvySCWHYE4AO4A9J0Vf20.$x5hpBNsOWovQFtNfFUIt17OAH5MJFwFBGjxbaEIagJ3";
    };
    nyadmin = {
     isNormalUser = true;
     shell = pkgs.zsh;
     home = "/home/nyadmin";
     description = "Administrator~";
     extraGroups = [ "wheel" "kvm" "libvirt" "docker" ];
     initialHashedPassword = "$y$j9T$XguIcj/AVXsWW/MxSYAGh0$TivGAa0z8KNCli2mKTd24vtqimpadNzqMFwfbeh0p30";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVgHcJ9C8TD515x+KqFKNYUa6IZML6LU3FWovmDIvyZ" ];
    };
  };

  networking.firewall = {
    enable = true;
    # if packets are still dropped, they will show up in dmesg
    logReversePathDrops = true;
    # wireguard trips rpfilter up
    extraCommands = ''
      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
    '';
    extraStopCommands = ''
      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
    '';
    # Open ports in the firewall.
    allowedTCPPorts = [ 22000 ];
    allowedUDPPorts = [ 22000 ];
  };
}