nix_config/panam.nix

({ config, lib, pkgs, modulesPath, ... }:  {
    imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
    
    # needed for stable restarts of pi-hole container
    #boot.cleanTmpDir = true;
    
    boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
    boot.initrd.kernelModules = [ ];
    boot.kernelModules = [ ];
    boot.extraModulePackages = [ ];
    
    fileSystems."/" = { device = "/dev/disk/by-uuid/b22f705d-8d3d-4d6c-997d-226399f03e18"; fsType = "ext4"; };
    fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; };
    swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ];
    # Mounted data drives for use by glusterfs
    #fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; };
    fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; };
    fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; };
    # Glusterfs shared storage
    #fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; };
    networking.useDHCP = lib.mkDefault true;
    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
    powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
    # high-resolution display
    #hardware.video.hidpi.enable = lib.mkDefault true;
    
    
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    
    networking.hostName = "panam"; # Define your hostname.
    
    system.stateVersion = "22.11"; # Did you read the comment?
    
    nixpkgs.config.allowUnfree = true;
    nix.settings.experimental-features = [ "nix-command" "flakes" ];
    networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
    time.timeZone = "America/New_York";
    users.extraUsers.marcus = {
      name = "marcus";
      isNormalUser = true;
      group = "users";
      extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
      createHome = true;
      home = "/home/marcus";
      shell = "/run/current-system/sw/bin/bash";
    };
    users.extraUsers.nathan = {
      name = "nathan";
      isNormalUser = true;
      group = "users";
      extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
      createHome = true;
      home = "/home/nathan";
      shell = "/run/current-system/sw/bin/bash";
    };
    
    # Pi Hole + docker setup
    #virtualisation.oci-containers.backend = "docker";
    #virtualisation.docker.autoPrune.enable = true;
    
    #virtualisation.oci-containers.containers.pihole = {
      #image = "pihole/pihole:2023.02.2";
    #  image = "pihole/pihole:latest";
    #  ports = [
    #    "5353:53/udp"
    #    "5353:53/tcp"
    #    "9091:80/tcp"
    #  ];
    #  volumes = [
    #    "/var/lib/pihole/:/etc/pihole/"
    #    "/var/lib/dnsmasq.d:/etc/dnsmasq.d"
    #  ];
    #  environment = {
    #    TZ = config.time.timeZone;
    #    WEB_PORT = "80";
    #    WEBPASSWORD = "critical";
    #    PIHOLE_DNS_ = "9.9.9.9;2620:fe::fe";
    #    REV_SERVER = "true";
    #    REV_SERVER_DOMAIN = "pihole.local";
    #    REV_SERVER_TARGET = "192.168.4.1";
    #    REV_SERVER_CIDR = "192.168.4.0/16";
    #    DNSMASQ_LISTENING = "local";
    #    VIRTUAL_HOST = "pi.hole";
    #  };
    #  extraOptions = [
    #    "--add-host=host.docker.internal:host-gateway"
    #  ];
    #};
    #systemd.services."docker-pihole".postStart = ''
    #  while ! docker ps | grep pihole; do
    #    sleep 10s
    #    echo "Waiting on containers"
    #  done
    #  sleep 30s
    
    #  docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
    #  docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
    #  docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
    #  docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
    
    #  docker exec pihole pihole -g
    #  '';
    

    # Adguard Home
    services.adguardhome = {
      enable = true;
      mutableSettings = true;
      openFirewall = true;
      settings = {
        http = {
          address = "127.0.0.1:3000";
        };
        dns = {
          upstream_dns = [
            "9.9.9.9#dns.quad9.net"
            "1.1.1.1"
          ];
        };
        filtering = {
          protection_enabled = true;
          filtering_enabled = true;
          parental_enabled = false;
          safe_search = {
            enabled = false;
          };
        };
      };
    };
    # Enable flatpak for installing/running steam link software
    services.flatpak.enable = true;
    
    # testing
    services.jellyfin.enable = true;
    services.tachikoma = {
      enable = true;
      user = "nathan";
      config = ''
        id = "panam"
        database_prefix = "/home/nathan/tachikoma_db"
        adam_smasher_your_io_bandwidth = false
        reset_interval = 300
        port = 8080

        [shares.default]
        serve = [ "/data/brick1", "/data/brick2", "/data/brick3", "/home/videos" ]
        avoid = [ "/data/brick2/grey_share", "/data/brick2/staging", "/data/brick2/cache", "data/brick2/Angel Cop - Remastered", "/data/brick2/Gunbuster - The Complete OVA Series", "/data/brick2/Iria - Zeiram the Animation/", "/data/brick2/Record of Lodoss War- Chronicles of the Heroic Knight" ]
        download_dir = "/data/brick2/cache"
        mount_point = "/fuse_mount" # this is optional, remove if you don't want to FUSE
        max_delete = 30
        [shares.a_darker_shade_of_grey]
        serve = [ "/data/brick2/grey_share" ]
        max_delete = 30
      '';
    };
    programs.fuse.userAllowOther = true;
    security.rtkit.enable = true;
    services.pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };
    services.dbus.enable = true;
    xdg.portal = {
      enable = true;
      wlr.enable = true;
      extraPortals = [
        pkgs.xdg-desktop-portal-gtk 
        pkgs.xdg-desktop-portal-kde 
      ];
      #gtkUsePortal = true;
    };
    nixpkgs.overlays = [
    ];
    
    programs.sway = {
      enable = true;
      wrapperFeatures.gtk = true;
      extraPackages = with pkgs; [
        swaylock # lockscreen
        swayidle
        xwayland # for legacy apps
        #waybar # status bar
        mako # notification daemon
        kanshi # autorandr
        bemenu # is this right?
        i3status
        ffmpeg_7-full
      ];
    };
    
    environment = {
      etc = {
        "sway/config".source = ./sway_config;
      };
    };
    # For steam, and Vulkan in general
    
    nixpkgs.config.packageOverrides = pkgs: {
      vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
    };
    hardware.graphics = {
      enable = true;
      enable32Bit = true;
      extraPackages = with pkgs; [
        intel-media-driver
        intel-vaapi-driver # previously vaapiIntel
        vaapiVdpau
        libvdpau-va-gl
        intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
        vpl-gpu-rt # QSV on 11th gen or newer
        intel-media-sdk # QSV up to 11th gen
      ];
    };
    programs.bash.shellAliases = {
      steamlink = "flatpak run com.valvesoftware.SteamLink";
    };
    environment.systemPackages = with pkgs; [
      tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall htop
      firefox pkgs.nautilus vlc steam 
      foot pavucontrol pywal
      sway wayland glib dracula-theme pkgs.adwaita-icon-theme wl-clipboard
      pkgs.jellyfin
      pkgs.jellyfin-web
      pkgs.jellyfin-ffmpeg
      (pkgs.writeTextFile {
        name = "dbus-sway-environment";
        destination = "/bin/dbus-sway-environment";
        executable = true;
    
        text = ''
          dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
          systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
          systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
        '';
      })
      # currently, there is some friction between sway and gtk:
      # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland
      # the suggested way to set gtk settings is with gsettings
      # for gsettings to work, we need to tell it where the schemas are
      # using the XDG_DATA_DIR environment variable
      # run at the end of sway config
      (pkgs.writeTextFile {
        name = "configure-gtk";
        destination = "/bin/configure-gtk";
        executable = true;
        text = let
          schema = pkgs.gsettings-desktop-schemas;
          datadir = "${schema}/share/gsettings-schemas/${schema.name}";
        in ''
            export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS
            gnome_schema=org.gnome.desktop.interface
            gsettings set $gnome_schema gtk-theme 'Dracula'
        '';
      })
    ];
    programs.waybar.enable = true;
    
    # kanshi systemd service
    systemd.user.services.kanshi = {
      description = "kanshi daemon";
      serviceConfig = {
        Type = "simple";
        ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file";
      };
    };
    
    services.openssh.enable = true;
    services.tailscale.enable = true;
    networking.firewall.enable = false;
    
})