system/configuration.nix

# NixOS's declarative configuration calculates which software packages need to be installed and then soft-links the storage paths of these packages in the Nix Store to /run/current-system, and by modifying environment variables like PATH
{
  lib,
  config,
  pkgs,
  zen-browser,
  hyprland,
  inputs,
  agenix,
  pkgs-unstable,
  pia,
  ...
}:
let
  unstable = import <nixpkgs> {
    overlays = pkgs.overlays;
  };
in
{
  imports = [
    ./environment.nix
    ./hardware-configuration.nix

    ./modules/containers.nix
    ./modules/display.nix
    ./modules/files.nix
    ./modules/fonts.nix
    ./modules/musnix.nix
    ./modules/network.nix
    ./modules/nix.nix
    # ./modules/qt.nix
    ./modules/security.nix
    ./modules/tailscale.nix
    ./modules/users.nix
    ./modules/wm.nix
    ./modules/xdg.nix

    # ./pkgs/app/utilities/bacula.nix
    # ./pkgs/app/servers/ff-sync.nix
    # ./pkgs/virtualisation/docker.nix
    # ./pkgs/virtualisation/vbox.nix

    # ./flakes/scribeVault.nix
  ];

  programs.hyprland = {
    enable = true;
    xwayland.enable = true;
    # package = pkgs.hyprland;
    # package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
    portalPackage = pkgs.xdg-desktop-portal-hyprland;
    # portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
  };

  # Redirect syslog to TTY12
  # systemd.services."systemd-journald-tty12" = {
  #   description = "Forward syslog to TTY12";
  #   serviceConfig = {
  #     ExecStart = "/bin/sh -c 'journalctl -f > /dev/tty12'";
  #   };
  #   wantedBy = [ "multi-user.target" ];
  # };

  programs = {
    firefox.enable = true;
    zsh.enable = true;
    nix-ld.enable = true;
    fuse.userAllowOther = true;
    nm-applet.enable = true;
  };


  services = {
    blueman.enable = true;
    printing.enable = true;
    ollama = {
      enable = true;
      acceleration = "cuda";
      models = "/var/lib/ollama/models";
      environmentVariables = {};
    };
    open-webui = {
      enable = false;
      package = pkgs.open-webui;
      port = 4040;
      # host = "192.18.12.40";
      openFirewall = true;
      environment = {
        ANONYMIZED_TELEMETRY = "False";
        DO_NOT_TRACK = "True";
        SCARF_NO_ANALYTICS = "True";
        OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
        OLLAMA_BASE_URL = "http://127.0.0.1:11434";
        ENABLE_WEBSOCKET_SUPPORT = "True";
        WEBSOCKET_MANAGER= "redis";
        WEBSOCKET_REDIS_URL = "redis://127.0.0.1:6379/1";
        GLOBAL_LOG_LEVEL = "DEBUG";
      };
    };
    # comfyui = {
    #   enable = true;
    #   package = pkgs.comfyui-nvidia;
    #   host = "0.0.0.0";
    #   models = builtins.attrValues pkgs.nixified-ai.models;
    #   customNodes = with comfyui.pkgs; [
    #     comfyui-gguf
    #     comfyui-impact-pack
    #   ];
    # };
    redis = {
      package = pkgs.redis;
      vmOverCommit = true;
      servers = {
        bots = {
          enable = true;
          port = 6379;
        };
      };
    };
    input-remapper = {
      enable = true;
      enableUdevRules = true;
      package = pkgs.input-remapper;
      serviceWantedBy = [ "graphical.target" ];
    };
    # dbus.implementation = "dbus"; # The option `services.dbus.implementation' has conflicting definition values: - In `/nix/store/60sn02zhawl3kwn0r515zff3h6hg6ydz-source/nixos/modules/programs/wayland/uwsm.nix': "broker"
    udisks2 = {
      enable = true;
      package = pkgs.udisks2;
      mountOnMedia = true;
    };
    logrotate.enable = true;
    openssh = {
      enable = true;
      ports = [ 22 ];
      settings = {
        PasswordAuthentication = true;
        AllowUsers = [ "wayne" ]; # Allows all users by default. Can be [ "user1" "user2" ]
        UseDns = true;
        X11Forwarding = false;
        PermitRootLogin = "no"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
      };
    };
    avahi = { # Printing
      enable = true;
      nssmdns4 = true;
      openFirewall = true;
    };
    pipewire = {
      enable = true;
      package = pkgs.pipewire;
      systemWide = false; # uses pipewire group
      alsa.enable = true;
      alsa.support32Bit = true;
      audio.enable = config.services.pipewire.alsa.enable || config.services.pipewire.jack.enable || config.services.pipewire.pulse.enable;
      pulse.enable = true;
      jack.enable = true;

      # use the example session manager (no others are packaged yet so this is enabled by default,
      # no need to redefine it in your config for now)
      # media-session.enable = true;
      # wireplumber.enable = true;
      socketActivation = true;
      extraConfig.pipewire = {
        log.level = 4;
      };
    };
    pulseaudio = {
      enable = false;
      daemon = {
        logLevel = "debug";
      };
    };
    # hardware.openrgb = {
    #   enable = false;
    #   package = pkgs.openrgb-with-all-plugins;
    #   motherboard = "intel";
    #   server.port = 6742;
    # };
    pia = {
      enable = true;
       authUserPassFile = config.age.secrets.pia.path;
    };
    samba = {
      enable = false;
      openFirewall = true;
      package = pkgs.samba4Full;
      settings = {
        global = {
          security = "user";
          "server min protocol" = "SMB2_10";
          "client min protocol" = "SMB2_10";
          "server max protocol" = "SMB3_11";
          "client max protocol" = "SMB3_11";
        };
      };
    };
    keybase.enable = true;
    kbfs = {
      enable = true;
      mountPoint = "%h/keybase";
      extraFlags = [
        "-label: kbfs"
        "-mount-type: normal"
      ];
    };
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    (pkgs.catppuccin-sddm.override {
      flavor = "mocha";
      font  = "Noto Sans";
      fontSize = "9";
      loginBackground = true;
    })
    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget git sshfs
    pciutils usbutils
    zsh ghostty # ghostty.packages.x86_64-linux.default

    cryptsetup agenix.packages.x86_64-linux.default
    home-manager
    wpa_supplicant
    lynx
    nix-index nix-prefetch-scripts nix-prefetch
    docker_27 docker-compose compose2nix
    mongodb-compass mongosh

    # direnv nix-direnv
    # xdg-desktop-portal-hyprland
    clinfo glxinfo vulkan-tools wayland-utils wl-clipboard
    # kdePackages.wayland kdePackages.wayland-protocols kdePackages.xwaylandvideobridge kdePackages.kwayland kdePackages.wayqt kdePackages.qtwayland kdePackages.layer-shell-qt # marked broken kdePackages.kwayland-integration
    kdePackages.kdeplasma-addons kdePackages.qtstyleplugin-kvantum kdePackages.full kdePackages.qtwebengine
    kdePackages.qtpositioning kdePackages.qtlocation kdePackages.ark kdePackages.dolphin
    kdePackages.dolphin-plugins kdePackages.okular
    kdePackages.konsole
    # kdePackages.qtwayland kdePackages.qtsvg
    kdePackages.kio kdePackages.kio-fuse kdePackages.kio-extras kdePackages.kio-admin
    kdePackages.kdenetwork-filesharing
    kdePackages.kwallet kdePackages.kwalletmanager kdePackages.kwallet-pam
    kdePackages.polkit-kde-agent-1 kdePackages.kirigami
    hyprpolkitagent polkit

    gtk2
    gnome-themes-extra

    evtest input-remapper dbus uwsm # keyd
    egl-wayland
    cudaPackages.cudatoolkit # cudaPackages.cuda-samples
    cifs-utils mesa libGL udiskie samba
    glibc # cmake cpio meson

    libsForQt5.kwayland libsForQt5.qt5.qtwayland libsForQt5.kwayland-integration # libsForQt5.xwaylandvideobridge
    # libsForQt5.polkit-kde-agent
    # libsForQt5.qtstyleplugin-kvantum libsForQt5.qt5.qtwayland libsForQt5.kio-extras # libsForQt5.qt5.qtgraphicaleffects

    #kio-fuse
    catppuccin-sddm-corners
    sddm-astronaut
    # steam-run
    lxqt.pavucontrol-qt pw-viz playerctl

    i2c-tools
    android-udev-rules
    tailscale

    logiops
  ];
  system.stateVersion = "25.05"; # Did you read the comment?
}