nixos-config/configuration.nix

{ config, lib, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
    ];

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.kernelParams = [ "kvm.enable_virt_at_load=0" ];
  boot.kernelModules = [ "iptable_nat" ];

  # System
  networking.hostName = "lachrymal-abg"; # Define your hostname.
  time.timeZone = "America/Toronto";

  i18n.defaultLocale = "ja_JP.UTF-8";

  nixpkgs.config.allowUnfree = true;

  xdg.portal.enable = true;

  services.displayManager.sddm = {
    enable = true;
    wayland.enable = true;
    settings.General.DisplayServer = "wayland";
  };
#  services.xserver.desktopManager.lxqt.enable = true;
#  environment.lxqt.excludePackages = with pkgs; [ lxqt.qterminal ];
  services.desktopManager.plasma6.enable = true;
  environment.plasma6.excludePackages = with pkgs.kdePackages; [
    elisa
    kate
    khelpcenter
    gwenview
    kate
    konsole
  ];
  
  # Fonts
  fonts = {
    packages = with pkgs; [
      noto-fonts
      noto-fonts-cjk-sans
      noto-fonts-cjk-serif
      noto-fonts-emoji
      liberation_ttf
      victor-mono
      lmodern
      lmmath
      wqy_zenhei
    ];
     fontDir.enable = true;
     fontconfig = {
       enable = true;
     };
  };
  
  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound.
  services.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    audio.enable = true;
    pulse.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
  };

  # Steam
  programs.steam = {
    enable = true;
    extraCompatPackages = with pkgs; [
      proton-ge-bin
    ];
  };

  users.users.lach = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user.
  };

  environment.systemPackages = with pkgs; [
    vesktop

    wget
    pciutils
    gpustat
    mg
    micro-full
    ventoy-full
    git-credential-oauth

    hugo
    gnumake
    bun
    python314
    nodejs
    ruff
    uv
    gcc
    pkg-config
    rustc
    cargo
    rust-analyzer
    zig

    kdePackages.oxygen
  ];

  nixpkgs.overlays = [    
    (import ./im-overlays.nix)
  ];

  programs.git = {
    enable = true;
    package = pkgs.gitFull;
    config.credential.helper = [ "libsecret" "oauth" ];
  };

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
#    pinentryPackage = lib.mkForce pkgs.pinentry-qt;
  };

  services.openssh.enable = true;

  # Samba
  services.samba = {
    package = pkgs.samba4Full;
    enable = true;
    openFirewall = true;
    settings = {
      global = {
        "security" = "user";
        "guest account" = "nobody";
        "map to guest" = "bad user";
        "server smb encrypt" = "required";
        "server min protocol" = "SMB3_00";
      };
      DL = {
        path = "/run/media/lach/A0762DC8762DA050/Downloads";
        browseable = "yes";
        "read only" = "no";
        "guest ok" = "no";
        "create mask" = "0644";
        "directory mask" = "0755";
        "force user" = "lach";
      };
      Anime = {
        path = "/run/media/lach/A0762DC8762DA050/Archive/Anime";
        browseable = "yes";
        "read only" = "no";
        "guest ok" = "no";
        "create mask" = "0644";
        "directory mask" = "0755";
        "force user" = "lach";
      };      
    };
  };
  services.avahi = {
    publish.enable = true;
    publish.userServices = true;
    enable = true;
    openFirewall = true;
  };
  networking.firewall.enable = true;
  networking.firewall.allowPing = true;

  networking.firewall.allowedTCPPorts = [ 8888 ];  

#  virtualisation.docker = {
#    enable = true;
#    storageDriver = "btrfs";
#  };

  system.stateVersion = "24.05";
}