nom-nom-nix-gc/machines/thinkpad.nix

{ config, lib, pkgs, ... }:
let
  myusers = import ../users.nix                  { inherit pkgs; };
  mypkgs  = import ../packages.nix               { inherit pkgs; };
  i3      = import ../modules/software-config/i3.nix     { inherit pkgs; };
  vimInit = import ../modules/software-config/neovim.nix { inherit pkgs; };
  sources = import ../nix/sources.nix { };
  keys    = import ../keys.nix  {};

  nixos-hardware     = (import ../nix/sources.nix { }).nixos-hardware;
in {
  imports =
    [
      ../modules/core.nix
      ../modules/core-graphical-computers.nix
      ./thinkpad-hardware-configuration.nix
      "${nixos-hardware}/lenovo/thinkpad/x250"
    ];

  nixpkgs = {
    overlays = [ (import ../custom-pkgs/default.nix) ];
    config = {
      allowUnfree = true;
      packageOverrides = super: {
        mumble_git = super.mumble_git.override {
          pulseSupport = true;
          libpulseaudio = pkgs.libpulseaudio;
        };
      };
    };
  };
  # Use the GRUB 2 boot loader.
  boot = {
    loader.grub = {
       enable = true;
       enableCryptodisk = true;
       version = 2;
       device = "/dev/sda";
    };
  };
 services.prometheus = {
   enable = false;
   scrapeConfigs = [ {
     job_name = "prometheus";
     scrape_interval = "5s";
     static_configs = [{
       targets = ["localhost:9090"];
     }];
   }];
 };

 services.emacs = {
   enable = true;
   defaultEditor = true;
   package = pkgs.ninjatrappeur-pkgs.configured-emacs;
 };

 services.printing = {
   enable = true;
   drivers = [  pkgs.splix pkgs.ninjatrappeur-pkgs.hll2350dw-cups ];
 };

# systemd.network = {
#   enable = true;
#   networks = {
#     "98-nope" = {
#       matchConfig = { Name = "enp* wlp*"; };
#       linkConfig.Unmanaged = true;
#     };
#     "80-wlan" = {
#       enable = true;
#       matchConfig = { Name = "wlp3s0"; };
#       address = [ "192.168.1.1/24" ];
#       dhcpServerConfig = { EmitDNS = true; DNS = [ "80.67.169.12" "80.67.169.40" ]; PoolOffset = 10; EmitRouter = true; };
#       networkConfig = { IPForward = "yes"; IPMasquerade = "yes"; DHCPServer = true; };
#     };
#   };
# };


 services.openssh = {
   enable = true;
   settings = {
     PasswordAuthentication = false;
     KbdInteractiveAuthentication = false;
     PermitRootLogin = "no";
   };
 };

 networking = {
   hostName = "thinkpad-nix";
   firewall = {
     allowedUDPPorts = [
       # Patchwork discovery
       8008
     ];
     allowedTCPPorts = [
       # HTTP
       8000
       # Patchwork
       8008
     ];
   };
   networkmanager.enable = true;
 };

  networking.wireguard.interfaces."wg-extended-lan" = {
    privateKey = builtins.readFile /home/ninjatrappeur/.vpn/extended-lan.key;
    ips = ["192.168.166.2"];
    peers = [{
      endpoint            = "seldon.alternativebit.fr:51822";
      publicKey           = "ZdeqXN3Q8ZBPCWVW6pFzIBF3iS8zlVMGAj8bcePj3zk=";
      allowedIPs          = ["192.168.166.1/32" "192.168.11.0/24"];
      persistentKeepalive = 25;
    }];
  };

  users = {
    extraUsers.ninjatrappeur= {
      isNormalUser = true;
      home         = myusers.ninjatrappeur.home;
      extraGroups  = myusers.ninjatrappeur.extraGroups;
      shell        = myusers.ninjatrappeur.shell;
      openssh.authorizedKeys.keys = pkgs.lib.attrsets.attrValues keys.ninjatrappeur;
    };
    extraGroups.vboxusers.members = [ "user-with-access-to-virtualbox" ];
  };

  services.syncthing = {
    user    = myusers.ninjatrappeur.name;
    dataDir = "${myusers.ninjatrappeur.home}/.config/syncthing";
  };

  programs.bcc.enable = true;

  home-manager.users.ninjatrappeur = {
    home.stateVersion = "18.09";
    services.mako = {
      enable = true;
      anchor = "top-center";
    };

    home.file = {
      ".notmuch-config".source = ../raw-conf-files/email/notmuch-config;
      ".config/msmtp/config".source = ../raw-conf-files/email/msmtp;
    };
  };

  services.xserver= {
    xkbOptions = "caps:swapescape";
    displayManager.defaultSession = "xfce+i3";
    libinput = {
      enable = true;
      touchpad = {
        disableWhileTyping = true;
        scrollMethod = "twofinger";
        tapping = true;
      };
    };

    desktopManager = {
      xterm.enable = false;
      gnome.enable = true;
      xfce = {
        enable = true;
        noDesktop = true;
        enableXfwm = false;
      };
    };
    windowManager.i3 = {
      enable = true;
      configFile = builtins.toPath (pkgs.writeText "thinkpad-i3-config" i3.thinkpad-config);
    };
  };

  virtualisation = {
    #virtualbox.host.enable = true;
    #docker.enable = true;
  };

  nix = {
    settings = {
      trusted-users = [ "root" "${myusers.ninjatrappeur.name}" ];
      sandbox = true;
    };
    extraOptions = ''
      builders-use-substitutes = true
      experimental-features = nix-command flakes
    '';
    nixPath = [
      "nixpkgs=${sources.nixpkgs}"
      "nixos-config=/etc/nixos/configuration.nix"
    ];
  };

  environment.systemPackages =
    mypkgs.common ++ mypkgs.dev ++ mypkgs.media ++ mypkgs.graphic-apps
    ++ mypkgs.laptop ++ [
      pkgs.brightnessctl
      pkgs.gnome.nautilus
      pkgs.gnome.eog
      pkgs.gnome.gvfs
      pkgs.evince
      pkgs.languagetool
      pkgs.remmina
      pkgs.carla
      (pkgs.hunspellWithDicts [
        pkgs.hunspellDicts.en-gb-ise
        pkgs.hunspellDicts.en-gb-ize
        pkgs.hunspellDicts.en-us
        pkgs.hunspellDicts.fr-any
        pkgs.hunspellDicts.fr-moderne
    ])
    ];

    system = {
      stateVersion = "18.09";
      userActivationScripts =  {
        vimConfigSetup = {
          text = ''
            ln -fs "${vimInit.neovim-config}" "${myusers.ninjatrappeur.home}/.config/nvim/init.vim"
            '';
          deps = [];
        };
      };
    };
}