dotfiles/etcnixos/common.nix

{
  config,
  pkgs,
  lib,
  username,
  system,
  hostname,
  inputs,
  ...
}:
{
  imports = [ ./declarative-nm.nix ];

  nix = {
    #garbage collection and cleanup stuff
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };

    #optimize the store
    optimise.automatic = true;

    #enable flakes!
    settings.experimental-features = [
      "nix-command"
      "flakes"
    ];
  };

  #kernel options
  boot = {
    kernelPackages = pkgs.linuxPackages_cachyos-lto;

    kernel.sysctl = {
      #for profiling
      "kernel.perf_event_paranoid" = 1;
      "kernel.kptr_restrict" = 0;

      #dmesg shushhhhh
      "kernel.printk" = "2 4 1 7";
    };

    # Bootloader.
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;

      timeout = 1;
    };

    initrd = {
      compressor = "zstd";
    };
  };

  environment.etc = {
    #override default nixos /etc/issue
    "issue".text = "";
  };

  services = {
    #fwupd for updating firmware
    fwupd = {
      enable = true;
      extraRemotes = [ "lvfs-testing" ];
    };

    #auto detect network printers
    avahi = {
      enable = true;
      nssmdns4 = true;
      openFirewall = true;
    };

    # Enable CUPS to print documents.
    printing = {
      enable = true;
      drivers = with pkgs; [ hplip ];
    };

    #disable fprintd (doesn't compile, idk)
    fprintd.enable = false;

    #Making sure mullvad works on boot
    mullvad-vpn.enable = true;
  };

  # Set your time zone.
  time.timeZone = "America/New_York";

  security = {
    #lets use doas and not sudo!
    doas.enable = true;
    sudo.enable = false;
    # Configure doas
    doas.extraRules = [
      {
        users = [ username ];
        keepEnv = true;
        persist = true;
      }
    ];
  };

  age.identityPaths = [ "/home/${username}/.ssh/id_ed25519" ];

  age.secrets.primary-password = {
    file = ./secrets/primary-password.age;
    path = "/etc/secrets/primary-password";
  };

  #networking
  networking = import ./networking.nix { inherit hostname; };

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable Bluetooth
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;

    #Enable experimental features for battery % of bluetooth devices
    settings.General.Experimental = true;
  };

  #apply gtk themes by enabling dconf
  programs.dconf.enable = true;

  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false; # pipewire >>>>>>> pulseaudio
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    # jack.enable = true;
  };

  # Define my user account (the rest of the configuration if found in `~/.config/home-manager/...`)
  users.users.${username} = {
    isNormalUser = true;
    extraGroups = [
      "networkmanager"
      "wheel"
      "video"
      "camera"
      "adbusers"
    ];
    hashedPasswordFile = config.age.secrets.primary-password.path;
  };

  services.gvfs.enable = true;
  programs.gphoto2.enable = true;

  programs.adb.enable = true;

  # Enable thermal data
  services.thermald.enable = true;

  services.pcscd.enable = true;
  programs.gnupg.agent = {
    enable = true;
    pinentryPackage = pkgs.pinentry-curses;
    enableSSHSupport = false;
  };

  programs.steam = {
    enable = true;
    localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
    extraCompatPackages = with pkgs; [ proton-ge-bin ];
  };

  #System packages
  environment.systemPackages = with pkgs; [
    mullvad-vpn

    #secureboot ctl
    sbctl

    dmidecode

    (inputs.agenix.packages.${pkgs.system}.default.override { ageBin = "${pkgs.rage}/bin/rage"; })

    doas-sudo-shim

    glib
    usbutils
    libmtp
  ];

  # wayland with electron/chromium applications
  environment.sessionVariables.NIXOS_OZONE_WL = "1";

  # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
  programs.fish.enable = true;
  programs.bash = {
    interactiveShellInit = ''
      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
      then
        shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
        exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
      fi
    '';
  };

  system.stateVersion = "24.11";
}