nixos/hosts/marauder/default.nix

{ pkgs, nixosModules, phps, agenix, ... }:
let
  fortune = pkgs.writeShellScript "cgi" ''
    echo "Content-type: text/html"
    echo ""
    ${pkgs.fortune}/bin/fortune
  '';
  ffcheck = pkgs.writeShellScriptBin "ffcheck" ''
    ${pkgs.ffmpeg}/bin/ffmpeg -v error -stats -hide_banner -i "$1" -c copy -f null -
  '';
in {
  imports = [
    ./backup.nix
    nixosModules.nettika
    nixosModules.promptmoji
    agenix.nixosModules.default
  ];

  nix = {
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    settings = {
      trusted-users = [ "@wheel" ];
      experimental-features = [ "nix-command" "flakes" ];
    };
  };

  nixpkgs.config.allowUnfree = true;

  environment.variables.EDITOR = "nano";

  documentation.man.generateCaches = false;

  environment.variables = {
    VISUAL = "code --wait";
    PKG_CONFIG_PATH = "${pkgs.openssl.dev}/lib/pkgconfig";
  };

  age.identityPaths = [ "/home/nettika/.ssh/id_ed25519" ];

  networking = {
    hostName = "marauder";
    firewall.enable = false;
    networkmanager.enable = true;
  };

  security.sudo.wheelNeedsPassword = false;

  users.defaultUserShell = pkgs.fish;

  programs.fish.enable = true;

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/648c6539-892c-40d7-8b07-23fe760df02a";
      fsType = "ext4";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/1D62-C30E";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  };

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd = {
      systemd.enable = true;
      availableKernelModules =
        [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
    };
    kernelModules = [ "kvm-amd" ];
    kernelParams = [ "amd_pstate=active" ];
  };

  hardware = {
    enableRedistributableFirmware = true;
    cpu.amd.updateMicrocode = true;
    graphics = {
      enable = true;
      enable32Bit = true;
      extraPackages = [ pkgs.vaapiVdpau ];
    };
    nvidia = {
      open = true;
      prime = {
        offload = {
          enable = true;
          enableOffloadCmd = true;
        };
        amdgpuBusId = "PCI:05:00:0";
        nvidiaBusId = "PCI:01:00:0";
      };
    };
  };

  environment.systemPackages = with pkgs; [
    # Chat clients
    discord
    slack
    element-desktop
    telegram-desktop
    signal-desktop

    # Browsers
    firefox
    filezilla

    # Creative
    inkscape
    gimp
    krita
    openscad-unstable
    bambu-studio
    orca-slicer

    # Multimedia
    vlc
    ffmpeg
    ffcheck
    aonsoku

    # Code Editors
    vscode
    arduino-ide

    # Dev Tools
    nixd
    nixfmt-classic
    nixpkgs-fmt
    pyenv
    rustup
    electron
    uv
    ruff
    fossil
    just
    dioxus-cli

    # Languages
    gcc
    kotlin
    nodejs
    php

    # Command line
    htop
    jq
    backblaze-b2

    # Misc
    obsidian
    intiface-central
    prismlauncher
    blender
    mullvad-vpn
    qbittorrent
    system-config-printer
    openssl
    pkg-config
    agenix.packages.x86_64-linux.default
    abiword
  ];

  programs.git = {
    enable = true;
    lfs.enable = true;
    config = {
      init.defaultBranch = "master";
      user = {
        email = "git@nettika.cat";
        name = "Nettika";
      };
      credential.helper = "store";
    };
  };

  programs.nano = {
    enable = true;
    nanorc = ''
      set autoindent
      set linenumbers
    '';
  };

  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };

  programs.direnv.enable = true;

  programs.ssh.extraConfig = ''
    Host quasar
      HostName consortium.chat
      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem

    Host monolith
      HostName 10.243.210.154

    Host astral
      HostName astral.leaf.ninja
      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem

    Host apogee
      HostName 46.226.107.209
  '';

  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
  };

  services.httpd = {
    enable = true;
    enablePHP = true;
    phpPackage = phps.packages.x86_64-linux.php80;
    extraConfig = ''
      ScriptAlias /fortune ${fortune}/bin/fortune
    '';
    virtualHosts."localhost" = {
      documentRoot = "/var/www";
      locations."/".index = "index.html index.php";
    };
  };

  programs.nix-ld.enable = true;

  services.xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
    desktopManager = {
      cinnamon.enable = true;
      xterm.enable = false;
    };
  };

  services.printing.enable = true;

  services.avahi = {
    enable = true;
    nssmdns4 = true;
    openFirewall = true;
  };

  services.displayManager.defaultSession = "cinnamon";

  services.power-profiles-daemon.enable = false;

  services.tlp.enable = true;

  services.fstrim.enable = true;

  services.zerotierone = {
    enable = true;
    joinNetworks = [ "8056c2e21c0b1a53" ];
  };

  services.mullvad-vpn = {
    enable = true;
    package = pkgs.mullvad-vpn; # Include GUI
  };

  promptSymbol = "💜";

  time.timeZone = "America/Los_Angeles";

  system.stateVersion = "24.05";
}