nix/system/quiver.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    ./configuration.nix
  ];

  services.ollama = {
    enable = true;
    user = "ollama";
  };

  system.stateVersion = "22.11"; # Did you read the comment?

  networking.hostName = "quiver";

  users.users.bolt = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "podman"
    ];
  };

  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "usbcore"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [
    "kvm-amd"
    "i2c-dev"
  ];
  boot.kernelParams = [
    "mitigations=off"
    # "acpi_enforce_resources=lax"
    "preempt=full"
    "quiet"
    "loglevel=3"
    "systemd.show_status=auto"
    "rd.udev.log_level=3"
    "vt.global_cursor_default=0"
  ];

  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linuxPackages_cachyos;
  # pkgs.linuxPackages_xanmod_latest;
  boot.supportedFilesystems = {
    ntfs = true;
    btrfs = true;
  };

  boot.loader.systemd-boot.configurationLimit = 5;
  boot.loader.efi.canTouchEfiVariables = true;

  security.tpm2.enable = true;

  networking.useDHCP = lib.mkDefault true;

  hardware.cpu.amd.updateMicrocode = true;

  environment.pathsToLink = [
    "/share/xdg-desktop-portal"
    "/share/applications"
  ];
  environment.sessionVariables = {
    NIXOS_OZONE_WL = "1";
    # ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=5";
    GBM_BACKEND = "nvidia-drm";
    NVD_BACKEND = "direct";
    __GLX_VENDOR_LIBRARY_NAME = "nvidia";
    LIBVA_DRIVER_NAME = "nvidia";
    __GL_GSYNC_ALLOWED = "1";
    __GL_VRR_ALLOWED = "1";
    EDITOR = "hx";
  };

  nix.settings.trusted-users = [ "bolt" ];

  virtualisation.lxc = {
    unprivilegedContainers = true;
    enable = true;
  };
  virtualisation.oci-containers.backend = "podman";
  hardware.nvidia-container-toolkit.enable = true;
  virtualisation = {
    podman = {
      enable = true;
      dockerSocket.enable = true;
      defaultNetwork.settings.dns_enabled = true;
    };
  };

  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.nvidia = {
    package = config.boot.kernelPackages.nvidiaPackages.latest;
    modesetting.enable = true;
    powerManagement.enable = true;
    nvidiaPersistenced = true;
    open = false;
  };
  programs.xwayland.enable = true;

  # openrgb no longer recognises the device?
  # systemd.services.no-rgb = {
  #   wantedBy = ["multi-user.target"];
  #   description = "rgb led turn-off-er";
  #   serviceConfig = {
  #     Type = "oneshot";
  #     ExecStart = ''${pkgs.openrgb}/bin/openrgb -d "HyperX DRAM" -m static -c 000000'';
  #     After = ["openrgb"];
  #   };
  # };

  # services.hardware.openrgb = {
  #   enable = true;
  #   motherboard = "amd";
  # };

  # hardware.ckb-next.enable = true;
  environment.systemPackages = builtins.attrValues {
    inherit (pkgs)
      wl-clipboard
      wl-clipboard-x11
      xclip
      ;
  };
  programs.fuse.userAllowOther = true;
  services.libinput.mouse = {
    accelProfile = "flat";
    accelSpeed = 0.0;
  };

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/b993b463-c131-4ef1-9aba-0e3eadaa2f9a";
      fsType = "btrfs";
    };

    "/boot" = {
      device = "/dev/disk/by-uuid/6B75-AF9F";
      fsType = "vfat";
    };

    "/data" = {
      device = "/dev/disk/by-uuid/39D4F78C658E8B56";
      fsType = "ntfs";
      options = [
        "rw"
        "uid=1000"
        "gid=100"
      ];
    };
  };

  swapDevices = [
    { device = "/dev/disk/by-uuid/9c006925-e0e9-4165-bc0c-508ae2d1bfce"; }
  ];

  # networking.nftables.enable = true;
  networking.firewall = {
    # allowedUDPPorts = [1900];
    # allowedTCPPorts = [8200 2234];
    allowedTCPPorts = [ 2234 ];
  };

  services.open-webui = {
    enable = false;
    port = 8088;
    environment = {
      DO_NOT_TRACK = "True";
      SCARF_NO_ANALYTICS = "True";
      ANONYMIZED_TELEMETRY = "False";
      WEBUI_AUTH = "False";
      DATABASE_URL = "sqlite:///${config.services.open-webui.stateDir}/newdb.db";
    };
  };
}