# Edit ths configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{
  nixpkgs,
  nixpkgs-unstable,
  config,
  lib,
  pkgs,
  ...
}:

let
  burppro = pkgs.callPackage ./burpsuitepro {
    inherit pkgs;
    nixpkgs = pkgs;
  };
in
# TODO: pull licence from git
{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./overlay
  ];

  nixpkgs = {
    config.allowUnfree = true; # for virtualisation.virtualbox
  };

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "hacknix";

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";

  # fileSystems."/home/hack/Documents/datapool.lan" = {
  #   device = "datapool.lan:/mnt/data/dump";
  #   fsType = "nfs";
  # };

  services = {
    dbus.enable = true;
    xserver = {
      enable = true;

      # Keyboard settings
      layout = "us";
      xkbOptions = "caps:compose";

      desktopManager = {
        xterm.enable = false;

        # we don't use the xfce interface, only the fancy desktopManager
        # settings and the session
        xfce = {
          enable = true;
          noDesktop = true;
          enableXfwm = false;
        };
      };

      # default display manager when logging in
      displayManager = {
        defaultSession = "xfce+i3";
        sessionCommands = '''';
      };

      windowManager.i3 = {
        enable = true;
        configFile = "/etc/i3.conf"; # see environment.etc."i3.conf".text
        extraPackages = with pkgs; [
          dmenu
          i3status
          i3blocks
        ];
      };
    };
  };

  environment.etc."i3.conf".text = pkgs.callPackage ./i3-config.nix { };

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  hardware.opengl.enable = true;

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  users.users.hack = {
    isNormalUser = true;
    extraGroups = [
      "wheel" # Enable ‘sudo’ for the user.
      "vboxsf" # Allow access to the shared /pentest folder mounted in via virtualbox
      "docker" # access to the docker socket
    ];
    shell = pkgs.zsh;
  };

  environment = {
    shellAliases = {
      #ls = "lsd";
      ls = "eza";
    };
    systemPackages =
      with pkgs;
      [
        unstable.obsidian

        kitty

        # editors
        vim

        helix
        marksman # markdown lsp
        cuelsp # cue lsp
        terraform-lsp
        terraform-ls # terraform lsp
        # rnix-lsp # nix lsp (CVE-2024-27297, that's why it's commented!)

        # command line tools
        fd
        ripgrep
        htop
        fzf
        jq
        eza
        lsd
        du-dust
        pwgen

        # x11 foo
        arandr
        feh

        # shell
        zsh
        oh-my-zsh

        # browser
        chromium
        firefox

        # programming languages
        go
        gopls # (Official language server for the Go language)
        go-outline # (Utility to extract JSON representation of declarations from a Go source file)
        go-tools # staticcheck (A collection of tools and libraries for working with Go code, including linters and static analysis)
        gocode-gomod # (An autocompletion daemon for the Go programming language)
        gotest # (go test with colors)
        gotests # (Generate Go tests from your source code)
        gomodifytags # (Go tool to modify struct field tags)
        impl # (Generate method stubs for implementing an interface)
        delve # dlv (debugger for the Go programming language)

        (pkgs.python3.withPackages (
          ps: with ps; [
            pwntools
            requests
            tqdm
            beautifulsoup4
            mitmproxy

            (buildPythonPackage rec {
              pname = "pandoc";
              version = "2.3";
              src = fetchPypi {
                inherit pname version;
                sha256 = "sha256-53LCxthxFGiUV5go268e/VOOtk/H5x1KazoRoYuu+Q0=";
              };
              doCheck = false;
              propagatedBuildInputs = [
                # pkgs.python310Packages.ply
                # pkgs.python310Packages.plumbum
                # Specify dependencies
                #pkgs.python3Packages.numpy
              ];
            })
          ]
        ))

        # dev
        vscode
        docker-compose

        # analysis
        binwalk
        file

        # communication
        element-desktop

        # view pdfs
        zathura
        okular

        # infra 
        cue
        cuetools

        #radare2
        # r2
        capstone # Advanced disassembly library
        keystone # Lightweight multi-platform, multi-architecture assembler framework
        unicorn # Lightweight multi-platform CPU emulator library

        # hashicorp stuff
        # vault vault-bin vaultenv vault-medusa
        # nomad_1_4
        # consul
        # terraform

        #unstable.mitmproxy
        #mitmproxy_bs4

        dex
        xss-lock
        networkmanagerapplet

        p7zip
        m4

        libreoffice

        pandoc
        tmux

        python311Packages.python-lsp-server
      ]
      ++ [ burppro ];
  };

  fonts.packages = with pkgs; [
    ubuntu_font_family # the font used in the "Sogeti" logo
    #nerdfonts
    #font-awesome
    #powerline-fonts
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs = {

    vim.defaultEditor = true;

    htop = {
      enable = true;
      settings = {
        hide_kernel_threads = true;
      };
    };

    #fish.enable = true;
    zsh = {
      enable = true;
      syntaxHighlighting = {
        enable = true;
      };
      ohMyZsh = {
        enable = true;
        plugins = [ "nmap" ];
      };

      # this par in ~/.zshrc:
      # 
      # PROMPT="; "
      # RPROMPT="%F{green}%/%F{reset}"
      # ZSH_THEME=
      # PATH=$PATH:/home/hack/.cargo/bin
    };

    chromium = {
      enable = true;
      homepageLocation = "https://emile.space";
      extraOpts = {
        "ClientCertificateManagementAllowed" = 0;
      };
    };

    git = {
      enable = true;
      config = {
        core.editor = "vim";
        user = {
          name = "Emile Hansmaennel";
          email = "git@emile.space";
        };
      };
    };
  };

  # virtualbox guest additions
  virtualisation.virtualbox.guest.enable = true;

  nix = {
    settings.experimental-features = [
      "nix-command"
      "flakes"
    ];

    gc = {
      automatic = true;
      dates = "12:00"; # daily, docs on format in `man 7 systemd.time`
      persistent = true;
    };

    settings = {
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "nixbinarycache.lan:JDjlVLc+5VUKOtFAFBGCDtlgVpLEaaR2JdTw2mQUIb8="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
    };
  };

  # security.pki.certificates = [
  #   # office.lan
  #   ''
  #   ''
  # ];

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  networking = {
    nameservers = [
      "192.168.1.1"
      #"8.8.8.8"
    ];

    hosts = {
      # 127.0.0.1 localhost
      # ::1 localhost
    };

    firewall = {
      enable = true;

      # open further TCP and/or UDP ports in the firewall
      allowedTCPPorts = [
        80
        443
        8123
        8080
      ];
      #allowedUDPPorts = [ 53 ];
    };

    wg-quick.interfaces = {
      "wg0" = {
        address = [
          "10.10.10.12/24" # our IP
        ];
        dns = [ "192.168.1.1" ];
        mtu = 1380;
        listenPort = 51820;

        # TODO: add private key to repo using agenix, then link here
        privateKeyFile = "/etc/wireguard/private_key";

        peers = [
          {
            publicKey = "9+4OWuqZ0rZsi/oaaXd3YhE1p+Z0tbxwfNbcDnVqRxg=";
            allowedIPs = [ "0.0.0.0/0" ];
            endpoint = "PUBLIC_IP:51820";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };

  virtualisation.docker.enable = true;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}