# Edit ths configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ nixpkgs, nixpkgs-unstable, config, lib, pkgs, ... }:

let
  burppro = pkgs.callPackage ./burpsuitepro { inherit pkgs; nixpkgs=pkgs; };
  # TODO: pull licence from git
in {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./overlay
    ];

  nixpkgs = {
    config.allowUnfree = true; # for virtualisation.virtualbox
  };

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "hacknix";

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";

  # fileSystems."/home/hack/Documents/datapool.lan" = {
  #   device = "datapool.lan:/mnt/data/dump";
  #   fsType = "nfs";
  # };

  services = {
    dbus.enable = true;
    xserver = {
    enable = true;

     # Keyboard settings
     layout = "us";
     xkbOptions = "caps:compose";

     desktopManager = {
       xterm.enable = false;

       # we don't use the xfce interface, only the fancy desktopManager
       # settings and the session
       xfce = {
         enable = true;
         noDesktop = true;
         enableXfwm = false;
       };
     };

     # default display manager when logging in
     displayManager = {
       defaultSession = "xfce+i3";
       sessionCommands = ''
       '';
     };

     windowManager.i3 = {
       enable = true;
       configFile = "/etc/i3.conf"; # see environment.etc."i3.conf".text
       extraPackages = with pkgs; [
         dmenu
         i3status i3blocks
       ];
     };
    };
  };

  environment.etc."i3.conf".text = pkgs.callPackage ./i3-config.nix {};

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  hardware.opengl.enable = true;

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  users.users.hack = {
    isNormalUser = true;
    extraGroups = [
      "wheel" # Enable ‘sudo’ for the user.
      "vboxsf" # Allow access to the shared /pentest folder mounted in via virtualbox
      "docker" # access to the docker socket
    ];
    shell = pkgs.zsh;
  };

  environment = {
    shellAliases = {
      #ls = "lsd";
      ls = "eza";
    };
    systemPackages = with pkgs; [
      unstable.obsidian

      kitty 

      # editors
      vim

      helix
        marksman # markdown lsp
        cuelsp # cue lsp
        terraform-lsp terraform-ls # terraform lsp
        rnix-lsp # nix lsp

      # command line tools
      fd
      ripgrep
      htop
      fzf
      jq
      eza
      lsd
      du-dust
      pwgen

      # x11 foo
      arandr
      feh

      # shell
      zsh oh-my-zsh

      # browser
      chromium
      firefox

      # programming languages
      go
      gopls # (Official language server for the Go language)
      go-outline # (Utility to extract JSON representation of declarations from a Go source file)
      go-tools # staticcheck (A collection of tools and libraries for working with Go code, including linters and static analysis)
      gocode-gomod # (An autocompletion daemon for the Go programming language)
      gotest # (go test with colors)
      gotests # (Generate Go tests from your source code)
      gomodifytags # (Go tool to modify struct field tags)
      impl # (Generate method stubs for implementing an interface)
      delve # dlv (debugger for the Go programming language)

      (pkgs.python3.withPackages (ps: with ps; [
        pwntools
        requests 
        tqdm 
        beautifulsoup4
        mitmproxy

        (
          buildPythonPackage rec {
            pname = "pandoc";
            version = "2.3";
            src = fetchPypi {
              inherit pname version;
              sha256 = "sha256-53LCxthxFGiUV5go268e/VOOtk/H5x1KazoRoYuu+Q0=";
            };
            doCheck = false;
            propagatedBuildInputs = [
              # pkgs.python310Packages.ply
              # pkgs.python310Packages.plumbum
              # Specify dependencies
              #pkgs.python3Packages.numpy
            ];
          }
        )
      ]))

      # dev
      vscode
      docker-compose

      # analysis
      binwalk
      file

      # communication
      element-desktop

      # view pdfs
      zathura okular

      # infra 
      cue
      cuetools
      
      #radare2
      r2
      capstone # Advanced disassembly library
      keystone # Lightweight multi-platform, multi-architecture assembler framework
      unicorn # Lightweight multi-platform CPU emulator library

      # hashicorp stuff
      # vault vault-bin vaultenv vault-medusa
      # nomad_1_4
      # consul
      # terraform

      #unstable.mitmproxy
      #mitmproxy_bs4

      dex
      xss-lock
      networkmanagerapplet

      p7zip
      m4

      libreoffice

      pandoc
      tmux

      python311Packages.python-lsp-server
    ] ++ [
      burppro
    ]; 
  };

  fonts.packages = with pkgs; [
    ubuntu_font_family # the font used in the "Sogeti" logo
    #nerdfonts
    #font-awesome
    #powerline-fonts
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs = {
 
    vim.defaultEditor = true;

    htop = {
      enable = true;
      settings = {
        hide_kernel_threads = true; 
      };
    };

    #fish.enable = true;
    zsh = {
      enable = true;
      syntaxHighlighting = {
        enable = true;
      };
      ohMyZsh = {
        enable = true;
        plugins = [ "nmap" ];
      };

      # this par in ~/.zshrc:
      # 
      # PROMPT="; "
      # RPROMPT="%F{green}%/%F{reset}"
      # ZSH_THEME=
      # PATH=$PATH:/home/hack/.cargo/bin
    };

    chromium = {
      enable = true;
      homepageLocation = "https://emile.space";
      extraOpts = {
        "ClientCertificateManagementAllowed" = 0; 
      };
    };

    git = {
      enable = true;
      config = {
        core.editor = "vim";
        user = {
          name = "Emile Hansmaennel";
          email = "emile.hansmaennel@sogeti.com";
        };
      };
    };
  };

  # virtualbox guest additions
  virtualisation.virtualbox.guest.enable = true;
  virtualisation.virtualbox.guest.x11 = true;

  nix = {
    settings.experimental-features = [
      "nix-command"
      "flakes"
    ];

    gc = {
      automatic = true;
      dates = "12:00"; # daily, docs on format in `man 7 systemd.time`
      persistent = true;
    };

    settings = {
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "nixbinarycache.lan:JDjlVLc+5VUKOtFAFBGCDtlgVpLEaaR2JdTw2mQUIb8="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
    };
  };

  # the office root_ca
  security.pki.certificates = [
    # office.lan
    ''
      *.office.lan
      ============
      -----BEGIN CERTIFICATE-----
      MIIBezCCASGgAwIBAgIQdkxWKinry5WWfV2CTRRHfzAKBggqhkjOPQQDAjAcMRow
      GAYDVQQDExFPZmZpY2UgQ0EgUm9vdCBDQTAeFw0yMDEwMjYxMjQ2MTlaFw0zMDEw
      MjYxMjQ2MTlaMBwxGjAYBgNVBAMTEU9mZmljZSBDQSBSb290IENBMFkwEwYHKoZI
      zj0CAQYIKoZIzj0DAQcDQgAEZ/Ac4kmThYXE0ZUBWvTSvgi4fcR19dgL2hROxSfH
      2RLW7hQzArloxhOzs+28VttiVh13lB4rSCvHe3TGA44c5KNFMEMwDgYDVR0PAQH/
      BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFE0i80PVvdecDvDp
      MpO2VtGluzxcMAoGCCqGSM49BAMCA0gAMEUCIQDP9Z1J3Z++6atOdHNTqd0PZ/pi
      w7HjGPxpRneD4/3vTwIgSoE5Gb3umt+FxIvv9WDFlsWSVRJ5wE6KpCkdGWWzWuU=
      -----END CERTIFICATE-----
    ''
  ];

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  networking = {
    nameservers = [
      "192.168.1.1"
      #"8.8.8.8"
    ];

    hosts = {
      # 127.0.0.1 localhost
      # ::1 localhost
    };
    
    firewall = {
      enable = true;

      # open further TCP and/or UDP ports in the firewall
      allowedTCPPorts = [ 80 443 8123 8080 ];
      #allowedUDPPorts = [ 53 ];
    };

    wg-quick.interfaces = {
      "wg0" = {
        address = [
          "10.10.10.12/24" # our IP
        ];
        dns = [ "192.168.1.1" ];
        mtu = 1380;
        listenPort = 51820;

        # TODO: add private key to repo using agenix, then link here
        privateKeyFile = "/etc/wireguard/private_key";

        peers = [
          {
            publicKey = "9+4OWuqZ0rZsi/oaaXd3YhE1p+Z0tbxwfNbcDnVqRxg=";
            allowedIPs = [ "0.0.0.0/0" ];
            endpoint = "PUBLIC_IP:51820";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };

  virtualisation.docker.enable = true;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}