nix/systems/nixos-karl-kvm-guest/default.nix

{ config
, pkgs
, modulesPath
, lib
, ...
}: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    ../../os-mods/common
    ../../os-mods/cachix
    ../../os-mods/network
  ];

  # Bootloader.
  boot = {
    loader.grub = {
      enable = true;
      device = "/dev/sda";
      useOSProber = true;
    };

    initrd = {
      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
      kernelModules = [ ];
    };
    kernelModules = [ ];
    extraModulePackages = [ ];
  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c";
    fsType = "ext4";
  };

  swapDevices = [ ];
  zramSwap.enable = true;

  networking.hostName = "nixos-karl-kvm-guest";

  fileSystems."/etc/nixos" = {
    device = lib.mkForce "/home/reopen5194/nix";
    fsType = "none";
    options = [ "bind" ];
  };

  sound.enable = true;

  security = {
    rtkit.enable = true;
    sudo.wheelNeedsPassword = false;
    polkit.extraConfig = ''
      polkit.addRule(function(action, subject) {
          if (action.id == "org.freedesktop.login1.suspend" ||
              action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
              action.id == "org.freedesktop.login1.hibernate" ||
              action.id == "org.freedesktop.login1.hibernate-multiple-sessions")
          {
              return polkit.Result.NO;
          }
      });
    '';
  };

  services = {
    xserver = {
      enable = true;

      displayManager = {
        sddm.enable = true;
        autoLogin = {
          enable = true;
          user = "reopen5194";
        };
      };
      desktopManager.plasma5.enable = true;

      # Configure keymap in X11
      layout = "us";
      xkbVariant = "";
    };

    printing.enable = true;

    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;

      wireplumber.enable = true;
    };
    # QemuGuest
    qemuGuest.enable = true;

    netdata = {
      enable = true;

      config = {
        global = {
          # uncomment to reduce memory to 32 MB
          #"page cache size" = 32;

          # update interval
          "update every" = 15;
        };
        db = {
          "update every" = 5;
          "storage tiers" = 3;
          "dbengine multihost disk space MB" = 1024;
          "dbengine tier 1 multihost disk space MB" = 1024;
          "dbengine tier 2 multihost disk space MB" = 512;
          "cleanup obsolete charts after secs" = 600;
        };
        ml = {
          # enable machine learning
          "enabled" = "yes";
        };
      };

      configDir = {
        "stream.conf" = pkgs.writeText "stream.conf" ''
          [8fcb63b3-8361-4339-a010-fc459c2132b0]
          enabled = yes
          default history = 36000
          default memory mode = dbengine
          health enabled by default = auto
          allow from = 192.*
        '';
      };
    };
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.reopen5194 = {
    isNormalUser = true;
    description = "reopen5194";
    extraGroups = [ "docker" "networkmanager" "wheel" ];
    packages = with pkgs; [
      firefox
      kate
      emacs
      #  thunderbird
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
    ];
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    neovim
    vim
    curl
    fish
    netmaker
    #  wget
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;

  # Virtualization
  virtualisation.docker = {
    enable = true;
    # rootless = {
    # enable = true;
    # setSocketVariable = true;
    # };
    daemon.settings = {
      # fixed-cidr-v6 = "fd00::/80";
      # ipv6 = true;
      dns = [ "9.9.9.9" "149.112.112.112" ];
    };
  };
  # allow to bind to priv ports
  # boot.kernel.sysctl = {
  # "net.ipv4.ip_unprivileged_port_start" = 79;
  # };

  networking.firewall.allowedTCPPortRanges = [
    {
      from = 19999;
      to = 19999;
    } # netdata
  ];

  system.stateVersion = "23.05"; # Did you read the comment?
}