nixos-config/configuration.nix

{ config, lib, pkgs, ... }:
let rhelmot = config.rhelmot;
in {
  options.rhelmot = {
    globalPythonPackages = lib.mkOption {
      type = with lib.types; listOf (functionTo (listOf package));
      default = [];
      description = "python packages (p: with p; [ x ]) to include in the global python environment";
    };
  };
  imports = [ ./overlays/packages.nix ./configuration-cross.nix ];
  config = {
    nixpkgs.config.allowUnfree = true;

    nix.settings.extra-experimental-features = "nix-command flakes repl-flake";
    nix.settings.trusted-users = [ "audrey" ];
    nix.settings.max-jobs = 1;
    nix.settings.cores = 0;
    nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ];

    # Select internationalisation properties.
    i18n.defaultLocale = "en_US.UTF-8";

    # Configure keymap in X11
    services.xserver.xkb.layout = "us";
    services.xserver.xkb.options = "caps:escape";

    users.defaultUserShell = pkgs.zsh;
    # Define a user account. Don't forget to set a password with ‘passwd’.
    users.users.audrey = {
      uid = 1000;
      description = "Audrey Dutcher";
      isNormalUser = true;
      extraGroups = [ "wheel" "docker" ];
      openssh.authorizedKeys.keyFiles = [ ./dotfiles/authorized_keys ];
    };

    environment.systemPackages = with pkgs; [
      wget
      ripgrep
      fd
      curl
      btop
      file
      patchelf
      gdb
      p7zip
      unzip
      foremost
      binwalk
      (python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages))
    ];

    rhelmot.globalPythonPackages = [ (p: with p; [
      virtualenvwrapper
      pylint
      pytest
      ipdb
      ipython
      nclib
      pyyaml
      snakeviz
    ]) ];

    programs = {
      zsh = {
        enable = true;
        enableCompletion = true;
        syntaxHighlighting.enable = true;
        vteIntegration = true;
        enableLsColors = true;
        histSize = 10000;
        promptInit = ''
          . ${pkgs.python3Packages.virtualenvwrapper}/bin/virtualenvwrapper.sh
        '' + builtins.readFile ./dotfiles/zsh-prompt.sh;
        shellInit = builtins.readFile ./dotfiles/zsh-init.sh;
        shellAliases = {
          grep = "grep --color=auto";
          egrep = "egrep --color=auto";
          objdump = "objdump -M intel";
          gits = "git status";
          pag = "ps aux | grep -v grep | grep -i";
          hd = "hexdump -C";
          man = "MAN_POSIXLY_CORRECT=1 man";
          nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb";
          mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt";
        };
      };
      tmux = {
        enable = true;
        extraConfig = builtins.readFile ./dotfiles/tmux.conf;
      };
      direnv.enable = true;
      htop.enable = true;
      git = {
        enable = true;
        lfs.enable = true;
        config = {
          user.email = "audrey@rhelmot.io";
          user.name = "Audrey Dutcher";
          init.defaultBranch = "main";
          blame.markUnblamableLines = true;
          credential.helper = "store";
          url."ssh://git@".insteadOf = "git://";
        };
      };
    };

    environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb;
    environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt;

    # Enable the OpenSSH daemon.
    services.openssh.enable = true;

    
    services.sanoid = {
      enable = true;
      datasets."system/home" = {
        autosnap = true;
        autoprune = true;
        recursive = true;
        processChildrenOnly = false;
        yearly = 0;
        monthly = 2;
        daily = 7;
        hourly = 24;
      };
      datasets."system/local/var" = {
        autosnap = true;
        autoprune = true;
        recursive = true;
        processChildrenOnly = false;
        yearly = 0;
        monthly = 2;
        daily = 7;
        hourly = 24;
      };
      datasets."system/local/root" = {
        autosnap = true;
        autoprune = true;
        recursive = true;
        processChildrenOnly = false;
        yearly = 0;
        monthly = 2;
        daily = 7;
        hourly = 24;
      };
      datasets."system/var/docker" = {
        autosnap = false;
        recursive = true;
      };
    };

    services.syncoid = {
      enable = true;
      # offset 30min from sanoid to reduce I/O spikes and give sanoid a chance to snapshot before we
      # back up
      interval = "00/1:30";
      service = {
        serviceConfig = {
          ExecCondition = "+${lib.getExe pkgs.condition-unmetered-network}";
        };
      };
      sshKey = "/var/lib/syncoid/.ssh/id_ed25519";
      commands."system" = {
        source = "system";
        target = "backup@home.rhelmot.io:main/backup/${config.networking.hostName}/system";
        # xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption
        #sendOptions = "w";
        recursive = true;
        extraArgs = ["--skip-parent" "--sshport" "2252"];
      };
    };
  };
}