# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ../common-cli.nix
      ../common-gui.nix
    ];

  nix.trustedUsers = [ "root" "paul" ];

  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.grub = {
    efiSupport = true;
    device = "nodev";
    zfsSupport = true;
    memtest86.enable = true;
    fontSize = 32;
  };
  boot.kernelParams = [
    "acpi_enforce_resources=lax"
    "zfs.zfs_arc_max=2147483648"
  ];
  boot.tmpOnTmpfs = false;
  boot.supportedFilesystems = [ "zfs" ];

  virtualisation.virtualbox.host.enable = true;
  # virtualisation.virtualbox.host.enableExtensionPack = true;
  # virtualisation.anbox.enable = true;
  virtualisation.podman.enable = true;

  services.zfs = {
    trim = {
      enable = true;
      interval = "monthly";
    };
    autoScrub = {
      enable = true;
      interval = "monthly";
    };
    autoSnapshot = {
      enable = true;
      monthly = 6;
    };
    autoReplication = {
      enable = true;
      host = "nyanlout.re";
      username = "zfspaulfixe";
      identityFilePath = "/var/lib/zfs-replication/id_rsa";
      localFilesystem = "fastaf/home";
      remoteFilesystem = "loutrepool/zfs-replicate/paul-fixe";
    };
  };

  hardware.bluetooth.enable = true;

  # Logitech G920
  hardware.usbWwan.enable = true;

  # hardware.pulseaudio.extraConfig = ''
  #   load-module module-null-sink sink_name=mic_denoised_out rate=48000
  #   load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50
  #   load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true

  #   load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo

  #   set-default-source hd_mic
  # '';

  # hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} ''
  #   sed '/module-switch-on-port-available$/d' \
  #     ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
  # '';

  services.udev.packages = with pkgs; [
    usb-modeswitch-data # Logitech G920
  ];

  services.udev.extraRules = ''
    ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
  '';

  security.pki.certificateFiles = [ ./codemasters.pem ];

  networking.hostName = "paul-fixe";
  networking.hostId = "3a1f739e";

  networking.hosts = {
    "10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"];
  };

  environment.systemPackages = with pkgs; [
    usb_modeswitch
  ];

  programs.wireshark.enable = true;
  programs.wireshark.package = pkgs.wireshark;

  networking.firewall.enable = false;

  services.xserver.displayManager.autoLogin = {
    enable = true;
    user = "paul";
  };

  users.users.paul = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ];
    uid = 1000;
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos"
    ];
  };

  services.netdata.enable = true;

  services.openssh.enable = true;
  services.openssh.passwordAuthentication = false;
  services.openssh.forwardX11 = true;

  # security.pki.certificates = [
  #   ''
  #     -----BEGIN CERTIFICATE-----
  #     MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
  #     CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX
  #     DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
  #     aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A
  #     L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W
  #     Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ
  #     a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy
  #     0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW
  #     fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8
  #     Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
  #     AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
  #     BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
  #     CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
  #     AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA
  #     A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV
  #     1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/
  #     SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L
  #     zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh
  #     QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6
  #     QaNGz7o/LfHprXvCM1mHjbVVbZN2
  #     -----END CERTIFICATE-----
  #   ''
  # ];

  # services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ];

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    package = pkgs.nginx.override {
      modules = with pkgs.nginxModules; [ rtmp ];
    };
    virtualHosts."stream.nyanlout.re" = {
      locations."/" = {
        root = "/var/www/hls/";
        extraConfig = ''
          add_header Cache-Control no-cache;
          add_header Access-Control-Allow-Origin *;
        '';
      };
      default = true;
    };
    appendConfig = let
      rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
    in ''
      rtmp {
        server {
          listen 1935;

          application live {
            live on;
            interleave on;
            exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
                        -c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low
                        -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid
                        -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high
                        -c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720
                        -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
          }

          application show {
            live on;
            hls on;

            hls_path ${rootLocation};
            hls_fragment 5;
            hls_playlist_length 10;
            hls_nested on;

            hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution
            hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
            hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
            hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution
            hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution
          }
        }
      }
    '';
  };

  services.xserver.deviceSection = ''
    Option "metamodes" "DP-0: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
  '';

  systemd = let
    DP0Config = "--output DP-0 --mode 3440x1440 --rate 144";
    DP2Config = "--output DP-2 --auto --left-of DP-0";
    HDMIConfig = "--output HDMI-0 --auto --left-of DP-0";
  in {
    services = {
      wol = {
        description = "Wake-on-LAN";
        wantedBy = [ "multi-user.target" ];
        requires = [ "network.target" ];
        after = [ "network.target" ];
        script = ''
          ${pkgs.ethtool}/sbin/ethtool -s eno1 wol g
        '';
        serviceConfig.Type = "oneshot";
      };
      nginx.serviceConfig.ReadWritePaths = "/var/www/hls";
      zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
    };
    user.services = {
      "enableTV" = {
        description = "Enable TV output";
        script = ''
          ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary
          /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }"
          ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig}
          ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
        '';
        conflicts = ["CSMode.service"];
        serviceConfig.Type = "oneshot";
      };
      "primaryTV" = {
        description = "Set TV output as primary";
        script = ''
          ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config}
          /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }"
          ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary
          ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
        '';
        conflicts = ["CSMode.service"];
        serviceConfig.Type = "oneshot";
      };
      "FreeSyncMode" = {
        description = "Enable FreeSync screen only";
        script = ''
          ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config}
          /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }"
          ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
        '';
        conflicts = ["CSMode.service"];
        serviceConfig.Type = "oneshot";
      };
      "CSMode" = {
        description = "Enable 4:3 black bars";
        script = ''
          ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary
          /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }"
          ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
        '';
        preStop = ''
          /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }"
        '';
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
        };
      };
    };
  };

  system.stateVersion = "20.03";
}