nixos/hosts/nate-work/default.nix

{ config, lib, inputs, pkgs, timeZone, ... }:
let
  deskCfg = config.deskCfg;
  unstable = import inputs.nixpkgs-unstable {
    system = "x86_64-linux";
    config.allowUnfree = true;
  };
  isOnTheGo = builtins.elem "on-the-go" config.system.nixos.tags;
in
{
  imports = [
    ./nixos/hardware-configuration.nix
    ./nixos/auto-update.nix
    ./modules/sway/sway_conf.nix
    ./modules/hypr/hyprland.nix
    ../../shared/modules/desktop/base.nix
    ../../shared/modules/desktop/stylix.nix
    ../../shared/modules/desktop/silent-boot.nix
    ../../shared/modules/desktop/greetd.nix
    ../../shared/modules/wm/niri.nix
    ../../shared/modules/services/syncthing.nix
    ../../shared/modules/services/kdeconnect.nix
    ../../shared/modules/services/docker.nix
    ../../shared/modules/services/avahi.nix
    ../../shared/modules/services/hyprvoice.nix
    ../../shared/modules/services/motu-m4-combined.nix
  ];

  deskCfg = {
    userName = "nate";
    hostName = "nate-vasion";
    fullName = "Nate Anderson";
    de = "niri";
    installGaming = true;
  };

  # Limit the number of generations to keep
  boot.loader.systemd-boot.configurationLimit = 5;

  # Systemd initrd for faster boot
  boot.initrd.systemd.enable = true;

  # Silent boot
  silentBoot.enable = true;

  # Plymouth boot animation
  boot.plymouth = {
    enable = true;
    theme = "rings";
    themePackages = with pkgs; [
      (adi1090x-plymouth-themes.override {
        selected_themes = [ "rings" ];
      })
    ];
  };

  # Perform garbage collection weekly to maintain low disk usage
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 14d";
  };
  nix.settings.auto-optimise-store = true;

  # Auto-update config
  autoCfg = {
    userName = "nate";
    flakePath = "/home/nate/nixos";
    hostName = "nate-vasion";
  };

  # ClamAV antivirus
  services.clamav.daemon.enable = true;
  services.clamav.scanner.enable = true;

  # Extra groups
  main_user.extraGroups = [ "dialout" "docker" "i2c" "lp" "scanner" "syncthing" ];

  # Sway WM (legacy, disabled)
  swaywm = {
    enable = false;
    useNonFree = true;
    installGaming = deskCfg.installGaming;
    systemPackages = with pkgs; [ libreoffice ];
  };

  # Hyprland (legacy, disabled)
  hypr = {
    enable = false;
    user = deskCfg.userName;
    systemPackages = with pkgs; [ libreoffice ];
  };

  # Niri WM config
  niriwm = {
    enable = true;
    useNonFree = true;
    user = deskCfg.userName;
    systemPackages = with pkgs; [ libreoffice ];
  };

  # Steam with gamescope
  programs.steam = {
    enable = true;
    gamescopeSession.enable = true;
  };

  # Virt-manager for VMs
  programs.virt-manager.enable = true;

  # MOTU M4 audio interface
  services.motu-m4-combined = {
    enable = true;
    user = deskCfg.userName;
  };

  # Hyprvoice dictation
  services.hyprvoice = {
    enable = true;
    user = deskCfg.userName;
  };

  # Docker — unstable package, start on boot
  dockerConfig = {
    enableOnBoot = true;
    useUnstable = true;
  };

  # usbmuxd for iOS
  services.usbmuxd.enable = true;

  # Fingerprint reader
  services.fprintd.enable = true;

  # Disable lid switch sleep when plugged into power (laptop docked)
  services.logind.settings.Login.HandleLidSwitchExternalPower = "ignore";

  # Nate-work session variables
  environment.sessionVariables = {
    FIREFOX_USE_SYSTEM_THEME = "true";
    # For NVIDIA — only enable if not using on-the-go
    GBM_BACKEND = if isOnTheGo then "" else "nvidia-drm";
    __GLX_VENDOR_LIBRARY_NAME = if isOnTheGo then "" else "nvidia";
  };

  # Nate-work extra packages
  environment.systemPackages = with pkgs; [
    foot
    nbfc-linux
    kanshi
    man-pages
    man-pages-posix
    pavucontrol
    waybar
    wdisplays
    wofi
  ];

  # NFS support in initrd
  boot.initrd.supportedFilesystems = { nfs = true; };

  # Libvirtd / QEMU
  virtualisation = {
    libvirtd = {
      enable = true;
      qemu.swtpm.enable = true;
    };
    spiceUSBRedirection.enable = true;
  };
  users.groups.libvirtd.members = [ "nate" ];

  # Stylix overrides — kimber theme, different wallpaper, larger font sizes
  stylix = {
    image = ./bot-wallpaper.jpg;
    base16Scheme = "${pkgs.base16-schemes}/share/themes/kimber.yaml";
    fonts.sizes = {
      applications = 14;
      desktop = 16;
      popups = 14;
      terminal = 14;
    };
  };

  # Bluetooth
  hardware.bluetooth.settings.General.Name = "Nate-Vasion";

  # udev rules — betaflight configurator + i2c for ddcutil
  services.udev.extraRules = ''
    # For betaflight configurator
    # DFU (Internal bootloader for STM32 and AT32 MCUs)
    SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
    SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
    # For ddcutil monitor controls
    KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
  '';

  # NVIDIA GPU setup
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware = {
    graphics = {
      enable = true;
      enable32Bit = true;
      extraPackages = with pkgs; [
        intel-vaapi-driver
        intel-media-driver
        vpl-gpu-rt
      ];
    };
    nvidia = {
      modesetting.enable = true;
      powerManagement.enable = false;
      powerManagement.finegrained = true;
      open = true;
      nvidiaSettings = true;
      package = config.boot.kernelPackages.nvidiaPackages.stable;
      prime = {
        offload.enable = true;
        offload.enableOffloadCmd = true;
        intelBusId = "PCI:0:2:0";
        nvidiaBusId = "PCI:1:0:0";
      };
    };
  };

  # On-the-go specialisation — disables NVIDIA GPU, uses Intel only
  specialisation = {
    on-the-go.configuration = {
      system.nixos.tags = [ "on-the-go" ];

      # Blacklist all NVIDIA kernel modules
      boot.blacklistedKernelModules = [ "nouveau" "nvidia" "nvidia_drm" "nvidia_modeset" "nvidia_uvm" ];

      # Force Intel i915 driver for 13th gen (Raptor Lake) integrated graphics
      boot.kernelParams = [
        "i915.force_probe=a7a0"
        "module_blacklist=nvidia,nvidia_drm,nvidia_modeset,nvidia_uvm"
      ];

      boot.extraModprobeConfig = ''
        blacklist nouveau
        blacklist nvidia
        blacklist nvidia_drm
        blacklist nvidia_modeset
        blacklist nvidia_uvm
        options nouveau modeset=0
      '';

      # Remove NVIDIA devices from PCI bus to save power
      services.udev.extraRules = ''
        # Remove NVIDIA USB xHCI Host Controller devices, if present
        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{power/control}="auto", ATTR{remove}="1"
        # Remove NVIDIA USB Type-C UCSI devices, if present
        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{power/control}="auto", ATTR{remove}="1"
        # Remove NVIDIA Audio devices, if present
        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{power/control}="auto", ATTR{remove}="1"
        # Remove NVIDIA VGA/3D controller devices
        ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", ATTR{power/control}="auto", ATTR{remove}="1"
      '';

      # Use Intel modesetting driver only
      services.xserver.videoDrivers = lib.mkForce [ "modesetting" ];

      # Disable all NVIDIA hardware configurations
      hardware.nvidia = {
        prime.offload.enable = lib.mkForce false;
        prime.offload.enableOffloadCmd = lib.mkForce false;
        powerManagement.finegrained = lib.mkForce false;
        prime.sync.enable = lib.mkForce false;
      };

      # Ensure Intel graphics packages are available
      hardware.graphics.extraPackages = lib.mkForce (with pkgs; [
        intel-vaapi-driver
        intel-media-driver
        vpl-gpu-rt
      ]);

      # Clear NVIDIA-specific environment variables
      environment.sessionVariables = {
        GBM_BACKEND = lib.mkForce "";
        __GLX_VENDOR_LIBRARY_NAME = lib.mkForce "";
      };
    };
  };

  system.stateVersion = "23.11";
}