{ config, pkgs, lib, ... }:

{
  # this allows you to access `pkgsUnstable` anywhere in your config
  _module.args.pkgsUnstable = import inputs.nixpkgs-unstable {
    inherit (pkgs.stdenv.hostPlatform) system;
    inherit (config.nixpkgs) config;
  };

  imports =
    [
      ./hardware-configuration.nix
      ./configs
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  nix.autoOptimiseStore = true;
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 10d";
  };

  time.timeZone = "America/Los_Angeles";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  networking.hostName = "imladris";
  networking.networkmanager.enable = true;
  networking.useDHCP = false;
  services.resolved.enable = true;
  services.resolved.fallbackDns = [
    "1.1.1.1"
    "8.8.8.8"
  ];

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 ];

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    permitRootLogin = "prohibit-password";
    # passwordAuthentication = false;
  };

  security.doas = {
    enable = true;
    extraRules = [{
      users = ["kyle"];
      keepEnv = true;
      noPass = true;
    }];
  };

  services.cron.enable = true;

  # Enable the X11 windowing system.
  # services.xserver.windowManager.stumpwm.enable = true;
  services.xserver = {
    displayManager = {
      gdm = {
        enable = true;
        wayland = false;
      };
    };
    enable = true;
    windowManager = {
      i3.enable = true;
    };
    xkb = {
      layout = "us";
      options = "ctrl:swapcaps";
    };
  };

  # from a previous platform, but might be similar.
  # icarus is an "AMD Ryzen 5 PRO 4650U with Radeon Graphics" machine.
  # services.xserver.videoDrivers = [ "amdgpu" ];
  # services.xserver.useGlamor = true;

  # In case of tearing, this is reported to fix the issue. The intel driver is
  # outdated (last updated in 2015), so try to avoid this.
  # services.xserver.videoDrivers = [ "intel" ];
  # services.xserver.deviceSection = ''
  #   Option "DRI" "2"
  #   Option "TearFree" "true"
  # '';

  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput = {
    enable = true;
    mouse.naturalScrolling = true;
    touchpad.naturalScrolling = true;
  };

  console.useXkbConfig = true;

  sound.enable = true;
  hardware.pulseaudio.enable = true;

  users.users.kyle = {
    isNormalUser = true;
    extraGroups = [
        "wheel"
        "networkmanager"
        "dialout"
    ];
  };
  programs.direnv.enable = true;
  programs.command-not-found.enable = false;

  # fwupd
  services.fwupd.enable = true;

  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
    # Add any missing dynamic libraries for unpackaged programs
    # here, NOT in environment.systemPackages
  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  nixpkgs.config.allowUnfree = true; # needed for amdgpu
  nixpkgs.config.packageOverrides = pkgs: {
    doas = pkgs.doas.override { withPAM = false; };
    nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
      inherit pkgs;
    };
  };
  environment.systemPackages = with pkgs; [
    ag
    arduino
    binutils-unwrapped
    bitwarden
    cloc
    cscope
    doas
    elinks
    emacs
    emScript
    feh
    ffmpeg
    file
    fira-code
    firefox
    fzf
    gcc
    gdb
    gforth
    git
    gnumake
    go
    go-font
    hexyl
    htop
    i3
    keychain
    lagrange
    libzip
    mercurial
    mg
    mutt
    nmap
    obsidian
    ops
    pciutils
    picocom
    pwgen
    python3Full
    sbcl
    scdoc
    scrot
    stumpwm
    syncthing
    syncthing-cli
    syncthing-tray
    tailscale
    tcpdump
    texinfo
    texliveFull
    tmux
    tree
    vimHugeX
    vscode
    wget
    xfce.xfce4-terminal
  ];

  fonts.fonts = with pkgs; [
    fira-code
    fira-code-symbols
    go-font
  ];


  # services.syncthing = {
	#   enable = true;
	#   user = "kyle";
	#   dataDir = "/home/kyle/Sync";
  #   configDir = "/home/kyle/.config/syncthing";
  # };
  services.tailscale.enable = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  programs.zsh.enable = true;

  nix.settings.experimental-features = [ "nix-command" ];

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
}