# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
  outputs,
  lib,
  config,
  pkgs,
  pkgs-edge,
  ...
}: {
  imports = [
    # Import shared packages
    ../shared
    ./package-configs
  ];
  nixpkgs = {
    # You can add overlays here
    overlays = [
      #(final: prev: {
      #bcachefs-tools = pkgs-edge.bcachefs-tools;
      #})
      # Add overlays your own flake exports (from overlays and pkgs dir):
      outputs.overlays.additions
      outputs.overlays.modifications
      #outputs.overlays.unstable-packages
    ];
    config = {
      allowUnfree = true;
    };
  };

  environment.systemPackages =
    (with pkgs; [
      # Custom tools
      dvd
      dvt
      servo
      restart

      # System tools
      aha
      #bcachefs-tools
      clinfo
      comma
      direnv
      exfat
      exfatprogs
      git-filter-repo
      gnupg
      pciutils
      podman
      podman-compose
      sbctl
      tpm2-tools
      tpm2-tss
      virtualgl
      vulkan-tools
      # waydroid
      waypipe
      wayland-utils
      yubikey-personalization
      zsh

      # KDE/QT
      krunner-translator
      kdePackages.discover
      kdePackages.filelight
      kdePackages.kcalc
      kdePackages.kdepim-addons
      kdePackages.kirigami
      kdePackages.kdeconnect-kde
      kdePackages.konsole
      # kdePackages.krunner-ssh
      # kdePackages.krunner-symbols
      kdePackages.packagekit-qt
      kdePackages.plasma-pa
      kdePackages.sddm-kcm
      kdePackages.dolphin-plugins
      kdePackages.qtstyleplugin-kvantum
      kdePackages.krdc
      kdePackages.krfb
      kdePackages.kate
      kdePackages.xwaylandvideobridge
      libportal-qt5
      libportal

      # User tools
      noisetorch
      qjackctl
      wireplumber
      #rustdesk
    ])
    ++ (with pkgs-edge; [
      freetube
      # list of latest packages from nixpkgs master
      # Can be used to install latest version of some packages
    ]);
  sops = {
    secrets."nextcloud-password" = {
      mode = "0600";
      owner = config.users.users.lillian.name;
      path = "/home/lillian/.netrc";
    };
  };

  programs = {
    # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
    command-not-found.enable = lib.mkForce false;
    nix-index.enable = true;
    nix-index-database.comma.enable = true;

    direnv = {
      enable = true;
    };

    steam = {
      enable = true;
      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
      extest.enable = true;
    };
    kdeconnect.enable = true;

    noisetorch = {
      enable = true;
    };
  };

  # Enable networking
  networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses

  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";
  services = {
    # Enable the X11 windowing system.
    xserver.enable = true;

    # Enable the KDE Plasma Desktop Environment.
    displayManager.sddm = {
      enable = true;
      wayland.enable = true;
    };
    displayManager.defaultSession = "plasma";
    desktopManager.plasma6.enable = true;
    desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible;

    # Enable flatpak support
    flatpak.enable = true;
    packagekit.enable = true;

    # Configure keymap in X11
    xserver.xkb = {
      layout = "us";
      variant = "";
      options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
    };

    # Enable CUPS to print documents.
    printing.enable = true;

    # Enable fwupd daemon and user space client
    fwupd.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;
      wireplumber.enable = true;
    };

    avahi = {
      nssmdns4 = true;
      enable = true;
      ipv4 = true;
      ipv6 = true;
      publish = {
        enable = true;
        addresses = true;
        workstation = true;
      };
    };
  };
  hardware = {
    graphics.enable32Bit = true;

    # Enable bluetooth hardware
    bluetooth.enable = true;
  };
  security.rtkit.enable = true;

  services.pulseaudio.enable = false;
  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
  };
  security.tpm2 = {
    enable = true;
    pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
    tctiEnvironment.enable = true;
  }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
  users.users.lillian.extraGroups = ["tss"];
  boot = {
    # tss group has access to TPM devices
    bootspec.enable = true;
    binfmt.emulatedSystems = ["aarch64-linux"];
    #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
    #boot.supportedFilesystems = ["bcachefs"];
    extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
    kernelModules = [
      # Virtual Camera
      "v4l2loopback"
      # Virtual Microphone, built-in
      "snd-aloop"
    ];

    # Set initial kernel module settings
    extraModprobeConfig = ''
      # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
      # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
      # https://github.com/umlaeute/v4l2loopback
      options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
    '';
    loader.systemd-boot.configurationLimit = 3;
    loader.efi.canTouchEfiVariables = true;
  };
}