{ flake, config, pkgs, lib, ... }:

with lib;

{
  imports = with flake.nixosModules.systemProfiles; [
    default-locale nfsroot
  ];

  config = {
    nixpkgs = {
      system = "x86_64-linux";
      config = {
        allowUnfree = true;
      };
    };

    boot = {
      initrd = {
        availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" "sr_mod" ];
        kernelModules = [ "igb" ];
      };
      kernelModules = [ "kvm-amd" ];
      extraModulePackages = [ ];

      plymouth.enable = true;

      tmpOnTmpfs = true;
    };

    hardware = {
      enableRedistributableFirmware = true;
      cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;

      nvidia = {
        modesetting.enable = true;
        powerManagement.enable = true;
      };

      opengl.enable = true;
    };

    environment.etc."machine-id".text = "f457b21333f1491e916521151ff5d468";

    networking = {
      hostId = "f457b213";

      domain = "lan.yggdrasil";
      search = [ "lan.yggdrasil" "yggdrasil" ];

      hosts = {
        "127.0.0.1" = [ "eostre.lan.yggdrasil" "eostre" ];
        "::1" = [ "eostre.lan.yggdrasil" "eostre" ];
      };

      firewall.enable = false;
      nftables = {
        enable = true;
        rulesetFile = ./ruleset.nft;
      };
    };

    services.resolved = {
      llmnr = "false";
    };

    zramSwap.enable = true;

    system.stateVersion = "22.11";


    console.keyMap = "us";
    time.hardwareClockInLocalTime = true;


    environment.systemPackages = with pkgs; [ cifs-utils ];

    security.pam.mount = {
      enable = true;
      extraVolumes = [
        "<volume sgrp=\"users\" fstype=\"cifs\" server=\"vidhar.lan.yggdrasil\" path=\"home-eostre\" mountpoint=\"~\" options=\"mfsymlinks\" />"
        "<volume sgrp=\"users\" fstype=\"cifs\" server=\"vidhar.lan.yggdrasil\" path=\"%(USER)\" mountpoint=\"/run/media/%(USER)/vidhar\" options=\"mfsymlinks,noexec,nosuid\" />"
      ];
    };


    services.xserver = {
      enable = true;
      displayManager.sddm = {
        enable = true;
        settings = {
          Users.HideUsers = "gkleen";
        };
      };
      desktopManager.plasma5.enable = true;

      videoDrivers = [ "nvidia" ];
    };

    systemd.services = mapAttrs' (userName: _: nameValuePair "home-manager-${userName}" { enable = mkForce false; }) config.home-manager.users;

    systemd.user.services."home-manager" = let
      cfg = config.home-manager;
    in {
      description = "Home Manager environment";
      wantedBy = [ "basic.target" ];
      before = [ "basic.target" ];

      environment = optionalAttrs (cfg.backupFileExtension != null) {
        HOME_MANAGER_BACKUP_EXT = cfg.backupFileExtension;
      } // optionalAttrs cfg.verbose { VERBOSE = "1"; };

      stopIfChanged = false;

      unitConfig.DefaultDependencies = false;

      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = "yes";
        TimeoutStartSec = 90;
        SyslogIdentifier = "hm-activate";

        ExecStart = pkgs.writeScript "hm-activate" ''
          #! ${pkgs.runtimeShell} -el

          case $USER in
            ${concatStringsSep "\n  " (mapAttrsToList (_: usercfg: builtins.replaceStrings ["\n"] ["\n  "] ''
              ${usercfg.home.username})
                ${usercfg.home.activationPackage}/activate
                systemctl --user daemon-reload
              ;;
            '') cfg.users)}
            *) exit 0; ;;
          esac
        '';
      };
    };
  };
}