# Tangled in ../Systems.org
{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
    ];

  boot.loader.grub = {
    enable = true;
    version = 2;
    device = "nodev";
    useOSProber = true;
    efiSupport = true;
    enableCryptodisk = true;
    canTouchEfiVariables = true;
    efiSysMountPoint = "/boot/efi";
  };

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  boot.kernelPackages = pkgs.linuxPackages_6_0;

  # Setup keyfile
  boot.initrd.secrets = {
    "/crypto_keyfile.bin" = null;
  };

  # Enable swap on luks
  boot.initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1".device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
  boot.initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1".keyFile = "/crypto_keyfile.bin";

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.utf8";

  networking.hostName = "LONDON"; # Define your hostname.
  # Enable networking
  networking.networkmanager.enable = true;
  systemd.services.NetworkManager-wait-online.enable = false;
  networking.firewall.checkReversePath = "loose";
 
  networking.firewall.allowedTCPPorts = [ 3389 ]; # for RDP

  services.mullvad-vpn.enable = true;
  services.tailscale.enable = true;

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Enable the KDE Plasma Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

  services.xrdp.enable = true;
  services.xrdp.defaultWindowManager = "startplasma-x11";
  
  # Configure keymap in X11
  services.xserver = {
    layout = "us";
    xkbVariant = "";
  };

  
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  services.xserver.videoDrivers = [ "nvidia" ];
  hardware.opengl.enable = true;

  programs.zsh.enable = true;
  environment.shells = with pkgs; [ zsh ];
  users.users.gsimmer = {
    shell = pkgs.zsh;
    isNormalUser = true;
    description = "Gabriel Simmer";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [ vim ];
  };

  environment.systemPackages = with pkgs; [
    os-prober
    tailscale
    cifs-utils
    pinentry-curses
  ];

  # Enable CUPS to print documents.
  services.printing.enable = true;

  # Enable sound with pipewire.
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;
  };

  virtualisation = {
    docker = {
      enable = true;
      rootless = {
        enable = true;
        setSocketVariable = true;
      };
    };
  };
  
  programs.dconf.enable = true;

  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = false;
  };

  fonts.fonts = with pkgs; [
    ibm-plex
    jetbrains-mono
  ];

  services.yubikey-agent.enable = true;
  services.pcscd.enable = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    pinentryFlavor = "curses";
    enableSSHSupport = true;
  };
  
  system.stateVersion = "22.05";
}