{ config, pkgs, inputs, ... }:

{
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  nix.registry.nixpkgs.flake = inputs.nixpkgs;

  # Bootloader.
  boot.loader = {
    efi.canTouchEfiVariables = true;
    grub = {
      enable = true;
      devices = [ "nodev" ];
      efiSupport = true;
      useOSProber = true;
      fontSize = 30;
    };
  };

  boot.initrd.kernelModules = [ "amdgpu" "coretemp" ];

  boot.kernelParams = [ "intel_iommu=on" "kvm.enable_virt_at_load=0" ];

  boot.supportedFilesystems = [ "nfs" ];

  services.hardware.bolt.enable = true;

  networking.hostName = "nixpad"; # Define your hostname.

  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };

  imports = [
    ./programm_configs/yubikey-gpg.nix
    ./printing/config.nix

  ] ++ (if inputs.x11mode then
    [ ./programm_configs/x11.nix ]
  else [
    ./programm_configs/wayland.nix
  ]);

  # systemdresolved config
  networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];

  services.resolved = {
    enable = true;
    dnssec = "true";
    domains = [ "~." ];
    fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
    dnsovertls = "true";
  };


  services.gvfs.enable = true;

  # VPN services
  services.openvpn.servers = {
    KIT = {
      autoStart = false;
      config = '' config /home/clara/Uni/kit.ovpn '';
    };
  };

  # VirtualBox
  virtualisation.virtualbox.host = {
    enable = true;
    enableExtensionPack = true;
  };
  users.extraGroups.vboxusers.members = [ "clara" ];

  # Bluetooth
  services.blueman.enable = true;

  #scanning
  hardware.sane.enable = true;

  # GNOME Keyring
  services.gnome.gnome-keyring.enable = true;

  # duplicati
  services.duplicati = {
    enable = true;
    user = "clara";
  };

  # PipeWire Setup
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    audio.enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    extraConfig.pipewire = {
      "raop-discover" = {
        "context.modules" = [
          {
            name = "libpipewire-module-raop-discover";
          }
        ];
      };
    };
  };

  # Configure console keymap
  console.keyMap = "de";

  # enable zsh to allow setting it as a default shell
  programs.zsh.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.clara = {
    isNormalUser = true;
    description = "clara";
    initialPassword = "123456";
    extraGroups = [ "networkmanager" "wheel" "scanner" "lp" "docker" "adbusers" "kvm" "dialout"];
    shell = pkgs.zsh;
  };

  programs.adb.enable = true;

  # home manager
  home-manager.useGlobalPkgs = true;
  home-manager.useUserPackages = true;
  home-manager.users.clara = (import ./home.nix {
    config = config;
    pkgs = pkgs;
    x11mode = inputs.x11mode;
  });

  # enable polkit
  security.polkit.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  nixpkgs.config = {
    packageOverrides = pkgs: rec {
      polybar = pkgs.polybar.override {
        i3Support = true;
        pulseSupport = true;
      };
    };
  };

  # systemwide packages
  environment.systemPackages = with pkgs; [
    vim
    wget
    cifs-utils
  ] ++ (if !inputs.x11mode then [ greetd.regreet ] else [ ]);

  programs.dconf.enable = true;

  environment.pathsToLink = [ "/share/zsh" ];

  environment.sessionVariables = {
    GTK_THEME = "Adwaita:dark";
  };

  # patch for swaylock https://github.com/swaywm/sway/issues/2773
  security.pam.services.swaylock = {
    fprintAuth = false;
  };

  # Patch for IDEA PlugIn dev. Should be in dev flake!
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
    SDL
    SDL2
    SDL2_image
    SDL2_mixer
    SDL2_ttf
    SDL_image
    SDL_mixer
    SDL_ttf
    alsa-lib
    at-spi2-atk
    at-spi2-core
    atk
    bzip2
    cairo
    cups
    curlWithGnuTls
    dbus
    dbus-glib
    desktop-file-utils
    e2fsprogs
    expat
    flac
    fontconfig
    freeglut
    freetype
    fribidi
    fuse
    fuse3
    gdk-pixbuf
    glew110
    glib
    gmp
    gst_all_1.gst-plugins-base
    gst_all_1.gst-plugins-ugly
    gst_all_1.gstreamer
    gtk2
    harfbuzz
    icu
    keyutils.lib
    libGL
    libGLU
    libappindicator-gtk2
    libcaca
    libcanberra
    libcap
    libclang.lib
    libdbusmenu
    libdrm
    libgcrypt
    libgpg-error
    libidn
    libjack2
    libjpeg
    libmikmod
    libogg
    libpng12
    libpulseaudio
    librsvg
    libsamplerate
    libsecret
    libthai
    libtheora
    libtiff
    libudev0-shim
    libusb1
    libuuid
    libvdpau
    libvorbis
    libvpx
    libxcrypt-legacy
    libxkbcommon
    mesa
    nspr
    nss
    openssl
    p11-kit
    pango
    pixman
    python3
    speex
    stdenv.cc.cc
    tbb
    udev
    vulkan-loader
    wayland
    xorg.libICE
    xorg.libSM
    xorg.libX11
    xorg.libXScrnSaver
    xorg.libXcomposite
    xorg.libXcursor
    xorg.libXdamage
    xorg.libXext
    xorg.libXfixes
    xorg.libXft
    xorg.libXi
    xorg.libXinerama
    xorg.libXmu
    xorg.libXrandr
    xorg.libXrender
    xorg.libXt
    xorg.libXtst
    xorg.libXxf86vm
    xorg.libpciaccess
    xorg.libxcb
    xorg.xcbutil
    xorg.xcbutilimage
    xorg.xcbutilkeysyms
    xorg.xcbutilrenderutil
    xorg.xcbutilwm
    xorg.xkeyboardconfig
    xz
    zlib
  ];

  # Docker
  virtualisation.docker.enable = true;

  hardware.graphics.extraPackages = with pkgs; [
    amdvlk
  ];

  # firefox screen sharing
  xdg = {
    portal = {
      enable = true;
      configPackages = with pkgs; [
        xdg-desktop-portal-wlr
        xdg-desktop-portal-gtk
      ];
    };
  };

  # wireguard
  networking.firewall = {
    # if packets are still dropped, they will show up in dmesg
    logReversePathDrops = true;
    # wireguard trips rpfilter up
    extraCommands = ''
      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
      ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
    '';
    extraStopCommands = ''
      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
      ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
    '';
  };

  # Fix for CVE-2022-27470 keeping package from building
  nixpkgs.config.permittedInsecurePackages = [
    "SDL_ttf-2.0.11"
  ];

  # backlight
  programs.light.enable = true;

  systemd.network.wait-online.ignoredInterfaces = [ "wg0" "docker0" "vboxnet0" ];

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?
}