{ config
, pkgs
, lib
, ...
}:
let
  xilinxJtag = pkgs.writeTextFile {
    name = "xilinx-jtag";
    text = ''
      ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", TAG+="uaccess"
    '';
    destination = "/etc/udev/rules.d/61-xilinx-jtag.rules";
  };
  saleaeLogic = pkgs.writeTextFile {
    name = "saleae-logic";
    text = ''
      # Saleae Logic analyzer (USB Based)
      ATTRS{idVendor}=="21a9", ATTRS{idProduct}=="1006", TAG+="uaccess"
    '';
    destination = "/etc/udev/rules.d/61-saleae-logic.rules";
  };
  keychron = pkgs.writeTextFile {
    name = "keychron";
    text = ''
      # Saleae Logic analyzer (USB Based)
      ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0280", TAG+="uaccess"
    '';
    destination = "/etc/udev/rules.d/61-keychron.rules";
  };
in
{
  imports = [
    ../modules/profiles/laptop.nix
    ./hardware-configuration.nix
  ];

  dadada.backupClient.bs.enable = false;
  dadada.backupClient.backup1.enable = true;
  dadada.backupClient.backup2 = {
    enable = true;
    passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
    sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
    repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
  };

  programs.ssh.startAgent = true;

  nix.extraOptions = ''
    experimental-features = nix-command flakes
    # Prevent garbage collection for nix shell and direnv
    keep-outputs = true
    keep-derivations = true
  '';

  boot = {
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
    kernelParams = [ "resume=/dev/disk/by-label/swap" ];
    initrd = {
      systemd.enable = true;
      luks.devices = {
        root = {
          device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4";
          preLVM = true;
          allowDiscards = true;
          crypttabExtraOpts = [ "fido2-device=auto" ];
        };
      };
    };
    kernel.sysctl = {
      "vm.swappiness" = 90;
    };
  };

  networking.hostName = "gorgon";

  dadada = {
    steam.enable = true;
    yubikey.enable = true;
  };

  programs.adb.enable = true;

  programs.firefox = {
    enable = true;
    package = pkgs.firefox-wayland;
  };

  programs.wireshark.enable = true;

  services.avahi.enable = true;

  services.smartd.enable = true;

  services.tor = {
    enable = true;
    client.enable = true;
  };

  services.paperless = {
    enable = true;
    passwordFile = config.age.secrets.paperless.path;
  };

  systemd.tmpfiles.rules = let cfg = config.services.paperless; in [
    (if cfg.consumptionDirIsPublic then
      "d '${cfg.consumptionDir}' 777 - - - -"
    else
      "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
    )
  ];

  age.secrets.paperless = {
    file = "${config.dadada.secrets.path}/paperless.age";
    mode = "700";
    owner = "paperless";
  };

  # Enable CUPS to print documents.
  services.printing = {
    enable = true;
    browsing = true;
    drivers = with pkgs; [
      hplip
      brlaser
      brgenml1lpr
      brgenml1cupswrapper
    ];
  };

  environment.systemPackages = with pkgs; [
    ghostscript
    smartmontools

    dmenu
    grim # screenshot functionality
    slurp # screenshot functionality
    mako # notification system developed by swaywm maintainer
    pulseaudio
  ];

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      22000 # Syncthing
    ];
    allowedUDPPorts = [
      21027 # Syncthing
    ];
  };

  systemd.services.modem-manager.enable = lib.mkForce false;
  systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;

  systemd.sleep.extraConfig = ''
    HibernateDelaySec=1h
  '';

  services.udev.packages = [
    xilinxJtag
    saleaeLogic
    keychron
    pkgs.libsigrok
  ]; #noMtpUdevRules ];

  virtualisation.libvirtd.enable = true;

  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
  };

  users.users = {
    dadada = {
      isNormalUser = true;
      extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ];
      shell = "/run/current-system/sw/bin/zsh";
    };
  };

  networking.hosts = {
    "127.0.0.2" = [ "kanboard.dadada.li" ];
  };

  services.gnome.gnome-keyring.enable = lib.mkForce false;
  programs.gnupg.agent.enable = true;

  #services.xserver.enable = true;
  #services.xserver.desktopManager.gnome.enable = true;
  #services.xserver.displayManager.gdm.enable = true;
  services.greetd = {
    enable = true;
    settings = {
      default_session = {
        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
        user = "greeter";
      };
    };
  };
  systemd.user.services.kanshi = {
    enable = true;
    description = "kanshi daemon";
    environment = {
      WAYLAND_DISPLAY = "wayland-1";
      DISPLAY = ":0";
    };
    serviceConfig = {
      Type = "simple";
      ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
    };
  };
  # enable Sway window manager
  programs.sway = {
    enable = true;
    wrapperFeatures.gtk = true;
  };
  programs.light.enable = true;
  xdg.portal.wlr.enable = true;
  hardware.bluetooth.enable = true;

  hardware.opengl = {
    enable = true;
    extraPackages = with pkgs; [
      vaapiVdpau
      libvdpau-va-gl
    ];
  };

  system.stateVersion = "23.11";
}