# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{
  lib,
  inputs,
  config,
  pkgs,
  ...
}: {
  imports = [
    inputs.nixos-hardware.nixosModules.raspberry-pi-4

    ./hardware-configuration.nix

    ../common/global
    ../common/users/julian
    ../common/optional/binarycaches.nix

    ../common/optional/pipewire.nix
    ../common/optional/remote-builder.nix
    ../common/optional/pcmanfm.nix
    ../common/optional/redshift.nix
    ../common/optional/authentication.nix
  ];

  # disko.devices.disk.main.device = "/dev/mmcblk1";

  # networking.wireless.enable = true;
  # networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
  # networking.wireless.networks = {
  #   "@SSID@".psk = "@PSK@";
  # };
  networking.hostName = "pianonix";
  system.stateVersion = "22.11";

  sops.secrets."vnc-passwd" = {
    owner = config.users.users.julian.name;
    sopsFile = ./vnc-passwd;
    format = "binary";
  };
  sops.secrets."wifi/pianonix" = {};
  sops.secrets."syncthing/pianonix/key" = {};
  sops.secrets."syncthing/pianonix/cert" = {};
  # sops.secrets."syncthing/public-keys/aspi-nix" = { };
  # sops.secrets."syncthing/public-keys/pianonix" = { };

  modules = {
    syncthing = {
      enable = true;
      overrideSettings = true;
    };
  };

  # Enable the Desktop Environment.
  # services.xserver.displayManager.lightdm.enable = true;
  services.displayManager.autoLogin = {
    enable = true;
    user = "julian";
  };

  systemd.services.x11vnc = {
    description = "Run x11vnc server";
    after = ["display-manager.service"];
    wantedBy = ["multi-user.target"];
    serviceConfig = {
      ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${
        config.sops.secrets."vnc-passwd".path
      } -forever -loop -noxdamage -repeat -rfbport 5900 -shared";
      User = config.users.users.julian.name;
      Restart = "on-failure";
      Environment = "DISPLAY=:0";
    };
  };

  boot.loader.timeout = 1; # Set boot loader timeout to 1s

  # De-facto disable network manager, which is enabled by gnome
  # networking.networkmanager.unmanaged = [ "*" ];
  services.xserver.desktopManager = {
    xfce = {
      enable = true;
    };
  };

  services.xserver.displayManager.sessionCommands = ''
    # Prevent screen from going blank or turning off (values in min)
    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0
    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0
    ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0
  '';

  services.xserver.xautolock.enable = false;
  services.xserver.desktopManager.xfce.enableScreensaver = false;

  # xdg.portal.lxqt.enable = true;

  services.openssh = {
    enable = true;
    # require public key authentication for better security
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PermitRootLogin = "yes";
  };
  users.users."root".openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi"
  ];

  services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path;
  services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path;
  services.syncthing.settings = {
    devices = {
      "aspi-nix" = {
        id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3";
      };
      "pianonix" = {
        id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH";
      };
    };
    folders = {
      "Klavier" = {
        path = "/home/julian/Klavier";
        id = "flc3m-q4gp2";
        devices = [
          "aspi-nix"
          "pianonix"
        ];
      };
    };
  };

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    5900 # for vnc
  ];

  # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI!
  # If no user is logged in, the machine will power down after 20 minutes.
  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
  systemd.targets.hybrid-sleep.enable = false;

  ## Raspberry pi specific config
  # hardware.raspberry-pi."4" = {
  #   fkms-3d.enable = true;
  #   touch-ft5406.enable = true;
  # };
  # Prevent host becoming unreachable on wifi after some time (for raspberry pi)
  networking.networkmanager.wifi.powersave = false;
  # Enable audio devices on raspberry pi
  # boot.kernelParams = [
  #   "snd_bcm2835.enable_hdmi=1"
  #   "snd_bcm2835.enable_headphones=1"
  # ];
  # boot.loader.raspberryPi.firmwareConfig = ''
  #   dtparam=audio=on
  # '';
}