{ config, pkgs, ... }:

{
  imports =
    [
      ./basic-tools.nix
      ./common-sw.nix
    ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  nix.settings = {
    sandbox = true;
    substituters = [ "https://cache.nixos.org" ];
    trusted-substituters = [ "https://cache.nixos.org" ];
  };
  nix.extraOptions = ''
    auto-optimise-store = true
    binary-caches-parallel-connections = 10
  '';

  networking.networkmanager.enable = true;
  networking.firewall.enable = true;

  time.timeZone = "Europe/Amsterdam";

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
  };
  programs.ssh.startAgent = false;

  # Enable CUPS to print documents.
  services.avahi.enable = true; # cups browsing support
  services.printing = {
    enable = true;
    browsing = true;
    drivers = [ pkgs.hplip ];
  };

  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
  };

  virtualisation.containers = {
    registries.search = [ "docker.io" ];
  };

  virtualisation.lxd.enable = true;
  virtualisation.lxd.recommendedSysctlSettings = true;
  virtualisation.lxd.package = pkgs.lxd;
  virtualisation.lxc.lxcfs.enable = true;

  systemd.enableUnifiedCgroupHierarchy = pkgs.lib.mkForce true;

  boot.kernel.sysctl = {
    "kernel.perf_event_paranoid" = "0";
    "kernel.kptr_restrict" = pkgs.lib.mkForce "0";

    # IntelliJ
    "fs.inotify.max_user_watches" = pkgs.lib.mkDefault 524288;

    # undo lxd "recommendedSysctlSettings"
    "kernel.dmesg_restrict" = pkgs.lib.mkForce 0;
  };

  # gapt: `ulimit -n` was 256
  security.pam.loginLimits = [
    { domain = "*"; type = "-"; item = "nofile"; value = "4096"; }
  ];

  fileSystems."/mnt/vaccaria" = {
    device = "//vaccaria.htdf.gebner.org/export";
    fsType = "cifs";
    options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" "vers=1.0"  ];
  };

  fileSystems."/mnt/aplysia" = {
    device = "//aplysia.ams.gebner.org/export";
    fsType = "cifs";
    options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aplysia" "vers=1.0"  ];
  };

  fileSystems."/mnt/aruanus" = {
    device = "//aruanus.htdf.gebner.org/export";
    fsType = "cifs";
    options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aruanus" "vers=1.0"  ];
  };

  users.extraUsers.gebner = {
    isNormalUser = true;
    extraGroups = [
      "wheel"
      "networkmanager"
      "audio"
      "transmission"
      "lxd"
      "libvirtd"
      "vboxusers"
      "wireshark"
    ];
    # shell = "${pkgs.zsh}/bin/zsh";
    shell = "/run/current-system/sw/bin/fish";

    password = if config.virtualisation != null then "" else null;
  };

  users.groups = {
    transmission = {
      gid = config.ids.gids.transmission;
    };
  };


  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      # LC_TIME = "en_GB.UTF-8";
      LC_PAPER = "de_AT.UTF-8";
    };
  };

  system.fsPackages = with pkgs; [
    ntfs3g
    exfatprogs
  ];

}