{ config, pkgs, ... }:

{
  imports = [
    /etc/nixos/hardware-configuration.nix
    ./basic-tools.nix
  ];

  boot.loader.grub.enable = false;

  boot.loader.raspberryPi = {
    enable = true;
    version = 3;
    uboot.enable = true;
  };

  boot.kernelPackages = pkgs.linuxPackages_5_4;

  boot.kernelParams = [
    "cma=32M" # for virtual console, see https://nixos.wiki/wiki/NixOS_on_ARM
    "console=tty0"
  ];

  hardware.enableRedistributableFirmware = true;
  # hardware.firmware = with pkgs; [
  #   (stdenv.mkDerivation {
  #     name = "broadcom-rpi3bplus-extra";
  #     src = fetchurl {
  #       url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/b518de4/brcm/brcmfmac43455-sdio.txt";
  #       sha256 = "0r4bvwkm3fx60bbpwd83zbjganjnffiq1jkaj0h20bwdj9ysawg9";
  #     };
  #     phases = [ "installPhase" ];
  #     installPhase = ''
  #       mkdir -p $out/lib/firmware/brcm
  #       cp $src $out/lib/firmware/brcm/brcmfmac43455-sdio.txt
  #     '';
  #   })
  # ];
  # networking.wireless.enable = true;
  # networking.networkmanager.enable = true;
  networking.wireless.iwd.enable = true;

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
    };
  };

  networking.hostName = "murex";
  #networking.hostId = "34a820f1";

  time.timeZone = "Europe/Amsterdam";

  environment.systemPackages = with pkgs; [
    raspberrypi-tools
  ];

  users.extraUsers.gebner = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "audio" "dialout" ];
    shell = pkgs.fish;
  };

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  documentation.nixos.enable = false;

  services.octoprint = {
    enable = true;
    plugins = ps: with ps; [
      printtimegenius
      touchui
      # psucontrol
    ];
  };
  # systemd.services.setupGpioForRelais = rec {
  #   wantedBy = [ "octoprint.service" ];
  #   serviceConfig = {
  #     Type = "oneshot";
  #     RemainAfterExit = "yes";
  #   };
  #   script = let gpio = toString (458 + 17); in ''
  #     if echo ${gpio} > /sys/class/gpio/export; then
  #       echo high > /sys/class/gpio/gpio${gpio}/direction
  #     fi
  #     chown octoprint:dialout /sys/class/gpio/gpio${gpio}/value
  #   '';
  # };
  users.users.${config.services.octoprint.user}.extraGroups = [
    "dialout" # ttyUSB access
  ];

  systemd.services.ethKernelPanicFix = rec {
    wantedBy = [ "networking.target" ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = "yes";
    };
    # https://github.com/raspberrypi/linux/issues/2449
    script = ''
      ${pkgs.ethtool}/bin/ethtool -K eth0 tx-tcp-segmentation off tx-tcp6-segmentation off
    '';
  };

  services.mjpg-streamer = {
    enable = true;
    # inputPlugin = "input_uvc.so -r 1920x1080";
  };

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      # config.services.octoprint.port
      # 5050 # mjpg-streamer
      80
    ];
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    virtualHosts."murex.ams.gebner.org" = {
      locations."/" = {
        proxyPass = "http://localhost:${toString config.services.octoprint.port}";
        proxyWebsockets = true;
        # do not cache that octoprint is inaccessible on startup
        extraConfig = ''
          proxy_cache off;
          proxy_set_header Accept-Encoding "*";
          client_max_body_size 50M;
        '';
      };
      locations."/webcam/".proxyPass = "http://localhost:5050/?action=stream";
      locations."/webcampic/".proxyPass = "http://localhost:5050/?action=snapshot";
    };
  };

  system.stateVersion = "20.09";
}