# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, pkgs, ... }:
let
  user = "matt";
  password = config.sops.secrets."desktop/matt_password".path;
in
{
  imports = [
    ./adguard.nix
    ./argononed.nix
    ./boot.nix
    ./impermanence.nix
    ./networking.nix
    ./pi4-hw.nix
    ./sops.nix
    ../default.nix
  ];
  programs.zsh.enable = true;
  hardware.i2c.enable = true;

  services = {
    hardware.argonone = {
      enable = false;
      package = pkgs.argononed;
    };
    openssh = {
      enable = true;
      authorizedKeysFiles = [
        config.sops.secrets."ssh-keys-public/pi5".path
      ];
      hostKeys = [ ];
    };
  };

  systemd.services.btattach = {
    before = [ "bluetooth.service" ];
    after = [ "dev-ttyAMA0.device" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
    };
  };

  environment = {
    systemPackages = with pkgs; [
      git
      libraspberrypi
      raspberrypi-eeprom
      raspberrypifw
      raspberrypiWirelessFirmware
      raspberrypi-armstubs
      vim
    ];
    etc = {
      "ssh/ssh_host_ed25519_key".source = config.sops.secrets."pi4/sys-priv-key".path;
      "ssh/ssh_host_ed25519_key.pub".source = config.sops.secrets."pi4/sys-public-key".path;
    };
  };

  users = {
    mutableUsers = false;
    users."${user}" = {
      isNormalUser = true;
      hashedPasswordFile = password;
      extraGroups = [
        "wheel"
        "docker"
        "video"
      ];
      shell = pkgs.zsh;
    };
  };
}