# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

let
  user = "hass-admin";
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  SSID = "Joey's Jungle 5G";
  SSIDpassword = "kR8v&3Qd"; # config.sops.templates."wifi-password".content;
  interface = "wlp0s20f3";
  timezone = "America/Chicago";
  hostname = "jallen-hass";
in
{
  imports = [
    # Include the results of the hardware scan.
    ./boot.nix
    ./hardware-configuration.nix
    ./impermanence.nix
    ./homeassistant.nix
    ../default.nix
  ];

  # Enable nix flakes and nix-command tools
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  nix.settings.trusted-users = [ "@wheel" ];

  # Set your time zone.
  time.timeZone = timezone;

  networking = {
    networkmanager = {
      enable = true;
      
      # Configure the static connection for eno1
#      ensureProfiles = {
#        profiles = {
#          joeys-jungle = {
#            connection = {
#              id = "joeys-jungle";
#              permissions = "";
#              type = "wifi";
#            };
#            ipv4 = {
#              dns-search = "";
#              method = "auto";
#            };
#            ipv6 = {
#              addr-gen-mode = "stable-privacy";
#              dns-search = "";
#               method = "auto";
#            };
#            wifi = {
#              mac-address-blacklist = "";
#              mode = "infrastructure";
##              ssid = SSID;
#            };
#            wifi-security = {
#              auth-alg = "open";
#              key-mgmt = "wpa-psk";
#              psk = SSIDpassword;
#            };
#          };
#          "static-eno1" = {
#            connection = {
#              id = "static-eno1";
#              type = "ethernet";
#              interface-name = "eno1";
#            };
#            ipv4 = {
#              method = "manual";
#              addresses = "10.0.1.19/24";
#              gateway = "10.0.1.1";
#              dns = "10.0.1.1";
#            };
#          };
#        };
#      };
    };
    hostName = hostname;
    wireless = {
      enable = false;
      networks."${SSID}".psk = SSIDpassword;
      interfaces = [ interface ];
    };
  };

  environment.systemPackages = with pkgs; [
    vim
    htop
    git
    protonmail-bridge
    pass
    gnome-keyring
  ];

  services.xserver.desktopManager.surf-display = {
    enable = true;
    defaultWwwUri = "http://jallen-hass:8123"; # todo: external maybe for reasons???
  };

  services.openssh.enable = true;
  services.protonmail-bridge = {
    enable = true;
    path = with pkgs; [ pass gnome-keyring ];
  };
  
  # Enable Avahi for .local hostname resolution
  services.avahi = {
    enable = true;
    nssmdns4 = true;  # For modern systems, use nssmdns4 instead of nssmdns
    publish = {
      enable = true;
      addresses = true;
      domain = true;
      workstation = true;
    };
  };

  users = {
    mutableUsers = false;
    users."${user}" = {
      isNormalUser = lib.mkForce true;
      initialHashedPassword = password;
      extraGroups = [
        "wheel"
        "docker"
        "network-manager"
        "hass"
      ];
      shell = pkgs.zsh;
    };
  };
}