# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:
let
  user = "matt";
  # password = config.sops.secrets."pi4/matt-password".path;
  kernelBundle = pkgs.linuxAndFirmware.latest;
in
{
  imports = [
    ./adguard.nix
    ./boot.nix
    ./impermanence.nix
    ./networking.nix
    ./sops.nix
  ];

  nix = {
    settings = {
      substituters = [
        "https://nixos-raspberrypi.cachix.org"
        "https://cache.mjallen.dev"
      ];
      trusted-public-keys = [
        "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
      ];
    };
  };

  # Configure nixpkgs
  nixpkgs = {
    overlays = lib.mkAfter [
      (self: super: {
        # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least 
        # enableRedistributableFirmware is enabled
        # I know no easier way to override this package
        inherit (kernelBundle) raspberrypiWirelessFirmware;
        # Some derivations want to use it as an input,
        # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
        inherit (kernelBundle) raspberrypifw;
      })
    ];
  };

  system.nixos.tags = let
    cfg = config.boot.loader.raspberryPi;
  in [
    "raspberry-pi-${cfg.variant}"
    cfg.bootloader
    config.boot.kernelPackages.kernel.version
  ];

  programs.zsh.enable = true;
  hardware.i2c.enable = true;

  services = {
    openssh = {
      enable = true;
      authorizedKeysFiles = [
        config.sops.secrets."ssh-keys-public/pi5".path
      ];
      hostKeys = [ ];
    };
  };

  systemd.services.btattach = {
    before = [ "bluetooth.service" ];
    after = [ "dev-ttyAMA0.device" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
    };
  };

  environment = {
    systemPackages = with pkgs; [
      i2c-tools
      libraspberrypi
      raspberrypi-eeprom
      raspberrypifw
      raspberrypiWirelessFirmware
      raspberrypi-armstubs
    ];
  };

  users = {
    mutableUsers = false;
    users."${user}" = {
      isNormalUser = true;
      # hashedPasswordFile = password;
      password = "BogieDudie1";
      extraGroups = [
        "wheel"
        "docker"
        "video"
      ];
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = [
        # macBook
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
        # desktop windows
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
        # desktop nixos
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
      ];
    };

    users.root.shell = pkgs.zsh;
  };
}