# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

let
  user = "matt";
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  SSID = "Joey's Jungle 5G";
  wifiSecrets = config.sops.secrets."wifi-password".path;
  interface = "wlan0";
  timezone = "America/Chicago";
  hostname = "pi4";
in
{
  imports = [
    # Include the results of the hardware scan.
    ./adguard.nix
    ./argononed.nix
    ./boot.nix
    ./hardware-configuration.nix
    ./impermanence.nix
#    ./sops.nix
    ./ups-monitor.nix
    ../default.nix
  ];

  
  # Enable nix flakes and nix-command tools
  nix = {
    settings = {
      substituters = [
        # "https://cache.mjallen.dev"
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      warn-dirty = lib.mkForce false;
      experimental-features = lib.mkForce [
        "nix-command"
        "flakes"
      ];
      trusted-users = lib.mkDefault [
        "root"
        "@wheel"
        user
      ];
    };
  };
 
  services.xserver = {
    enable = false;
    desktopManager = {
      budgie.enable = false;
    };
    displayManager = {
      lightdm.enable = false;
    };
  };

  services.hardware.argonone.enable = true;

  services.ups-monitor = {
    enable = false;
  };

  hardware = {
    raspberry-pi."4".fkms-3d.enable = false;
    raspberry-pi."4".apply-overlays-dtmerge.enable = false;
    raspberry-pi."4".audio.enable = false;
    raspberry-pi."4".bluetooth.enable = false;
    raspberry-pi."4".dwc2.enable = false;
    raspberry-pi."4".xhci.enable = false;
  };

  # Set your time zone.
  time.timeZone = timezone;

  networking = {
    networkmanager.enable = lib.mkForce false;
    hostName = hostname;
    wireless = {
      enable = false;
      secretsFile = wifiSecrets;
      networks."${SSID}".psk = "ext:PSK";
      interfaces = [ interface ];
    };

    defaultGateway.address = "10.0.1.1";
    nameservers = [ "10.0.1.1" ];

    interfaces.enabcm6e4ei0.ipv4.addresses = [ {
     address = "10.0.1.2";
     prefixLength = 24;
    } ];

    firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [ 80 53 ];
      allowedUDPPorts = [ 80 53 ];
    };
  };

  systemd.services.btattach = {
    before = [ "bluetooth.service" ];
    after = [ "dev-ttyAMA0.device" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
    };
  };

  environment.systemPackages = with pkgs; [
    argononed
    vim
    libraspberrypi
    raspberrypi-eeprom
    raspberrypifw
    raspberrypiWirelessFirmware
    raspberrypi-armstubs
    htop
    git
  ];

  services.openssh.enable = true;

  programs.nix-index = {
    enable = true;
    enableBashIntegration = true;
    enableZshIntegration = true;
  };

  users = {
    mutableUsers = false;
    users."${user}" = {
      isNormalUser = true;
      initialHashedPassword = password;
      extraGroups = [
        "wheel"
        "docker"
      ];
      shell = pkgs.zsh;
    };
  };
}