{ self, nixpkgs, nixos-hardware, ... }:
let
  pkgs = import nixpkgs { system = "x86_64-linux"; };
in
{
  imports = [
    nixos-hardware.nixosModules.common-cpu-amd
    nixos-hardware.nixosModules.common-gpu-amd
    nixos-hardware.nixosModules.common-pc-ssd

    ./hardware-configuration.nix
    ../../users/erwin
    ../../users/root
    ../../users/builder
  ];

  eboskma = {
    users = {
      erwin = {
        enable = true;
        desktop = true;
      };
      builder.enable = true;
    };
    # backscrub.enable = true;
    base = {
      plymouth.enable = true;
      work = false;
      kernel = pkgs.linuxKernel.packages.linux_5_19;
      udev-rules = {
        qmk = true;
        solo2 = true;
        picotool = true;
        blink1 = true;
        probe-rs = true;
      };
    };
    bluetooth.enable = true;
    desktop = {
      enable = true;
      home-manager = true;
    };
    docker.enable = true;
    element-web.enable = false;
    fonts.enable = true;
    gnome.enable = true;
    greetd.enable = true;
    # home-manager = {
    #   inherit (users) users;
    #   enable = true;
    # };
    libvirtd.enable = true;
    livebook = {
      enable = true;
      dataDir = "/home/erwin/workspace/livebook";
      userMapping = "1000:100";
    };
    networking = {
      enable = true;
    };
    nix-common = {
      enable = true;
      cross-systems = [ "aarch64-linux" ];
    };
    tablet.enable = false;
    sound.enable = true;
    systemd.enable = true;
  };

  boot.loader = {
    systemd-boot = {
      enable = true;
      configurationLimit = 10;
    };
    efi.canTouchEfiVariables = true;
  };

  time.timeZone = "Europe/Amsterdam";

  networking = {
    hostName = "loki";
    useDHCP = false;
    networkmanager.enable = true;
    useNetworkd = true;

    hosts = {
      "10.0.0.252" = [ "pve.datarift.nl" ];
    };

    firewall = {
      trustedInterfaces = [ "lo" ];
      # interfaces."enp4s0" = {
      allowedTCPPorts = [
        # NFS
        111
        2049
        4100
        4101
        4102
        20048

        # Horus System V2
        12345
        5555
        5556

        # Elixir/Phoenix dev environment
        4000

        # Sunshine
        48010
      ];

      allowedUDPPorts = [
        # NFS
        111
        2049
        4100
        4101
        4102
        20048
      ];

      allowedTCPPortRanges = [
        # Sunshine
        { from = 47984; to = 47990; }
      ];

      allowedUDPPortRanges = [
        # Sunshine
        { from = 47998; to = 48000; }
      ];
      # };
    };
  };

  systemd.network = {
    enable = true;

    networks = {
      "40-enp4s0" = {
        DHCP = "yes";
      };
    };
  };
  # nix = {
  #   package = pkgs.nixUnstable;
  #   extraOptions = ''
  #     experimental-features = nix-command flakes
  #   '';
  # };

  services.openssh.enable = true;

  services.sunshine = {
    enable = true;
    user = "erwin";
    openFirewall = true;
  };

  services.nfs.server = {
    enable = true;
    exports = ''
      /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash)
    '';
    lockdPort = 4101;
    mountdPort = 4102;
    statdPort = 4100;
  };

  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    ha_now_playing_token = {
      owner = "erwin";
    };
    gh_token = {
      owner = "erwin";
    };
    renovate_env = {
      owner = "erwin";
    };
    livebook_cookie = {
      owner = "erwin";
    };
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?
}