# Buckwheat configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
let
  hostname="buckwheat";
in
{
  imports = [
    ./hardware-configuration.nix
  ];
  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 10;
      };
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint = "/boot/efi";
      timeout = 2;
    };

    # Hardware-configuration edits
    kernel.sysctl."net.ipv4.ip_forward" = 1;

    # Clean /tmp at boot
    tmp.cleanOnBoot = true;
  };
  networking = {
    hostName = "${hostname}"; # Define your hostname.
    firewall = {
      # To disable the firewall altogether:
      # enable = false;
      allowedTCPPorts = [ 445 139 ];
      allowedUDPPorts = [ 137 138 ];
    };
    # Proxy configuration
    # proxy = {
    #   default = "http://user:password@proxy:port/";
    #   noProxy = "127.0.0.1,localhost,internal.domain";
    # };
  };
  users.users.${user.name} = {
    extraGroups = [ "libvirtd" "transmission" ];
    packages = with pkgs; [
      bspwm
      dunst
      hsetroot
      networkmanagerapplet
      notify-desktop
      picom
      sxhkd
      trayer
      xbanish
    ];
  };
  environment = {
    localBinInPath = true;
    variables = {
      VISUAL = "$EDITOR";
      BROWSER = "librewolf";
      SXHKD_SHELL = "/bin/sh";
      GOPROXY = "direct";
      TASKRC = "$XDG_CONFIG_HOME/task/rc";
      TASKDATA = "$XDG_DATA_HOME/task";
      TERMINAL = "st";
      #MAILRC="$XDG_CONFIG_HOME/mail/mailrc"
      #allowing environmental variable is needed for a mosh connection
      LC_CTYPE = "en_US.UTF-8";
    };
  };
  fonts.fonts = with pkgs; [
    comic-mono
    noto-fonts
    noto-fonts-cjk
    noto-fonts-emoji
    fira-code
    fira-code-symbols
    dina-font
  ];
  programs = {
    slock.enable = true;
    steam = {
      enable = true;
      remotePlay.openFirewall = true;
      dedicatedServer.openFirewall = true;
    };
    gamemode.enable = true;
    dconf.enable = true;
  };
  services = {
    mullvad-vpn = {
      enable = true;
      package = pkgs.mullvad-vpn;
    };
    samba = {
      enable = true;
      # You will still need to set up the user accounts to begin with:
      # $ sudo smbpasswd -a yourusername
      # This adds to the [global] section:
      extraConfig = ''
        browseable = yes
        smb encrypt = required
      '';
      shares = {
        homes = {
          browseable = "no";	# note: each home will be browseable; the "homes" share will not.
          "read only" = "no";
          "guest ok" = "no";
        };
      };
    };
    # mDNS
    # This part may be optional for your needs, but I find it makes browsing in Dolphin easier,
    # and it makes connecting from a local Mac possible.
    avahi = {
      enable = true;
      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        hinfo = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles = {
        smb = ''
          <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
          <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
          <service-group>
          <name replace-wildcards="yes">%h</name>
          <service>
          <type>_smb._tcp</type>
          <port>445</port>
          </service>
          </service-group>
        '';
      };
    };
    transmission = {
      enable = true;
      openFirewall = true;
    };
    # Enable automatic login for the user.
    # getty.autologinUser = "${user.name}";
    # To add the Flathub repo, run:
    # $ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
    flatpak.enable = true;
    dbus.enable = true;
    xserver = {
      enable = true;
      videoDrivers = [ "amdgpu" ];
      displayManager.startx.enable = true;
      layout = "us";
      xkbVariant = "";
    };
    # Enable CUPS to print documents.
    # services.printing.enable = true;
    # Enable automounting removeable media.
    # services.udev.extraRules = ''
    #   ACTION=="add", SUBSYSTEMS=="usb", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount --no-block --automount=yes --collect $devnode /media"			 
    # '';
  };

  xdg.portal = {
    enable = true;
    xdgOpenUsePortal = true;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  };

  virtualisation.libvirtd.enable = true;
  hardware.steam-hardware.enable = true;

  sound.enable = true;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    #jack.enable = true;
  };

  # Borg backup configuration
  services.borgbackup.jobs."daily" = {
    paths = [
      "/home"
    ];
    exclude = [
      "/home/*/go/bin"
      "/home/*/go/pkg"
    ];
    repo = "/mnt/daily/buckwheat";
    encryption = {
      mode = "repokey-blake2";
      passCommand = "cat /root/borgbackup/passphrase";
    };
    compression = "auto,lzma";
    startAt = "daily";
    prune.keep = {
      within = "7d";
    };
  };
  services.borgbackup.jobs."weekly" = {
    paths = [
      "/home"
    ];
    exclude = [
      "/home/*/go/bin"
      "/home/*/go/pkg"
    ];
    repo = "/mnt/weekly/buckwheat";
    encryption = {
      mode = "repokey-blake2";
      passCommand = "cat /root/borgbackup/passphrase";
    };
    compression = "auto,lzma";
    startAt = "weekly";
  };
  #services.borgbackup.jobs."borgbase" = {
  #  paths = [
  #    "/home"
  #  ];
  #  exclude = [
  #    "/home/*/go/bin"
  #    "/home/*/go/pkg"
  #  ];
  #  repo = "<repo_hash>.repo.borgbase.com:repo";
  #  encryption = {
  #    mode = "repokey-blake2";
  #    passCommand = "cat /root/borgbackup/passphrase";
  #  };
  #  environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
  #  compression = "auto,lzma";
  #  startAt = "daily";
  #};
}