# welcome to saturnOS config, run nixos-help if you need it .
{ config, pkgs, lib, ...  }:
let 
	unstableTarball = builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; 
	unstable = import unstableTarball { config = { allowUnfree = true; }; };
	homeManagerTarball = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/master.tar.gz";
	home-manager = import "${homeManagerTarball}/nixos";
in {
	imports = [	
		home-manager
		./hosts/vulkan
		./modules
		./saturn/system.nix
	];

	# nix options
	nix.settings = {
		experimental-features = "nix-command flakes";
		auto-optimise-store = true;
	};

	# cleanup packages older than 30 days from nix store
	nix.gc = {
		automatic = true;
		dates = "weekly";
		options = "--delete-older-than 30d";
	};


	# bootloader
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;
	boot.loader.efi.efiSysMountPoint = "/boot/efi";
	boot.initrd.systemd.enable = true;
	boot.plymouth.enable = true;
	boot.kernelParams = ["quiet"];

	# init keyfile
	boot.initrd.secrets = {
		"/crypto_keyfile.bin" = null;
	};

	# enable swap on luks
	boot.initrd.luks.devices."luks-4130c26c-7546-42e9-9d61-8f112e244460".device = 
		"/dev/disk/by-uuid/4130c26c-7546-42e9-9d61-8f112e244460";
	boot.initrd.luks.devices."luks-4130c26c-7546-42e9-9d61-8f112e244460".keyFile = 
		"/crypto_keyfile.bin";

	# configure networking
	networking.hostName = "vulkan";
	environment.machineInfo.prettyHostname = "🌋 vulkan";
	networking.networkmanager.enable = true;
	networking.hosts = {
		"162.255.119.254" = ["www.librepunk.club"];
		"129.21.49.69" = ["www.librepunk.club"];
	};

	# configure locale
	time.timeZone = "Etc/UTC";
	i18n.defaultLocale = "en_CA.UTF-8";

	# enable gnome
	services.xserver.enable = true;
	services.xserver.displayManager.gdm.enable = true;
	services.xserver.desktopManager.gnome.enable = true;

	# configure x11 keymap
	services.xserver = {
		layout = "us";
		xkbVariant = "";
	};

	# enable dconf configuration for gnome and other supported applications
	programs.dconf.enable = true;

	# configure pipewire
	sound.enable = true;
	hardware.pulseaudio.enable = false;
	security.rtkit.enable = true;
	services.pipewire = {
		enable = true;
		alsa.enable = true;
		alsa.support32Bit = true;
		pulse.enable = true;
		jack.enable = true;
	};

	# add and configure users
	users.users.hive = {
		initialPassword = "";
		isNormalUser = true;
		description = "The Hive";
		extraGroups = [ "networkmanager" "wheel" "dialout" ];
	};

	# import home-manager config from home.nix
	home-manager.users.hive = import ./home.nix;

	# install packages
	# `nix search` to add more
	nixpkgs.config.allowUnfree = true;
	environment.systemPackages = with pkgs; [
# 		unstable.fish
#		unstable.printrun
		pass
		git
		neovim
	];

	# set fish as default shell for all users
	users.defaultUserShell = unstable.fish;

	# suid wrapper ( for things which need privelidged acccess ? )
	programs.mtr.enable = true;
	programs.gnupg.agent = {
		enable = true;
		enableSSHSupport = true;
		pinentryFlavor = "gnome3";
	};

	# enable configure services
	services.printing.enable = true;	# printing
	services.openssh.enable = true;	# remote shell
	services.flatpak.enable = true;	#flatpak lol

	system.stateVersion = "22.11";
}