{ config, pkgs, lib, ... }:

with pkgs;

let
  nvidia-offload = writeShellScriptBin "nvidia-offload" ''
    #!/bin/bash
    export __NV_PRIME_RENDER_OFFLOAD=1
    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
    export __GLX_VENDOR_LIBRARY_NAME=nvidia
    export __VK_LAYER_NV_optimus=NVIDIA_only
    exec "$@"
  '';

in {
  imports = [
    ./hardware.nix
    ./hardware-configuration.nix # Include the results of the hardware scan.
    ../common/users/m3tam3re
    ../common/base
    ./services
  ];

  specialisation = {
    external-display.configuration = {
      system.nixos.tags = [ "Externer-Monitor" ];
      hardware.nvidia.prime.offload.enable = lib.mkForce false;
      hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
    };
  };
  specialisation = {
    dual-display.configuration = {
      system.nixos.tags = [ "Dual-Monitor" ];
      hardware.nvidia.prime.offload.enable = lib.mkForce false;
      hardware.nvidia.prime.sync.enable = lib.mkForce true;
      hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
    };
  };

  # Bootloader.
  # boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  boot.loader.grub.enable = true;
  boot.loader.grub.efiSupport = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "nodev";
  boot.loader.grub.useOSProber = true;

  boot.kernelParams = [
    "tuxedo_keyboard.mode=0" # https://github.com/tuxedocomputers/tuxedo-keyboard#kernelparam
    "tuxedo_keyboard.brightness=255"
    "tuxedo_keyboard.color_left=0xff0a0a"
  ];
  # Setup keyfile
  boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
  boot.extraModprobeConfig = ''
    options kvm_intel nested=1
    options kvm_intel emulate_invalid_guest_state=0
    options kvm ignore_msrs=1
  '';

  boot.initrd.luks.devices."luks-a7b1ba69-0951-4347-886e-4c0c24c2b871".keyFile =
    "/crypto_keyfile.bin";
  networking.hostName = "m3-nix"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.firewall.extraCommands =
    "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
  networking.networkmanager.enable = true;
  networking.wg-quick.interfaces = {
    wg0 = {
      address = [ "10.13.13.4/24" ];
      dns = [ "192.168.178.75" ];
      privateKeyFile = "/root/wg/peer_m3arch/privatekey-peer_m3arch";

      peers = [{
        publicKey = "zA3c0S33ZsX5oRMRCrNDYg6pCMLdRurLV+7cU2Chbwk=";
        allowedIPs = [ "0.0.0.0/0" "::/0" ];
        endpoint = "45.132.245.244:51820";
        persistentKeepalive = 25;
      }];
    };
  };

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "de_DE.utf8";
  console.keyMap = "de";

  environment.systemPackages = [ nvidia-offload nvim ];

  nix = {
    settings = { experimental-features = "nix-command flakes"; };
    gc = {
      automatic = true;
      options = "--delete-older-than 30d";
    };
    optimise.automatic = true;
  };

  nixpkgs.config.allowUnfree = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev)
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?

}