{ config, pkgs, inputs, ... }:

{
  imports =
    [ 
      ./ze-hardware-configuration.nix
      ./ze-networking.nix
      ./common.nix
    ];

  networking.hostName = "ze"; # Define your hostname.

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
  networking.networkmanager.enable = true;

  networking.hosts = {
  #   "178.63.121.197" = ["www.boell.de"];
  };

  # Workaround for broken networkmanager/systemd thing
  # https://github.com/NixOS/nixpkgs/issues/180175#issuecomment-1658731959
  systemd.services.NetworkManager-wait-online = {
    serviceConfig = {
      ExecStart = [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
    };
  };

  security = {
    sudo = {
      wheelNeedsPassword = false;
    };
  };
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = true;
    settings.PubkeyAuthentication = true;
  };
  services.tailscale = {
    enable = true;
    authKeyFile = config.sops.secrets.tailscale_auth_key.path;
  };

  sops.defaultSopsFile = ../secrets/secrets.yaml;
  sops.age.keyFile = "/home/muhh/.config/sops/age/keys.txt";
  sops.secrets.tailscale_auth_key = {};
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.muhh = {
    isNormalUser = true;
    name = "muhh";
    description = "Markus Heurung";
    extraGroups = [ "audio" "docker" "libvirtd" "input" "networkmanager" "plugdev" "qemu-libvirtd" "video" "wheel"];
    shell = pkgs.fish;
    linger = true;
  };

  nixpkgs.config = {
    allowUnfree = true;
    allowUnfreePredicate = pkg: true;
  };

  environment.shells = with pkgs; [ bash fish zsh ];
  environment.systemPackages = with pkgs; [
      git
      home-manager
      mosh
      neovim
      vim
      wget
  ];

  programs = {
    fish.enable = true;
  };
  virtualisation = {
    docker.enable = false;
    libvirtd = {
      enable = true;
    };
    podman = {
      enable = true;
      dockerCompat = true;
    };
  };

  # Open ports in the firewall.
  # FIREWALL IS ENABLED BY DEFAULT - muhh
  # networking.firewall.allowedTCPPorts = [ 19132 ];
  # networking.firewall.allowedUDPPorts = [ 19132 ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.11"; # Did you read the comment?
}