{ config, pkgs, lib, disko, sops-nix, home-manager, ... }:

{
  imports =
    [
      ./hardware-configuration.nix

      disko.nixosModules.default
      
      (import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; })
      
      sops-nix.nixosModules.sops
      
      home-manager.nixosModules.default
      
    ];

    config = {
        
        boot = {
            kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
            loader = {
                systemd-boot.enable = true;
                efi.canTouchEfiVariables = true;
            };
            binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
        };

        systemd.settings.Manager.DefaultLimitNOFILE = 2048;

        programs.zsh.enable = true;
        environment.shells = with pkgs; [ zsh bashInteractive ];

        nixpkgs.config.allowUnfree = true;

        networking = {
            nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
            networkmanager = {
                enable = true;
                dns = "none";
            };
            useDHCP = false;
            dhcpcd.enable = false;

            nftables = {};
            nat = {
                enable = true;
                internalInterfaces = [ "ve-.+" ];
                externalInterface = "wlp7s0"; # wifi
                #externalInterface = "enp6s0"; # ethernet
            };
        };
        
        sysconfig = {
            remoteBuildHost = true;
            graphical = false;

            services = {
                sddm.enable = false;
                openssh.enable = true;
                pipewire.enable = true;
                netbird.enable = true;

                ollama.enable = true;
                wyoming = {
                    enable = true;
                    piper = false;
                    openwakeword = true;
                    faster-whisper = true;
                };
            };

            programs = {
                hyprland.enable = false;
                hyprpanel.enable = false;
                steam.enable = false;
            };

            docker = {
                enable = true;

                portainer.enable = true;
                pihole.enable = true;
            };

            virtualization = {
                traefik.enable = true;
                jellyfin.enable = true;
                "esotericbytes.com".enable = true;
                nextcloud.enable = true;
                ntfy.enable = false;
                gitea.enable = true;
                n8n.enable = true;
                keycloak.enable = true;
                netbird.enable = true;
                
                ollama.enable = false;
                
                openwebui.enable = true;
                homeassistant.enable = true;
                
                wyoming = {
                    enable = false;
                    piper = false;
                    openwakeword = true;
                    faster-whisper = true;
                };
                
                rustdesk.enable = false; #broken
                
                pihole.enable = false; #broken
                
                code-server.enable = false;
                
                novnc.enable = false;
                
                minecraft.enable = true;

                sandbox.enable = false;
            };
        };

        fonts.packages = with pkgs; [ nerd-fonts.fira-code ];

    };

}