{ config, lib, pkgs, ... }:

{
  imports = [ ./hardware-configuration.nix ../../configuration-desktop.nix ];

  boot.initrd.supportedFilesystems = [ "zfs" ];
  boot.initrd.systemd.enable = true;
  services.zfs.autoScrub.enable = true;
  services.zfs.trim.enable = true;
  # fstrim is also enabled by nixos-hardware, but only runs for /boot

  #services.fprintd.enable = true;
  # fix hang on initial login
  #security.pam.services.login.fprintAuth = false;

  networking.hostName = "daisy";
  networking.hostId = "293a1290";

  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = true;

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
  networking.firewall.allowedUDPPorts = [ 1337 ];

  system.stateVersion = "24.11";
  #services.immich.enable = true;

  hardware.ipu6 = {
    enable = true;
    platform = "ipu6ep";
  };

  # not sure when this commit will reach upstream
  #boot.kernelPackages = pkgs.linuxPackages_6_16.extend ( self: super: {
  #  ipu6-drivers = super.ipu6-drivers.overrideAttrs (
  #    final: previous: rec {
  #      src = builtins.fetchGit {
  #        url = "https://github.com/intel/ipu6-drivers.git";
  #        ref = "master";
  #        rev = "b4ba63df5922150ec14ef7f202b3589896e0301a";
  #      };
  #      patches = [
  #        "${src}/patches/0001-v6.10-IPU6-headers-used-by-PSYS.patch"
  #      ] ;
  #    }
  #  );
  #} );

  environment.systemPackages = [
    pkgs.racket
    pkgs.idapro9
    pkgs.qemu_kvm
    (pkgs.runCommand "OVMF-fd" {} ''
      mkdir -p $out/share/FV
      ln -s ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd $out/share/FV/OVMF_CODE.fd
    '')
    pkgs.OVMF.fd
  ];

  services.tailscale = {
    enable = true;
    openFirewall = true;
  };

  #services.coolify = {
  #  enable = true;
  #  hostname = "coolify";
  #};
  #networking.extraHosts = ''
  #  127.0.0.1 coolify
  #'';


  #services.influxdb2 = {
  #  enable = true;
  #  provision = {
  #    enable = true;
  #    initialSetup = {
  #      organization = "default";
  #      bucket = "default";
  #      passwordFile = "/var/lib/influxdb2-secrets/admin.password";
  #      tokenFile = "/var/lib/influxdb2-secrets/admin.token";
  #    };
  #    organizations.shellphish = {
  #      buckets.logs = { };
  #      buckets.metrics = { };
  #      auths.sometoken = {
  #        tokenFile = "/var/lib/influxdb2-secrets/shellphish.token";
  #        readBuckets = [ "logs" "metrics" ];
  #        writeBuckets = [ "logs" "metrics" ];
  #      };
  #    };
  #    #users.someuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
  #  };
  #  settings.http-bind-address = "127.0.0.1:8086";
  #};

  #services.grafana = {
  #  enable = true;
  #};

  #services.vector = {
  #  enable = true;
  #  journaldAccess = true;
  #  settings = {
  #    sources.system_logs.type = "journald";
  #    sources.system_metrics = {
  #      type = "host_metrics";
  #      filesystem.mountpoints.excludes = [
  #        "/run*"
  #        "/dev*"
  #        "/sys*"
  #        "/proc*"
  #      ];
  #    };
  #    transforms.transformed_logs = {
  #      type = "remap";
  #      inputs = [ "system_logs" ];
  #      source = ''
  #        tmp = .
  #        del(.)
  #        .message = tmp.message
  #        .timestamp = tmp.timestamp
  #        .unit = tmp._SYSTEMD_UNIT
  #        del(tmp.message)
  #        .payload = tmp
  #      '';
  #    };
  #    sinks.db_logs = {
  #      type = "influxdb_logs";
  #      inputs = [ "transformed_logs" ];
  #      org = "shellphish";
  #      token = "48da0c6c524bf0c9291272a3c2a029d1";
  #      bucket = "logs";
  #      endpoint = "http://localhost:8086/";
  #      tags = [ "unit" ];
  #      measurement = "journald";
  #    };
  #    sinks.db_metrics = {
  #      type = "influxdb_metrics";
  #      inputs = [ "system_metrics" ];
  #      org = "shellphish";
  #      token = "48da0c6c524bf0c9291272a3c2a029d1";
  #      bucket = "metrics";
  #      endpoint = "http://localhost:8086/";
  #    };
  #  };
  #};

  #networking.extraHosts = ''
  #  127.0.0.1 celestebingo
  #  127.0.0.1 sockets-celestebingo
  #'';

  #programs.celestegame = {
  #  enable = true;
  #  withEverest = true;
  #  withOlympus = true;
  #  writableDir = "/var/lib/celeste";
  #};

  #services.postgresql.package = pkgs.postgresql_17_jit;

  #services.tulip = {
  #  enable = true;
  #  nginxHost = "tulip";
  #  servicesFile = "/var/lib/tulip/services.txt";
  #  sslKeyLogFile = "/var/lib/tulip/sslkeylog";
  #  convertersDir = "/var/lib/tulip/converters";
  #  convertersPython = "/var/lib/tulip/converters/.venv/bin/python";
  #  convertersProcesses = 8;
  #  ctf = {
  #    flagRegex = "flag\\{[[:digit:]]{6}_[[:digit:]]{6}\\}";
  #    tickStart = "2025-08-05T19:00:00Z";
  #    tickLength = 120 * 1000;
  #    vulnboxIp = "fd00:1337:1312:100::7";
  #  };
  #};
  #systemd.services.tulip-assembler.path = with pkgs; [bash];

  ##shellphish.ubuntuEnclave.enable = true;
  #services.noscope = {
  #  enable = true;
  #  nginxHost = "noscope";
  #};

  boot.binfmt.emulatedSystems = [
    "aarch64-linux"
    "mips-linux"
    "mipsel-linux"
    "armv7l-linux"
  ];
  boot.binfmt.preferStaticEmulators = true;

  programs.steam.enable = true;
  programs.steam.gamescopeSession.enable = true;
  programs.gamescope.enable = true;
  programs.gamescope.capSysNice = true;
  services.pulseaudio.support32Bit = true;
  hardware.graphics.enable32Bit = true;
}