# hosts/valefar/configuration.nix (or default.nix)
{ config, lib, system, pkgs, modulesPath, inputs, ... }:

{
  imports = [
    # Host-specific hardware
    ./hardware.nix
    ./secrets.nix
    
    # Common modules shared across hosts
    ../../modules/common/system.nix
    ../../modules/common/users.nix
    ../../modules/common/services.nix

    # Desktop modules
    ../../modules/desktop/core.nix
    ../../modules/desktop/sway.nix

    # Nvidia
    ../../modules/common/nvidia.nix
    
    # Services specific to this host
    #../../services/xyz.nix    

    # Common secrets
    #../../host-secrets.nix
  ];

  # pin host platform & microcode
  nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault
    config.hardware.enableRedistributableFirmware;

  networking.hostName = "focalor";
  networking.hostId = "84bdc587";

  networking = {
    firewall.enable = false;
    firewall.trustedInterfaces = [
	    "tailscale0"
    ];
    nameservers   = [ "192.168.4.3" "1.1.1.1" ];
    useDHCP       = true;
    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
  };

  services.resolved = {
    enable      = true;
    dnssec      = "true";
    domains     = [ "~." ];
    fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
    dnsovertls  = "true";
  };
  
  #boot.supportedFilesystems = [ "zfs" ];
  #boot.kernelModules = [ "nct6775" "coretemp" ];

  #services.zfs.autoScrub.enable = true;
  #services.zfs.trim.enable = true;

  environment.systemPackages = with pkgs; [
    #lm_sensors
    code-server
  ];

  environment.sessionVariables.WLR_RENDERER = "vulkan";

  virtualisation.docker = {
    enable = true;
    enableOnBoot = true;
    package = pkgs.docker.override {
      buildGoModule = pkgs.buildGo123Module;
    };
  };
}