# hosts/valefar/configuration.nix (or default.nix)
{ config, lib, system, pkgs, modulesPath, inputs, ... }:

{
  imports = [
    # Host-specific hardware
    ./hardware.nix
    ./secrets.nix
    #./vfio.nix
    
    # Common modules shared across hosts
    ../../common/system.nix
    ../../common/users.nix
    ../../common/services.nix
    ../../common/efi.nix

    # Desktop modules
    ../../common/desktop/core.nix
    ../../common/desktop/sway.nix
    ../../common/desktop/vnc.nix

    # Nvidia
    ../../common/nvidia.nix
    
    # Common secrets
    #../../host-secrets.nix
  ];

  system.stateVersion = "25.05";

  # pin host platform & microcode
  nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  networking.hostName = "focalor";
  networking.hostId = "84bdc587";

  systemd.network = {
    enable = true;
    netdevs."br0" = {
      netdevConfig = {
        Name = "br0";
        Kind = "bridge";
      };
    };
    networks = {
      "10-lan" = {
        matchConfig.Name = ["enp5s0" "vm-*"];
        networkConfig = {
          Bridge = "br0";
        };
      };
      "10-lan-bridge" = {
        matchConfig.Name = "br0";
        networkConfig = {
          Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];
          Gateway = "10.0.0.1";
          DNS = ["10.0.0.210" "1.1.1.1"];
          IPv6AcceptRA = true;
        };
        linkConfig.RequiredForOnline = "routable";
      };
    };
  };

  /*networking = {
    firewall.enable = false;
    firewall.trustedInterfaces = [
	    "tailscale0"
    ];
    nameservers   = [ "10.0.0.210" "1.1.1.1" ];
    useDHCP       = true;
    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
  };*/

  services.resolved = {
    enable      = true;
    dnssec      = "true";
    domains     = [ "~." ];
    fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ];
    dnsovertls  = "true";
  };
  
  #boot.supportedFilesystems = [ "zfs" ];
  #boot.kernelModules = [ "nct6775" "coretemp" ];

  #services.zfs.autoScrub.enable = true;
  #services.zfs.trim.enable = true;
  
  services.vscode-server.enable = true;
  services.vscode-server.nodejsPackage = pkgs.nodejs_20;

  environment.systemPackages = with pkgs; [
    #lm_sensors
    #code-server
    inputs.agenix.packages.x86_64-linux.default
  ];

  environment.sessionVariables.WLR_RENDERER = "vulkan";

  virtualisation.docker = {
    enable = true;
    enableOnBoot = true;
    package = pkgs.docker.override {
      buildGoModule = pkgs.buildGo123Module;
    };
  };

  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = with pkgs; [
      xdg-desktop-portal-gtk
      xdg-desktop-portal-gnome
    ];
  };
}