{ config, pkgs, lib, inputs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ../../modules/nixos/garbage-collection.nix
  ];

  hardware.graphics.enable32Bit = true;

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  services.pulseaudio.support32Bit = true;

  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Use latest kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;

  networking.hostName = "coven";
  networking.networkmanager.enable = true;

  time.timeZone = "America/Chicago";

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS        = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT    = "en_US.UTF-8";
    LC_MONETARY       = "en_US.UTF-8";
    LC_NAME           = "en_US.UTF-8";
    LC_NUMERIC        = "en_US.UTF-8";
    LC_PAPER          = "en_US.UTF-8";
    LC_TELEPHONE      = "en_US.UTF-8";
    LC_TIME           = "en_US.UTF-8";
  };

  services.xserver.enable = true;
  services.fwupd.enable = true;

  services.logind.settings.Login = {
    HandleLidSwitch         = "poweroff";
    HandleLidSwitchExternalPower = "lock";
    HandleLidSwitchDocked   = "ignore";
  };

  services.thermald.enable = true;
  powerManagement.powertop.enable = true;

  # KDE Plasma 6
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;

  services.xserver.xkb = {
    layout = "us";
    variant = "";
  };

  services.printing.enable = true;

  services.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication     = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin            = "no";
      AllowUsers                 = [ "sonja" ];
    };
  };

  users.defaultUserShell = pkgs.zsh;
  users.users.sonja = {
    shell        = pkgs.zsh;
    isNormalUser = true;
    description  = "sonja";
    extraGroups  = [ "networkmanager" "wheel" ];
  };

  # home-manager module is injected by the flake; no need to import it here
  home-manager.useGlobalPkgs   = true;
  home-manager.useUserPackages = true;
  home-manager.users.sonja     = import ../../home/sonja/home.nix;

  programs.ssh.extraConfig = ''
    Host whatbox
      Hostname sojourner.whatbox.ca
      Port 22
      User subtext2792
  '';

  programs.firefox.enable = true;

  programs.zsh.enable = true;

  programs.steam = {
    enable                              = true;
    remotePlay.openFirewall             = true;
    dedicatedServer.openFirewall        = true;
    localNetworkGameTransfers.openFirewall = true;
    package = pkgs.steam.override {
      extraPkgs = pkgs: [ pkgs.mesa-demos ];
    };
    gamescopeSession.enable = true;
  };

  services.udev.packages = [ pkgs.yubikey-personalization ];
  services.pcscd.enable  = true;

  programs.gnupg.agent = {
    enable          = true;
    enableSSHSupport = true;
  };

  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = with pkgs; [
    steam-run
    mesa-demos
    pciutils
    gnupg
    pcsc-tools
    pinentry-curses
    ranger
  ];
  programs.noisetorch.enable = true;
  # Note: system.autoUpgrade with a channel URL does not apply to flake-managed
  # systems. Use `nixos-rebuild switch --flake .#coven` to upgrade instead.
  system.stateVersion = "25.11";
}