{ config, lib, pkgs, ... }:

{
  # Options that affect multiple modules
  options.sbruder = {
    gui.enable = lib.mkEnableOption "gui";
  };

  # All modules are imported but non-essential modules are activated by
  # configuration options
  imports = [
    ./cpu
    ./cups.nix
    ./docker.nix
    ./fonts.nix
    ./gpu
    ./grub.nix
    ./libvirt.nix
    ./locales.nix
    ./network-manager.nix
    ./office.nix
    ./prometheus/node_exporter.nix
    ./pubkeys.nix
    ./pulseaudio.nix
    ./restic.nix
    ./ssd.nix
    ./ssh.nix
    ./sway.nix
    ./tools.nix
    ./udev.nix
    ./wireguard
  ];

  config = {
    # Essential system tools
    environment.systemPackages = with pkgs; [
      git
      git-crypt # used to store secrets in configuration
      git-lfs # not so essential, but required to clone config
      htop
      tmux
      vim
    ];

    # Clean temporary files on boot
    boot.cleanTmpDir = true;

    # Disable firewall
    networking.firewall.enable = lib.mkDefault false;

    # Set zsh as default shell
    programs.zsh.enable = true;
    users.defaultUserShell = pkgs.zsh;

    # Sane swapping
    boot.kernel.sysctl."vm.swapiness" = 10;

    # Store logs persistently
    services.journald.extraConfig = "Storage = persistent";

    # Hard drive monitoring
    services.smartd.enable = true;
    # Network monitoring
    services.vnstat.enable = true;

    # Authentication/Encryption agents
    programs.gnupg.agent.enable = true;
    programs.ssh.startAgent = true;

    # NixOS state version (see https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion)
    system.stateVersion = "20.03";

    nix = {
      nixPath = [
        "/var/src" # pinned nixpkgs and configuration
        "nixpkgs=/var/src/nixpkgs" # for nix run
      ];
      # Make sudoers trusted nix users
      trustedUsers = [ "@wheel" ];

      # On-the-fly optimisation of nix store
      autoOptimiseStore = true;
      # Keep output of derivations with gc root
      extraOptions = ''
        keep-outputs = true
        keep-derivations = true
      '';

      # Make nix build in background less noticeable
      daemonIONiceLevel = 5; # 0-7
    };
    systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";

    nixpkgs.config = {
      # Explicitly allow unfree packages (rule of thumb: assets ok, code not ok)
      allowUnfreePredicate = (
        pkg: builtins.elem (lib.getName pkg) [
          "corefonts"
          "vista-fonts"
        ]
      );
      # Add unstable channel
      packageOverrides = pkgs: {
        unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
          config = config.nixpkgs.config;
        };
      };
    };
  };
}