# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, modulesPath, pkgs, ... }:

{
  imports =
    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot = {
    kernelModules = [ "kvm-amd" "sg" ];
    extraModulePackages = [ ];
    extraModprobeConfig = ''
      options gigabyte_wmi force_load=1
    '';
    supportedFilesystems = [ "btrfs" ];
    kernelParams = [ "ip=dhcp" ];
    initrd = {
      availableKernelModules = [
        "aesni_intel" # hardware crypto for luks
        "ahci"
        "cryptd"
        "igc" # network interface for remote unlocking
        "r8169" # "
        "sd_mod"
        "usb_storage"
        "usbhid"
        "xhci_pci"
      ];
      kernelModules = [ ];
      network.enable = true; # remote unlocking
      luks.devices = {
        root = {
          name = "root";
          device = "/dev/disk/by-uuid/c5cf6858-cca0-40dc-a3b5-ab47a3f9d49c";
          preLVM = true;
          allowDiscards = true;
        };
      };
    };
    loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2KB480G7_PHYS749202D6480BGN";
  };

  # Getting this to work with NixOS is a headache,
  # so trusty old crypttab comes to help.
  environment.etc.crypttab.text = ''
    data0 UUID=aa692e73-2b75-4239-8a87-5f5b69ea56c5 /root/luks-data luks
    data1 UUID=1f4120b6-a3a0-4973-8c4c-a4d6703eea2a /root/luks-data luks
    data-hot UUID=c9aeade0-4c96-4786-9b22-3161d935d644 /root/luks-data-hot luks,discard
  '';

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/92a1f733-8a23-42ea-958b-0d01a5de7776";
      fsType = "btrfs";
      options = [ "compress=zstd" "discard" "noatime" ];
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/0f1822e1-643b-49e0-b279-5e3373c6a26c";
      fsType = "ext2";
    };
    "/data/cold" = {
      device = "/dev/mapper/data0";
      fsType = "btrfs";
      options = [ "compress=zstd" ];
    };
    "/data/hot" = {
      device = "/dev/mapper/data-hot";
      fsType = "btrfs";
      options = [ "compress=zstd" "discard" "noatime" ];
    };
  };

  systemd.tmpfiles.rules = [
    "d /data 0755 root root - -"
    "d /data/hot 0755 root root - -"
    "d /data/cold 0755 root root - -"
  ];

  services.btrfs.autoScrub = {
    enable = true;
    fileSystems = [ "/data/cold" "/data/hot" ];
  };

  swapDevices = [
    {
      device = "/dev/disk/by-partuuid/22978e17-fbbf-4879-9385-5c9473df1706";
      randomEncryption.enable = true;
    }
  ];

  powerManagement.cpuFreqGovernor = "schedutil";

  networking = {
    useDHCP = false;
    interfaces.enp10s0.useDHCP = true;
    interfaces.enp9s0.useDHCP = true;
  };

  services.logind.extraConfig = ''
    HandlePowerKey=suspend
  '';
}