{ config, lib, pkgs, ... }:
let
  unstable = import
    (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
      config = config.nixpkgs.config;
    };
in {
  imports = [
    # <agenix/modules/age.nix>
    ./hardware-configuration.nix
    ../../base.nix
    ../../gnome.nix
  ];
  my = {
    emacs.enable = true;
    apps = {
      art.enable = true;
      dictionaries.enable = true;
      fonts.enable = true;
      gaming.enable = true;
      internet.enable = true;
      multimedia.enable = true;
      office.enable = true;
      misc.enable = true;
    };
    dev = {
      haskell.enable = true;
      nix.enable = true;
      python.enable = true;
      gameDev.enable = true;
      sh.enable = true;
      javascript.enable = true;
    };
    shell = {
      exercism.enable = true;
      multimedia.enable = true;
      tools.enable = true;
    };
    services = {
      network.enable = true;
      nvidia.enable = true;
      printing.enable = true;
      sound.enable = true;
    };
    scripts = {
      tasks.enable = true;
      run.enable = true;
      split-dir.enable = true;
      download.enable = true;
      ffmpreg.enable = true;
      ffmpeg4discord.enable = true;
    };
  };

  networking = {
    hostName = "workstation";
    firewall = let
      openPorts = [
        6674 # ns-usbloader
      ];
      openPortRanges = [{
        from = 1714; # kdeconnect
        to = 1764; # kdeconnect
      }];
    in {
      allowedTCPPorts = openPorts;
      allowedUDPPorts = openPorts;
      allowedTCPPortRanges = openPortRanges;
      allowedUDPPortRanges = openPortRanges;
    };
  };
  nix = let
    featuresList = [
      "nixos-test"
      "benchmark"
      "big-parallel"
      "kvm"
      "gccarch-znver3"
      "gccarch-skylake"
      "gccarch-alderlake"
    ];
  in {
    distributedBuilds = true;
    settings = {
      cores = 16;
      trusted-users = [ "nixremote" ];
      system-features = featuresList;
    };
  };

  nixpkgs.config = {
    allowUnfree = true;
    permittedInsecurePackages = [ ];
  };

  users = {
    groups.nixremote.gid = 555;
    users = {
      jawz.packages = (with pkgs; [
        gocryptfs # encrypted filesystem! shhh!!!
        torrenttools # create torrent files from the terminal!
        vcsi # video thumbnails for torrents, can I replace it with ^?
      ]);
      nixremote = {
        isNormalUser = true;
        createHome = true;
        group = "nixremote";
        home = "/var/nixremote/";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrC7sVvDT0is2oq/H1Do99LPaQKvyGMAsrF6/fuf1aP root@miniserver"
        ];
      };
    };
  };

  environment.etc = {
    "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
      bluez_monitor.properties = {
          ["bluez5.enable-sbc-xq"] = true,
          ["bluez5.enable-msbc"] = true,
          ["bluez5.enable-hw-volume"] = true,
          ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
      }
    '';
  };

  programs = {
    kdeconnect = {
      enable = true;
      package = pkgs.gnomeExtensions.gsconnect;
    };
    # nh = {
    #   enable = true;
    #   clean.enable = true;
    #   clean.extraArgs = "--keep-since 4d --keep 3";
    # };
  };

  services.resilio = {
    deviceName = "chichis";
    enable = true;
    useUpnp = true;
    enableWebUI = true;
    httpPass = "528491";
    httpLogin = "chichis";
    httpListenPort = 9876;
    httpListenAddr = "0.0.0.0";
    directoryRoot = "/resilio";
  };
}