# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  config,
  lib,
  pkgs,
  ...
}:
{
  sops.defaultSopsFile = ./secrets/home.yaml;
  sops.age.keyFile = "/.persist/root/.config/sops/age/keys.txt";
  sops.secrets."root/ssh/desktop" = {
    path = "/root/.ssh/desktop";
    mode = "0600";
  };
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

  boot.initrd.systemd.enable = true;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  #console = {
  #  # font = "Lat2-Terminus16";
  #  keyMap = "us";
  #  useXkbConfig = true; # use xkb.options in tty.
  #};

  # services.xserver.xkb.layout = "us";
  # services.xserver.xkb.options = "eurosign:e,caps:escape";
  services.printing.enable = true;

  services = {
    xserver.xkb = {
      layout = "us";
      variant = "altgr-intl";
    };
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      # jack.enable = true;
    };
    logind.settings.Login = {
      HandlePowerKey = "ignore";
      HandlePowerKeyLongPress = "ignore";
      HandleRebootKey = "ignore";
      HandleRebootKeyLongPress = "ignore";
      HandleHibernateKey = "ignore";
      HandleHibernateKeyLongPress = "ignore";
    };
    getty = {
      autologinUser = "user";
      autologinOnce = true;
    };
    # greetd = {
    #   enable = true;
    #   settings = rec {
    #     initial_session = {
    #       command = "${pkgs.niri}/bin/niri-session";
    #       user = "user";
    #     };
    #     default_session = initial_session;
    #   };
    # };
    tailscale.enable = true;
  };

  hardware = {
    graphics = {
      enable = true;
      enable32Bit = true;
    };
    bluetooth = {
      enable = true;
      powerOnBoot = true;
      settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
    };
  };

  xdg.portal = {
    enable = true;
    xdgOpenUsePortal = true;
    # config.common.default = [ "*" ];
    extraPortals = [
      pkgs.xdg-desktop-portal-gnome
      pkgs.gnome-keyring
      pkgs.xdg-desktop-portal-gtk
    ];
  };

  qt = {
    enable = true;
  };

  fonts.packages = with pkgs; [
    fira-code-symbols
    nerd-fonts.monaspace
  ];

  environment.sessionVariables = {
    NIXOS_OZONE_WL = "1";
    EDITOR = "nvim";
    GTK_IM_MODULE = "simple";
  };

  security.pki.certificateFiles = [ ./templates/certs/hydra_root_ca.crt ];

  system.stateVersion = "25.11";

  systemd = {
    user.services.polkit-gnome-authentication-agent-1 = {
      description = "polkit-gnome-authentication-agent-1";
      wantedBy = [ "graphical-session.target" ];
      wants = [ "graphical-session.target" ];
      after = [ "graphical-session.target" ];
      serviceConfig = {
        Type = "simple";
        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
        Restart = "on-failure";
        RestartSec = 1;
        TimeoutStopSec = 10;
      };
    };
  };
  services.openssh.enable = true;
}