{ me, config, lib, pkgs, unstablePkgs, auxiliaryPkgs, ... }:

{
  imports = [
    ./nix.nix
    ./user.nix
    ./locale.nix
    ./vim.nix
    ./tmux.nix
    ./gnome.nix
    ./fonts.nix
    ./flatpak.nix
    ./libreoffice.nix
    ./hardware-keys.nix
    ./nix-ld.nix
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  services.envfs.enable = true;
  virtualisation.libvirtd.enable = true;

  # fish enables this by default,
  # it makes every nixos rebuild very slow.
  # NOTE: enabled for now, although will
  # be switched up with a bespoke solution soon!
  documentation.man.generateCaches = true;
  documentation = {
    info.enable = true;
    doc.enable = true;
    dev.enable = true;
    nixos = {
      enable = true;
      includeAllModules = true;
    };
  };

  networking.hostName = me;
  # use corsac dns server
  networking.nameservers = let
    corsacTailnet = "100.64.100.100";
  in [ corsacTailnet ];

  services.resolved.enable = true;

  services = {
    acpid.enable = true;
    sysprof.enable = true;
    tailscale = {
      enable = true;
      useRoutingFeatures = "both";
      extraUpFlags = [ "--ssh" ];
    };
  
    # sometimes needed for gnupg
    pcscd.enable = true;

    # packages requiring further udev rules
    udev.packages = with pkgs; [
      platformio
      openocd
    ];
  };
 
  programs = {
    steam = {
      enable = true;
      remotePlay.openFirewall = true;
    };
    virt-manager.enable = true;
    fish.enable = true;
    git.enable = true;

    adb.enable = true;
    
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-gnome3;
    };
  };

  environment.systemPackages = (with pkgs; [
    file unzip jq dig htop wget screen
    gnupg pinentry-gnome3 age agenix minisign openssl cryptsetup pamtester
    inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid avrdude
    minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool
    sysprof wireshark mitmproxy hardinfo remmina
    vlc celluloid foliate calibre
    yt-dlp ffmpeg_7-full handbrake mpv helvum
    gimp krita aseprite rnote fontforge-gtk
    blender inkscape obs-studio darktable davinci-resolve
    orca-slicer
    renderdoc
    audacity musescore muse-sounds-manager reaper bitwig-studio
    ungoogled-chromium librewolf lagrange
    senpai signal-desktop alpaca newsflash
    qemu_full virtiofsd

    openvpn openvpn3 update-resolv-conf
    transmission_4-gtk fragments

    xorg.xeyes wl-clipboard

    ripgrep hyperfine parallel just fzf bat delta eza fd tokei
    universal-ctags graphviz
    python3 uv ruff
    nodejs_22 deno yarn
    rustc rustup cargo rustfmt
    go gopls delve go-task gotags golangci-lint
    meson cmake gnumake ninja gdb gcc clang clang-tools openocd
    hare haredoc
    jdk maven gradle
    nil nixfmt-rfc-style direnv
    nixpkgs-review nixpkgs-fmt nixpkgs-lint-community
    helix alacritty ghostty
    androidStudioPackages.dev arduino-cli arduino-ide platformio

    winetricks bottles
    scrcpy apfs-fuse nfs-utils esp-idf-full
    ubootTools cloud-utils
    borgbackup pika-backup

    prismlauncher xonotic

    man-pages man-pages-posix
  ]) ++ (with auxiliaryPkgs; [
    ghidra ngfx retroarch wine
  ]);

  environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
}