{ me, util, config, lib, pkgs, ... }:

{
  imports = [
    ./foundation

    ./nix.nix
    ./user.nix
    ./locale.nix
    ./tailscale.nix
    ./nix-ld.nix
    ./vim.nix
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;
  
  # fish enables this by default,
  # it makes every nixos rebuild very slow.
  documentation.man.generateCaches = false;

  users.motd = ''

/^  /^
\ ' ' 7   < Hi, I'm ${util.titleCase me.name}
/    \

  '';

  networking = {
    hostName = me.name;

    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
    };
  };

  services.envfs.enable = true;

  virtualisation = {
    docker = {
      enable = true;
      autoPrune.enable = true;

      daemon.settings = {
        metrics-addr = "${me.tailscale.ip}:9323";
      };
    };
    oci-containers.backend = "docker";
  };

  services = {
    openssh = {
      enable = true;
      openFirewall = false;
      listenAddresses = [{ addr = me.tailscale.ip; port = 22; }];
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitRootLogin = "no";
      };
    };
    # sometimes needed for gnupg
    pcscd.enable = true;
  };

  foundation.tailnetServices = [
    "docker"
    "sshd"
  ];

  programs = {
    fish.enable = true;
    git.enable = true;
    tmux.enable = true;

    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-curses;
    };
  };

  environment.systemPackages = (with pkgs; [
    file unzip jq dig htop glances wget
    gnupg pinentry-curses age agenix
    inetutils pciutils lshw inxi iw dmidecode
    tcpdump
    iptables nftables wireguard-tools
    ffmpeg_7-headless

    ripgrep gnumake gdb gcc clang dtc
    go gopls delve go-task
    meson cmake
    nil direnv nixfmt-rfc-style
    dive compose2nix nix-prefetch-docker

    borgbackup
  ]);
}