{ me, util, config, lib, pkgs, ... }:

{
  imports = [
    ./nix.nix
    ./user.nix
    ./locale.nix
    ./nix-ld.nix
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;
  
  # fish enables this by default,
  # it makes every nixos rebuild very slow.
  documentation.man.generateCaches = false;

  users.motd = ''

/^  /^
\ ' ' 7   < Hi, I'm ${util.titleCase me.name}
/    \

  '';

  networking = {
    hostName = me.name;
  
    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
      trustedInterfaces = [ "tailscale0" ];
    };
  };

  services.envfs.enable = true;

  virtualisation = {
    docker = {
      enable = true;
      autoPrune.enable = true;
    };
    oci-containers.backend = "docker";
  };

  services = {
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitRootLogin = "no";
      };
    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "both";
      extraUpFlags = [ "--ssh" ];
    };
  
    # sometimes needed for gnupg
    pcscd.enable = true;
  };
 
  programs = {
    vim = {
      defaultEditor = true;
      package = pkgs.vim_configurable.customize {
        vimrcFile = ../configs/.vimrc;
      };
    };
    fish.enable = true;
    git.enable = true;
    tmux.enable = true;

    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-curses;
    };
  };

  environment.systemPackages = (with pkgs; [
    file unzip jq dig htop glances wget gnupg pinentry-curses
    inetutils pciutils lshw inxi iw
    tcpdump
    ffmpeg_7-headless

    ripgrep gnumake gdb gcc clang
    go gopls delve go-task
    meson cmake
    nil direnv
    dive

    borgbackup
  ]);
}