{ config, pkgs, ... }:

# rollback to a previously working channel version, useful
# when "doas nixos-rebuild switch --upgrade" breaks:
#
# $ doas nix-channel --rollback

{
  imports = [ /etc/nixos/hardware-configuration.nix ];

  # Use the systemd-boot EFI boot loader.
  boot = {
    loader = {
      efi.canTouchEfiVariables = true;
      grub = {
        enable = true;
        version = 2;
        efiSupport = true;
        device = "nodev";
      };
    };
    initrd.luks.devices = {
      crypted = {
        device = "/dev/nvme0n1p2";
        preLVM = true;
      };
    };
  };

  hardware = {
    bluetooth.enable = true;
    pulseaudio = {
      package = pkgs.pulseaudioFull;
      enable = true;
      extraConfig = ''
        # Switch between headset and headphone mode (e.g. for calls and music) automatically
        load-module module-bluetooth-policy auto_switch=2
        # Echo cancellation and noise cleanup of mic
        load-module module-echo-cancel aec_method=webrtc

        # https://til.flourishing.stream/2020/05/24/cancelamento-de-ruido-pulseaudio/
        ### Enable Echo/Noise-Cancellation
        load-module module-echo-cancel use_master_format=1 aec_method=webrtc aec_args="analog_gain_control=0\ digital_gain_control=1" source_name=echoCancel_source sink_name=echoCancel_sink
        set-default-source echoCancel_source
        set-default-sink echoCancel_sink
      '';
    };
  };

  networking = {
    hostName = "usurpador";
    networkmanager.enable = true;
  };

  console = {
    keyMap = "br-abnt2";
  };

  # Select internationalisation properties.
  i18n = {
    defaultLocale = "fr_FR.UTF-8";
  };

  # Set your time zone.
  time.timeZone = "America/Sao_Paulo";

  documentation = {
    enable = true;
    man.enable = true;
    dev.enable = true;
    man.generateCaches = true;
    nixos.includeAllModules = true;
  };

  fonts = {
    enableDefaultFonts = true;
    enableGhostscriptFonts = true;
  };

  environment = {
    enableDebugInfo = true;

    systemPackages = with pkgs; [
      slack
      zoom-us
      kubernetes
      flutter2
      hover
    ];
  };

  nixpkgs = {
    config = {
      android_sdk.accept_license = true;
      allowUnfree = true;
    };
  };

  programs = {
    bash.enableCompletion = true;
  };

  services = {
    upower.enable = true;
    flatpak.enable = true;
    postfix.enable = true;

    openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "no";
        PasswordAuthentication = false;
      };
    };

    # required by vagrant+libvirt
    nfs.server.enable = true;

    xserver = {
      enable = true;
      layout = "br";
      xkbOptions = "caps:swapescape";

      # Touchpad support
      libinput.enable = true;

      config = ''
        Section "Device"
          Identifier  "Intel Graphics"
          Driver      "intel01"
          Option      "Backlight"  "intel_backlight"
        EndSection
      '';

      windowManager.xmonad = {
        enable = true;
        enableContribAndExtras = true;
      };
      displayManager = {
        defaultSession = "none+xmonad";

        lightdm.enable = true;

        # The config inception was inspired by:
        # http://ubuntuforum-br.org/index.php?topic=13784.0
        # Lambda symbol name taken from:
        # http://wiki.linuxquestions.org/wiki/List_of_Keysyms_Recognised_by_Xmodmap
        # To test a keycode:
        # xmodmap -e 'keycode 118 = bar Greek_lamda'
        sessionCommands = ''
          ${pkgs.fvwm}/bin/xpmroot  ~/Documents/emotion.png &
        '';
      };
    };

    blueman.enable = true;
    pcscd.enable = true;
  };

  users = {
    extraUsers = let
      andrehUser = {
        andreh = {
          isNormalUser = true;
          uid = 1000;
          description = "EuAndreh";
          extraGroups = [ "wheel" "networkmanager" "libvirtd" "docker" ];
        };
      };
      # From the Guix manual:
      # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup
      buildUser = (i: {
        "guixbuilder${i}" = { # guixbuilder$i
          group = "guixbuild"; # -g guixbuild
          extraGroups = [ "guixbuild" ]; # -G guixbuild
          home = "/var/empty"; # -d /var/empty
          shell = pkgs.shadow; # -s `which nologin`
          description = "Guix build user ${i}"; # -c "Guix buid user $i"
          isSystemUser = true; # --system
        };
      });
      # merge all users
    in pkgs.lib.fold (str: acc: acc // buildUser str) andrehUser
    # for i in `seq -w 1 10`
    (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n + 1) 10));

    extraGroups.guixbuild = { name = "guixbuild"; };
  };

  systemd = {
    services = {
      # Derived from Guix guix-daemon.service.in
      # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2
      guix-daemon = {
        enable = true;
        description = "Build daemon for GNU Guix";
        serviceConfig = {
          ExecStart =
            "/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild --substitute-urls='https://substitutes.nonguix.org https://ci.guix.gnu.org https://bordeaux.guix.gnu.org'";
        };
        wantedBy = [ "multi-user.target" ];
      };
    };
  };

  system = {
    stateVersion = "20.03";
    autoUpgrade = {
      enable = true;
      dates = "0:10";
    };
  };

  xdg.portal = {
    enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  };

  virtualisation.libvirtd.enable = true;
  virtualisation.docker.enable = true;
}