{ config, lib, pkgs, ... }:

let
  # This is a placeholder
in
{
  options = {};
  imports = [ ../packages/default.nix ];

  config = {
    hardware = {
      bluetooth.enable = lib.mkDefault false;
      steam-hardware.enable = lib.mkDefault false;
    };

    boot = {
      kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
      loader = {
        efi.canTouchEfiVariables = lib.mkDefault true;
        systemd-boot.enable = lib.mkDefault true;
      };
    };

    programs.appimage.binfmt = true;
    security.sudo.wheelNeedsPassword = false;
    security.rtkit.enable = true;
    services = {
      fstrim.enable = true;
      resolved = {
        enable = true;
        dnsovertls = "opportunistic";
        fallbackDns = [
          "2620:fe::10#dns10.quad9.net"
          "2620:fe::fe:10#dns10.quad9.net"
          "9.9.9.10#dns10.quad9.net"
          "149.112.112.10#dns10.quad9.net"
        ];
        extraConfig = ''
          DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10#dns10.quad9.net
        '';
      };
      xserver.displayManager.lightdm.enable = false;
    };

    # Wireguard stuff, to-do make better
    networking.firewall = {
      enable = true;
      # if packets are still dropped, they will show up in dmesg
      logReversePathDrops = true;
      # wireguard trips rpfilter up
      extraCommands = ''
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
      '';
      extraStopCommands = ''
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
      '';
      # Open ports in the firewall.
      allowedTCPPorts = [ 22000 ];
      allowedUDPPorts = [ 22000 ];
    };

    services.udev.packages = [
      (pkgs.writeTextFile {

        name = "alterra-udev";
        destination = "/etc/udev/rules.d/92-alterra.rules";
        text = ''
        # USB-Blaster
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6001", MODE="0666"
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6002", MODE="0666"

        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6003", MODE="0666"

        # USB-Blaster II
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6010", MODE="0666"
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6810", MODE="0666"
        '';
    })];

    services.openssh = lib.mkIf (config.stitchyconf.form == "server"){
      enable = true;
      settings.PasswordAuthentication = false;
      settings.KbdInteractiveAuthentication = false;
    };

    environment.etc.hosts.mode = "0644";
    nix.settings.experimental-features = [ "nix-command" "flakes" ];
  };
}