{ config, lib, pkgs, ... }:

let
  # This is a placeholder
in
{
  options = {};
  imports = [ ../packages/default.nix ];

  config = {
    hardware = {
      bluetooth.enable = lib.mkDefault false;
      steam-hardware.enable = lib.mkDefault false;
    };

    boot = {
      kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
      loader = {
        efi.canTouchEfiVariables = lib.mkDefault true;
        systemd-boot.enable = lib.mkDefault true;
      };
    };

    security.sudo.wheelNeedsPassword = false;
    security.rtkit.enable = true;
    services.xserver.displayManager.lightdm.enable = false;

    # Wireguard stuff, to-do make better
    networking.firewall = {
      enable = true;
      # if packets are still dropped, they will show up in dmesg
      logReversePathDrops = true;
      # wireguard trips rpfilter up
      extraCommands = ''
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
      '';
      extraStopCommands = ''
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
      '';
      # Open ports in the firewall.
      allowedTCPPorts = [ 22000 ];
      allowedUDPPorts = [ 22000 ];
    };

    environment.etc.hosts.mode = "0644";
    nix.settings.experimental-features = [ "nix-command" "flakes" ];
  };
}