{ pkgs, pkgs-unstable, asahi-firmware, ... }:
{ config, ... }:

let signal-desktop = pkgs.signal-desktop;
in {
  environment.systemPackages = (with pkgs-unstable; [
    renoise
    signal-desktop
    wireguard-tools
    cifs-utils
    sshfs
    rmapi
    transmission_4-qt
    vlc
    mitmproxy
  ]) ++ (with pkgs; [
    prismlauncher
  ]) ++ [ signal-desktop ];

  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
    dataDir = "/var/lib/mysql";
    settings = {
      mysqld = {
        bind_address = "127.0.0.1";
        # socket = "/tmp/mariadb.sock";
      };
    };
    ensureDatabases = [
      "bnuybase"
    ];
    ensureUsers = [
      {
        name = "xenia";
        ensurePermissions = {
          "bnuybase.*" = "ALL PRIVILEGES";
        };
      }
    ];
  };

  services.auto-cpufreq.enable = true;
  services.auto-cpufreq.settings = {
    battery = {
       governor = "ondemand";
       turbo = "never";
    };
    charger = {
       governor = "performance";
       turbo = "auto";
    };
  };

  networking.firewall.interfaces."enu1c2".allowedUDPPortRanges = [ { from = 0; to = 65535; } ];
  networking.firewall.interfaces."enu1c2".allowedTCPPortRanges = [ { from = 0; to = 65535; } ];

  networking.firewall.allowedUDPPorts = [ 51821 51820 ];
  networking.wireguard = {
    enable = true;
    interfaces.eta = {
      ips = [ "10.69.3.13/32" ];
      privateKeyFile = "/home/xenia/wireguard-keys/eta.new.private";
      peers = [ {
        publicKey = "xAHheRS7WfS62TrnCd0neOzR9yaNdr9zkViSaa+AyWA=";
        allowedIPs = [ "10.30.0.0/16" "10.250.0.0/16" "10.254.0.0/16" "192.168.30.0/24" "192.168.40.0/24" "192.168.50.0/24" "192.168.51.0/24" "192.168.250.0/24" ];
        endpoint = "129.16.13.37:13233";
        persistentKeepalive = 25;
      } ];
    };
    interfaces.bnuy = {
      ips = [ "10.100.1.1/32" ];
      privateKeyFile = "/home/xenia/wireguard-keys/local-network.private";
      peers = [ {
        publicKey = "Qa3saFnPTlGbxLnoyhsczczBMUGA8F/tlGsH8wnMTWY="; # https://github.com/xeniagda/cluster-config/tree/main/keys/catboy-cafe.public
        allowedIPs = [ "10.100.0.0/16" ];
        endpoint = "hem.60.nu:51820";
        persistentKeepalive = 25;
      } ];
    };
  };


  services.pipewire.wireplumber.extraConfig."10-bluez" = {
    "monitor.bluez.properties" = {
      "bluez5.enable-sbc-xq" = true;
      "bluez5.enable-msbc" = false;
      "bluez5.enable-hw-volume" = true;
      "bluez5.codecs" = [
        "sbc" "sbc_xq" "aac"
      ];
    };
  };

  fileSystems."/mnt/eta" = {
    device = "//10.30.12.6/users";
    fsType = "cifs";
    options = [ "username=eta" "password=eta" "uid=1002" "gid=1002" "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" ];
  };

  fileSystems."/mnt/media" = {
    device = "xenia@10.100.100.254:/media";
    fsType = "fuse.sshfs";
    options = [ "IdentityFile=/home/xenia/.ssh/id_ed25519" "allow_other" "uid=1002" "gid=1002" "x-systemd.automount" "noauto" ];
  };
  boot.supportedFilesystems."fuse.sshfs" = true;

  services.printing.enable = true;
  services.avahi.enable = true;

  virtualisation.docker.enable = true;

  services.udev.extraRules = ''
    KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
    KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"

    # Legacy rules for live training over webusb (Not needed for firmware v21+)
      # Rule for all ZSA keyboards
      SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"
      # Rule for the Moonlander
      SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"
      # Rule for the Ergodox EZ
      SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"
      # Rule for the Planck EZ
      SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"

    # Wally Flashing rules for the Ergodox EZ
    ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
    ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
    KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"

    # Keymapp / Wally Flashing rules for the Moonlander and Planck EZ
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
    # Keymapp Flashing rules for the Voyager
    SUBSYSTEMS=="usb", ATTRS{idVendor}=="3297", MODE:="0666", SYMLINK+="ignition_dfu"
  '';

  networking.extraHosts =
    ''
      127.0.0.1 rds-gw.studat.chalmers.se
    '';
  systemd.services.rdp-proxy = {
    enable = true;
    serviceConfig = {
      ExecStart = "${pkgs.sshpass}/bin/sshpass -f /home/xenia/wireguard-keys/cid.pw ${pkgs.openssh}/bin/ssh -o StrictHostKeychecking=no -vNL 443:rds-gw.studat.chalmers.se:443 loovj@remote11.chalmers.se";
      Type = "simple";
      User = "root"; # to bind on :443
    };
  };
}