{ pkgs, lib, ... }:
with lib;
with lib.plusultra;
{
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  system.autoUpgrade = {
    enable = true;
    operation = "boot";
    allowReboot = false;
    flags = [
      "--update-input"
      "nixpkgs"
      "--update-input"
      "unstable"
    ];
    flake = "git+https://git.hoyer.xyz/harald/nixcfg#x1";
  };

  plusultra.gui.enable = true;
  plusultra.nix.enable = true;
  plusultra.nix.extra-substituters = {
    "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
  };

  boot = {
    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
    };
    tmp.cleanOnBoot = true;
    loader = {
      systemd-boot.enable = false;
      efi.canTouchEfiVariables = true;
      timeout = 2;
    };
    initrd.systemd.enable = true;
    kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
  };


  # Configure console keymap
  console.keyMap = "us";
  i18n.extraLocaleSettings = {
    LC_MESSAGES = "en_US.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };

  environment = {
    sessionVariables = { PATH = "$HOME/bin:$HOME/.cargo/bin"; };
    systemPackages = with pkgs; [
      age
      bash
      cachix
      cifs-utils
      clevis
      delta
      efibootmgr
      git
      git-delete-merged-branches
      home-manager
      htop
      mosh
      nixpkgs-fmt
      openssl
      restic
      rrsync
      sbctl
      sops
      strace
      tmux
      tpm2-pkcs11
      tpm2-pkcs11.out
      tpm2-tools
      vim
      virt-manager
      wget
    ];
    shells = [ pkgs.fish pkgs.bash ];
  };

  hardware = {
    cpu = {
      amd.updateMicrocode = lib.mkDefault true;
      intel.updateMicrocode = lib.mkDefault true;
    };
    enableRedistributableFirmware = lib.mkDefault true;
    enableAllFirmware = true;
  };

  programs = {
    dconf.enable = true;
    bash = {
      ## shellInit = ''
      interactiveShellInit = ''
        bind '"\e[A": history-search-backward'
        bind '"\e[B": history-search-forward'
      '';
    };
    starship.enable = true;
    mosh.enable = true;
    vim.defaultEditor = true;
    fish.enable = true;
  };

  # powerManagement.cpuFreqGovernor = "ondemand";

  services = {
    dbus.implementation = "broker";
    dbus.packages = [ pkgs.gcr ];
    fwupd.enable = true;
    openssh = {
      enable = true;
      settings.PermitRootLogin = "prohibit-password";
      settings.X11Forwarding = true;
    };
  };

  security = {
    tpm2.enable = lib.mkDefault true;
    tpm2.abrmd.enable = lib.mkDefault true;
    sudo = {
      enable = true;
      wheelNeedsPassword = false;
    };
  };

  system.stateVersion = "23.11";

  time.timeZone = "Europe/Berlin";

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
    "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
    "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
  ];

  virtualisation = {
    podman = {
      enable = true;

      # Create a `docker` alias for podman, to use it as a drop-in replacement
      dockerCompat = true;

      # For Nixos version > 22.11
      defaultNetwork.settings = { dns_enabled = true; };
    };
  };

  programs.nix-ld.enable = true;

  # Sets up all the libraries to load
  programs.nix-ld.libraries = with pkgs; [
    SDL
    SDL2
    SDL2_image
    SDL2_mixer
    SDL2_ttf
    SDL_image
    SDL_mixer
    SDL_ttf
    alsa-lib
    at-spi2-atk
    at-spi2-core
    atk
    bzip2
    cairo
    cups
    curlWithGnuTls
    dbus
    dbus-glib
    desktop-file-utils
    e2fsprogs
    expat
    flac
    fontconfig
    freeglut
    freetype
    fribidi
    fuse
    fuse3
    gdk-pixbuf
    glew110
    glib
    gmp
    gst_all_1.gst-plugins-base
    gst_all_1.gst-plugins-ugly
    gst_all_1.gstreamer
    gtk2
    harfbuzz
    icu
    keyutils.lib
    libGL
    libGLU
    libappindicator-gtk2
    libcaca
    libcanberra
    libcap
    libclang.lib
    libdbusmenu
    libdrm
    libgcrypt
    libgpg-error
    libidn
    libjack2
    libjpeg
    libmikmod
    libogg
    libpng12
    libpulseaudio
    librsvg
    libsamplerate
    libthai
    libtheora
    libtiff
    libudev0-shim
    libusb1
    libuuid
    libvdpau
    libvorbis
    libvpx
    libxcrypt-legacy
    libxkbcommon
    libxml2
    mesa
    nspr
    nss
    openssl
    p11-kit
    pango
    pixman
    python3
    speex
    stdenv.cc.cc
    tbb
    udev
    vulkan-loader
    wayland
    xorg.libICE
    xorg.libSM
    xorg.libX11
    xorg.libXScrnSaver
    xorg.libXcomposite
    xorg.libXcursor
    xorg.libXdamage
    xorg.libXext
    xorg.libXfixes
    xorg.libXft
    xorg.libXi
    xorg.libXinerama
    xorg.libXmu
    xorg.libXrandr
    xorg.libXrender
    xorg.libXt
    xorg.libXtst
    xorg.libXxf86vm
    xorg.libpciaccess
    xorg.libxcb
    xorg.xcbutil
    xorg.xcbutilimage
    xorg.xcbutilkeysyms
    xorg.xcbutilrenderutil
    xorg.xcbutilwm
    xorg.xkeyboardconfig
    xz
    zlib
  ];

}