{ pkgs, lib, config, ... }:

let
  keys = import ../../../variables/keys.nix;
  passwords = import ../../../variables/passwords.crypt.nix;

in {
  nix = {
    binaryCaches =
      [ "https://holochain-ci.cachix.org" "https://cache.holo.host/" ];
    binaryCachePublicKeys = [
      "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
      "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
      "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
    ];
  };

  # TASK: new device
  networking.hostName = "steveej-t14"; # Define your hostname.

  networking.bridges."virbr1".interfaces = [ ];
  networking.interfaces."virbr1".ipv4.addresses = [{
    address = "10.254.254.254";
    prefixLength = 24;
  }];

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    # syncthing
    22000

    # iperf3
    5201
  ];

  networking.firewall.logRefusedConnections = false;
  networking.usePredictableInterfaceNames = false;

  services.printing = {
    enable = true;
    drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
  };

  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };

  # virtualization
  virtualisation = {
    libvirtd = { enable = true; };

    virtualbox.host = {
      enable = false;
      addNetworkInterface = false;
    };

    docker = {
      enable = true;
      extraOptions = "--experimental";
    };
  };

  services.samba.extraConfig = ''
    # client min protocol = NT1
  '';

  security.pki.certificateFiles =
    [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];

  services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
  services.xserver.serverFlagsSection = ''
    Option "BlankTime" "0"
    Option "StandbyTime" "0"
    Option "SuspendTime" "0"
    Option "OffTime" "0"
  '';

  time.timeZone = lib.mkForce passwords.timeZone.stefan;

  hardware.ledger.enable = true;
}