{ config, lib, pkgs, ... }:


let

in {
  nix.binaryCachePublicKeys = [
    # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
  ];
  nix.binaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
    # "https://hydra.nixos.org"
  ];

  nix.daemonNiceLevel = 19;
  nix.daemonIONiceLevel = 7;
  nix.maxJobs = lib.mkDefault 3;
  nix.buildCores = 3;

  nix.useSandbox = true;

  networking.firewall.enable = true;
  networking.firewall.checkReversePath = false;

  networking.networkmanager = {
    enable = true;
    dns = "dnsmasq";
    unmanaged = [
      "interface-name:veth*"
      "interface-name:virbr*"
      "interface-name:br*"
      "interface-name:*vbox*"
      "interface-name:*cni*"
    ];
  };

  environment.sessionVariables = {
    NIXPKGS_ALLOW_UNFREE = "1";

    # Don't create .pyc files.
    PYTHONDONTWRITEBYTECODE = "1";
  };

  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';

  environment.pathsToLink = [ "/share/zsh" ];

  # Fonts, I18N, Date ...
  fonts = {
    enableCoreFonts = true;
  };

  i18n = {
    consoleFont = "lat9w-16";
    defaultLocale = "en_US.UTF-8";
  };
  time.timeZone = "Europe/Berlin";
  #time.timeZone = "America/Los_Angeles";

  # Services
  services.gpm.enable = true;
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";

  services.gnome3 = {
    gnome-disks.enable = false;
    gnome-documents.enable = false;
    gnome-online-miners.enable = false;
    gnome-user-share.enable = false;
    gnome-terminal-server.enable = false;
    gpaste.enable = false;
    sushi.enable = false;
    tracker.enable = false;

    # FIXME: gnome should be moved to user session
    seahorse.enable = true;
    gvfs.enable = true;
    at-spi2-core.enable = true;
    evolution-data-server.enable = true;
    gnome-online-accounts.enable = true;
    gnome-keyring.enable = true;
  };

  services.teamviewer.enable = false;

  services.printing = {
    enable = false;
  };

  services.pcscd.enable = true;
  services.xserver = {
    enable = true;
    libinput.enable = true;
    libinput.naturalScrolling = true;

    videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
    xkbVariant = "altgr-intl";
    xkbOptions = "nodeadkeys";

    desktopManager = {
      # FIXME: gnome should be moved to user session
      gnome3.enable = true;

      xterm.enable = true;
      plasma5.enable = false;
    };

    displayManager = {
      gdm.enable = false;

      lightdm = {
        enable = true;
        autoLogin = {
          enable = true;
          user = "steveej";
        };
        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
      };

      sessionCommands = ''
      '';
    };
  };

 # Package configuration
  environment.systemPackages = with pkgs; [
  ];

  # More Services
  services.udev.packages = [
    pkgs.libu2f-host
    pkgs.yubikey-personalization
  ];
  services.udev.extraRules = ''
    # OnePlusOne
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
    ATTR{idVendor}=="05c6", ATTR{idProduct}=="6765", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"

    # Plantronics BackBeat PRO
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="011a", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="fffe", GROUP="users", MODE="0777"
    SUBSYSTEM=="usb", ATTR{idVendor}=="047f", ATTR{idProduct}=="0001", GROUP="users", MODE="0777"
  ''
      ;

  services.packagekit.enable = true;

  services.resolved.enable = false;
  services.nix-serve.enable = false;

  services.samba.enable = true;
  services.samba.extraConfig = ''
    client max protocol = SMB3
  '';

  # hardware related services
  services.illum.enable = true;

  hardware = {
    bluetooth.enable = true;
    pulseaudio = {
      enable = true;
      package = pkgs.pulseaudioFull;
      support32Bit = true;
    };
  };

  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };

  # required for running blueman-applet in user sessions
  services.dbus.packages = with pkgs; [ 
    blueman
  ];

  # virtualization
  virtualisation = {
    libvirtd.enable = false;
    virtualbox.host.enable = false;
    virtualbox.guest.enable = false;
    docker.enable = true;
  };

  # Activation scripts for impure set up of paths in /
  system.activationScripts.bin = ''
    echo "setting up /bin..."
    mkdir -p /bin
    ln -sfT ${pkgs.bash}/bin/bash /bin/.bash
    mv -Tf /bin/.bash /bin/bash
  '';
  system.activationScripts.etcX11sessinos = ''
    echo "setting up /etc/X11/sessions..."
    mkdir -p /etc/X11
    ln -sfT ${config.services.xserver.displayManager.session.desktops} /etc/X11/.sessions
    mv -Tf /etc/X11/.sessions /etc/X11/sessions
  '';
  system.activationScripts.lib64 = ''
    echo "setting up /lib64..."
    mkdir -p /lib64
    ln -sfT ${pkgs.stdenv.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
    mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
  '';
}