# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).

{ microvm, config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix

      ../../modules/nixos/nix-common.nix
      ../../modules/nixos/environment.nix
      ../../modules/nixos/tailscale.nix
      ../../modules/nixos/system-packages.nix
      # microvm.host

      ../../modules/users/defin.nix
      ../../modules/users/git.nix
      ../../modules/users/root.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.binfmt.emulatedSystems = ["aarch64-linux"];

  networking.hostName = "doretta"; # Define your hostname.

  security.pam.sshAgentAuth.enable = true;

  virtualisation.libvirtd = {
    enable = true;
  };
  programs.virt-manager.enable = true;

  microvm = {
    vms = {
      foolcreek = {
        config = {
          microvm.shares = [{
            source = "/nix/store";
            mountPoint = "/nix/.ro-store";
            tag = "ro-store";
            proto = "virtiofs";
          }];
        };
      };
    };
    # interfaces = [{
    #   type = "tap";
    #   id = "vm-foolcreek";
    #   mac = "02:00:00:00:00:01";
    # }];
  };
  systemd.network = {
    enable = true;

    netdevs."10-microvm" = {
      netdevConfig = {
        Name = "microvm";
        Kind = "bridge";
      };
    };
    networks = {
    "10-microvm" = {
      matchConfig.Name = "microvm";
      networkConfig = {
        DHCPServer = true;
        # IPv6SendRA = true;
      };
      addresses = [ {
        Address = "10.0.0.1/24"; # } {
        # Address = "fd12:3456:789a::1/64";
      } ];
      # ipv6Prefixes = [{ Prefix = "fd12:3456:789a::/64"; }];
      # ipv6PREF64Prefixes = [{ Prefix = "fd12:3456:789a::/64"; }];
    };
    "11-microvm" = {
      matchConfig.Name = "vm-*";
      # Attach to the bridge that was configured above
      networkConfig.Bridge = "microvm";
    };
  };

    #   "20-lan" = {
    #     matchConfig.Type = "ether";
    #     networkConfig = {
    #       Address = ["10.1.11.101/24" "2001:db8::b/64"];
    #       Gateway = "10.1.11.254";
    #       DNS = ["8.8.8.8"];
    #       IPv6AcceptRA = true;
    #       DHCP = "no";
    #     };
    #   };
    #   "10-lan" = {
    #     matchConfig.Name = ["eno1" "vm-*"];
    #     networkConfig = {
    #       Bridge = "br0";
    #     };
    #   };
    #   "10-lan-bridge" = {
    #     matchConfig.Name = "br0";
    #     networkConfig = {
    #       Address = ["10.1.11.100/24" "2001:db8::a/64"];
    #       Gateway = ["10.1.11.254"];
    #       DNS = ["8.8.8.8"];
    #       IPv6AcceptRA = true;
    #     };
    #     linkConfig.RequiredForOnline = "routable";
    #   };
    # };
    # netdevs."br0" = {
    #   netdevConfig = {
    #     Name = "br0";
    #     Kind = "bridge";
    #   };
    # };
  };

  # Set your time zone.
  time.timeZone = "US/Mountain";

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkbOptions in tty.
  # };

  # Enable the X11 windowing system.
  services.xserver.enable = true;

  # Enable the Plasma 6 Desktop Environment.
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;
  
  # Enable CUPS to print documents.
  # services.printing.enable = true;

  environment.systemPackages = with pkgs; [
    qemu
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    settings.X11Forwarding = true;
  };

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 67 8080 2222 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?
}