{ config, pkgs, options, lib, ... }:
let
  # Import home manager
  homeManager = fetchTarball
    "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";

  # Secrets and passwords
  secrets = import ./secrets.nix;
in

{
  imports = [ 
    ./hardware-configuration.nix 
    ./freecorn.nix
    ./jimbo.nix
    "${homeManager}/nixos" 
  ];

  # Bootloader
  boot.loader.grub = {
    enable = true;
    device = "/dev/sda";
  };

  # Hostname and networking
  networking = {
    hostName = "freecornserver";
    networkmanager.enable = true;
  };

  # Enable network manager applet
  programs.nm-applet.enable = true;

  # Set your time zone.
  time.timeZone = secrets.timeZone;

  # Select internationalisation properties.
  i18n.defaultLocale = "en_CA.UTF-8";

  # Enable the X11 windowing system.
  services.xserver = {
    enable = true;
    videoDrivers = [ "radeon" ];
    xkb = {
      layout = "us";
      variant = "";
    };

    # Enable the LXQT Desktop Environment.
    displayManager.lightdm.enable = true;
    desktopManager.lxqt.enable = true;
  };

  # Printer Stuff (FUCK HP!)
  services = {
    printing = {
      enable = true;
      drivers = [ pkgs.hplip ];
      webInterface = false;
    };
    avahi = {
      enable = true;
      nssmdns4 = true;
      openFirewall = true;
    };
  };

  # Enable sound with pipewire.
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
#  users.users.nextcloud = {
#    extraGroups = [ "nfsShare" ];
#    isSystemUser = true;
#  };

  # OpenGL and drivers
  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
  };

  # RTL-SDR Support
  hardware.rtl-sdr.enable = true;
  boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver

  # OpenWebRX
#  services.openwebrx.enable = true;

  # Enable automatic login for the user.
  services.displayManager.autoLogin = {
    enable = true;
    user = "freecorn";
  };

  # NGINX :3
  services.nginx = {
    enable = true;
    package = (pkgs.nginx.override {
      modules = with pkgs.nginxModules; [ rtmp ];
    });
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    # Homepage HTML
    virtualHosts = {
      "${secrets.cornDomain}" = {
        enableACME = true;
        addSSL = true;
        root = "/var/www/cornweb";
      };

      # non-free websites
      "nonfree.${secrets.cornDomain}" = {
        enableACME = true;
        forceSSL = true;
        root = "/var/www/non-free";
      };

      # websdr server
      "websdr.${secrets.cornDomain}" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:8073";
          proxyWebsockets = true;
	};
      };

#      # Nextcloud Proxy
#      "cloud.${secrets.cornDomain}" = {
#        enableACME = true;
#        addSSL = true;
#        locations."/" = {
#          proxyWebsockets = true;
#          extraConfig = ''
#            location /.well-known/carddav {
#              return 301 $scheme://$host/remote.php/dav;
#            }
#            location /.well-known/caldav {
#              return 301 $scheme://$host/remote.php/dav;
#          '';
#        };
#      };
    };
    appendConfig = ''
      rtmp {
        server {
          listen 1935;
          chunk_size 4096;
          allow publish all;
          application stream {
            record off;
            live on;
            allow play all;
          }
        }
      }
    '';
  };

#  # Nextcloud server
#  services.nextcloud = {
#    enable = true;
#    package = pkgs.nextcloud29;
#    hostName = "cloud.${secrets.cornDomain}";
#    datadir = "/nextcloud";
#    https = true;
#    config = {
#      adminuser = "freecorn";
#      adminpassFile = "/nextcloud/password.txt";
#    };
#    settings = {
#      trusted_proxies = [ "127.0.0.1" ];
#      trusted_domains = [ "cloud.${secrets.cornDomain}" ];
#      overwriteprotocol = "https";
#    };
#  };

  # Get certificates for Coturn
  security.acme = {
    acceptTerms = true;
    defaults.email = secrets.cornEmail;
  };

  # Install firefox.
  programs.firefox.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Packages installed in system profile
  environment.systemPackages = with pkgs; [
    wget
    x11vnc
    fastfetch
    ffmpeg
    system-config-printer
    libcaption
    git
    rtl-sdr
    steam-run
    openwebrx
  ];

  # Install fonts, need this for orbitron!
  fonts.packages = with pkgs; [
    orbitron
  ];

  # Enable the OpenSSH daemon.
  services.openssh = {
  enable = true;
    settings = {
      PermitRootLogin = "no";
      PrintLastLog = "no";
      PasswordAuthentication = false;
    };
    ports = [ 69 ];
  };

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 1935 4455 80 443 1234 69 ];
  networking.firewall.allowedUDPPorts = [ 4455 ];

  # Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
  system.copySystemConfiguration = true;

  # Don't change this
  system.stateVersion = "24.05";
}