{ config, pkgs, lib, self, ... }:
with lib;
let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
  imports = [
    ./configuration.nix
    ./virtualisation
    ./factorio
  ];

  config = {
    hardware.cpu.amd.updateMicrocode = true;

    hardware.opengl.extraPackages = with pkgs; [
      rocm-opencl-icd
      rocm-opencl-runtime
    ];

    pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
    pub-solar.core.hibernation.resumeOffset = 115075072;

    services.openssh.openFirewall = true;
    networking.firewall.allowedTCPPorts = [ 443 ] ++ (if psCfg.sway.vnc.enable then [ 5901 ] else [ ]);

    environment.systemPackages = with pkgs; [
      wayvnc
      drone-docker-runner
      stdenv.cc.cc.lib
      pkgs.hplip
    ];

    age.secrets."vnc-key.pem" = {
      file = "${self}/secrets/vnc-key-chocolatebar.pem";
      mode = "400";
      owner = psCfg.user.name;
    };
    age.secrets."vnc-cert.pem" = {
      file = "${self}/secrets/vnc-cert-chocolatebar.pem";
      mode = "400";
      owner = psCfg.user.name;
    };
    pub-solar.sway.vnc.enable = true;
    pub-solar.ci-runner.enable = true;

    home-manager.users."${psCfg.user.name}" = {
      xdg.configFile = mkIf psCfg.sway.enable {
        "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
        "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
        "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
      };

      home.sessionVariables = {
        NIX_CC = "${pkgs.stdenv.cc}";
      };
    };

    # For OpenProject development with https
    security.pki.certificates = [
      (builtins.readFile ./step-roots.pem)
    ];
  };
}