{ config, home-manager, lib, pkgs, ... }:
with lib;
let
  psCfg = config.pub-solar;
  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
  imports = [
    ./session-variables.nix
  ];

  config = {
    pub-solar.graphical.alacritty.settings.font.size = 12;
    pub-solar.graphical.alacritty.settings.key_bindings = [
      { key = "V"; mods = "Control|Super"; action = "Paste"; }
      { key = "C"; mods = "Control|Super"; action = "Copy"; }
    ];
    services.kbfs.enable = false;
    services.keybase.enable = false;
    services.yubikey-agent.enable = true;
    home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
      xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; };
      xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix { inherit config; inherit pkgs; };
      xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix { inherit config; inherit pkgs; };

      home.packages = with pkgs; [
        AusweisApp2
        consul
        ifmetric
        ipmitool
        keybase-gui
        nomad
        thunderbird
        vault
        veracrypt
        waypoint
      ];


      systemd.user.services.yubikey-agent = {
        Unit = {
          Description = "Seamless ssh-agent for YubiKeys";
          Documentation = [ "https://filippo.io/yubikey-agent" ];
        };

        Service = {
          ExecStart = "${pkgs.yubikey-agent}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
          ExecReload = "/bin/kill -HUP $MAINPID";
          IPAddressDeny = "any";
          RestrictAddressFamilies = "AF_UNIX";
          RestrictNamespaces = "yes";
          RestrictRealtime = "yes";
          RestrictSUIDSGID = "yes";
          LockPersonality = "yes";
          SystemCallFilter = "@system-service ~@privileged @resources";
          SystemCallErrorNumber = "EPERM";
          SystemCallArchitectures = "native";
          NoNewPrivileges = "yes";
          KeyringMode = "private";
          UMask = "0177";
          RuntimeDirectory = "yubikey-agent";
        };

        Install = {
          WantedBy = [ "sway-session.target" ];
        };
      };

      programs.zsh = {
        initExtra = import ./zshrc.nix pkgs;
      };

      # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
    };

    #services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ../../secrets/mopidy.conf);
  };
}