{ tree, config, pkgs, lib, ... }:
let usb_data = import ./hardware/usb_data.nix { };
in {
  imports = with tree; [
    users.root
    users.chaos
    profiles.tailscale
    #profiles.dnscrypt
    #profiles.printing
    profiles.sshd

    hosts.lappy.profiles.usb-automount
    hosts.lappy.profiles.macos-vm

    # required for dualsense controller
    profiles.kernels.latest

    profiles.laptop

    # Bluetooth
    #profiles.connectivity.bluetooth

    profiles.connectivity.network_manager
    profiles.connectivity.ios

    profiles.sound.pipewire

    profiles.gui.base
    profiles.gui.environments.gnome

    profiles.gaming.steam

    # for sci-hub and whenever websites break
    profiles.tor

    # For cross compiling and deploying to raspberry
    profiles.cross.arm64

    profiles.force_dns
    #extras.shenanigans-hotspot
  ];

  services.mullvad-vpn.enable = true;

  home-manager.users.root = {
    imports = with tree; [ home.base ];
    home.stateVersion = "22.05";
  };
  home-manager.users.chaos = {
    programs.ssh.matchBlocks."*".identityFile = "${usb_data.ssh_priv_path}";
    programs.git.extraConfig = {
      gpg.format = "ssh";
      commit.gpgsign = "true";
      tag.gpgsign = "true";
      user = { signingKey = "${usb_data.ssh_priv_path}"; };
    };
    imports = with tree; [
      home.base
      home.dev.all
      #home.reversing

      home.gui.base
      home.gui.environments.gnome

      #home.gaming.emulators.ds
      #home.gaming.games.minecraft
      #home.gaming.games.osu
      home.gaming.platforms.steam

      #home.bluetooth
      #home.network_manager

      home.apps.vivaldi
      home.apps.telegram
      home.apps.quassel
      home.apps.mpv
      home.apps.strawberry
      home.apps.file-roller
      home.apps.nautilus
      home.apps.nicotine-plus
      home.apps.musicutil
      home.apps.pavucontrol
      home.apps.mullvad
      home.apps.aria2
      home.apps.aegisub
      home.apps.rclone
      home.apps.restic

      home.programming.editors.vscode
      home.programming.languages.go
      home.programming.languages.nix
    ];
    home.stateVersion = "22.05";
  };

  hardware.opengl.extraPackages = with pkgs; [
    vaapiIntel
    vaapiVdpau
    libvdpau-va-gl
    intel-media-driver
  ];

  #services.getty.extraArgs = [ "--skip-login" "--login-options" "chaos" ];

  networking.firewall.enable = true;
  networking.firewall.allowPing = true;

  # Allow Soulseek
  networking.firewall.allowedTCPPorts = [ 8080 2235 ];
  networking.firewall.allowedTCPPortRanges = [
    # Allow aria2 to work
    {
      from = 6881;
      to = 6999;
    }
    {
      from = 50101;
      to = 50109;
    }
  ];
  networking.firewall.allowedUDPPortRanges = [
    # Allow aria2 to work
    {
      from = 6881;
      to = 6999;
    }
    {
      from = 50101;
      to = 50109;
    }
  ];

  networking.enableIPv6 = true;
  systemd.services.NetworkManager-wait-online.enable = false;

  # let vscode, vivaldi, etc work.
  security.unprivilegedUsernsClone = true;

  nix.settings.auto-optimise-store = true;
  nix.gc = {
    automatic = true;
    dates = "daily";
    options = "--delete-older-than 4d";
  };

  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
    builders-use-substitutes = true
  '';

  nix.buildMachines = [{
    hostName = "hetzner-vm.servers.genderfucked.monster";
    system = "x86_64-linux";
    maxJobs = 6;
    speedFactor = 2;
    sshUser = "chaos";
    supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
    mandatoryFeatures = [ ];
  }];
  nix.distributedBuilds = true;

  networking.hostName = "lappy";
  time.timeZone = "Europe/London";
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

  services.fstrim.enable = true;

  system.stateVersion = "21.11";
}