{ pkgs, ... }:
{

  imports =
    [
      ./hardware-configuration.nix
      ./modules/backup
      ./modules/graphics
      ./modules/greetd
      ./modules/networks
      ./modules/printing
      ./modules/security
      ./modules/sound
      ./modules/virtualisation
    ];


  nix.settings.system-features = [ "gccarch-tigerlake" ];
  systemd.additionalUpstreamSystemUnits = [
    "soft-reboot.target"
    "systemd-soft-reboot.service"
  ];
  # Use the systemd-boot EFI boot loader.
  boot = {
    kernelModules = [ "v4l2loopback" ];
    kernelPackages = pkgs.linuxPackages_latest;
    # extraModulePackages = [
    #   config.boot.kernelPackages.v4l2loopback
    # ];
    # extraModprobeConfig = ''
    #   options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
    # '';
    tmp.useTmpfs = true;
  };

  environment.persistence."/nix/persist/system" = {
    directories = [
      "/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
      "/etc/ssh"
      "/etc/secureboot"
      "/root/.ssh"
      "/root/.borgmatic"
      "/root/.local/share/zsh"
    ];
    files = [
      "/etc/machine-id"
    ];
  };

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "en_US.UTF-8";

  console.keyMap = "dvorak";


  services.openldap = {
    enable = true;
    urlList = [ "ldap:///" ];
    settings = {
      attrs = {
        olcLogLevel = "conns config";
      };
      children = {
        "cn=schema".includes = [
          "${pkgs.openldap}/etc/schema/core.ldif"
          # attributetype ( 9999.1.1 NAME 'isMemberOf'
          # DESC 'back-reference to groups this user is a member of'
          # SUP distinguishedName )
          "${pkgs.openldap}/etc/schema/cosine.ldif"
          "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
          "${pkgs.openldap}/etc/schema/nis.ldif"
          # "${pkgs.writeText "openssh.schema" ''
          # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
          # 		DESC 'SSH public key used by this user'
          # 		SUP name )
          # ''}"
        ];

        "olcDatabase={1}mdb".attrs = {
          objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];

          olcDatabase = "{1}mdb";
          olcDbDirectory = "/var/lib/openldap/data";

          olcSuffix = "dc=ifsr,dc=de";

          /* your admin account, do not use writeText on a production system */
          olcRootDN = "cn=portunus,dc=ifsr,dc=de";
          olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";

          olcAccess = [
            /* custom access rules for userPassword attributes */
            ''{0}to attrs=userPassword
                by self write
                by anonymous auth
                by * none''

            /* allow read on anything else */
            ''{1}to *
                by * read''
          ];
        };
      };
    };
  };


  services = {
    envfs.enable = true; #usr/bin fixes
    blueman.enable = true; # bluetooth
    devmon.enable = true; # automount stuff
    upower.enable = true;
    fwupd.enable = true; # firmware updates
    btrfs.autoScrub.enable = true;
    mullvad-vpn = {
      enable = true;
      enableExcludeWrapper = false;
    };
  };
  hardware.bluetooth = {
    enable = true;
    settings = {
      General = {
        Experimental = true;
      };
    };
  };

  services.logind = {
    lidSwitch = "suspend-then-hibernate";
    lidSwitchDocked = "suspend";
    lidSwitchExternalPower = "suspend";
    extraConfig = ''
      HandlePowerKey = ignore
    '';
  };

  services.tlp = {
    enable = true;
    settings = {
      START_CHARGE_THRESH_BAT0 = 70;
      STOP_CHARGE_THRESH_BAT0 = 90;
      RESTORE_DEVICE_STATE_ON_STARTUP = 1;
    };
  };

  documentation = {
    dev.enable = true;
  };
  environment.systemPackages = [ pkgs.man-pages ];
  system.stateVersion = "22.11";
}