{ config,pkgs,lib,hostName, ... }:

{
  system.stateVersion = "25.11";

  imports = [
    ./host
    ./module
  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    micro
    git
    cloudflared
    cloudflare-warp
    zoxide
    fzf
    sqlite
  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #  wget
  ];

  environment.variables = {
    TERM = "xterm-256color";
  };

  programs = {
    zsh.enable = true; # Mandatory for the user manager

    # Some programs need SUID wrappers, can be configured further or are
    # started in user sessions.
    #mtr.enable = true;
    #gnupg.agent = {
    #   enable = true;
    #   enableSSHSupport = true;
    # };
  };

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;   # Use latest kernel.
  };

  networking = {
    hostName = hostName; # Define your hostname.
    #wireless.enable = true;  # Enables wireless support via wpa_supplicant.
    #proxy.default = "http://user:password@proxy:port/";
    #proxy.noProxy = "127.0.0.1,localhost,internal.domain";
    networkmanager.enable = true;
    firewall.enable = true;
  };

  console.keyMap = "fr";
  time.timeZone = "Europe/Paris";

  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_ADDRESS = "fr_FR.UTF-8";
      LC_IDENTIFICATION = "fr_FR.UTF-8";
      LC_MEASUREMENT = "fr_FR.UTF-8";
      LC_MONETARY = "fr_FR.UTF-8";
      LC_NAME = "fr_FR.UTF-8";
      LC_NUMERIC = "fr_FR.UTF-8";
      LC_PAPER = "fr_FR.UTF-8";
      LC_TELEPHONE = "fr_FR.UTF-8";
      LC_TIME = "fr_FR.UTF-8";
    };
  };

  services = {
    xserver.xkb = {
      layout = "fr";
      variant = "azerty";
    };
    openssh = {
      enable = true;
      settings.Macs = [
        # Current defaults:
        "hmac-sha2-512-etm@openssh.com"
        "hmac-sha2-256-etm@openssh.com"
        "umac-128-etm@openssh.com"
        # Cloudfare:
        "hmac-sha2-256"
      ];
    };
  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  users.users.manager = {
    isNormalUser = true;
    description = "manager";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [];
    shell = pkgs.zsh;
  };

  security = {
    sudo = {
      enable = true;
      extraRules = [
        {
          groups = [ "wheel" ];
          commands = [
            {
              command = "/run/current-system/sw/bin/shutdown";
              options = [ "NOPASSWD" ];
            }
            {
              command = "/run/current-system/sw/bin/reboot";
              options = [ "NOPASSWD" ];
            }
          ];
        }
      ];
    };

    polkit.extraConfig = ''
      polkit.addRule(function (action, subject) {
        if (
          subject.isInGroup("wheel") &&networking.firewall.
          [
            "org.freedesktop.login1.reboot",
            "org.freedesktop.login1.reboot-multiple-sessions",
            "org.freedesktop.login1.power-off",
            "org.freedesktop.login1.power-off-multiple-sessions",
          ].indexOf(action.id) !== -1
        ) {
          return polkit.Result.YES;
        }
      });
    '';
  };
}