{ config, lib, pkgs, inputs, ... }:

{
  # Setup hardware
  imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ];
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
      options = [ "noatime" ];
    };
  };
  # Sops setup for this machine
  sops.secrets = {
    # "borg-ssh-key" = {
    #   sopsFile = ../../secrets/tounge/borg.yaml;
    #   format = "yaml";
    # };
    # "borg-password" = {
    #   sopsFile = ../../secrets/tounge/borg.yaml;
    #   format = "yaml";
    # };
    "wifi" = {
      sopsFile = ../../secrets/universe/wifi;
      format = "binary";
    };
  };
  # Setup system configuration
  nathan = {
    services = {
      borg = {
        enable = false;
        extraExcludes = [ "/var/lib/docker" "/var/log" ];
        passwordFile = config.sops.secrets."borg-password".path;
        sshKey = config.sops.secrets."borg-ssh-key".path;
      };
    };
    config = {
      setupGrub = false;
      userUid = "1001";
      nix = {
        autoUpdate = true;
        autoGC = true;
      };
      harden = false;
      virtualization = { docker = true; };
    };
  };
  # Configure networking
  networking = {
    domain = "mccarty.io";
    useDHCP = true;
    wireless = {
      environmentFile = config.sops.secrets."wifi".path;
      networks = { "Apollo" = { psk = "@PSK_WIFI@"; }; };
    };
    # Open ports in firewall
    firewall = {
      allowedTCPPorts = [ ];
      allowedUDPPorts = [ ];
    };
  };

  # Setup home manager
  home-manager.users.nathan = import ./home.nix;

}