{ zentralwerk, config, pkgs, ... }:

{
  imports = [ ./hardware-configuration.nix ];

  c3d2 = {
    isInHq = true;
    hq.interface = "eno1";
    hq.enableBinaryCache = false;
    k-ot.enable = true;
    mountCeph = "/mnt/storage";
    autoUpdate = true;
  };

  nixpkgs.config.allowUnfree = true;

  nix = {
    useSandbox = true;
    buildCores = 4;
    maxJobs = 4;
  };

  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  boot = {
    loader = {
      efi.canTouchEfiVariables = true;
      systemd-boot.enable = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;
  };

  networking.hostName = "glotzbert"; # Define your hostname.
  networking.interfaces.eno1.useDHCP = true;

  # Select internationalisation properties.
  console = {
    font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
    keyMap = "de";
  };

  i18n.defaultLocale = "en_US.UTF-8";

  environment.systemPackages = with pkgs; [
    screen
    chromium
    firefox
    mpv
    kodi
  ];

  systemd.user.services.x11vnc = {
    description = "X11 VNC server";
    wantedBy = [ "graphical-session.target" ];
    partOf = [ "graphical-session.target" ];
    serviceConfig = {
      ExecStart = ''
        ${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
      '';
      RestartSec = 3;
      Restart = "always";
    };
  };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  # Or disable the firewall altogether.
  networking.firewall.enable = false;

  # Enable sound.
  sound.enable = true;
  hardware.pulseaudio = {
    enable = true;
    # Users must be in "audio" group
    systemWide = true;
    support32Bit = true;
    zeroconf = {
      discovery.enable = true;
      publish.enable = true;
    };
    tcp = {
      enable = true;
      anonymousClients.allowAll = true;
    };
    extraConfig = ''
      load-module module-tunnel-sink server=pulsebert.hq.c3d2.de
    '';
    extraClientConf = ''
      default-server = pulsebert.hq.c3d2.de
    '';
  };

  # Enable the X11 windowing system.
  services.xserver = {
    enable = true;
    layout = "de";
    xkbOptions = "eurosign:e";
  };

  services.xserver = {
    displayManager = {
      lightdm = { enable = true; };
      autoLogin = {
        enable = true;
        user = "k-ot";
      };
      defaultSession = "gnome-xorg";
    };
    desktopManager = {
      gnome.enable = true;
      kodi.enable = true;
    };
  };

  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  users.groups."k-ot" = { gid = 1000; };
  users.users."k-ot" = {
    group = "k-ot";
    extraGroups = [ "networkmanager" ];
  };

  system.stateVersion = "18.09"; # Did you read the comment?
}