(define-module (ryan-config base-system)
                #:use-module (gnu)
                #:use-module (nongnu packages linux)
                #:use-module (gnu system setuid)
                #:use-module (gnu packages admin)
                #:use-module (gnu packages avahi)
                #:use-module (guix packages)
                #:use-module (gnu packages shells)
                #:use-module (guix build-system trivial)
                #:use-module (guix licenses)
                #:use-module (gnu packages tls)
                #:use-module (gnu packages spice)
                #:use-module (srfi srfi-1)
                #:use-module (ryan-packages freedesktop)
                #:use-module (ryan-packages wm)
                #:use-module (ryan-packages virtualization)
                #:use-module (ryan-packages linux)
                #:use-module (ryan-packages networking)
                #:use-module (rosenthal packages wm)
                #:use-module (gnu packages security-token)
                #:use-module (gnu services security-token)
                #:use-module (gnu services cups)
                #:use-module (gnu services desktop)
                #:use-module (gnu services networking)
                #:use-module (gnu services xorg)
                #:use-module (gnu services ssh)
                #:use-module (gnu services nix)
                #:use-module (gnu services sound)
                #:use-module (gnu services docker)
                #:use-module (gnu services avahi)
                #:use-module (gnu services dbus)
                #:use-module (gnu services virtualization))

; Define package that installs my root ca public keys
(define my-ca-certs
  (package
    (name "my-ca-certs")
    (version "1")
    (source (local-file "./CACerts"
                        #:recursive? #t))
    (build-system trivial-build-system)
    (license mpl2.0)
    (home-page "https://rschanz.org")
    (arguments
      `(#:modules
        ((guix build utils))
        #:builder
        (begin
          (use-modules (guix build utils)
                       (srfi srfi-1)
                       (srfi srfi-26)
                       (ice-9 ftw))
          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
                 (crt-suffix ".crt")
                 (is-certificate? (cut string-suffix? crt-suffix <>))
                 (certificates (filter is-certificate?
                                       (scandir ca-certificates)))
                 (out (assoc-ref %outputs "out"))
                 (certificate-directory (string-append out "/etc/ssl/certs"))
                 (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
            (mkdir-p certificate-directory)
            (for-each
              (lambda (cert)
                (invoke
                  openssl "x509"
                  "-in" (string-append ca-certificates "/" cert)
                  "-outform" "PEM"
                  "-out" (string-append certificate-directory "/" cert ".pem")))
              certificates)
            #t))))
    (native-inputs
      (list openssl))
    (synopsis "My CA Certs")
    (description synopsis)))

; Re-define the base packages to remove sudo
(define %my-base-packages
  (remove (lambda (package)
            (member (package-name package)
                    (list "sudo" "nano")))
          %base-packages ))

(define %backlight-udev-rule
  (udev-rule
    "90-backlight.rules"
    (string-append "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
                   "RUN+=\"/run/current-system/profile/bin/chgrp video /sys/class/backlight/%k/brightness\""
                   "\n"
                   "ACTION==\"add\", SUBSYSTEM==\"backlight\", "
                    "RUN+=\"/run/current-system/profile/bin/chmod g+w /sys/class/backlight/%k/brightness\"")))

(define-public base-operating-system
  (operating-system
    (kernel linux)
    (firmware (list linux-firmware))
    (locale "en_US.utf8")
    (timezone "America/New_York")
    (keyboard-layout (keyboard-layout "us"))
    (host-name "ThisWillChange")

    ;; The list of user accounts ('root' is implicit).
    (users (cons* (user-account
                    (name "ryan")
                    (comment "Ryan")
                    (group "users")
                    ;(shell (file-append zsh "/bin/zsh"))
                    (home-directory "/home/ryan")
                    (supplementary-groups '("wheel" "netdev" "audio" "video" "lp" "plugdev" "docker" "libvirt" "kvm")))
                  %base-user-accounts))

    ;; Packages installed system-wide.  Users can also install packages
    ;; under their own account: use 'guix search KEYWORD' to search
    ;; for packages and 'guix install PACKAGE' to install a package.
    (packages (append (map specification->package (list   "sway"
                                                         "hyprland"
                                                          "swaybg"
  			                                            "swayidle"
  			                                            ;"swaylock-effects"
  			                                            "fuzzel"
                                                        "foot"
                                                          "pinentry-qt"
                                                          "adwaita-icon-theme"
                                                          "hicolor-icon-theme"
  			                                            "git"
  			                                            "nss-certs"
  			                                            ;"waybar"
  			                                            "gnupg"
                                                          "light"
                                                          "avahi"
                                                          "mako"
                                                          "grim"
                                                          "grimblast"
                                                          "slurp"
                                                          "wl-clipboard"
                                                          ;"bluez"
                                                          ;"blueman"
                                                          "ldacbt"
                                                          "libfreeaptx"
                                                          "libfdk"
                                                          "opendoas"
                                                          ;"xdg-desktop-portal-wlr"
                                                          "xdg-desktop-portal"
                                                          "xdg-desktop-portal-gtk"
                                                          "v4l2loopback-linux-module"
                                                          "pipewire"
                                                          "docker"
                                                          ;"libvirt" ;New version inherited from service
                                                          ;"virt-manager"
                                                          "dconf"
                                                          "wireplumber"
                                                          "wireshark"
                                                          "zsh"))
                           (list my-ca-certs swaylock-effects-new xdg-desktop-portal-hyprland-ryan waybar-new virt-manager-ovmf bluez-ryan blueman-ryan)
                           %my-base-packages ))

    ;; Below is the list of system services.  To search for available
    ;; services, run 'guix system search KEYWORD' in a terminal.
    (services
     (append (list

                   ;; To configure OpenSSH, pass an 'openssh-configuration'
                   ;; record as a second argument to 'service' below.
                   (service openssh-service-type)
                   (service pcscd-service-type)
                   (service cups-service-type
                            (cups-configuration
                              (web-interface? #t)))
                   ;; Avahi is only present for CUPS to support "automagic" printing
                   (service avahi-service-type
                           (avahi-configuration
                             (publish? #f) ;; do not advertise this machine
                             (publish-workstation? #f))) ;; do not advertise, I want this to be as silent as possible
                   (service docker-service-type)
                   (service nix-service-type)
                   (service libvirt-service-type
                            (libvirt-configuration
                              (libvirt libvirt-ovmf)
                              (unix-sock-group "libvirt")))
                   (service virtlog-service-type)
                   (simple-service 'spice-polkit polkit-service-type (list spice-gtk))
                   (service bluetooth-service-type
                            (bluetooth-configuration
                              (bluez bluez-ryan)
                              (experimental #t)
                              (fast-connectable? #t)))
                   (udev-rules-service 'fido2 libfido2 #:groups '("plugdev")))

             ;; This is the default list of services we
             ;; are appending to.
  	(modify-services %desktop-services
  	(guix-service-type config =>
  		       (guix-configuration
  			 (inherit config)
  			 (substitute-urls
  			   (append (list "https://substitutes.nonguix.org")
  				   %default-substitute-urls))
  			 (authorized-keys
  			   (cons* (plain-file "non-guix.pub"
  						      "(public-key
  							(ecc
  							 (curve Ed25519)
  							 (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
  							)
  						       )" ) %default-authorized-guix-keys))))
      (udev-service-type config =>
                  (udev-configuration
                    (inherit config)
                    (rules (cons %backlight-udev-rule
                                 (udev-configuration-rules config)))))
      (elogind-service-type config =>
                            (elogind-configuration
                              (inherit config)
                              (handle-power-key `ignore)
                              (handle-suspend-key `ignore)
                              (handle-lid-switch `ignore)))
      (delete pulseaudio-service-type)
      (delete gdm-service-type)
      (delete avahi-service-type)
      ;(delete xorg-server-service-type)
      (delete alsa-service-type) )))
    (name-service-switch %mdns-host-lookup-nss) ;; Enable .local lookup
    (setuid-programs
      (append (list (file-like->setuid-program
                      (file-append
                        ;(specification->package "swaylock-effects")
                        swaylock-effects-new
                         "/bin/swaylock"))
                    (file-like->setuid-program
                      (file-append
                        (specification->package "wireshark")
                        "/bin/dumpcap"))
                    (file-like->setuid-program
                      (file-append
                        (specification->package "spice-gtk")
                        "/libexec/spice-client-glib-usb-acl-helper"))
                    (file-like->setuid-program
                      (file-append
                        (specification->package "opendoas")
                        "/bin/doas")))
              (delete sudo %setuid-programs)))
    (file-systems (cons*
                    (file-system
                      (mount-point "/tmp")
                      (device "none")
                      (type "tmpfs")
                      (check? #f))
                    %base-file-systems))
    (bootloader (bootloader-configuration
                  (bootloader grub-efi-bootloader)
                  (targets (list "/boot/efi"))
                  (keyboard-layout keyboard-layout)))))