kiwi  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6ajPZhxyFlQonoT5QvbvztN1511lNq5MULcTziDT91 root@kiwi";

  "hosts/plum/id.age".publicKeys = [ james plum ];
  "hosts/pear/id.age".publicKeys = [ james pear ];

  "hosts/kiwi/password.age".publicKeys = [ james plum ];
  "hosts/plum/id.age".publicKeys       = [ james plum ];
  "hosts/pear/id.age".publicKeys       = [ james pear ];
	"hosts/kiwi/id.age".publicKeys       = [ james kiwi ];

# Example to create a bios compatible gpt partition
{ lib, ... }:
{
  disko.devices = {
    disk.disk1 = {
      device = lib.mkDefault "/dev/sda";
      type = "disk";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            name = "boot";
            size = "1M";
            type = "EF02";
          };
          esp = {
            name = "ESP";
            size = "500M";
            type = "EF00";
            content = {
              type = "filesystem";
              format = "vfat";
              mountpoint = "/boot";
            };
          };
          root = {
            name = "root";
            size = "100%";
            content = {
              type = "lvm_pv";
              vg = "pool";
            };
          };
        };
      };
    };
    lvm_vg = {
      pool = {
        type = "lvm_vg";
        lvs = {
          root = {
            size = "100%FREE";
            content = {
              type = "filesystem";
              format = "ext4";
              mountpoint = "/";
              mountOptions = [
                "defaults"
              ];
            };
          };
        };
      };
    };
  };
}

{ pkgs, lib, modulesPath, config, ... }:
let
	inherit (lib) enabled;
in
{
	imports = [
		(modulesPath + "/installer/scan/not-detected.nix")
		(modulesPath + "/profiles/qemu-guest.nix")
		./disk.nix
	];
	nix.settings.experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
	security.sudo = enabled {
		execWheelOnly = true;
	};
	boot.loader.grub = {
		efiSupport = true;
		efiInstallAsRemovable = true;
	};
	age.identityPaths = [ "/root/.ssh/id" ];
	age.secrets.password.file = ./password.age;
	age.secrets.id.file = ./id.age;
  # user configuration
  users.mutableUsers = false;
  users.users.james = {
    isNormalUser = true;
    shell = pkgs.nushell; # nushell as default shell
		hashedPasswordFile = config.age.secrets.password.path;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7WV4+7uhIWQVHEN/2K0jJPTaZ/HbG3W8OKSpzmPBI4"
    ];
  };
	users.users.root = {
		openssh.authorizedKeys.keys = [
			"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7WV4+7uhIWQVHEN/2K0jJPTaZ/HbG3W8OKSpzmPBI4"
		];
		hashedPasswordFile = config.age.secrets.password.path;
	};
	home-manager.users = {
		james = {};
	};
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = true;
      PermitRootLogin = "yes";
      PubkeyAuthentication = true;
    };
    openFirewall = true;
    hostKeys = [{
      type = "ed25519";
      path = config.age.secrets.id.path;
    }];
  };
  networking = {
    hostName = "kiwi";
    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 ];
    };
    useDHCP = lib.mkDefault true;
    interfaces = {};
  };
  time.timeZone = "Europe/Warsaw";
  i18n.defaultLocale = "en_US.UTF-8";
  # this value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. Don't change this after installation.
  system.stateVersion = "24.11";
}

        home-manager.nixosModules.home-manager
				agenix.nixosModules.default
        (
          { pkgs, ... }:
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.users.james = import ./home/default.nix (mkHomeConfig systems.linux);
          }
        )
      ];
		};
		nixosConfigurations."kiwi" = lib.nixosSystem' {
      system = systems.linux;
      modules = [
				disko.nixosModules.disko
        ./hosts/kiwi/configuration.nix