{ config, lib, inputs, stable_pkgs, unstable_pkgs, ... }:

let
  pkgs = stable_pkgs.x86_64;
  unstable = unstable_pkgs.x86_64;
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../nixos
      ../../../users/blake
      ../../../modules/system
      ../../../modules/holocron
      ../../../modules/homelab
      ../../../modules/gameservers/minecraft_recpro
      ../../../modules/gameservers/minecraft_modded
    ];

  home-manager.users.blake.imports = [
  ../../../users/blake/hosts/snowbelle.nix
  ];

  system = {
    ssh.enable = true;
    sops.enable = true;
    podman.enable = true;
    yubikey.enable = true;
    graphics = {
      enable = true;
      vendor = "nvidia";
    };
  };
  holocron = {
    syncthing.enable = true;
    copyparty.enable = false;
    ensure_perms.enable = false;
    zfs.enable = true;
    smb.enable = true;
    nfs.enable = true;
  };
  homelab = {
    enable = true;
    tailscale.enable = true;
    dnsmasq.enable = true;
    backups.enable = true;
    motd.enable = true;
    postfix.enable = true;
    gitea.enable = true;
    glance.enable = true;
    immich.enable = true;
    hass.enable = true;
    jellyfin.enable = true;
    audiobookshelf.enable = true;
    yacreader.enable = true;
    qbittorrent.enable = true;
    sonarr.enable = true;
    radarr.enable = true;
    bazarr.enable = true;
    prowlarr.enable = true;
    flaresolverr.enable = true;
    zigbee2mqtt.enable = true;
    mosquitto.enable = true;
    caddy.enable = true;
    uptime-kuma.enable = true;
    vaultwarden.enable = true;
  };
  gameservers = {
    minecraft_recpro.enable = true;
    minecraft_modded.enable = true;
  };

  # boot (systemd is going on me)
  boot.loader.systemd-boot.enable = true;   # systemd your pretty cool ya know
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.systemd.enable = true;  # better logging

  # setup hostname and networking stack
  services.resolved = {
    enable = true;
    fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
    dnsovertls = "opportunistic";
  };
  networking = {
    hostName = "snowbelle"; # hostname
    hostId = "3e6e7055";    # zfs wants this
    networkmanager = {
      enable = true;  # the goat
      dns = "systemd-resolved"; # the backup dancer!
      ensureProfiles.profiles = {
        vpn = {
          ethernet.mac-address = "7a:e4:07:8d:22:76";
          connection.type = "vlan";
          connection.id = "vpn";
          connection.interface-name = "enp89s0.69";   # or just "vpn-vlan"
          vlan.interface-name = "enp89s0.69";   # or just "vpn-vlan"
          vlan.parent = "enp89s0";
          vlan.id = 69;
          #ipv4.dns = "9.9.9.9";
        };
      };
    };
  };

  

  hardware.bluetooth.enable = true;



  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [
    80      # set - http
    111     # set - portmapper for nfs
    139     # set - smb
    443     # set - https
    445     # set - cifs
    1198
    1883    # set - mqtt
    2049    # set - nfs
    2222    # srv - syncthing
    7100    # srv - jellyfin
    7101    # srv - audiobookshelf
    7102    # srv - yacreader
    7103    # srv - qbittorrent
    7104    # srv - prowlarr
    7105    # srv - bazarr
    7106    # srv - sonarr
    7107    # srv - radarr
    7120    # srv - flaresolverr
    5701    # srv - archivebox
    7502    # srv - kiwix
    7567    # srv - gitea ssh
    7700    # srv - glance
    7701    # srv - vaultwarden
    7702    # srv - immich
    7703    # srv - gitea
    7704    # srv - hass
    7705    # srv - zigbee2mqtt
    7901    # srv - uptime kuma
    7902    # srv - copyparty
    25777   # srv - minecraft
    25565   #        ^  ^  ^
    25566   #        |  |  |
    25567   #        |  |  |
  ];

  networking.firewall.allowedUDPPorts = [ 51820 ];
  # Or disable the firewall altogether.
  networking.firewall.enable = true;

  system.stateVersion = "25.05"; # stays here :   )

}