(define-module (hosts kirsty system)
  #:use-module (gnu)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages certs)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ncurses)
  #:use-module (gnu packages rsync)
  #:use-module (gnu packages wm)
  #:use-module (gnu services desktop)
  #:use-module (gnu services networking)
  #:use-module (gnu services security-token)
  #:use-module (gnu services sound)
  #:use-module (gnu services virtualization)
  #:use-module (gnu system locale)
  #:use-module (gnu system setuid)
  #:use-module (nongnu packages linux)
  #:use-module (nongnu system linux-initrd)
  #:use-module (packages linux)
  #:use-module (util))

(define host "kirsty")
(define config (host-dir host))

(operating-system
  (host-name host)
  (timezone "Europe/Ljubljana")

  (locale-definitions
   (cons*
    (locale-definition (name "sl_SI.utf8") (source "sl_SI"))
    %default-locale-definitions))
  (locale "en_US.utf8")

  (kernel (linux/config linux (string-append config "/kernel.config")))
  (kernel-arguments '("mitigations=auto"))

  (firmware
   (cons* intel-microcode linux-firmware wireless-regdb %base-firmware))

  (initrd microcode-initrd)
  (initrd-modules '("dm-crypt"))

  (bootloader
   (bootloader-configuration
    (bootloader grub-bootloader)
    (targets '("/dev/nvme0n1"))))

  (mapped-devices
   (list
    (mapped-device
     (source (uuid "c725b7b7-b4d9-49e0-8c2c-3624b3cde7e3"))
     (target "root")
     (type luks-device-mapping))))

  (file-systems
   (cons*
    (file-system
      (device "/dev/mapper/root")
      (mount-point "/")
      (type "ext4"))
    %base-file-systems))

  (swap-devices (list (swap-space (target "/swap"))))

  (users
   (cons*
    (user-account
     (name "timotej")
     (comment "Timotej Lazar")
     (group "users")
     (supplementary-groups '("cdrom" "kvm" "netdev" "wheel"))
     (home-directory "/home/timotej"))
    %base-user-accounts))

  (packages
   (cons* ncurses nss-certs rsync %base-packages))

  (setuid-programs
   (cons*
    (setuid-program
     (program (file-append swaylock "/bin/swaylock")))
    %setuid-programs))

  (services
   (cons*
    (extra-special-file "/usr/bin/env" (file-append coreutils "/bin/env"))
    (extra-special-file "/bin/bash" (file-append bash "/bin/bash"))

    ;; Networking.
    (service network-manager-service-type)
    (service wpa-supplicant-service-type)
    (service modem-manager-service-type)
    (service usb-modeswitch-service-type)
    (service openntpd-service-type
             (openntpd-configuration (servers '("pool.ntp.org"))))
    (service tor-service-type)

    ;; Desktop.
    (elogind-service)
    (udisks-service)
    (service upower-service-type)
    (service alsa-service-type)
    (service pcscd-service-type)

    (service qemu-binfmt-service-type
             (qemu-binfmt-configuration
              (platforms (lookup-qemu-platforms "arm" "aarch64" "mips64el" "x86"))))

    (modify-services %base-services
      ;; Don’t use up all CPU (and RAM) when compiling.
      (guix-service-type config =>
                         (guix-configuration
                          (inherit config)
                          (extra-options '("--cores=2"))))))))