{ config, pkgs, lib, inputs, globalData, packagesPath, ... }:

{
  imports = [./davmail.secret.nix];

  nixpkgs.overlays = lib.mkAfter [
    inputs.nil.overlays.nil
    inputs.wired.overlays.default
  ];

  programs.zsh.enable = true;

  nix.settings.trusted-users = lib.mkAfter [ "jan" ];

  age.secrets.users-jan-passfile.file = ./users-jan-passfile.age;
  users.users.jan = {
    isNormalUser = true;
    extraGroups = [ "wheel" ] # Enable ‘sudo’ for the user.
      ++ lib.optional config.networking.networkmanager.enable "networkmanager"
      ++ lib.optional config.virtualisation.docker.enable "docker"
      ++ lib.optional config.services.transmission.enable "transmission"
      ++ lib.optional config.services.kubo.enable config.services.kubo.group
      ++ lib.optionals config.programs.adb.enable ["adbusers" "plugdev" "kvm"]
      ++ lib.optional config.hardware.pulseaudio.systemWide "pulse-access";
    shell = pkgs.zsh;
    hashedPasswordFile = config.age.secrets.users-jan-passfile.path;

    openssh.authorizedKeys.keys = globalData.publicKeys.users.jan;
  };

  users.groups.plugdev = lib.mkIf config.programs.adb.enable { };

  networking.firewall.allowedUDPPorts =
    let lanMouseCfg = config.home-manager.users.jan.local.services.lan-mouse;
    in lib.optional lanMouseCfg.enable lanMouseCfg.settings.port;

  # Required to use MS Exchange in aerc
  services.davmail = {
    enable = true;
    url = "https://outlook.office365.com/EWS/Exchange.asmx";
    config.davmail = {
      allowRemote = false;
      ssl = {
        nosecurecaldav = false;
        nosecureimap = false;
        nosecureldap = false;
        nosecuresmtp = false;
      };
      mode = "O365Manual";
    };
  };

  home-manager.users.jan = {
    imports = [
      ./email_accounts.secret.nix
      ./calendars.secret.nix
      ./ssh.secret.nix
      ./git
    ];

    ################################################################################
    # Configs
    ################################################################################

    local.keyboard = {
      enable = true;
      variant = "dvorak,";
    };

    local.window-manager = {
      xmonad.enable = lib.mkDefault true;
      polybar.enable = lib.mkDefault true;
    };

    xdg.enable = lib.mkDefault true;

    local.shell.enable = lib.mkDefault true;

    ################################################################################
    # Programs
    ################################################################################

    local.programs.terminals = {
      ghostty = {
        enable = true;
        package = pkgs.unstable.ghostty;
      };
      wezterm.enable = lib.mkDefault config.local.window-manager.xmonad.enable;
      foot.enable = lib.mkDefault (!config.local.window-manager.xmonad.enable);
    };

    local.programs.editors.neovim = {
      enable = lib.mkDefault true;
      defaultEditor = lib.mkDefault true;
      ltex.enable = lib.mkDefault true;
    };

    local.programs.file-managers.vifm.enable = lib.mkDefault true;
    local.programs.file-managers.nnn = {
      enable = true;
      package = pkgs.unstable.nnn;
    };

    local.programs.aerc.enable = lib.mkDefault true;

    local.programs.dev-tools = {
      base.enable = lib.mkDefault true;
      nix.enable = lib.mkDefault true;
      erlang.enable = lib.mkDefault true;
      web.enable = lib.mkDefault true;
      psql = {
        enable = lib.mkDefault true;
        package = lib.mkDefault pkgs.postgresql_16;
      };
      eza.enable = lib.mkDefault true;
      direnv.enable = lib.mkDefault true;
      zoxide.enable = lib.mkDefault true;
      ldap.enable = lib.mkDefault true;
    };

    local.programs.share-files.croc.enable = lib.mkDefault true;

    local.programs.flameshot.enable = lib.mkDefault true;

    local.programs.argos-translate.enable = lib.mkDefault true;

    ################################################################################
    # Services
    ################################################################################

    local.services.wired.enable = lib.mkDefault true;

    local.services.lan-mouse = {
      # x11 input capture not available: not implemented
      enable = lib.mkDefault false;
      settings = {
        # releaseBind = [ "KeyLeftCtrl" "KeyLeftShift" "KeyF1" ];
        port = lib.mkDefault 32000;
        frontend = "cli";
      };
    };

    /*
    services.pass-secret-service = lib.mkIf config.local.programs.pass.enable {
      enable = true;
      storePath = config.home-manager.users.jan.home.sessionVariables.PASSWORD_STORE_DIR;
    };
    */
    home.sessionVariables = lib.mkIf config.local.programs.pass.enable {
      PASSWORD_STORE_DIR = "${config.home-manager.users.jan.xdg.dataHome}/pass/store";
    };

    ################################################################################
    # Packages
    ################################################################################

    home.packages = with pkgs.unstable; [
      image-roll
      # vlc

      # tools
      procs
      bottom
      jq

      nodePackages.vscode-langservers-extracted # html, css, json, eslint

      (pkgs.callPackage (packagesPath + /micro-agent) {})
    ];

    home.file = {
      "pictures/wallpapers" = {
        source = ./wallpapers;
        recursive = true;
      };
    };

    home.stateVersion = config.system.stateVersion;
  };
}