{ config, lib, pkgs, ... }:

let
  inherit (lib) mkDefault mkIf mkMerge mkOption mkOverride types;
  cfg = config.beatific;
  mkFlag = description: mkOption {
    type = types.bool;
    inherit description;
    default = true;
  };
in {
  options = {
    beatific = {
      # The host name is reused for beatific-specific configuration.
      # The bulk of common config is handled in beatific.defaults below, but
      # having one option without a default ensures that the module cannot be
      # imported accidentally.
      hostName = mkOption {
        type = types.str;
        description = "Hostname";
      };

      # Groups of related defaults can be disabled by flipping off the switches here:
      #   beatific.defaults.${category} = false;
      # They default to true because the point is to do these things by default.
      defaults = {
        time = mkFlag "Default time zone and NTP";
        i18n = mkFlag "Default locale settings";
        programs = mkFlag "Default installed programs";
        ssh = mkFlag "Enable openssh";
        tvb = mkFlag "Default tvb account";
      };
    };
  };

  config = mkMerge [
    {
      # Options to always set
      networking.hostName = cfg.hostName;
      nix.extraOptions = "experimental-features = nix-command flakes";
    }

    (mkIf cfg.defaults.time {
      # mkDefault time zone to make it easy to configure it to non-UTC
      time.timeZone = mkDefault "UTC";
      services.ntp.enable = true;
      services.ntp.servers = [ "time.nist.gov" ];
    })

    (mkIf cfg.defaults.i18n {
      # en_US.UTF-8
      i18n.defaultLocale = "en_US.UTF-8";
      i18n.extraLocaleSettings = {
        LC_ADDRESS = "en_US.UTF-8";
        LC_IDENTIFICATION = "en_US.UTF-8";
        LC_MEASUREMENT = "en_US.UTF-8";
        LC_MONETARY = "en_US.UTF-8";
        LC_NAME = "en_US.UTF-8";
        LC_NUMERIC = "en_US.UTF-8";
        LC_PAPER = "en_US.UTF-8";
        LC_TELEPHONE = "en_US.UTF-8";
        LC_TIME = "en_US.UTF-8";
      };
    })

    (mkIf cfg.defaults.programs {
      environment.systemPackages = with pkgs; [
        curl
        git
        htop
        nebula
        python3
        vim
        wget
      ];
      # The nixpkgs default is "nano", so we go one priority higher
      environment.variables.EDITOR = mkOverride 999 "vim";
    })

    (mkIf cfg.defaults.ssh {
      services.openssh.enable = true;
      services.openssh.banner = ''
         ____  ______       _______ _____ ______ _____  ______  ./|,,/|
        |  _ \|  ____|  /\ |__   __|_   _|  ____|_   _|/ ____/ <  o  o|
        | |_) | |__    /  \   | |    | | | |__    | | | |     <\ (    |
        |  _ <|  __|  / /\ \  | |    | | |  __|   | | | |    <\\  |\  |
        | |_) | |____/ ____ \ | |   _| |_| |     _| |_| |___<\\\  |(__)
        |____/|_____/_/    \_\|_|  |_____|_|    |_____|\_____|\\  |

      '';
      networking.firewall.allowPing = true;
      networking.firewall.allowedTCPPorts = [ 22 ];
    })

    (mkIf cfg.defaults.tvb {
      users.groups.tvb = {};
      users.users.tvb = {
        isNormalUser = true;
        group = "tvb";
        extraGroups = [ "wheel" ];
        initialPassword = "password";
        openssh.authorizedKeys.keyFiles = [
          ../keys/tvb.catacomb.pub
          ../keys/tvb.empyrean.pub
          ../keys/tvb.palamas.pub
          ../keys/tvb.stagirite.pub
          ../keys/tvb.unfolder.pub
          ../keys/tvb.vagrant.pub
        ];
      };
    })
  ];
}