{ lib, ... }:

{
  options.jalr = {
    gui = {
      enable = lib.mkEnableOption "GUI";
      sway.enable = lib.mkEnableOption "sway";
      gnome.enable = lib.mkEnableOption "gnome";
    };
    workstation.enable = lib.mkEnableOption "Workstation";
  };

  imports = [
    ../pkgs/modules.nix
    ./adb.nix
    ./autologin.nix
    ./avahi.nix
    ./aws.nix
    ./bluetooth.nix
    ./bootloader
    ./debug.nix
    ./dns.nix
    ./esphome
    ./fish.nix
    ./fonts.nix
    ./gnome.nix
    ./journald.nix
    ./kdeconnect.nix
    ./kvm-switch-enable-screen.nix
    ./libvirt.nix
    ./localization.nix
    ./luksusb.nix
    ./mailserver
    ./matrix
    ./mobile-network.nix
    ./mute-indicator.nix
    ./neo.nix
    ./networking
    ./nix.nix
    ./obs.nix
    ./pipewire.nix
    ./podman.nix
    ./printers
    ./remarkable.nix
    ./sshd.nix
    ./steelseries-nova-pro.nix
    ./sudo.nix
    ./sway.nix
    ./udev.nix
    ./uefi.nix
    ./unfree.nix
    ./upgrade-diff.nix
    ./wireshark
    ./yubikey-gpg.nix
  ];

  config = {
    boot = {
      tmp.cleanOnBoot = true;
      kernel.sysctl = {
        "kernel.kptr_restrict" = 1;
        "kernel.yama.ptrace_scope" = 1;
        "kernel.kexec_load_disabled" = 1;
      };
      kernelParams = [
        "lockdown=integrity"
      ];
    };

    programs.nano.enable = false;

    security.acme = {
      acceptTerms = true;
      defaults = {
        email = "security@jalr.de";
      };
    };
  };
}