(define-module (system-create)
  #:use-module (gnu)
  #:use-module (gnu services)
  #:use-module (gnu services dbus)
  #:use-module (gnu services docker)
  #:use-module (gnu services file-sharing)
  #:use-module (gnu system)
  #:use-module (gnu system setuid)
  #:use-module (gnu system nss)
  #:use-module (gnu services docker)
  #:use-module (nongnu packages linux)
  #:use-module (nongnu system linux-initrd)
  #:use-module (rosenthal services networking)
  #:export (system-create))

(use-service-modules cups desktop networking ssh xorg docker guix
		     admin pm docker virtualization)

(use-package-modules nfs certs shells ssh linux bash emacs networking
		     wm fonts libusb cups freedesktop file-systems version-control
		     package-management)

(define thanos/system-packages
  '("sway" "swaylock" "swaylock-effects" "swaybg"
    "waybar" "gnupg" "pinentry" "font-jetbrains-mono"
    "docker" "docker-cli" "dbus"))

(define* (system-create #:key
			(system-packages thanos/system-packages)
			(kernel linux-lts)
			(time-zone "Europe/Athens")
		        hostname
			filesystem
			swap-uuid
			(swapcaps? #t))
  (operating-system
   (locale "en_US.utf8")
   (timezone time-zone)
   (host-name hostname)
   (keyboard-layout (if swapcaps?
			(keyboard-layout "us" #:options '("ctrl:swapcaps"))
			(keyboard-layout "us")))

   (kernel kernel)
   (initrd microcode-initrd)
   (firmware (list linux-firmware))

   ;; The list of user accounts ('root' is implicit).
   (users (cons* (user-account
                  (name "thanos")
                  (comment "Thanos Apollo")
                  (group "users")
                  (home-directory "/home/thanos")
                  (supplementary-groups '("wheel" "netdev" "audio" "video" "docker" "kvm")))
		 %base-user-accounts))

   ;; Packages installed system-wide.
   (packages
    (append (map specification->package system-packages)
            %base-packages))

   ;; Below is the list of system services.  To search for available
   ;; services, run 'guix system search KEYWORD' in a terminal.
   (services
    (append (list
	     (service docker-service-type)
	     (service containerd-service-type)
	     (service libvirt-service-type
                      (libvirt-configuration
                       (unix-sock-group "libvirt")
                       (tls-port "16555")))
	     ;; Networking services
	     (service tailscale-service-type)
	     (service wpa-supplicant-service-type) ;; Needed by NetworkManager
	     (service network-manager-service-type)

	     (service transmission-daemon-service-type
		      (transmission-daemon-configuration
		       ;; Accept requests from this and other hosts on the
		       ;; local network
		       (rpc-whitelist-enabled? #t)
		       (rpc-whitelist '("::1" "127.0.0.1" "192.168.*"))
		       (rpc-username "z3us")
		       (rpc-password "{eab35f5df5b1e2691acf11f49be1b1dcffa55a59FyE5eNd8")))

	     ;; tty login
	     (service elogind-service-type)

	     (service console-font-service-type
		      (map (lambda (tty)
			     ;; Use a larger font for HIDPI screens
			     (cons tty (file-append
					font-terminus
					"/share/consolefonts/ter-132n")))
			   '("tty1" "tty2" "tty3")))

	     (service greetd-service-type
		      (greetd-configuration
		       (greeter-supplementary-groups
			(list "video" "input"))
		       (terminals
			(list
			 (greetd-terminal-configuration
			  (terminal-vt "1")
			  (terminal-switch #t))
			 (greetd-terminal-configuration
			  (terminal-vt "2"))
			 (greetd-terminal-configuration
			  (terminal-vt "3"))
			 (greetd-terminal-configuration
			  (terminal-vt "4"))
			 (greetd-terminal-configuration
			  (terminal-vt "5"))))))

	     (service openssh-service-type
		      (openssh-configuration
		       (permit-root-login 'prohibit-password)))

	     (service screen-locker-service-type
		      (screen-locker-configuration
		       (name "swaylock")
		       (program (file-append swaylock "/bin/swaylock"))
		       (using-pam? #t)
		       (using-setuid? #f)))

	     (service modem-manager-service-type)  ;; For cellular modems
	     polkit-wheel-service
	     (service tor-service-type)
	     (service cups-service-type)

	     (service udisks-service-type)
	     (service upower-service-type)
	     (service cups-pk-helper-service-type)
	     (service geoclue-service-type)

	     fontconfig-file-system-service ;; Manage the fontconfig cache

	     ;; Power and thermal management services
	     (service thermald-service-type)
	     (service tlp-service-type
		      (tlp-configuration
		       (cpu-boost-on-ac? #t)
		       (wifi-pwr-on-bat? #t))))

	    (modify-services %base-services
			     (delete login-service-type)
			     (delete mingetty-service-type)
			     (delete console-font-service-type))
	    ;; Services specifics for zeus
	    (if (string= hostname "zeus")
		(list
		 (service oci-container-service-type
			  (list
			   (oci-container-configuration
			    (image "ollama/ollama:rocm")
			    (network "host")
			    (ports
			     '(("11434" . "11434")))
			    (volumes
			     '(("/ollama" . "/root/.ollama"))))
			   (oci-container-configuration
			    (image "jellyfin/jellyfin")
			    (network "host")
			    (volumes
			     '(("/home/jelly/config" . "/config")
			       ("/home/jelly/cache" . "/cache")
			       ("/hdd" . "/media"))))
			   (oci-container-configuration
			    (image "rssbridge/rss-bridge")
			    (network "host")
			    (ports
			     '(("3000" . "80")))))))
		;; For everything else
		(list))))


   (bootloader (bootloader-configuration
		(bootloader grub-efi-bootloader)
		(targets (list "/boot/efi"))
		(keyboard-layout keyboard-layout)))

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
   (swap-devices (list (swap-space
			(target (uuid swap-uuid)))))

   ;; run 'lsblk -f' to get UUIDs.
   (file-systems filesystem)))