{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ../server.nix
  ];

  raspberry-pi-nix = {
    board = "bcm2711";
    libcamera-overlay.enable = false;
  };

  networking = {
    hostId = "731d1660";
    firewall = {
      enable = true;
      allowedTCPPorts = [ 8080 ];
      allowedUDPPorts = [ 8080 ];
    };
  };

  users.users.root = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
    ];
  };

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

  systemd.services.ustreamer = {
    enable = true;
    description = "uStreamer service";
    unitConfig = {
      Type = "simple";
      ConditionPathExists = "/sys/bus/i2c/drivers/imx708/10-001a/video4linux";
    };
    serviceConfig = {
      ExecStart = ''${pkgs.libcamera}/bin/libcamerify ${pkgs.unstable.ustreamer}/bin/ustreamer \
        --host=0.0.0.0 \
        --resolution=4608x2592
      '';
      DynamicUser = "yes";
      SupplementaryGroups = [ "video" "i2c" ];
      Restart = "always";
      RestartSec = 10;
    };
    wantedBy = [ "network-online.target" ];
    confinement.mode = "chroot-only";
  };

  environment.systemPackages = with pkgs; [
    git
    neovim
    libcamera
    libraspberrypi
    raspberrypi-eeprom
    v4l-utils
    unstable.ustreamer
  ];

  system.stateVersion = "24.05";
}