(use-modules (gnu)
             ((gnu packages anthy) #:select (anthy))
             ((gnu packages certs) #:select (nss-certs))
             ((gnu packages gnome) #:select (gvfs))
             ((gnu packages file-systems) #:select (davfs2))
             ((gnu packages ibus) #:select (ibus ibus-anthy))
             ((gnu packages wm) #:select (i3-wm))
             ((gnu services desktop) #:select (xfce-desktop-service-type))
             ((gnu services pam-mount) #:select (pam-mount-service-type pam-mount-configuration))
             ((gnu services xorg) #:select (set-xorg-configuration xorg-configuration))
             (gnu system))

(define %utils
  (list anthy davfs2 gvfs i3-wm ibus ibus-anthy nss-certs))

(define (install-to root-fs)
  (operating-system
    (locale "fr_FR.utf8")
    (timezone "Europe/Paris")
    (keyboard-layout (keyboard-layout "fr" "bepo" #:options '("ctrl:swapcaps")))
    (host-name "stub")
    (users (cons* (user-account
                    (name "kook")
                    (comment "Grou-grou")
                    (group "users")
                    (home-directory "/home")
                    (supplementary-groups
                      '("wheel" "netdev" "audio" "video" "kvm")))
                  %base-user-accounts))
    (packages
      (append %utils %base-packages))
    (bootloader
      (bootloader-configuration
        (bootloader grub-efi-bootloader)
        (targets '("/boot/efi"))
        (keyboard-layout keyboard-layout)))
    (file-systems
      (cons (file-system
               (mount-point "/")
               (device root-fs)
               (type "ext4"))
            %base-file-systems))))

(define pam-audio
  (service pam-limits-service-type
    (list
      (pam-limits-entry "@audio" 'both 'rtprio 99)
      (pam-limits-entry "@audio" 'both 'memlock 'unlimited))))

(define (pam-mount userName device)
  (service pam-mount-service-type
           (pam-mount-configuration
             (rules `((debug (@ (enable "0")))
                      (volume (@ (user ,userName)
                                 (fstype "crypt")
                                 (path ,device)
                                 (mountpoint "/home/")))
                      (mntoptions (@ (allow ,(string-join
                                               '("nosuid" "nodev" "loop"
                                                 "encryption" "fsck" "nonempty"
                                                 "allow_root" "allow_other")
                                               ","))))
                      (mntoptions (@ (require "nosuid,nodev")))
                      (logout (@ (wait "0")
                                 (hup "0")
                                 (term "no")
                                 (kill "no")))
                      (mkmountpoint (@ (enable "1")
                                       (remove "false"))))))))

(define (desktop-environment keyboard-layout)
  (list
    (service xfce-desktop-service-type)
    (set-xorg-configuration
      (xorg-configuration (keyboard-layout keyboard-layout)))))

(define (ssh-only authorized-keys)
  (service openssh-service-type
           (openssh-configuration
             (password-authentication? #f)
             (permit-root-login #f)
             (authorized-keys authorized-keys))))

(define nonguix
  (lambda (services)
    (modify-services services
      (guix-service-type
        config =>
        (guix-configuration
          (inherit config)
          (substitute-urls
            (append (list "https://substitutes.nonguix.org")
                    %default-substitute-urls))
          (authorized-keys
            (append (list (local-file "./nonguix.signing-key.scm"))
                    %default-authorized-guix-keys)))))))