{ pkgs, lib, modulesPath, ... }:
let
  stateVersion = "24.05";
  unstable = import <nixos-unstable> {};
  ad_src = builtins.fetchGit {
    url = "https://gitea.john-stream.com/john/ad-nix";
    ref = "main";
  };
  adTargetPath = "/srv/appdaemon/ad-nix";
in
{
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    (import "${builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz}/nixos")
    (fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master")
  ];

  environment.systemPackages = with pkgs; [
    (pkgs.writeShellScriptBin "nrbs" ''
      sudo nixos-rebuild switch
    '')
    (pkgs.writeShellScriptBin "nrbsu" ''
      sudo nix-channel --update && sudo nixos-rebuild switch
    '')
    bash
    git
    eza
    # appdaemon
  ];

  system.userActivationScripts.ad-setup.text = ''
  if [ ! -d ${adTargetPath} ]; then
    ${pkgs.git}/bin/git clone https://gitea.john-stream.com/john/ad-nix ${adTargetPath}
    chown -R appdaemon:users ${adTargetPath}
  else
    ${pkgs.git}/bin/git -C ${adTargetPath} pull
  fi
  '';

  virtualisation.docker.enable = true;
  services.vscode-server.enable = true;
  services.openssh.enable = true;

  security.sudo-rs = {
    enable = true;
    execWheelOnly = false;
    wheelNeedsPassword = false;
  };

  users.users.appdaemon = {
    isNormalUser = true;
    home = "/srv/appdaemon";
    extraGroups = [
      "wheel"
      "docker"
    ];
    openssh.authorizedKeys.keyFiles = [ "/root/.ssh/authorized_keys" ];
  };

  home-manager = {
    useGlobalPkgs = true;
    users.appdaemon = { pkgs, ... }: {
      home.stateVersion = stateVersion;
      home.packages = [ 
        unstable.uv
      ];
      programs = { 
        ssh.enable = true;
        git.extraConfig.credential.helper = "store --file ~/.git-credentials";
      };
    };
  };
  system.stateVersion = stateVersion;
}