{ config, lib, pkgs, keys, ... }:

{
  networking.hostName = "uConsole";
  time.timeZone = "America/Montreal";
  i18n.defaultLocale = "en_CA.UTF-8";
  system.stateVersion = "25.11";

  # SSH — root access avec clés gortium + ai-worker
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = lib.mkForce "prohibit-password";
      PasswordAuthentication = lib.mkForce false;
    };
  };

  users.users.root.openssh.authorizedKeys.keys = with keys; [
    users.gortium.main
    users.ai-worker.main
  ];

  # AI worker user (Hermes SSH access)

  # Age secret for gortium password (file created by user)
  age.secrets.gortium_password = {
    file = ../../secrets/gortium_password.age;
  };

  # Password file for gortium (merges with users/gortium/default.nix)

  # WiFi via NetworkManager + secret agenix
  networking.networkmanager.enable = true;

  # Firmware
  hardware.enableRedistributableFirmware = true;

  # Hyprland Wayland compositor (manual start — no SDDM)
  programs.hyprland = {
    enable = true;
    xwayland.enable = true;
  };
  # HackerGadgets AIO v2 board
  hardware.uconsole-cm5-aio-v2 = {
    enable = true;

    # Rails actifs au boot
    bootRails = {
      GPS  = false;
      LORA = false;
      SDR  = false;
      USB  = false;
    };

    enableGPS = false;
  };

}