(use-modules
 (gnu)
 (gnu packages)
 (gnu packages shells)
 (guix profiles)
 (guix packages)
 (srfi srfi-1))
(use-service-modules desktop docker networking ssh xorg)

(operating-system
  (locale "en_CA.utf8")
  (timezone "America/Toronto")
  (keyboard-layout
    (keyboard-layout "us" "altgr-intl"))
  (bootloader
    (bootloader-configuration
      (bootloader grub-efi-bootloader)
      (target "/boot/efi")
      (keyboard-layout keyboard-layout)))
  (mapped-devices
    (list (mapped-device
            (source
              (uuid "a3557b80-26cb-4fa9-8861-3dba1f6b1aa2"))
            (target "cryptroot")
            (type luks-device-mapping))))
  (file-systems
    (cons* (file-system
             (mount-point "/boot/efi")
             (device (uuid "76BA-85FB" 'fat32))
             (type "vfat"))
           (file-system
             (mount-point "/")
             (device "/dev/mapper/cryptroot")
             (type "ext4")
             (dependencies mapped-devices))
           %base-file-systems))
  (host-name "guixsd")
  (users (cons* (user-account
                  (name "collin")
                  (comment "Collin Doering")
                  (group "users")
                  (shell #~(string-append #$zsh "/bin/zsh"))
                  (home-directory "/home/collin")
                  (supplementary-groups
                    '("wheel" "docker" "kvm" "netdev" "audio" "video")))
                %base-user-accounts))

  (packages
   (append
    (map specification->package
     '("docker"
       "docker-cli"
       "docker-compose"
       "ratpoison"
       "nss-certs"
       "xterm"
       "recutils"
       "emacs"
       "emacs-guix"
       "emacs-exwm"
       "graphviz"
       "iptables"
       "tmux"
       "xterm"
       "xrandr"
       "xsetroot"))
    %base-packages))

  (services (cons* (service docker-service-type)
                   (service iptables-service-type
                            (iptables-configuration
                             (ipv4-rules (plain-file "iptables.rules" "*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [628:62522]
:TCP - [0:0]
:UDP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A TCP -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
"))))
		   %desktop-services)))