nix/hosts/nixos/thinkpad/system.nix

{ config, pkgs, lib, ... }: {
  imports = [
    ./hardware-configuration.nix
  ];

  # Bootloader - standard UEFI setup
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
    timeout = 3;
  };

  # Use latest kernel for better hardware support
  boot.kernelPackages = pkgs.linuxPackages_latest;
  
  # Kernel parameters for ThinkPad
  boot.kernelParams = [
    # Better power management
    "i915.enable_psr=1"
    "i915.enable_fbc=1"
    # Disable GPU power management debugging
    "drm.debug=0"
  ];

  # Enable firmware updates
  services.fwupd.enable = true;
  
  # Hardware support for ThinkPad P14s Gen 2 Intel
  hardware = {
    enableRedistributableFirmware = true;
    cpu.intel.updateMicrocode = true;
    
    # Graphics configuration
    graphics = {
      enable = true;
      enable32Bit = true;
      extraPackages = with pkgs; [
        intel-media-driver  # LIBVA_DRIVER_NAME=iHD
        vaapiIntel         # LIBVA_DRIVER_NAME=i965 (older but sometimes works better)
        vaapiVdpau
        libvdpau-va-gl
      ];
    };
    
    # NVIDIA configuration (T500)
    nvidia = {
      # Modesetting is required for PRIME
      modesetting.enable = true;
      
      # Power management (experimental but useful for laptops)
      powerManagement.enable = true;
      powerManagement.finegrained = true;
      
      # Use proprietary driver (open source doesn't support T500 well)
      open = false;
      
      # Enable nvidia-settings application
      nvidiaSettings = true;
      
      # Use production driver (more stable than latest)
      package = config.boot.kernelPackages.nvidiaPackages.production;
      
      # PRIME Offload configuration (better battery life)
      prime = {
        offload = {
          enable = true;
          enableOffloadCmd = true; # Provides nvidia-offload command
        };
        
        # Bus IDs - MUST be verified after installation with:
        # lspci | grep -E 'VGA|3D'
        # These are typical values but may differ
        intelBusId = "PCI:0:2:0";
        nvidiaBusId = "PCI:1:0:0";
      };
    };
    
    # Bluetooth support
    bluetooth = {
      enable = true;
      powerOnBoot = false; # Save battery
      settings = {
        General = {
          Enable = "Source,Sink,Media,Socket";
        };
      };
    };
  };

  # Network configuration
  networking = {
    hostName = "thinkpad";
    networkmanager = {
      enable = true;
      wifi.powersave = true;
    };
    firewall.enable = false;
  };

  # Time zone and localization
  time.timeZone = "Europe/Copenhagen";
  i18n.defaultLocale = "en_US.UTF-8";

  # Sound configuration with PipeWire (better than PulseAudio)
  services.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
  };

  # KDE Plasma Desktop Environment
  services.xserver = {
    enable = true;
    
    # Video drivers
    videoDrivers = [ "modesetting" "nvidia" ];
    
    # Keyboard layout
    xkb = {
      layout = "us";
      variant = "";
    };
  };
  
  # Display manager
  services.displayManager.sddm = {
    enable = true;
    wayland.enable = true;
  };
  
  # Auto-login
  services.displayManager.autoLogin = {
    enable = true;
    user = "yanlin";
  };
  
  # Desktop environment
  services.desktopManager.plasma6.enable = true;
  
  # Touchpad configuration
  services.libinput = {
    enable = true;
    touchpad = {
      naturalScrolling = true;
      tapping = true;
      disableWhileTyping = true;
      accelProfile = "adaptive";
    };
  };

  # Power management for laptops
  powerManagement = {
    enable = true;
    powertop.enable = true;
  };

  # TLP for advanced power management
  services.power-profiles-daemon.enable = false; # Conflicts with TLP
  services.tlp = {
    enable = true;
    settings = {
      # CPU power management
      CPU_SCALING_GOVERNOR_ON_AC = "performance";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      
      # Intel GPU power management
      INTEL_GPU_MIN_FREQ_ON_AC = 300;
      INTEL_GPU_MIN_FREQ_ON_BAT = 300;
      INTEL_GPU_MAX_FREQ_ON_AC = 1300;
      INTEL_GPU_MAX_FREQ_ON_BAT = 900;
      INTEL_GPU_BOOST_FREQ_ON_AC = 1300;
      INTEL_GPU_BOOST_FREQ_ON_BAT = 1100;
      
      # ThinkPad battery charge thresholds (preserve battery health)
      START_CHARGE_THRESH_BAT0 = 75;
      STOP_CHARGE_THRESH_BAT0 = 80;
      
      # PCIe power management
      RUNTIME_PM_ON_AC = "on";
      RUNTIME_PM_ON_BAT = "auto";
      
      # Disable Bluetooth on battery to save power
      DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE = "bluetooth";
    };
  };

  # Thermal management
  services.thermald.enable = true;

  # ThinkPad specific: thinkfan for better fan control
  services.thinkfan = {
    enable = true;
    levels = [
      [0  0   42]
      [1  40  47]
      [2  45  52]
      [3  50  57]
      [4  55  62]
      [5  60  72]
      [7  70  82]
      [127 80 32767]
    ];
  };

  # Enable CUPS for printing
  services.printing.enable = true;

  # SSH service
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };

  # User account
  users.users.yanlin = {
    isNormalUser = true;
    description = "yanlin";
    extraGroups = [ "networkmanager" "wheel" "video" "audio" "input" ];
    shell = pkgs.zsh;
    hashedPassword = "$6$kSyaRzAtj8VPcNeX$NsEP6zQAfp6O8YWcolfPRKnhIcJlKu5luZgWqozJAHtbE/gv90KoOOKU7Dt.FnbPB0Ej26jXoBH4X.7y/OLGB1";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICp2goZiuSfwMA02GsHhYzUZHrQPPBgP5sWSNP9kQR3e yanlin@imac"
    ];
  };

  # Enable sudo for wheel group
  security.sudo.wheelNeedsPassword = false;

  # Enable KDE Wallet auto-unlock via PAM
  security.pam.services.sddm.enableKwallet = true;

  # System packages
  environment.systemPackages = with pkgs; [
    # Essential tools
    vim
    git
    wget
    curl
    htop
    btop
    neofetch
    tree
    unzip
    
    # Development tools
    tmux
    zsh
    home-manager
    
    # KDE/Plasma utilities
    kdePackages.kate
    kdePackages.konsole
    kdePackages.spectacle
    kdePackages.filelight
    kdePackages.ark
    
    # System utilities
    pciutils
    usbutils
    lshw
    inxi
    
    # GPU monitoring
    nvtopPackages.nvidia
    intel-gpu-tools
    
    # Laptop utilities
    brightnessctl
    acpi
    powertop
    s-tui  # Stress test and monitoring
    
    # ThinkPad specific
    lm_sensors  # Temperature monitoring
  ];

  # Enable zsh
  programs.zsh.enable = true;

  # Enable experimental features
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Allow unfree packages (needed for NVIDIA drivers)
  nixpkgs.config.allowUnfree = true;

  # Laptop-specific services
  services.acpid.enable = true;
  services.upower.enable = true;

  # Advanced key remapping with keyd
  services.keyd = {
    enable = true;
    keyboards = {
      default = {
        ids = [ "*" ];
        settings = {
          main = {
            # Map Caps Lock to Left Control
            capslock = "leftcontrol";
            # Disable both physical Ctrl keys (make them no-ops)
            leftcontrol = "noop";
            rightcontrol = "noop";
          };
        };
      };
    };
  };

  # Apply XKB config to console (TTY) as well
  console.useXkbConfig = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken.
  system.stateVersion = "24.05";
}