# Shared system-level configuration for both NixOS and nix-darwin
# Import this in both nixos/configuration.nix and darwin/configuration.nix
{
  inputs,
  lib,
  config,
  pkgs,
  ...
}: {
  # Shared Nix configuration
  # Note: On Darwin with Determinate Nix, set nix.enable = false in darwin/configuration.nix
  nix = let
    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
  in {
    settings = {
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes ca-derivations";
      
      # Binary caches
      substituters = [
        "https://cache.nixos.org/"
        "https://cache.iog.io"
        "https://haskell-language-server.cachix.org"
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
        "haskell-language-server.cachix.org-1:juFfHrwkOxqIOZShtC4YC1uT1bBcq2RSvC7OMKx0Nz8="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      
      # Opinionated: disable global registry
      flake-registry = "";
      
      # Trusted users
      trusted-users = ["root" "@admin" "@wheel"];
      
      # Workaround for https://github.com/NixOS/nix/issues/9574
      nix-path = config.nix.nixPath;
      
      # Keep build dependencies for development
      keep-outputs = true;
      keep-derivations = true;
      
      # Performance tuning
      max-jobs = 32;
      cores = 0; # Use all cores
      http-connections = 64;
      download-buffer-size = 134217728; # 128 MB
    };

    # Opinionated: make flake registry and nix path match flake inputs
    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
    
    # Platform-specific: These require nix.enable = true (conflicts with Determinate Nix on Darwin)
    # Only enable on Linux where we manage Nix ourselves
    optimise.automatic = lib.mkIf pkgs.stdenv.isLinux true;
    gc = lib.mkIf pkgs.stdenv.isLinux {
      automatic = true;
      options = "--delete-older-than 7d";
    };
    
    # Extra options
    extraOptions =
      ''
        accept-flake-config = true
      ''
      + lib.optionalString (pkgs.system == "aarch64-darwin") ''
        extra-platforms = x86_64-darwin aarch64-darwin
      '';
    
    # Use latest nix version
    package = pkgs.nixVersions.latest;
  };

  # Shared nixpkgs configuration
  nixpkgs = {
    overlays = [
      inputs.self.overlays.emacs
      inputs.self.overlays.additions
      inputs.self.overlays.modifications
      inputs.self.overlays.unstable-packages
    ];
    
    config = {
      allowUnfree = true;
      permittedInsecurePackages = [
        "hadoop-3.3.1"
        "libressl-3.4.3"
        "python3.12-ecdsa-0.19.1"
      ];
    };
  };

  # Shared environment packages
  environment.systemPackages = with pkgs; [
    vim
    # git is managed by home-manager (programs.git)
    curl
    wget
  ];
}