# Shared system-level configuration for both NixOS and nix-darwin
# Import this in both nixos/configuration.nix and darwin/configuration.nix
{
  inputs,
  lib,
  config,
  pkgs,
  ...
}: {
  # Shared Nix configuration
  # Note: On Darwin with Determinate Nix, set nix.enable = false in darwin/configuration.nix
  nix = let
    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
  in {
    settings = {
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes";
      
      # Opinionated: disable global registry
      flake-registry = "";
      
      # Trusted users (useful for remote builds)
      # trusted-users = [ "root" "@wheel" ];
      
      # Workaround for https://github.com/NixOS/nix/issues/9574
      nix-path = config.nix.nixPath;
    };

    # Opinionated: make flake registry and nix path match flake inputs
    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
    
    # Platform-specific: These require nix.enable = true (conflicts with Determinate Nix on Darwin)
    # Only enable on Linux where we manage Nix ourselves
    optimise.automatic = lib.mkIf pkgs.stdenv.isLinux true;
    gc = lib.mkIf pkgs.stdenv.isLinux {
      automatic = true;
      options = "--delete-older-than 7d";
    };
  };

  # Shared nixpkgs configuration
  nixpkgs = {
    overlays = [
      inputs.self.overlays.additions
      inputs.self.overlays.modifications
      inputs.self.overlays.unstable-packages
    ];
    
    config = {
      allowUnfree = true;
      permittedInsecurePackages = [
        "hadoop-3.3.1"
        "libressl-3.4.3"
        "python3.12-ecdsa-0.19.1"
      ];
    };
  };

  # Shared environment packages
  environment.systemPackages = with pkgs; [
    vim
    # git is managed by home-manager (programs.git)
    curl
    wget
  ];
}