# /etc/nixos/configuration.nix
{
  config,
  pkgs,
  lib,
  fetchurl,
  myConfig,
  ...
}: let
  moondeckBuddyWrapped = pkgs.appimageTools.wrapType2 {
    pname = "moondeck-buddy";
    version = "1.8.2";

    src = pkgs.fetchurl {
      url = "https://github.com/FrogTheFrog/moondeck-buddy/releases/download/v1.8.2/MoonDeckBuddy-1.8.2-x86_64.AppImage";
      hash = "sha256-D+9XIi3pIwaAq22DGHWAUqKub778qHQSjCU0aIjXmYY="; # Don't forget to update this!
    };

    extraPkgs = pkgs:
      with pkgs; [
        steam
        libappindicator-gtk3
      ];

    desktopItems = [
      (pkgs.makeDesktopItem {
        name = "Moondeck Buddy";
        exec = "moondeck-buddy";
        icon = "applications-other";
        comment = "A Sunshine/Moondeck Buddy.";
        categories = ["Utility" "Productivity"];
      })
    ];

    meta = with lib; {
      description = "Moondeck Buddy is an companion app for NVIDIA Sunshine/Moonlight.";
      homepage = "https://github.com/FrogTheFrog/moondeck-buddy";
      license = licenses.gpl3Only;
      platforms = platforms.linux;
      mainProgram = "moondeck-buddy";
    };
  };
in {
  environment.systemPackages = with pkgs; [
    moondeckBuddyWrapped
  ];

  programs.appimage.enable = true;
  programs.appimage.binfmt = true;

  # --- Firewall Configuration ---
  networking.firewall.allowedTCPPorts = [
    59999 # Allow Moondeck Buddy to listen on this port
  ];
  # If Moondeck Buddy also needs UDP, uncomment and add it here:
  networking.firewall.allowedUDPPorts = [
    59999
  ];

  systemd.services.moondeck-buddy = {
    description = "Moondeck Buddy service for Sunshine/Moonlight integration";
    after = ["network-online.target" "display-manager.service"]; # Ensure display manager is up
    wantedBy = ["multi-user.target"]; # Still autostart with multi-user target

    serviceConfig = {
      Type = "simple";
      User = "${myConfig.essentials.Username}"; # <--- IMPORTANT: User *must* have access to the display
      Group = "users";

      ExecStart = "${moondeckBuddyWrapped}/bin/moondeck-buddy";

      Restart = "on-failure";
      RestartSec = 5;

      # Crucial for GUI applications running as system services:
      Environment = [
        "DISPLAY=:0" # Assuming your main display is :0. This can vary.
        # "XAUTHORITY=/home/your-username/.Xauthority" # Needed if using Xauthority
        # If using Wayland, you might need XDG_RUNTIME_DIR and WAYLAND_DISPLAY
        # "XDG_RUNTIME_DIR=/run/user/$(id -u your-username)"
        # "WAYLAND_DISPLAY=wayland-0" # Or specific to your compositor
      ];

      # You might also need to explicitly grant access, e.g., with xhost +
      # but that's a security hole. Best is to rely on user authentication.
    };
  };
}