# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:
  let
    unstable = import <nixos-unstable> {};
    sshPubkeys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+X4vceRi79FLwwyzFzxNvaQlolQFrpYn0N4bgdLLaI root@hardlyworking"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyGaBZIZYjiBhOFD2drvG316B9NUVSbMpTIhOCQur8P arch"
      ];
    mc1 = "192.168.0.167";
    common_mc1_route = {
      via = mc1;
      prefixLength = 24;
    };
  in
  {
    users.users = {
      root.openssh.authorizedKeys.keys = sshPubkeys;
      mc-fucker = {
        isNormalUser = true;
        openssh.authorizedKeys.keys = sshPubkeys;
        hashedPassword = "$6$VlNqS5D2uxmzs$AXEEg63iQ5bMQDtU9.Cy4cd/UfQCHk9QNo2RuQmucNz6Y4Z2l0qM5lvr6KFcEdJi6vO7mYd761LrVrQ8J7nPw1";
        extraGroups = [ "wheel" ];
      };
    };

  nixpkgs.overlays = [
    (self: super: {
      gitea = unstable.gitea;
      htop = unstable.htop;
    })
  ];

  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  # networking.hostName = "nixos"; # Define your hostname.
  time.timeZone = "Europe/Berlin";

  networking.useDHCP = false;

  i18n.defaultLocale = "en_GB.UTF-8";

  environment.systemPackages = with pkgs; [
    wget
    htop
    git
    screen
    rxvt-unicode
    (import ./vim.nix)
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  networking.firewall.allowedTCPPorts = [ 3000 2222 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  system.stateVersion = "21.05";

  networking = {
    nameservers = [ mc1 ];
    defaultGateway = "192.168.0.1";
    interfaces.ens192.ipv4 = {
      addresses = [ {
        address = "192.168.0.165";
        prefixLength = 24;
      } ];
      routes = [
          (common_mc1_route // { address = "192.168.1.0"; })
          (common_mc1_route // { address = "192.168.2.0"; })
          (common_mc1_route // { address = "192.168.3.0"; })
      ];
    };
  };

  zramSwap = {
    enable = true;
    memoryPercent = 250;
    algorithm = "lzo-rle";
  };

  programs = {
    zsh = import ./zsh.nix;
    atop = {
      enable = true;
    };
  };

  users.defaultUserShell = pkgs.zsh;

  security.sudo.wheelNeedsPassword = false;

  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
  };

  services = {
    openssh = {
      enable = true;
      passwordAuthentication = false;
    };

    zabbixAgent = {
      enable = true;
      openFirewall = true;
      server = mc1;
    };
    gitea = import ./gitea.nix;
  };

  virtualisation = {
    docker = {
      enable = true;
    };
  };
}

# vim: set et ts=2 sw=2 ai