{ config, pkgs, lib, ... }:
let
  sshPubkeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+X4vceRi79FLwwyzFzxNvaQlolQFrpYn0N4bgdLLaI root@hardlyworking"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyGaBZIZYjiBhOFD2drvG316B9NUVSbMpTIhOCQur8P arch"
  ];
in
{
  users.users = {
    root.openssh.authorizedKeys.keys = sshPubkeys;
    mc-fucker = {
      isNormalUser = true;
      openssh.authorizedKeys.keys = sshPubkeys;
      hashedPassword = "$6$VlNqS5D2uxmzs$AXEEg63iQ5bMQDtU9.Cy4cd/UfQCHk9QNo2RuQmucNz6Y4Z2l0qM5lvr6KFcEdJi6vO7mYd761LrVrQ8J7nPw1";
      extraGroups = [ "wheel" ];
    };
  };

  time.timeZone = "Europe/Berlin";
  i18n = {
    defaultLocale = "en_GB.UTF-8";
    extraLocaleSettings = {
      LC_TIME = "de_DE.UTF-8";
    };
  };

  zramSwap = {
    enable = lib.mkDefault true;
    memoryPercent = lib.mkDefault 200;
    algorithm = "lzo-rle";
  };

  programs = {
    mosh.enable = true;
    zsh = import ./zsh.nix;
    atop = {
      enable = lib.mkDefault true;
      #netatop.enable = lib.mkDefault true;
    };
    vim.enable = true; # disabled until nixos 24.11
    vim.defaultEditor = true;
  };

  systemd.services.atop.environment = {
    LOGINTERVAL = "60";
    LOGGENERATIONS = "14";
  };

  #services.logrotate = {
  #  enable = true;
  #};

  users.defaultUserShell = pkgs.zsh;

  security.sudo.wheelNeedsPassword = false;

  system.autoUpgrade = {
    enable = lib.mkDefault true;
    allowReboot = lib.mkDefault true;
    dates = "04:00";
    randomizedDelaySec = "30min";
  };

  services = {
    openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
      extraConfig = "ClientAliveInterval 60";
    };

    fail2ban = {
      enable = true;
      ignoreIP =
      [
        "100.64.0.0/16"
      ];
    };

    atd.enable = true;
  };

  networking.hosts = {
    "100.64.0.2" = [ "mc-fucker.cool" ];
  };

  boot.loader.timeout = 1;

  environment.systemPackages = with pkgs; [
    btop
    dig
    eza
    git
    htop
    nmap
    pv
    rclone
    rxvt-unicode-unwrapped.terminfo
    screen
    wget
    (import ./vim.nix)
  ];

  systemd.timers."podman-auto-update" = (lib.mkIf config.virtualisation.podman.enable {
    enable = true;
    wantedBy = [ "multi-user.target" ];
  });

  virtualisation.podman.defaultNetwork.settings = (lib.mkIf config.virtualisation.podman.enable {
    dns_enabled = true;
  });
  # disabling prune until nixos 23.05 drops
  # due to compability issues
  #virtualisation.podman.autoPrune.enable = config.virtualisation.podman.enable;

  #nix.gc = {
  #  automatic = lib.mkDefault true;
  #  options = lib.mkDefault "--delete-older-than 2d";
  #};

  boot.tmp.cleanOnBoot = true;

  imports = [
    ./zabbix-agent.nix
    ./sops.nix
    ./ssh-knownHosts.nix
    ./tailscale.nix
  ];
}
# vim: set et ts=2 sw=2 ai: