# Default configuration for hosts
{ config, lib, pkgs, ... }:

{
  imports = [ ../../modules ./unfree.nix ];

  nixpkgs.overlays = [ (import ../../overlays) ];

  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = false;

  boot.loader.timeout = 2;
  boot.tmpOnTmpfs = true;

  console = {
    font = "Lat2-Terminus16";
    keyMap = "de_CH-latin1";
  };

  i18n.defaultLocale = "en_US.UTF-8";

  environment.systemPackages = with pkgs;
    [
      vim
      tmux
      fwupd
      pciutils
      dmidecode
      smartmontools
      borgbackup
      iw
      killall
      bc
      efibootmgr
      efitools
      efivar
      mkpasswd
      rename
      wipe
      gnupg
      pass
      pwgen
      units
      powertop
      lm_sensors
    ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ]
    ++ [ autojump powerline-go ] ++ [ # File Utilities
      ack
      unzip
      unrar
      perl530Packages.DigestSHA3
      borgbackup
      iotop
      cabextract
      tree # p7zip
      vim
      vimPlugins.pathogen
      vimPlugins.airline
      git
      git-lfs
    ] ++ [ # Filesystem & Disk Utilities
      fuse_exfat
      cifs-utils
      keyutils # required for cifs kerberos auth
      smbclient
      exfat-utils
      sshfs-fuse
      hdparm
      mtpfs
      ntfs3g
      smartmontools
      parted
    ] ++ [ # Networking Utilities
      nmap
      bind
      curl
      wget
      ncat
      tor
      tor-arm
      mosh
      whois
      wol
      rsync
      sshuttle
      iftop
      mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound
      imapsync
      bluez-tools
    ];

  services.fwupd.enable = true;

  # Networking
  networking.firewall = {
    allowPing = true;
    allowedTCPPorts = [ 22 ];
  };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  nix.trustedUsers = [ "root" "@wheel" ];

  users.groups = {
    fhauser.gid = 1000;
    das-g.gid = 1001;
    empty0.gid = 1002;
  };

  users.mutableUsers = false;
  users.users = rec { # TODO: Migrate to meta
    root.openssh.authorizedKeys.keys =
      lib.flatten (map (u: u.openssh.authorizedKeys.keys) [ fhauser das-g ]);

    fhauser = {
      uid = 1000;
      isNormalUser = true;
      description = "Fabian Hauser";
      group = "fhauser";
      extraGroups = [ "wheel" "video" ]
        ++ (if config.virtualisation.docker.enable then [ "docker" ] else [ ]);
      hashedPassword =
        "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1";
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108"
      ];
    };

    das-g = {
      uid = 1001;
      isNormalUser = true;
      description = "Raphael Das Gupta";
      group = "das-g";
      extraGroups = [ "wheel" ];
      hashedPassword =
        "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0";
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon"
      ];
    };

    empty0 = {
      uid = 1002;
      isNormalUser = true;
      description = "Testuser empty0";
      group = "empty0";
      extraGroups = [ "video" ];
      hashedPassword =
        "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/";
    };
  };

  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };

  services.btrfs.autoScrub.enable = true;

  environment.etc = {
    gitconfig.source = ./etc/gitconfig;
    vimrc.source = ./etc/vimrc;
  };
  programs.autojump.enable = true;
  programs.vim.defaultEditor = true;

  security.acme = {
    acceptTerms = true;
    email = "sysadmin@qo.is";
  };

}