# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    <top/profiles/server>
    <top/shared/monitoring.nix>
    <top/shared/tailscale.nix>
    <top/shared/basics-physical.nix>
    <top/shared/vpn.nix>
    ./home-automation.nix
    ./kodi.nix
    ./torrent.nix
    ./hosehawk.nix
  ];

  # enable unlocking full disk encryption via SSH
  boot.kernelParams = ["ip=dhcp"];
  boot.initrd = {
    availableKernelModules = ["r8169"]; # for Ethernet
    network = {
      enable = true;
      ssh = {
        enable = true;
        port = 2222;
        hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
        authorizedKeys = [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo/Y7w3hQgUIOQi63e8+L7eTMsVWl1vqY+Bd4tvwShdAj8ECU6JnD6gkCVzqXfUNdpA0Csd9PZlGAbXU+0kxudryFV6mxbXvYf+z70vcF02L5lDJ1tzCV7t7SwXnoenSNBIra/M2zDFgGM4oUkl9iZ2wxn/X/mvFzopJsM3xe2YNtJhXzCyaQTakKRDdHMyj9E867Ko03H6ZD2PI+9G+S39tk5ZLIcG9qhLTfDPziiZj7AIeTYVoxQycajwSlvp8BLzxxCKH8Mq7qW86jfT4lYvUuL5ItQ1cdFbmvJNKpgGXBzgBU+6kWf5c7P2aajhE3otgpfBXWBZRA3hKk+E+xX martin@hamac"
        ];
        shell = "/bin/cryptsetup-askpass";
      };
    };
  };
  # unsure why this is necessary
  networking.interfaces.enp3s0.useDHCP = true;

  home-automation.zigbee2mqttPort = 8080;
  torrent.qbittorrentWebUiPort = 7777;
  torrent.networkNamespace = "se";
  monitoring.alloyUiPort = 3001;
  monitoring.lokiPort = 3030;
  monitoring.prometheusNodeExporterPort = 9002;

  home-automation.zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0";

  fileSystems = {
    "/mnt/personal" = {
      device = "UUID=5587670d-9a50-4068-baca-17f5360f9ff9";
      fsType = "ext4";
      options = [ "nofail" "noatime" "rw" ];
    };
    "/mnt/lib" = {
      device = "UUID=a5f90083-d604-4218-b4d4-aac421b9d732";
      fsType = "ext4";
      options = [ "nofail" "noatime" "rw" ];
    };
  };

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "ev";

  networking.networkmanager.enable = true;

  time.timeZone = "Europe/Vienna";

  users.users.martin = {
    isNormalUser = true;
    extraGroups = [
      "networkmanager"
      "wheel"
    ];
  };

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [
    # Enabling openssh automatically opens its port in the firewall.
    # For all other services we need to manually list the ports here.
  ];
  networking.firewall.allowedUDPPorts = [];

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.11"; # Did you read the comment?

}