# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').

{ config, pkgs, lib, inputs, ... }:
{
  imports =
    [
      ./hardware-configuration.nix
      ./services
      ./programs
    ];

  # enable flakes
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";

  networking.hostName = "dafoe"; # Define your hostname.

  # open ports for servers
  networking.firewall.allowedTCPPorts = [ 22 80 443 631 8096 8920 ];
  networking.firewall.allowedUDPPorts = [ 22 80 443 631 1900 7359 ];

  # static ipv6 (hetzner cant manage ipv6 via dhcp)
  networking.interfaces = {
    ens3.ipv6.addresses = [{ 
      address = "2a01:4f8:1c1e:83ae::";
      prefixLength = 64;
    }];
  };
  networking.defaultGateway6 = {
    address = "fe80::1";
    interface = "ens3";
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Define a user account. Don't forget to set a password with 'passwd'.
  users.users.leonv = {     
    isNormalUser = true;
    initialPassword = "leonv";
    extraGroups = [ "wheel" "nginx" ]; # Enable 'sudo' for the user.
    packages = with pkgs; [
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@gunther"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUMTbIxSRWqpIVtDbjwZK41FFOV5eQf9eJECgm40Fj1 leonv@absol"
    ];
   };
  users.defaultUserShell = pkgs.zsh;

  # List packages installed in system profile.
  environment.systemPackages = with pkgs; [
    wget
    zsh
    oh-my-zsh
    restic
    # for hugo website
    hugo
    go
  ];
  environment.variables = {
    EDITOR = "vim";

    # bitwarden key
    YUBICO_CLIENT_ID = "${../nix-secrets/dafoe/vaultwarden/yubico-id}";
    YUBICO_SECRET_KEY = "${../nix-secrets/dafoe/vaultwarden/yubico-secret}";
  };
  environment.shells = [ pkgs.zsh ];

  programs.git = {
    enable = true;
    lfs.enable = true;
    config = {
      init = {
        defaultBranch = "main";
      };
      commit = {
        gpgsign = true;
      };
      gpg = {
        format = "ssh";
      };
      user = {
        email = "leon.vatthauer@fau.de";
        name = "Leon Vatthauer";
        signingkey = "/git";
      };
    };
  };

  system.stateVersion = "23.11"; # Did you read the comment?
}