# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

{
  imports = [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./nginx.nix
    ./forgejo.nix
    ./authelia.nix
    ./lldap.nix
    ./vaultwarden.nix
    ./radicale.nix
  ];

  services.calDavToCsv = {
    enable = true;
    port = 8000;
    calendarUrl = "https://cal.stuce.ch";
    calendarUsername = "eInk";
    calendarName = "Ouais le ménage";
    calendarPasswordFile = "/etc/calDAVtoCSV/password";
  };

  # Add flake support
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  # Use the GRUB 2 boot loader.
  networking.usePredictableInterfaceNames = true;
  nix.settings.trusted-users = [ "stuce" ];
  users.users.stuce = {
    isNormalUser = true;
    home = "/home/stuce";
    description = "Stuce";
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcOyttPiox/YITnjSXzUXkuaeOySy6D+wzBiqSwE9AL lefabricesaucy@outlook.com"
    ];
  };

  boot.loader.grub.enable = true;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  networking.hostName = "nixos"; # Define your hostname.

  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget
    sqlite
    git
    htop
  ];
  programs.neovim.enable = true;
  programs.neovim.defaultEditor = true;
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  services.fail2ban.enable = true;
  services.openssh = {
    enable = true;
    startWhenNeeded = true;
    settings = {
      PasswordAuthentication = false;
      UsePAM = false;
      PrintMotd = true;
      PermitRootLogin = "no";
      KbdInteractiveAuthentication = false;
    };
  };

  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  # networking.firewall.allowedUDPPorts = [ ];

  system.stateVersion = "25.05";

  environment.etc."motd" = {
    text = ''
      Successfully connected so stuce's vps !
    '';
  };
}