# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  config,
  lib,
  pkgs,
  mods,
  ...
}:
{
  imports = [
    ./hardware-configuration.nix
    ./disks.nix
  ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.supportedFilesystems = [ "bcachefs" ];
  boot.kernelPackages = pkgs.linuxPackages_latest;

  time.timeZone = "Europe/Paris";

  networking = {
    interfaces."enp1s0" = {
      useDHCP = false;
      ipv4.addresses = [
        {
          address = "192.168.122.6";
          prefixLength = 24;
        }
      ];
      ipv6.addresses = [
        {
          address = "fe80::6";
          prefixLength = 64;
        }
      ];
    };
    defaultGateway = "192.168.122.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "enp1s0";
    };
    nameservers = [
      "192.168.122.1"
      "fe80::1%enp1s0"
    ];
  };

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fr";
  };

  services.dbus.packages = with pkgs; [ dconf ];

  nixpkgs.config.allowUnfree = true;

  programs.zsh.enable = true;

  environment.systemPackages = with pkgs; [
    wget
    nix-search-cli
    git
    btop
    ranger
    screen
    tree
  ];

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  services.openssh.enable = true;

  networking.firewall.enable = false;

  security.acme = {
    acceptTerms = true;
    defaults.email = "root@katvayor.net";
    certs."orchid.katvayor.net".extraDomainNames = [
      "simply-wise.fr"
      "www.simply-wise.fr"
    ];
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "orchid.katvayor.net" = {
        enableACME = true;
        forceSSL = true;
        locations."/static/" = {
          alias = "/srv/orchid/";
        };
      };
      "simply-wise.fr" = {
        useACMEHost = "orchid.katvayor.net";
        forceSSL = true;
        serverAliases = [ "www.simply-wise.fr" ];
        locations."/" = {
          root = pkgs.runCommand "building" { } ''
            mkdir -p $out
            ln -nsf ${./building.html} $out/building.html
          '';
          extraConfig = ''
            internal;
            error_page 404 =503 /building.html;
          '';
        };
      };
    };
  };
  services.wordpress = {
    webserver = "nginx";
    sites."orchid.katvayor.net" = { };
  };
  fileSystems."/home/orchid/content/www" = {
    device = "/srv/orchid";
    options = [ "bind" ];
  };
  systemd = {
    tmpfiles.settings."10-srv-orchid"."/srv/orchid" = {
      d = {
        group = "users";
        user = "orchid";
      };
      Z = {
        group = "users";
        user = "orchid";
        mode = "0755";
      };
    };
    timers.srv-tmpfiles = {
      wantedBy = [ "timers.target" ];
      timerConfig.OnCalendar = "*-*-* *:*:07..57/10";
    };
    services.srv-tmpfiles = {
      path = [ pkgs.systemd ];
      script = ''
        systemd-tmpfiles --create --prefix=/srv
      '';
    };
  };

  users.users.orchid = {
    isNormalUser = true;
    shell = pkgs.zsh;
  };
  home-manager.users.orchid = {
    home.stateVersion = "23.11";
    imports = with mods.home; [
      neovim
      zsh
    ];
  };

  system.stateVersion = "23.11";
}