{ pkgs, ... }:

let
  util = import ./util.nix;

  me = import ./me.nix { inherit util; };
  security = import ./security.nix;
in
{
  system.stateVersion = "23.05";

  imports = [
    ./modules
    (./hardware + "/${me.name}.nix")
    (./machines + "/${me.name}.nix")
  ];

  nixpkgs = {
    config.allowUnfree = true;
    overlays = [ (super: final: import ./pkgs final )];
  };

  boot.loader.systemd-boot.enable = true;

  users.mutableUsers = false;
  users.users.mel = {
    isNormalUser = true;
    home = "/home/mel";
    shell = pkgs.fish;
    extraGroups = [ "wheel" "docker" ];

    openssh.authorizedKeys.keys = security.keys; 
    hashedPassword = security.password;
  };

  networking = {
    hostName = me.name;

    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
      trustedInterfaces = [ "tailscale0" ];
    };
  };

  services = {
    openssh = {
      enable = true;
      openFirewall = false;
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false; 
        PermitRootLogin = "no";
      }; 
    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "client";
    };
    nginx.enable = true;
  };

  virtualisation = {
    docker = {
      enable = true;
      enableOnBoot = true;
    };
  };

  programs = {
    fish.enable = true;
    git.enable = true;
    tmux.enable = true;
  };

  services.nginx.virtualHosts = {
    default = { default = true; };
    "${me.name}.rnrd.eu" = { root = "/var/www/html"; };
  };

  environment.variables = { EDITOR = "vim"; };
  environment.systemPackages = with pkgs; [
    vim
    
    file
    dig
    inetutils
    htop
    ripgrep
  ]; 
}