# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let my_ssh_pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpDKWgowf2Gl83b7LsLzwpeKteLWeEE+B3ukE23XAiPmrYnD552ufUnYmid4yItWhNRY4SVsLMCfrdQj8+wftVHNXwx+Y559djAYjkm7qmtBFTvUNPSgtHkX4eoLA79nCPXzd69SS3qkqM2oLGaNKJV9lqxUcaTo0KzKOy5wy7oxQau3w5zCN/kHtxU2ktXGKB6oGocfLi87jefelmoruxo604itpduq78cAhd5fcZy/uZLzNTWf1GdLuqy7ep68txfeRknJ3TKpbaAk+YOlv4AvA23nD7V1GAn757fwv6JpiGe6/VvzkrR8YFLA8sA3kC7Ev8QD1dAkK9S0jMuLzRdAtMWezr7SXNHVEFZ1MLXAbECVkqXOkM0toK8F5ulMfY5E40RWKkawZOr6iB+tHa199WphSgjhtm9frywBMBE/3J5i4purOhZHemmmxJyv4fmSKW42toyc+d6lj0fWBFo3QYWSZPOIpsYhAo4jRw+LHlYwJr7bNIPxKEjutSM5sbacM2Om0GYU+SfHnX4+P5GYaSoFY5SfsjWCpSaK98ngKuKHlBuK2oQczhmFJAFQsBQinpoTF63qfzDpUyfmquvOaDtV9GVMn3AsZemVS+yVXWHHT4ZdXYvSsbgujlM/bUyH/eGLBQnkWBU74W2OxusyFkyp8k7zLwxgj0/hfWew== Miguel_User@DESKTOP-4NH8M69";
in
{

  # HARDWARE SCAN RESULTS
  imports =
    [ 
      /etc/nixos/hardware-configuration.nix
    ];
 

  # SYS PACKAGES
  environment.systemPackages = with pkgs; [mc highlight adminer icinga2 monitoring-plugins tmux];


  # compare with nginx etc and publish this shit (along instructions how to run with mariadb+icingaweb2 admin
  environment.etc = with pkgs;
  	let defaultIcinga2Const= builtins.readFile "${icinga2}/etc/icinga2/constants.conf";
	in
	{
		"icinga2/features-available".source="${icinga2}/etc/icinga2/features-available";
		"icinga2/scripts".source="${icinga2}/etc/icinga2/scripts";
		"icinga2/zones.d".source="${icinga2}/etc/icinga2/zones.d";
		"icinga2/conf.d".source="${icinga2}/etc/icinga2/conf.d";
		"icinga2/constants.conf".text=builtins.replaceStrings ["bin"] ["${monitoring-plugins}/bin"] defaultIcinga2Const;
		"icinga2/icinga2.conf".source="${icinga2}/etc/icinga2/icinga2.conf";
		"icinga2/zones.conf".source="${icinga2}/etc/icinga2/zones.conf";
		"icinga2/features-enabled/checker.conf".source="${icinga2}/etc/icinga2/features-available/checker.conf";
		"icinga2/features-enabled/mainlog.conf".source="${icinga2}/etc/icinga2/features-available/mainlog.conf";
		"icinga2/features-enabled/notification.conf".source="${icinga2}/etc/icinga2/features-available/notification.conf";
		"icinga2/features-enabled/ido-mysql.conf".text='' object IdoMysqlConnection "ido-mysql" { user = "icinga", password = "8fg$1%X58G4geX", host = "comet.softwarefools.com", database = "ICINGA_IDO" } '';
	};
   systemd.services.icinga2 = {
     enable = true;
     description = "Icinga host/service/network monitoring system";
     #After=postgresql.service mariadb.service carbon-cache.service mysql.service yslog.target
 
     serviceConfig = with pkgs; {
 	Type="simple";
 	User="icinga2";
 	Group="icinga2";
 	UMask=0007; #what is this good for?
 	ExecStart="${icinga2}/bin/icinga2 daemon -c /etc/icinga2/icinga2.conf";
 	ExecReload="${icinga2}/lib/icinga2/safe-reload /usr/lib/icinga2/icinga2";
 	PIDFile="/run/icinga2/icinga2.pid";
 	RuntimeDirectory="icinga2";
 	CacheDirectory="icinga2";
 	LogsDirectory="icinga2";
 	StateDirectory="icinga2";
     };
 
     wantedBy=[ "multi-user.target" ];
   };

  # AUTOMATIC uPGRADES
  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = true;

  # USERS / GROUPS / SSH
  services.openssh = {
	enable = true;
  	permitRootLogin = "yes";
  	passwordAuthentication = false;
  };

  users.mutableUsers = false;

  users.users.miguel = {
	isNormalUser = true;
	home = "/home/miguel";
	description = "Miguel";
	extraGroups = [ "wheel" "networkmanager" ];
  	openssh.authorizedKeys.keys = [ my_ssh_pub_key ];
	uid = 1000;
  };  

  security.sudo.wheelNeedsPassword = false;

  users.extraUsers.root.openssh.authorizedKeys.keys = [ my_ssh_pub_key ];

  users.groups.icinga2 = {};
  users.users.icinga2 = {
        isSystemUser = true;
	extraGroups = ["icinga2"];
  };

  # NEOVIM
  programs.neovim.enable = true;
  programs.neovim.vimAlias = true;
  programs.neovim.viAlias = true;

  # MARIADB
  services.mysql.enable = true;
  services.mysql.package = pkgs.mariadb;
  services.mysql.bind = "0.0.0.0";

  # XMPP
  services.ejabberd.enable = true;
  services.ejabberd.configFile = "/etc/ejabberd.yaml";

  # GITOLITE
  services.gitolite.enable = true;
  services.gitolite.extraGitoliteRc = "$RC{UMASK} = 0027;
				       push( @{$RC{ENABLE}}, 'D' );
		                      "; 
  services.gitolite.adminPubkey = my_ssh_pub_key;

  # GITWEB
  services.gitweb.projectroot = "/var/lib/gitolite/repositories";
  services.gitweb.gitwebTheme = true;
  services.gitweb.extraConfig = ''
				$site_name = "Gitweb of the Fools";
				$logo_label = "Gitweb of the Fools";
				$logo_url = "./";
				$feature{'highlight'}{'default'} = [1];
				$projects_list = "/var/lib/gitolite/projects.list";
	     	                $strict_export = true;
                                $per_request_config = 1;
				our %highlight_basename;
				$highlight_basename{'Dockerfile'} = 'Dockerfile';
				$highlight_basename{'Makefile'} = 'Makefile';
				our %highlight_ext;
				$highlight_ext{'hs'} = 'haskell';
				$highlight_ext{'go'} = 'go';
				$highlight_ext{'yaml'} = 'yaml';
				$highlight_ext{'md'} = 'markdown';
				$highlight_ext{'lua'} = 'lua';
				$highlight_ext{'modinfo'} = 'xml';
				push @stylesheets, "https://comet.softwarefools.com/highlight.css";
				'';

  # CERTS
  security.acme.acceptTerms = true;
  security.acme.email = "m.i@gmx.at";

  # NGINX
  services.nginx.enable = true;
  services.nginx.appendHttpConfig = "server_names_hash_bucket_size 64;";

  services.nginx.virtualHosts."comet.softwarefools.com" = {
    forceSSL = true;
    enableACME = true;
    root = "/var/www/comet.softwarefools.com";
  };

  # ICINGA
   services.icingaweb2.enable = true;
   services.icingaweb2.modules.monitoring.enable = false;
   services.icingaweb2.virtualHost = "icinga.softwarefools.com";
   services.nginx.virtualHosts."icinga.softwarefools.com" = {
     forceSSL = true;
     enableACME = true;
   };


  # DOKUWIKI
  services.dokuwiki."dokuwiki.softwarefools.com" = {
   	enable = true;
  	nginx = {
  		forceSSL = true;
  		enableACME = true;
  	};
  };
  services.nginx.virtualHosts."dokuwiki.softwarefools.com" = {
    forceSSL = true;
    enableACME = true;
    root = "/var/www/dokuwiki.softwarefools.com";
  };

  # GITWEB
  services.nginx.gitweb.enable = true;
  services.nginx.gitweb.group = "gitolite";
  services.nginx.gitweb.virtualHost = "gitweb.softwarefools.com";
  services.nginx.gitweb.location = "";

  services.nginx.virtualHosts."gitweb.softwarefools.com" = {
    forceSSL = true;
    enableACME = true;
    locations."/static/" = {
	extraConfig = "expires 5m;";
    };
  };

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  networking.hostName = "comet"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.ens3.useDHCP = true;

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  # };

  # Set your time zone.
  time.timeZone = "Europe/Warsaw";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  # environment.systemPackages = with pkgs; [
  #   wget vim
  # ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  #   pinentryFlavor = "gnome3";
  # };

  # FIREWALL
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [ 80 443 5222 5223 5269 3306 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;

  # Enable the X11 windowing system.
  # services.xserver.enable = true;
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";

  # Enable touchpad support.
  # services.xserver.libinput.enable = true;

  # Enable the KDE Desktop Environment.
  # services.xserver.displayManager.sddm.enable = true;
  # services.xserver.desktopManager.plasma5.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  # users.users.jane = {
  #   isNormalUser = true;
  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
  # };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.03"; # Did you read the comment?
}