#
#  Common configuration shared by all hosts (desktop and server).
#  Imported by configuration_desktop.nix and configuration_server.nix.
#

{ config, lib, pkgs, inputs, user, location, agenix, ... }:

{
  imports = [
    ../modules/hardware/hydraCache.nix
  ];

  users.users.${user} = {
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
    ];
  };

  time.timeZone = "Europe/Berlin";
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings = {
      LC_TIME = "de_DE.UTF-8";
      LC_MONETARY = "de_DE.UTF-8";
    };
  };

  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  fonts.packages = with pkgs; [
    carlito
    vegur
    source-code-pro
    font-awesome
    hack-font
    corefonts
    intel-one-mono
    cascadia-code
  ];

  environment = {
    variables = {
      TERMINAL = "alacritty";
      EDITOR = "nvim";
      VISUAL = "nvim";
      BROWSER = "firefox";
    };
    systemPackages = with pkgs; [
      vim
      git
      killall
      pciutils
      usbutils
      wget
      bind
      dig
      agenix.packages.${pkgs.system}.default
      cryptsetup
      powerline
      powerline-fonts
      powerline-symbols
      tree
      direnv
      linuxPackages_latest.cpupower
      btop
    ];
  };

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };

  programs.zsh.enable = true;

  nix = {
    settings = {
      auto-optimise-store = true;
      allowed-users = [ "@wheel" ];
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];

  security = {
    sudo.execWheelOnly = true;
    rtkit.enable = true;
    pki.certificateFiles = [
      ./rootCA.pem
    ];
  };

  system = {
    stateVersion = "23.05";
    autoUpgrade = {
      flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
      randomizedDelaySec = "5m";
      allowReboot = true;
      rebootWindow = {
        lower = "02:00";
        upper = "05:00";
      };
    };
  };
}