#
#  Kabtop — server configuration
#

{ config, pkgs, user, agenix, impermanence, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ../../modules/server
  ] ++ (import ../../modules/services/server);

  # ── Server module options ───────────────────────────────────────────────
  myServer.virtualisation.enable = true;
  myServer.virtualisation.cpu    = "amd";
  myServer.fail2ban.enable       = true;

  # ── Host-specific settings ──────────────────────────────────────────────
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      grub = {
        enable = true;
        device = "/dev/sda";
      };
      timeout = 1;
    };
  };

  environment.etc = {
    "fail2ban/filter.d/open-webui.conf" = {
      source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
      mode   = "0444";
    };
    "fail2ban/filter.d/gitea.conf" = {
      source = ../../modules/services/server/fail2ban/filter/gitea.conf;
      mode   = "0444";
    };
    "fail2ban/filter.d/nextcloud.conf" = {
      source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
      mode   = "0444";
    };
  };

  programs = {
    ssh.startAgent = false;
    gnupg.agent = {
      enable            = true;
      enableSSHSupport  = true;
      pinentryPackage   = pkgs.pinentry-curses;
    };
  };

  services.qemuGuest.enable = true;
}