{ buildNixOS }:

/*

com.simatime - cloud infrastructure server.

This serves the git repo, mailserver, znc bouncer, user sites, and so on.

Currently also used as a catch-all production/staging server, until I get real
stuff deployed.

*/

let
  nixos-mailserver = builtins.fetchTarball {
    url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
    sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
  };
in buildNixOS {
  system = "x86_64-linux";
  configuration = {
    imports = [
      ./simatime/hardware.nix
      ./simatime/networking.nix
      # common infra
      ./simatime/users.nix
      ./simatime/packages.nix
      # configured modules
      ./simatime/git.nix
      ./simatime/mail.nix
      ./simatime/web.nix
      ./simatime/znc.nix
      # third party
      nixos-mailserver
    ];
    nixpkgs.config.allowUnfree = true;
    programs.mosh = {
      enable = true;
      withUtempter = true;
    };
    services.openssh = {
      enable = true;
      passwordAuthentication = false;
    };
    security.sudo.wheelNeedsPassword = true;
    boot.cleanTmpDir = true;
  };
} // {
  dev = import ./simatime/dev.nix { inherit buildNixOS; };
}