{ nixos }:

/*

nutin-madaj - cloud infrastructure server.

This serves the git repo, mailserver, znc bouncer, user sites, and so on.

Currently also used as a catch-all production/staging server, until I get real
stuff deployed.

*/

let
  nixos-mailserver = builtins.fetchTarball {
    url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
    sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
  };
  ibbPort = "3000";
  fathomPort = "3030";
in
nixos {
  system = "x86_64-linux";
  configuration = {
    imports = [
      ./hardware-configuration.nix
      ./networking.nix

      # common infra
      ../users.nix
      ../packages.nix

      # configured modules
      ./git.nix
      ./mail.nix
      ./web.nix
      ./znc.nix

      # our custom modules
      #../../mode/ibb.nix
      #../../mode/fathom.nix

      # third party
      nixos-mailserver
    ];

    nixpkgs.config.allowUnfree = true;
    nixpkgs.overlays = [
      (import ../../pack/overlay.nix)
    ];

    programs.mosh = {
      enable = true;
      withUtempter = true;
    };

    services.openssh = {
      enable = true;
      passwordAuthentication = false;
    };

    security.sudo.wheelNeedsPassword = true;

    # our custom apps
    #services = {
    #  ibb = {
    #    enable = false;
    #    port = ibbPort;
    #  };
    #  # TODO: move this nginx config into mode/ibb.nix
    #  nginx.virtualHosts."influencedbybooks.com" = {
    #    forceSSL = true;
    #    enableACME = true;
    #    locations = {
    #      "/" = {
    #        proxyPass = "http://localhost:${ibbPort}";
    #      };
    #    };
    #  };
    #  fathom = {
    #    enable = true;
    #    port = fathomPort;
    #    dataDir = "/var/lib/fathom";
    #  };
    #  nginx.virtualHosts."stats.simatime.com" = {
    #    locations."/".proxyPass = "http://localhost:${fathomPort}";
    #    forceSSL = true;
    #    enableACME = true;
    #  };
    #};

    boot.cleanTmpDir = true;
  };
}