# This is the root configuration of the target machine.
# Usable by nixos-install and used by nixops.
# It is NOT copied nor usable on the target machine,
# only the resulting closure is copied to the target machine.
{ pkgs, lib, config, options, ... }:
let
  inherit (builtins) readFile;
  inherit (builtins.extraBuiltins) pass pass-chomp;
in
{
  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database servers.
  # You should change this only after NixOS release notes say you should.
  system.stateVersion = "19.09"; # Did you read the comment?

  nix = {
    autoOptimiseStore = true;
    trustedUsers = [ "julm" ];
  };

  nixpkgs.overlays = import ../overlays.nix;

  imports =
    [ ../nixos/defaults.nix
      mermet/unbound.nix
      mermet/nsd.nix
      mermet/openldap.nix
      mermet/gitolite.nix
      mermet/nginx.nix
      mermet/postfix.nix
      #mermet/rspamd.nix
      #mermet/dovecot2.nix
    ];

  networking = rec {
    hostName   = "mermet";
    domainBase = "sourcephile";
    domain     = "${domainBase}.fr";
  };

  users = {
    mutableUsers = false;
    users = {
      root = rec {
        initialPassword = password;
        password = pass-chomp "servers/mermet/login/root";
        openssh.authorizedKeys.keys = [
          (readFile ../../sec/ssh/julm.pub)
          (readFile ../../sec/ssh/julm-mob.pub)
        ];
      };
    };
    groups = {
    };
  };

  programs = {
    mosh.enable = true;
  };

  environment = {
    systemPackages = with pkgs; [
      cryptsetup
      direnv
      fio
      git
      gptfdisk
      lm_sensors
      rsync
      smartctl-tbw
      socat
    ];
  };
}