# This is the root configuration of the target machine.
# Usable by nixos-install and used by nixops.
# It is NOT copied nor usable on the target machine,
# only the resulting closure is copied to the target machine.
{ pkgs, lib, config, options
# NixOps extra module inputs
, nodes, name, uuid, resources
, ... }:
let
  inherit (builtins) readFile;
  inherit (builtins.extraBuiltins) pass pass-chomp;
in
{
  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database servers.
  # You should change this only after NixOS release notes say you should.
  system.stateVersion = "19.09"; # Did you read the comment?

  nixpkgs.overlays = import ../overlays.nix;

  imports =
    [ ../nixos/defaults.nix
      mermet/apu2e4.nix
      mermet/zfs.nix
      mermet/lesptts.nix
      mermet/shorewall.nix
      mermet/unbound.nix
      mermet/nsd.nix
      mermet/openldap.nix
      mermet/gitolite.nix
      mermet/nginx.nix
      mermet/postfix.nix
      #mermet/rspamd.nix
      #mermet/dovecot2.nix
    ];

  networking = rec {
    hostName   = "mermet";
    domainBase = "sourcephile";
    domain     = "${domainBase}.fr";
  };

  users = {
    mutableUsers = false;
    users = {
      root = rec {
        initialPassword = password;
        password = pass-chomp "servers/mermet/login/root";
        openssh.authorizedKeys.keys = [
          (readFile ../../sec/ssh/julm.pub)
          (readFile ../../sec/ssh/julm-mob.pub)
        ];
      };
    };
    groups = {
    };
  };

  environment = {
    systemPackages = with pkgs; [
      cryptsetup
      fio
      git
      gptfdisk
      lm_sensors
      smartctl-tbw
      socat
    ];
  };
}