# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./odin/hw.nix
      ./users.nix
    ];

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/disk/by-id/ata-MKNSSDCR60GB_MK130619AS1031770";

  networking.hostName = "odin"; # Define your hostname.

  # Select internationalisation properties.
  i18n = {
    consoleKeyMap = "dvp";
    defaultLocale = "en_US.UTF-8";
  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  environment.systemPackages = with pkgs; [
    pythonPackages.magic-wormhole
    tmux
    mosh
    quota
    git
    (callPackage ./utils/nix/rebuild-system.nix {})
  ];

  programs.zsh.enable = true;

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    challengeResponseAuthentication = false;
    extraConfig = ''
      AllowGroups ssh
    '';
  };
  users.groups."ssh" = {
    members = ["root"];
  };

  networking.firewall = {
    enable = true;
    allowPing = true;
    allowedTCPPorts = [ 22 # ssh
                      ];
    allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                           ];
  };

  users.extraUsers.root = let
      template = import ./users/gkleen.nix;
    in {
      inherit (template) shell;
      openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
    };

  services.journald = {
    rateLimitBurst = 0;
  };

  services.haveged.enable = true;

  system.autoUpgrade.enable = true;
  system.stateVersion = "18.09";

  systemd.services."nixos-upgrade" = {
    path = with pkgs; [ git ];
    preStart = ''
      git -C /etc/nixos pull --recurse-submodules
    '';
  };
}