# Ref: https://learnxinyminutes.com/docs/nix/

{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./packages/local.nix
    ./config/local.nix
  ];

  nixpkgs.config.allowUnfree = true;
  security.acme.acceptTerms = true;

  environment.systemPackages = with pkgs; [
    asdf
    atop
    autoconf
    automake
    bash
    boot
    bind
    binutils
    btrfs-progs
    bundix
    byobu
    cdrtools
    cargo
    certbot
    clang
    curl
    dpkg
    emacs
    fail2ban
    file
    fortune
    gcc
    git
    gnumake
    gnupg
    google-cloud-sdk
    guile
    heimdalFull
    imagemagick
    ipfs
    iptables
    jdk
    kerberos
    libisofs
    libstdcxxHook
    lispPackages.alexandria
    lispPackages.cl-ppcre
    lispPackages.clx
    lispPackages.quicklisp
    lshw
    mkpasswd
    ncurses5
    nix-index
    nmap
    oidentd
    openldap
    openssh
    openssl_1_1
    openssh_gssapi
    pciutils
    pv
    pwgen
    racket
    ruby
    rubyPackages.nokogiri
    rustc
    sbcl
    sbclBootstrap
    screen
    service-wrapper
    stdenv
    telnet
    texlive.combined.scheme-basic
    tmux
    unzip
    vim
    wget
    yubikey-manager
  ];

  system.stateVersion = "19.09";

  system.autoUpgrade.enable = true;

  environment.etc.current-nixos-config.source = ./.;

  krb5.enable = true;
  krb5.libdefaults.default_realm = "FUDO.ORG";
  krb5.kerberos = pkgs.heimdalFull;

  console.keyMap = "dvp";

  i18n = {
    defaultLocale = "en_US.UTF-8";
  };

  programs = {
    mosh.enable = true;

    ssh = {
      extraConfig = ''
        GSSAPIAuthentication yes
        GSSAPIDelegateCredentials yes
      '';
    };

    bash.enableCompletion = true;
    mtr.enable = true;

    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };

  };

  services = {
    emacs = {
      defaultEditor = true;
      enable = true;
    };

    cron = {
      enable = true;
    };
    openssh = {
      enable = true;
      startWhenNeeded = true;
      extraConfig = ''
        GSSAPIAuthentication yes
        GSSAPICleanupCredentials yes
    '';
    };
  };

  security.pam = {
    enableSSHAgentAuth = true;
    # TODO: add yubico?
    services.sshd = {
      # This should only ask for a code if ~/.google_authenticator exists, but it asks anyway.
      # googleAuthenticator.enable = true;
      makeHomeDir = true;
      # Fails!
      # requireWheel = true;
    };
  };

  users.extraUsers = {
    node = {
      isSystemUser = true;
      group = "nogroup";
    };
  };

  users.groups = {
    fudosys = {
      gid = 888;
    };
  };

  users.extraUsers = {
    niten = {
      isNormalUser = true;
      uid = 10000;
      createHome = true;
      description = "Niten";
      extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
      group = "users";
      home = "/home/niten";
      hashedPassword = "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
    };
    reaper = {
      isNormalUser = true;
      uid = 10049;
      createHome = true;
      description = "Reaper";
      extraGroups = ["wheel" "audio" "video" "disk" "floppy" "lp" "cdrom" "tape" "dialout" "adm" "input" "systemd-journal" "fudosys" "libvirtd"];
      group = "users";
      home = "/home/reaper";
      hashedPassword = "$6$YVCI6kiGcG5EVMT$t9lYEXjAhbnh7YkvJJPAbrzL8XE/AASsKFlWWeS.fDjBi/8S7zwXTHF0j41nDUfC//3viysn0tIOQKyZTHhzG.";
    };
    fudo = {
      isSystemUser = true;
      uid = 888;
      description = "Fudo System User";
      group = "fudosys";
    };
  };

}