{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./linode.nix
  ];

  networking = {
    hostName = "tlater.net";

    # useDHCP is deprecated
    useDHCP = false;
    interfaces.eth0.useDHCP = true;

    firewall = {
      enable = true;
      allowedTCPPorts = [
        80
        443
        2222
      ];
    };
  };

  time.timeZone = "Europe/London";

  users.users = {
    tlater = {
      isNormalUser = true;
      extraGroups = [ "wheel" "docker" ];
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOu0MwDJJcnh0JO3rFWqB5i7Katc06z913FJ2mrSwTMsvZrvsfCWeoHkwTZB72nUPhyAR5VtGruoSKDrX486ps+g4+Ec37/Bmij/4F+Kkfa8VjIiqlis2owPa1eWz0Oczvl1Bg+oSraNY75v2Q4cgrjrJyyA+UdG1TUBijBUa16Tqb0jzq7ZXu+HRdMTVSDMbYYiQObs16HTA0KyKT3nd8l18PFqni66ar6OV6k5oLbuXKEFoDI13/JFiD1r/LDghAoDhzAXfPeUsKDeilRwlddqcigpiassGLj1cdqVep3H1GWQ9q0TI1UadN7K3jeEwJVyjBH37duj4/ulWkUlLv tlater@haruna"

      ];
    };

    lauren = {
      isNormalUser = true;
      openssh.authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsQbwAdxtl4psbt0lkBaG9UZeJgDcI8xHWbot3cCM4avbfFjfpYhhv5SPlYvRKG4BqHXcK12oATKqKCapJhonR34K3khPiHGex+BUVs19bGTSj7NdXKFSvIDltdTeTA8gmpcOwT3ctlN7mdRNJdMIM3gzmFAu6DFOq/QnSNQViQDSvULyo4ElT48MS0fFuGCFT/bUGZaLQjnfHcnPegtBVfoZRNpLu+qgJZGm36mnzmovvza9cwm7ZE53FFjy4iGk/SzVw8li2b3Om3GgmdJd63ZPUI8wyLowPWQhQzf+N488WUe8mBw8dqUR4vhYSWTWhbQOuEqI2ttyWNrc0ApkknQgwLNzHVTFbaDL5Y0ATQaK7pzZ/c9GOS1dRMSEGFYwSY+pdMzXhIyG9wNCuDSFCXOluocbh4kJ42gdEI12IZ4GgYp5EgJ3obXXNDRizghrqljone415kga1fp+LVA3gLeScoh/DtB3EZ6oa1Dt9LjL8CH6KwX8wFUipCwcUkOCLairiMYyR2P6A9KBPtW/+JI7WaMO6SrBn/IS6wvqHr9If6dClyjpKHD5fqjDF8VrOyBfdGLU1WnYdHHPjmBRsJloLX85bZQtrJChBOS30wfeWwIIsBJOuqdj0/PlYmfq9l6NfGVoowC7BWJMw3Nl91CFfGD44cRUQM0oGQweEnQ== me@laurenweston.com"
      ];
    };
  };

  environment.systemPackages = with pkgs; [
  ];

  services = {
    openssh = {
      enable = true;
      allowSFTP = false;
      passwordAuthentication = false;
      permitRootLogin = "no";
      ports = [ 2222 ];
      startWhenNeeded = true;
    };
  };

  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };

  docker-containers = {
    nginx-proxy = {
      image = "jwilder/nginx-proxy:alpine";
      ports = [
        "80:80"
        "443:443"
      ];
      volumes = [
        # So that we can watch new containers come up
        "/var/run/docker.sock:/tmp/docker.sock:ro"
        # So that we can access generated certs
        "nginx-certs:/etc/nginx/certs:ro"
        # So that we can write challenge files for letsencrypt auth
        "nginx-challenges:/usr/share/nginx/html"
        # So that we can modify config on-the-fly to set up challenge
        # files
        "nginx-conf:/etc/nginx/vhost.d"
      ];
      environment = {
        DHPARAM_GENERATION = "false"; # Provided by nginx-proxy-letsencrypt
      };
    };

    nginx-proxy-letsencrypt = {
      image = "jrcs/letsencrypt-nginx-proxy-companion";
      volumes = [
        "/var/run/docker.sock:/var/run/dokcer.sock:ro"
        "nginx-certs:/etc/nginx/certs"
        "nginx-challenges:/usr/share/nginx/html"
        "nginx-conf:/etc/nginx/vhost.d"
      ];
      environment = {
        DEFAULT_EMAIL = "tm@tlater.net";
      };
    };
  };

  system.stateVersion = "19.09";
}