{ config, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./linode.nix
    <nixpkgs/nixos/modules/profiles/headless.nix>

    ./modules/networked-docker-containers.nix
  ];

  networking = {
    hostName = "tlater.net";

    # useDHCP is deprecated
    useDHCP = false;
    interfaces.eth0.useDHCP = true;

    firewall = {
      enable = true;
      allowedTCPPorts = [
        80
        443
        2222
        3022
      ];
    };
  };

  time.timeZone = "Europe/London";

  users.users = {
    tlater = {
      isNormalUser = true;
      extraGroups = [ "wheel" "docker" ];
      openssh.authorizedKeys.keyFiles = [ ./keys/tlater.pub ];
    };

    lauren = {
      isNormalUser = true;
      openssh.authorizedKeys.keyFiles = [ ./keys/lauren.pub ];
    };
  };

  services = {
    openssh = {
      enable = true;
      allowSFTP = false;
      passwordAuthentication = false;
      permitRootLogin = "no";
      ports = [ 2222 ];
      startWhenNeeded = true;
    };
  };

  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
  };

  docker-containers = {
    ## Reverse proxy
    #
    # These two services set up a reverse proxy that allows setting up
    # SSL services with docker containers on subdomains easily.
    #
    # To use, simply set:
    #
    # ```nix
    # environment = {
    #     VIRTUAL_HOST = "<subdomain>.tlater.net";
    #     LETSENCRYPT_HOST = "<subdomain>.tlater.net";
    # }
    # extraDockerOptions = [
    #     "--network=webproxy"
    # ];
    # ```
    nginx-proxy = import ./services/nginx-proxy.nix;
    nginx-proxy-letsencrypt = import ./services/nginx-proxy-letsencrypt.nix;

    ## Actual service definitions
    gitlab = import ./services/gitlab.nix;

    };
  };

  system.stateVersion = "19.09";
}