{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./data/secrets/secrets.nix
    ../../common/services/ssh.nix
    ../../common/services/tailscale.nix
    ../../common/users.nix
    ./services/acme.nix
    ./services/coturn.nix
    ./services/nginx.nix
    ./services/restic.nix
    ./services/synapse.nix
    ./services/postgres.nix
		#./services/mail.nix
		#./services/containers.nix
		#./services/redis.nix
    ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vda";
  boot.kernelPackages = pkgs.linuxPackages_5_10;
  networking = {
    hostName = "grondahl";
    useDHCP = false;
    interfaces = {
      "ens3" = {
        ipv4.addresses = [ {
          address = "107.189.30.157";
          prefixLength = 24;
        } ];
        ipv6.addresses = [ {
          address = "2605:6400:30:ef32::1";
          prefixLength = 48;
        } ];
      };
    };
    defaultGateway = "107.189.30.1";
    defaultGateway6 = {
      address = "2605:6400:30::1";
      interface = "ens3";
    };
    nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ];
  };

  time.timeZone = "Europe/Copenhagen";

  security.sudo.wheelNeedsPassword = false;

  nix.settings = {
    auto-optimise-store = true;
    trusted-users = [
      "root"
      "@wheel"
    ];
  };



  users.groups.acme.members = [ "nginx" "turnserver" ];
  users.groups.backup.members = [ "matrix-synapse" "postgres" ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vim
    wget
    htop
    iotop
    dig
  ];

  networking.firewall = {
    enable = true;
    checkReversePaths = "loose";
    trustedInterfaces = [ "tailscale0" ];
    allowedUDPPorts = [ config.services.tailscale.port ];
    allowedTCPPorts = [ 22 80 443 ];
    allowedTCPPortRanges = [ { from = 3478; to = 3479; } { from = 5349; to = 5350; } ];
    allowedUDPPortRanges = [ { from = 3478; to = 3479; } { from = 5349; to = 5350; } { from = 49152; to = 49999; } ];
  };

  system.stateVersion = "21.05";

}
