# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
	system.autoUpgrade.enable = true;
	nix.optimise.automatic = true;
	nix.gc.automatic = true;

	networking.useDHCP = false;
	networking.firewall.enable = true; # is already enabled ...
	networking.firewall.allowedUDPPorts = [ 5355 ]; # LLMNR

	services.openssh = {
		enable = true;
		passwordAuthentication = false;
		challengeResponseAuthentication = false;
		permitRootLogin = "without-password";
		openFirewall = true;
		ports = [ 1512 ];
		startWhenNeeded = true;
	};
	users.users.root.openssh.authorizedKeys.keys = [
		"command=\"zrepl stdinserver fireStore\",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1U9DTKueKuTuu/F9wxGr3we7y00V8HMyUjVBMwFQwo root-zrepl@fireStore"
		"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZm0TZPBzgXrY1vrLoYviNRb/oGZQDQk9vrppPK84sN55ZPlr9VvP+JYE7Qkx8teRuH9ulxqX40+dxKaiAXMUl4HU57KPLjwCb7SnBNIFTv6ZHGxPS8ZgUzKJr4Agph51oenNEO3RziEqAo3EwK67SGnjeIYQQKcjpfwd08+PYMOjv42zSYQ9umooj5LooOvbxoogZ3VpboXv6DeyA4rev1M9RgnMWaWVF2LxJjQ3jVr7xh1vZktVGKuVk/XXKD6WVAuwmGMVEouQzjtG9kepWd8FUYe+fgj5mtdqfeQP9CypxvOcb7jT20wO1Abpp5udS9iPDQHg+lafklIAeKG3qgxxhBDH3otXtnWcoeXUmDpBI8HU/8d/yrGaLHYRfy3HHiSGFq3lBgoxi83QIOl9ELeKWMJC0fWKBApm0NU0flgwfy2j7GRyXmlM7tVFyuj5RTAZNQfgD9g054di9WbtUs7sm/9r3/rQe2+3neE3Jskt4xvZK0xbc4dZSZGn4E2JDWjENqPBvQ2dU5lsjpUKTZWAnxVGPe//BErsDxNLIHWz8emG71r3Q2yud4KPdAR9CgeC8g1bwlCI6JDFZutKBzIlE3QQ4ryKJEioiUL89xi6G+nNB7W5ABsQN0ZtWvZl8TG4Wh00B+oBXzgRER5Y9SdAYcrwWxlGVxxQyElUNrw=="
	];

	time.timeZone = "Europe/Berlin";
	i18n.defaultLocale = "en_IE.UTF-8";
	console = {
		font = "Lat2-Terminus16";
		keyMap = "de";
	};

	environment.systemPackages = with pkgs; [
		python3
		killall
		htop
		git
		git-lfs
		tig
		figlet
		grml-zsh-config 
		tmux
		neovim
		xh
		liboping
		mtr
		jq
		home-manager
	];
	programs.mosh.enable = true; # open firewall

	programs.neovim = {
		enable = true;
		defaultEditor = true;
		viAlias = true;
		vimAlias = true;
	};

	# zsh
	users.defaultUserShell = pkgs.zsh;
	programs.zsh = {
		enable = true;
		autosuggestions.enable = true;
		syntaxHighlighting.enable = true;
		interactiveShellInit = ''
			source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
		'';
		promptInit = "";
		shellAliases = {
			ip = "ip --color";
			watch = "watch -c";
			grep = "grep --color=always --exclude-dir=.git";
		};
	};

	# tmux
	imports = [ ./files/tmux.nix ];
}