{ lib, config, pkgs, machines, ... }:

{
  imports =
    [
      ./hardware-configuration.nix
      ../../modules/bootstrap.nix

      ./radicale.nix
      ./ssh.nix
      ./gitea.nix
      ./radicale.nix
      ./vaultwarden.nix
      ./sslh.nix
      ./nginx.nix
      ./franklincce.nix
      ./wireguard.nix

      ./nextcloud-bridge.nix
    ];

  nix = {
    optimise = {
      automatic = true;
      dates = [ "02:30" ];
    };
    gc = {
      automatic = true;
      dates = "03:15";
      options = "-d";
    };
  };

  time.timeZone = "America/Chicago";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  environment.systemPackages = with pkgs; [
    python3
    curl
    htop
    git
    tree
    dig
    htop
    neovim
  ];

  system = {
    copySystemConfiguration = true;
    stateVersion = "23.05"; # don't change this, lol
  };

  services.journald.extraConfig = ''
    SystemMaxUse=1G
  '';

  system.userActivationScripts = {
    copyEssentialConfiguration = {
      # we don't want to bring in the entirety of home-manager for this, so just
      # write some files as a hack
      text = ''
        ${pkgs.coreutils}/bin/cp /home/ryan/dot_testing/.config/bash/bashrc /home/ryan/.bashrc
        ${pkgs.coreutils}/bin/cp /home/ryan/dot_testing/.config/bash/profile /home/ryan/.bash_profile
        ${pkgs.coreutils}/bin/mkdir -p /home/ryan/.config/nvim
        ${pkgs.coreutils}/bin/cp /home/ryan/dot_testing/.config/nvim/init.min.lua /home/ryan/.config/nvim/init.lua
      '';
      deps = [];
    };
  };

  system.activationScripts = {
    copyEssentialConfiguration = {
      text = ''
        ${pkgs.coreutils}/bin/cp /home/ryan/dot_testing/.config/bash/bashrc /root/.bashrc
        ${pkgs.coreutils}/bin/cp /home/ryan/dot_testing/.config/bash/profile /root/.bash_profile
        ${pkgs.coreutils}/bin/mkdir -p /root/.config/nvim
        ${pkgs.coreutils}/bin/cp /home/ryan/dot_testing/.config/nvim/init.min.lua /root/.config/nvim/init.lua
      '';
      deps = [];
    };
  };

  boot.loader = {
    grub.enable = true;
    grub.device = "/dev/vda";
  };

  users.users.ryan = {
    openssh.authorizedKeys.keys = [
      machines.copernicus.pubkey
      machines.aristotle.pubkey
      machines.phone.pubkey
    ];
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ];
  };

  networking = {
    usePredictableInterfaceNames = false;
    networkmanager.enable = true;
    hostName = "netbox";

    firewall = {
      enable = true;
      interfaces = {
        eth0 = {
          allowedTCPPorts = [ 80 443 ];
        };
        wg0 = {
          # allow everything bound to the wg0 interface
          allowedTCPPortRanges = [
            { from = 1; to = 35565; }
          ];
          allowedUDPPortRanges = [
            { from = 1; to = 35565; }
          ];
        };
      };
    };
  };
}