# hosts/valefar/configuration.nix (or default.nix)
{ config, lib, pkgs, modulesPath, microvm, inputs, ... }:
{
  # =============================================================================
  # IMPORTS
  # =============================================================================
  imports = [
    # Host-specific hardware
    ./hardware.nix
    ./secrets.nix
    ../../common/nvidia.nix
    
    # Common modules shared across hosts
    ../../common/system.nix
    ../../common/users.nix
    ../../common/services.nix
    ../../common/efi.nix
    
    # Common secrets
    ../../host-secrets.nix
    
    # Hardware-specific (commented out)
    # ../../common/nvidia.nix
  ];

  # =============================================================================
  # SYSTEM CONFIGURATION
  # =============================================================================
  system.stateVersion = "24.11";
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  
  # Intel microcode updates
  hardware.cpu.intel.updateMicrocode = lib.mkDefault
    config.hardware.enableRedistributableFirmware;

  # =============================================================================
  # CUSTOM MODULES
  # =============================================================================
  modules.garage.enable = true;
  modules.forgejo.enable = true;
  modules.immich.enable = true;
  modules.monero.enable = true;
  modules.github-runners.enable = true;

  # =============================================================================
  # NETWORKING
  # =============================================================================
  /*networking = {
    hostName = "valefar";
    hostId = "2a07da90";
    firewall.enable = false;
    firewall.trustedInterfaces = [ "tailscale0" ];
    nameservers = [ "10.0.0.210" "1.1.1.1" ];
    useDHCP = true;
    firewall.allowedTCPPorts = [ 22 80 443 2049 2456 2457 9000 9001 9002 ];
    firewall.allowedUDPPorts = [ 2049 ];
  };*/
  networking.useNetworkd = true;
  systemd.network.enable = true;
  networking.hostName = "valefar";
  networking.hostId = "2a07da90";
  networking.firewall.enable = false;

  systemd.network.networks."10-lan" = {
    matchConfig.Name = ["enp6s0" "vm-*"];
    networkConfig = {
      Bridge = "br0";
    };
  };
  systemd.network.netdevs."br0" = {
    netdevConfig = {
      Name = "br0";
      Kind = "bridge";
    };
  };

  systemd.network.networks."10-lan-bridge" = {
    matchConfig.Name = "br0";
    networkConfig = {
      Address = ["10.0.0.30/24" "2601:5c2:8400:26c0::30/64"];
      Gateway = "10.0.0.1";
      DNS = ["10.0.0.210" "1.1.1.1" "1.0.0.1"];
      IPv6AcceptRA = true;
    };
    linkConfig.RequiredForOnline = "routable";
  };

  # DNS resolution
  services.resolved = {
    enable = true;
    dnssec = "false";
    domains = [ "~." ];
    fallbackDns = [ "10.0.0.210" "1.1.1.1" ];
    dnsovertls = "false";
  };

  # =============================================================================
  # BOOT & FILESYSTEMS
  # =============================================================================
  boot = {
    supportedFilesystems = [ "zfs" ];
    kernelModules = [ "nct6775" "coretemp" ];
    
    zfs = {
      extraPools = [ "garage" "storage" ];
      devNodes = "/dev/disk/by-id";
      forceImportAll = true;
    };
  };

  # =============================================================================
  # ZFS CONFIGURATION
  # =============================================================================
  # ZFS import services
  systemd.services.zfs-import-cache.enable = false;
  systemd.services.zfs-import-scan = {
    enable = true;
    after = [ "systemd-udev-settle.service" ];
    wants = [ "systemd-udev-settle.service" ];
  };

  # ZFS mount points
  systemd.mounts = [
    {
      what = "garage";
      where = "/garage";
      type = "zfs";
      after = [ "zfs-import-scan.service" ];
      wants = [ "zfs-import-scan.service" ];
    }
    {
      what = "storage";
      where = "/storage";
      type = "zfs";
      after = [ "zfs-import-scan.service" ];
      wants = [ "zfs-import-scan.service" ];
    }
  ];

  # ZFS maintenance
  services.zfs = {
    autoScrub.enable = true;
    trim.enable = true;
  };

  # =============================================================================
  # DIRECTORY STRUCTURE
  # =============================================================================
  systemd.tmpfiles.rules = [
    "d /storage/immich 0755 immich immich -"
    "d /storage/immich/photos 0755 immich immich -"
    "Z /storage/immich 0755 immich immich -"
  ];

  # =============================================================================
  # NFS SERVER
  # =============================================================================
  services.nfs.server = {
    enable = true;
    exports = ''
      /storage *(rw,sync,no_subtree_check,no_root_squash)
    '';
  };


services.samba = {
  enable = true;
  enableNmbd = false;
  enableWinbindd = false;
  
  settings = {
    global = {
      "guest account" = "regent";
      "map to guest" = "Bad User";
      "load printers" = "no";
      "printcap name" = "/dev/null";
      "log file" = "/var/log/samba/client.%I";
      "log level" = "2";
    };
  };

  shares = {
    nas = {
      "path" = "/storage";
      "guest ok" = "yes";
      "read only" = "no";
      "public" = "yes";
      "writable" = "yes";
      "force user" = "regent";
      "force group" = "users";
      "create mask" = "0777";
      "directory mask" = "0777";
      "force create mode" = "0777";
      "force directory mode" = "0777";
      "security mask" = "0777";
      "force security mode" = "0777";
    };
  };
};
  services.samba-wsdd = {
    enable = true;
    discovery = true;  
    openFirewall = true;
    extraOptions = [
      "--verbose"
    ];
  };

  services.avahi = {
    enable = true;
    nssmdns4 = true;
    publish = {
      enable = true;
      addresses = true;
      domain = true;
      hinfo = true;
      userServices = true;
      workstation = true;
    };
    extraServiceFiles = {
      smb = ''
        <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
        <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
        <service-group>
          <name replace-wildcards="yes">%h</name>
          <service>
            <type>_smb._tcp</type>
            <port>445</port>
          </service>
        </service-group>
      '';
    };
  };
  # =============================================================================
  # SERVICES
  # =============================================================================
  services.vscode-server = {
    enable = true;
    nodejsPackage = pkgs.nodejs_20;
  };

  # =============================================================================
  # VIRTUALIZATION
  # =============================================================================
  virtualisation.docker = {
    enable = true;
    enableOnBoot = true;
    package = pkgs.docker.override {
      buildGoModule = pkgs.buildGo123Module;
    };
  };

  # =============================================================================
  # PACKAGES
  # =============================================================================
  environment.systemPackages = with pkgs; [
    lm_sensors
    code-server
    inputs.agenix.packages.x86_64-linux.default
  ];


  # =============================================================================
  # VIRTUAL MACHINES
  # =============================================================================
  systemd.services."microvm@".after = [ "microvm-virtiofsd@%i.service" ];

  microvm.vms = {
    gameservers = {
      config = import ./gamevm.nix;
    };
  };

  microvm.autostart = [
    "gameservers"
  ];
}