# hosts/valefar/configuration.nix (or default.nix)
{ config, lib, pkgs, modulesPath, ... }:

{
  imports = [
    # Host-specific hardware
    ./hardware.nix
    ./secrets.nix
    ../../common/nvidia.nix
    
    # Common modules shared across hosts
    ../../common/system.nix
    ../../common/users.nix
    ../../common/services.nix
    ../../common/efi.nix
    
    # Common secrets
    ../../host-secrets.nix
  ];

  # Enable modules
  modules.garage.enable = true;
  modules.forgejo.enable = true;

  system.stateVersion = "24.11";

  # pin host platform & microcode
  nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault
    config.hardware.enableRedistributableFirmware;

  networking.hostName = "valefar";
  networking.hostId = "2a07da90";

  networking = {
    firewall.enable = false;
    firewall.trustedInterfaces = [
	    "tailscale0"
    ];
    nameservers   = [ "10.0.0.210" "1.1.1.1" ];
    useDHCP       = true;
    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
  };

  services.resolved = {
    enable      = true;
    dnssec      = "true";
    domains     = [ "~." ];
    fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ];
    dnsovertls  = "true";
  };
  
  boot.supportedFilesystems = [ "zfs" ];
  boot.kernelModules = [ "nct6775" "coretemp" ];

  boot.zfs.extraPools = [ "garage" "storage" ];
  boot.zfs.devNodes = "/dev/disk/by-id";
  boot.zfs.forceImportAll = true;

  systemd.services.zfs-import-cache.enable = false;
  systemd.services.zfs-import-scan.enable = true;

  systemd.services.zfs-import-scan = {
    after = [ "systemd-udev-settle.service" ];
    wants = [ "systemd-udev-settle.service" ];
  };

  systemd.mounts = [
  {
    what = "garage";
    where = "/garage";
    type = "zfs";
    after = [ "zfs-import-scan.service" ];
    wants = [ "zfs-import-scan.service" ];
  }
  {
    what = "storage";
    where = "/storage";
    type = "zfs";
    after = [ "zfs-import-scan.service" ];
    wants = [ "zfs-import-scan.service" ];
  }
];

  services.zfs.autoScrub.enable = true;
  services.zfs.trim.enable = true;

  services.vscode-server.enable = true;
  services.vscode-server.nodejsPackage = pkgs.nodejs_20;

  environment.systemPackages = with pkgs; [
    lm_sensors
    code-server
    agenix.packages.x86_64-linux.default
  ];

  virtualisation.docker = {
    enable = true;
    enableOnBoot = true;
    package = pkgs.docker.override {
      buildGoModule = pkgs.buildGo123Module;
    };
  };
}