# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
  imports = [ 
    (modulesPath + "/installer/scan/not-detected.nix")
    ./temp.nix

  ];
  # Enable distributed Builds
  nix.distributedBuilds = true;

  # Enablet docker and docker-compose
  environment.systemPackages = [ pkgs.docker-compose ];
  virtualisation.docker.enable = true;

  #####################################################################################
  # BEGIN hardware config
  #####################################################################################

  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
  boot.loader.grub.enable = false;
  # Enables the generation of /boot/extlinux/extlinux.conf
  boot.loader.generic-extlinux-compatible.enable = true;

  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  fileSystems."/" = { 
    device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
    fsType = "ext4";
  };

  swapDevices = [ ];
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
  networking.hostName = "nixos-rpi4-03";
  #####################################################################################
  # END hardware config
  #####################################################################################

  # Generic Tailscale configs are in /nixos/common/services/tailscale.nix  
  # Set up the secrets file:
  sops.secrets."tailscale_keys/nixos-rpi4-03" = {
    owner = "root";
    sopsFile = ../../../secrets/tailscale.yaml;
    restartUnits = [ 
      "tailscaled.service"
      "tailscaled-autoconnect.service" 
    ];
  };
  services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/nixos-rpi4-03";
  services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
  boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
  
  # Temporary
  networking.firewall.allowedTCPPorts = [ 22 ];
  networking.firewall.allowedUDPPorts = [ 51820 ];

  # Set up the secrets file:
  sops.secrets."wireguard_keys/nixos-rpi4-03" = {
    owner = "root";
    sopsFile = ../../../secrets/wireguard.yaml;
  };
  sops.secrets."wireguard_keys/preshared_key" = {
    owner = "root";
    sopsFile = ../../../secrets/wireguard.yaml;
  };

  # Wireguard Forwarder
  networking.firewall.allowPing = true;
  networking.wireguard = {
    enable = true;
    interfaces = {
      "wireguard0" = {
        ips = [ "10.100.0.2/24" ];
        listenPort = 51820;
        privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03";
        # Testing
        peers = [
          { # osaka-vultr-01
            publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
            presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
            persistentKeepalive = 5;
            allowedIPs = [ "10.100.0.1/32" ];
            endpoint = "64.176.54.57:51820";
          }
        ];
      };
    };
  };
}