{ config, pkgs, ... }:

let
  data = import ../../data.nix;
in
{
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
    ./mail-accounts.nix
    ../modules/common.nix
    ../modules/nix.nix
    ../modules/nginx.nix
  ];

  boot.cleanTmpDir = true;
  zramSwap.enable = true;
  networking.hostName = "magenta";

  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;

  security.acme = {
    acceptTerms = true;
    defaults.email = "dmitriy@pleshevski.ru";
  };

  # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
  mailserver = {
    enable = true;
    fqdn = "mail.pleshevski.ru";
    domains = [ "pleshevski.ru" ];

    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
    certificateScheme = 3;

    hierarchySeparator = "/";
  };

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_14;
  };

  services.gitea = {
    enable = true;
    httpPort = 9901;
    domain = "nix-git.pleshevski.ru";
    rootUrl = "https://nix-git.pleshevski.ru";
    database = {
      type = "postgres";
      host = "/run/postgresql";
      port = config.services.postgresql.port;
    };
    settings = {
      log.LEVEL = "Error";
      service.DISABLE_REGISTRATION = true;
      metrics.ENABLED = true;
      server.DISABLE_ROUTER_LOG = true;
    };
  };

  services.nginx.virtualHosts."nix-git.pleshevski.ru" = {
    enableACME = true;
    forceSSL = true;
    locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
  };
}