# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
# or
# deploy .#builder
{ config, pkgs, ... }:

{
  imports = [ ./hardware-configuration.nix ];

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";

  # Emulated systems used as alternative to cross-compiling
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  networking.hostName = "builder";
  networking.networkmanager.enable = true;

  time.timeZone = "Europe/Berlin";

  modules = {
    keymap.enable = true;
    locales.enable = true;
  };

  users.users.nix = {
    isNormalUser = true;
    description = "Nix";
    extraGroups = [
      "networkmanager"
      "wheel"
    ];
  };

  nix.settings.trusted-users = [ "@wheel" ];
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  # Setup binary caches
  nix.settings = {
    substituters = [
      "https://nix-community.cachix.org"
      "https://cache.nixos.org/"
    ];
    trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
  };

  # optimize store by hardlinking store files
  nix.optimise.automatic = true;
  nix.optimise.dates = [ "03:15" ];

  nix.gc.automatic = true;
  nix.gc.dates = "weekly";
  nix.gc.options = "--delete-older-than 30d";

  # Garbage collect up to 30 GiB when only 5 GiB storage left
  nix.extraOptions = ''
    min-free = ${toString (5 * 1024 * 1024 * 1024)}
    max-free = ${toString (30 * 1024 * 1024 * 1024)}
    min-free-check-interval = 60
  '';

  environment.systemPackages = with pkgs; [
    vim
    htop
    mc
  ];

  # services.ollama = {
  #   enable = true;
  #   acceleration = "cuda";
  # };
  services.open-webui = {
    enable = true;
    port = 8080;
    openFirewall = true;
  };

  services.openssh = {
    enable = true;
    # require public key authentication for better security
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PermitRootLogin = "yes";
  };
  users.users."root".openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
  ];

  # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh

  # ======================== DO NOT CHANGE THIS ========================
  system.stateVersion = "23.11";
  # ======================== DO NOT CHANGE THIS ========================
}