Nixos/machines/izanagi/default.nix

{ config, pkgs, extraHomeModules, inputs, lib, username, ... }:

let
  flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./disko-config.nix
      ./sops.nix
    ];

  nixpkgs = {
    # You can add overlays here
    overlays = [
    ];
    # Configure your nixpkgs instance
    config = {
      # Disable if you don't want unfree packages
      allowUnfree = true;
    };
  };

  nix = {
    settings = {
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes";
      # Opinionated: disable global registry
      flake-registry = "";
      # Workaround for https://github.com/NixOS/nix/issues/9574
      nix-path = config.nix.nixPath;

      # Allow user to reubild nixos without sudo
      trusted-users = [ "root" "omen" username ];
    };
    # Opinionated: disable channels
    channel.enable = false;

    # Opinionated: make flake registry and nix path match flake inputs
    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
  };

  # Bootloader.
  boot.loader.grub = {
    enable = true;
    useOSProber = true;
  };

  networking = {
    hostName = username;
    networkmanager.enable = true;

    firewall.allowedTCPPorts = [
      8080
      8090 # Mongo express port
      4200 # Angular application port
    ];
  };

  # Set your time zone.
  time.timeZone = "Europe/Warsaw";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_GB.UTF-8";
    LC_IDENTIFICATION = "en_GB.UTF-8";
    LC_MEASUREMENT = "en_GB.UTF-8";
    LC_MONETARY = "en_GB.UTF-8";
    LC_NAME = "en_GB.UTF-8";
    LC_NUMERIC = "en_GB.UTF-8";
    LC_PAPER = "en_GB.UTF-8";
    LC_TELEPHONE = "en_GB.UTF-8";
    LC_TIME = "en_GB.UTF-8";
  };

  security.rtkit.enable = true;

  users.users.${username} = {
    isNormalUser = true;
    description = "NixOS Proxmox DevMachine";
    hashedPassword = "$6$fgXNf1aUOgGn7QWQ$rOcVKUnBC7td/KVdyLzknQy4LjgQDETKPIxivi1yWd4boWbRgITr/.iYlekZOuRuC6m.WydgV9PviqlrioDF91";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [
      git
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcGhVpjmWEw1GEw0y/ysJPa2v3+u/Rt/iES/Se2huH2 alexander0derevianko@gmail.com"
      # This is fujin root user ssh key, it needs to be updated if fujin is reinstalled
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbNm8WiTyYxEv0Hb9V/E84WH3fiCwWeYG9da8sDaU0V root@nixos"
    ];

    shell = pkgs.zsh;
  };

  environment.systemPackages = with pkgs; [
    vim
    wget
    ripgrep
    direnv
  ];

  services.openssh = {
    enable = true;
    settings = {
      # Opinionated: forbid root login through SSH.
      PermitRootLogin = "no";
      # Opinionated: use keys only.
      # Remove if you want to SSH using passwords
      PasswordAuthentication = false;
    };
  };

  programs = {
    zsh.enable = true;
  };

  ###
  # Home Manger configuration
  ###
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
    backupFileExtension = "backup";
    extraSpecialArgs = { inherit inputs username; };

    users."${username}" = {
      imports = [
        ./home.nix
      ] ++ extraHomeModules;
    };
  };

  ###
  # My Services
  ###

  dov = {
    virtualisation = {
      podman.enable = false;
      docker = {
        enable = true;
        isBtrfsStorageDriver = false;

        inherit username;
      };
    };

    development = {
      vscode-server.enable = true;
    };
  };

  # DO NOT CHANGE AT ANY POINT!
  system.stateVersion = "25.05";
}