{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ../../modules/base.nix
      ../../modules/servers.nix
      ../../pkgs/base-packages.nix
    ];

  networking.hostName = "dalinar"; # Define your hostname.

  # Enable the X11 windowing system.
  # services.xserver.enable = true;

  # Configure keymap in X11
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = {
  #   "eurosign:e";
  #   "caps:escape" # map caps to escape.
  # };

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;

  hardware.opengl = {
   enable = true;
   extraPackages = with pkgs; [
    intel-media-driver
    vaapiIntel
    vaapiVdpau
    libvdpau-va-gl    
   ];
  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.chris = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
  };

  virtualisation.docker.enable = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  services.syncthing = {
    enable = true;
    dataDir = "/storage/syncthing";
    openDefaultPorts = true;
    configDir = "/home/chris/syncthing";
    user = "chris";
    group = "users";
    guiAddress = "0.0.0.0:8384";
    devices = {
      syl = {
        id = "AJMADOK-TENODAA-VSOEW2A-4RXY2XI-YNHIS7H-H3ZYAO5-3UQ64EE-O2N5BAY";
      };
      kaladin = {
        id = "LH6523Z-QQ5F3A4-SINZDOI-UFMQBIX-ZV6Q5BQ-LTKVMDB-CRI6QG5-RRKJFQS";
      };
      shadow = {
        id = "SGO2BUT-WDOB2B7-SD5BHKU-ES3BFZF-EZPFSQJ-B4744TP-SXKZS4O-SDLJ5QX";
      };
      tablet = {
        id = "4HEXCNH-MCVBZQX-LQ735TG-P2VTJ7N-CZ5MK4P-ICZAPC7-YCXVEWV-7NILMA5";
      };
      kohlin = {
        id = "BSWKBRR-2IJBCHA-UQY7DE7-CV2U2IL-PMFQFCJ-D5ZZJMU-FPYRUPC-MCC32QQ";
      };
    };
    folders = {
      music = {
        id = "teqqy-rzvec";
        path = "/storage/syncthing/Music";
        devices = [ "syl" "kaladin" "shadow" "kohlin"];
        versioning = {
          type = "trashcan";
          params.cleanoutDays = "100";
        };
      };
      ebooks = {
        id = "wziqy-7hyv9";
        path = "/storage/syncthing/ebooks";
        devices = [ "syl" "kaladin" "shadow" "tablet" "kohlin"];
        versioning = {
          type = "trashcan";
          params.cleanoutDays = "100";
        };
      };
      notes = {
        id = "zwshm-umwbt";
        path = "/storage/syncthing/notes";
        devices = [ "syl" "kaladin" "shadow" "kohlin"];
        versioning = {
          type = "trashcan";
          params.cleanoutDays = "100";
        };
      };
      librera = {
        id = "vvtvj-osndy";
        path = "/storage/syncthing/librera";
        devices = [ "tablet" "shadow" "kohlin"];
        versioning = {
          type = "trashcan";
          params.cleanoutDays = "100";
        };
      };
    };
  };

  nix-bitcoin = {
    generateSecrets = true;
    operator = {
      enable = false;
      name = "chris";
    };
  };

  # List services that you want to enable:

  services.locate = {
    enable = true;
    locate = pkgs.plocate;
    localuser = null;
  };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.fstrim.enable = true;
  services.logind = {
    lidSwitch = "ignore";
    lidSwitchExternalPower = "ignore";
  };

  services.monero = {
    enable = false;
    dataDir = "/storage/monero";
  };

  services.bitcoind = {
    enable = false;
    listen = true;
    dataDir = "/storage/bitcoind";
    dbCache = 5000;
  };

  services.clightning = {
    enable = false;
    dataDir = "/storage/clightning";
  };

  services.rtl = {
    enable = false;
    dataDir = "/storage/rtl";
    nightTheme = true;
    extraCurrency = "USD";
    nodes.clightning.enable = true;
  };

 #mailserver = {
 #  enable = true;
 #  fqdn = "mail.cochrun.xyz";
 #  domains = [ "cochrun.xyz" ];
 #  enableManageSieve = true;
 #  mailDirectory = "/storage/vmail";
 #  mailboxes = {
 #    Archive = {
 #      auto = "subsribe";
 #      specialUse = "Archive";
 #    }
 #    Drafts = {
 #      auto = "subscribe";
 #      specialUse = "Drafts";
 #    };
 #    Junk = {
 #      auto = "subscribe";
 #      specialUse = "Junk";
 #    };
 #    Sent = {
 #      auto = "subscribe";
 #      specialUse = "Sent";
 #    };
 #    Trash = {
 #      auto = "no";
 #      specialUse = "Trash";
 #    };
 #  };
 #  useFsLayout = true;
 #  hierarchySeparator = "/";
 #  certificateScheme = 1;
 #  certificateFile = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.cochrun.xyz/mail.cochrun.xyz.crt";
 #  keyFile = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.cochrun.xyz/mail.cochrun.xyz.key";
 #  loginAccounts = {
 #    "chris@cochrun.xyz" = {
 #      hashedPasswordFile = "/home/chris/mailp";
 #      aliases = [
 #        "postmaster@cochrun.xyz"
 #        "cxda@cochrun.xyz"
 #        "ceth@cochrun.xyz"
 #        "clocb@cochrun.xyz"
 #        "higdry@cochrun.xyz"
 #        "clin@cochrun.xyz"
 #      ]
 #    }
 #  }
 #}

  # DDCLIENT
  services.ddclient = {
    enable = true;
    configFile = /home/chris/ddclient.conf;
   #domains = [
   #  "nc.cochrun.xyz"
   #  "home.cochrun.xyz"
   #  "mail.cochrun.xyz"
   #  "jelly.cochrun.xyz"
   #];
   #passwordFile = "/etc/nixos/ddclientp";
   #protocol = "namecheap";
   #use = "web, web=dynamicdns.park-your-domain.com/getip";
   #server = "dynamicdns.park-your-domain.com";
   #username = "cochrun.xyz";
   #extraConfig = ''
   #use=web, web=dynamicdns.park-your-domain.com/getip
   #protocol=namecheap
   #server=dynamicdns.park-your-domain.com
   #login=livingseedco.shop
   #password=e157e42337fc4ccd850d0a3904733f46
   #@

   #use=web, web=dynamicdns.park-your-domain.com/getip
   #protocol=namecheap
   #server=dynamicdns.park-your-domain.com
   #login=cochrun.xyz
   #password=94602c373f9f4743838bf567def2eb72
   #@,nc.cochrun.xyz,home.cochrun.xyz,mail.cochrun.xyz,jelly.cochrun.xyz


   #'';
  };

  # CADDY
  services.caddy = {
    enable = true;
    email = "chris@tfcconnection.org";
    virtualHosts = {
      "home.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:8123
      '';
    };
    virtualHosts = {
      "photos.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:2283
      '';
    };
    # virtualHosts = {
    #   "mail.cochrun.xyz".extraConfig = ''
    #   '';
    # };
    virtualHosts = {
      "jelly.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:8096
      '';
    };
   #virtualHosts = {
   #  "livingseedco.shop".extraConfig = ''
   #    reverse_proxy localhost:8282
   #  '';
   #};
    virtualHosts = {
      "sonarr.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:7879
      '';
    };
    virtualHosts = {
      "radarr.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:7878
      '';
    };
    virtualHosts = {
      "192.168.1.2".extraConfig = ''
        reverse_proxy localhost:9091
      '';
    };
    virtualHosts = {
      "rtl.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:3000
      '';
    };
    virtualHosts = {
      "ombi.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:3579
      '';
    };
    virtualHosts = {
      "workout.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:8001
        header {
              Access-Control-Allow-Origin *
        }
      '';
    };
    virtualHosts = {
      "truthmatters.cc".extraConfig = ''
        encode gzip
        root * /srv/truthmatters
	      file_server        
        header {
              Access-Control-Allow-Origin *
        }
      '';
    };
    virtualHosts = {
      "new.luctorcrc.org".extraConfig = ''
        encode gzip
        root * /srv/luctorcrc
	      file_server        
        header {
              Access-Control-Allow-Origin *
        }
      '';
    };
    virtualHosts = {
      "nc.cochrun.xyz".extraConfig = ''
        reverse_proxy localhost:8080
        encode gzip
        redir /.well-known/carddav /remote.php/carddav 301
        redir /.well-known/caldav /remote.php/caldav 301
        header Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;"
      '';
    };
  };

  systemd.services = {
    # mail-cert-renew = {
    #   enable = true;
    #   serviceConfig = {
    #     Type = "oneshot";
    #     ExecStart = with pkgs.docker "sh -c /home/chris/bin/mail-cert-renew";
    #   };
    # };
  };

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.05"; # Did you read the comment?

  # The nix-bitcoin release version that your config is compatible with.
  # When upgrading to a backwards-incompatible release, nix-bitcoin will display an
  # an error and provide instructions for migrating your config to the new release.
  nix-bitcoin.configVersion = "0.0.77";
}