{ config, pkgs, lib, ... }:

{
  imports =
    [
      ./monitoring.nix
      ./infra-logs.nix
      ./auto-redeploy.nix
      ./users/chris.nix
      ./users/maddy.nix
      ./vim.nix
    ];
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [ "memory_hotplug.memmap_on_memory=1" "memhp_default_state=online" ];
    loader = {
      grub = {
        enable = true;
        version = 2;
        devices = [ "/dev/sda" ]; # nodev for EFI only
        # EFI
        efiSupport = false;
        efiInstallAsRemovable = false;
      };
      timeout = 1;
    };
    # Emma - Is this secure?
    #initrd.network.ssh.enable = true;
  };

  networking = {
    hostName = lib.mkDefault "Spacebar-nix-base-server";
    firewall = {
      enable = false;
      # allowedTCPPorts = [ ... ];
      # allowedUDPPorts = [ ... ];
    };
    
    networkmanager.enable = false;
    wireless.enable = false;
    enableIPv6 = false;

    useDHCP = false;
    nameservers = [ "1.1.1.1" ];
    defaultGateway = "192.168.1.1";

    extraHosts = ''
      192.168.1.2 secrets.spacebar.local
    '';
  };

  services = {
    openssh = {
      enable = true;
#      banner = ''
#         yg__    _ay      yggggy                                 $@@                    "
#         @@@@@gg@@@@     a@@~~~~ yy_yggy   yggy_yy _yaggy _yggy_ $@@yagy_  _agy_yy,yy_yg"
#        g@@~~~$~~~$@$    `?@@@gy @@@~~R@@_@@P~~@@@y@@F~~~g@@~_$@$$@@F~~@@La@@~~4@@L@@@F~"
#        @@@yyy@yyy@@@    y___y@@F@@$__g@@M@@L__a@@4@@y___4@@~~~~~$@@__y@@F$@$__y@@L@@$  "
#        `?PPPPPPPPPF~    fR@@@P~ @@F4@@P~ ~4@@P~RR ~4@@@P ~4@@@P 4RF?@@P~  ~R@RFRRFRRF  "
#                                 @@F                                                    "
#      '';
      settings = {
        PasswordAuthentication = false;
        GatewayPorts = "yes";
        KbdInteractiveAuthentication = false;
        UsePAM = true;
      };
      startWhenNeeded = true;
    };
    qemuGuest.enable = true;
  };

  security = {
    sudo = { 
      wheelNeedsPassword = false;
      execWheelOnly = true;
    };
    polkit.enable = true;
  };

  environment.systemPackages = with pkgs; [
    wget
    neofetch
    lnav
    pciutils
    git
    lsd
    duf
    htop
    btop
    duf
    kitty.terminfo
    tmux
    jq
    yq
    pv
    dig
    cloud-utils
  ];

  systemd.coredump.extraConfig = lib.mkDefault ''
    Storage=none
  '';

  security.pam.services.sshd.text = lib.mkAfter ''
    #login script
    auth optional pam_exec.so stdout ${pkgs.writeShellScript "login-banner" ''
      echo 'Welcome!'
      ${pkgs.chafa}/bin/chafa https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg --fg-only -s 80 -O 9 -w 9
    ''}
    #Account management.
    account required pam_unix.so

    #Authentication management.
    auth required pam_deny.so

    #Password management.
    password required pam_unix.so nullok yescrypt

    session required pam_env.so conffile=/etc/pam/environment readenv=0
    session required pam_unix.so
    session required pam_loginuid.so
    session optional ${pkgs.systemd}/lib/security/pam_systemd.so
  '';


  documentation.nixos.enable = false;
  hardware.pulseaudio.enable = false;
  i18n.defaultLocale = "en_US.UTF-8";
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nixpkgs.config.allowUnfree = true;
  sound.enable = false;
  system.stateVersion = "22.11"; # DO NOT EDIT!
}