{ config, pkgs, lib, ... }:

{
  imports =
    [
      ./monitoring.nix
      ./users/Rory.nix
      ./users/chris.nix
      ./users/maddy.nix
    ];
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [ "memory_hotplug.memmap_on_memory=1" "memhp_default_state=online" ];
    loader = {
      grub = {
        enable = true;
        version = 2;
        devices = [ "/dev/sda" ]; # nodev for EFI only
        # EFI
        efiSupport = false;
        efiInstallAsRemovable = false;
      };
      timeout = 1;
    };
    # Emma - Is this secure?
    #initrd.network.ssh.enable = true;
  };

  networking = {
    hostName = lib.mkDefault "Spacebar-nix-base-server";
    firewall = {
      enable = false;
      # allowedTCPPorts = [ ... ];
      # allowedUDPPorts = [ ... ];
    };
    
    networkmanager.enable = false;
    wireless.enable = false;
    enableIPv6 = false;

    useDHCP = false;
    nameservers = [ "1.1.1.1" ];
    defaultGateway = "192.168.1.1";

    extraHosts = ''
      192.168.1.2 secrets.spacebar.local
    '';
  };

  services = {
    openssh = {
      enable = true;
      banner = ''
         yg__    _ay      yggggy                                 $@@                    "
         @@@@@gg@@@@     a@@~~~~ yy_yggy   yggy_yy _yaggy _yggy_ $@@yagy_  _agy_yy,yy_yg"
        g@@~~~$~~~$@$    `?@@@gy @@@~~R@@_@@P~~@@@y@@F~~~g@@~_$@$$@@F~~@@La@@~~4@@L@@@F~"
        @@@yyy@yyy@@@    y___y@@F@@$__g@@M@@L__a@@4@@y___4@@~~~~~$@@__y@@F$@$__y@@L@@$  "
        `?PPPPPPPPPF~    fR@@@P~ @@F4@@P~ ~4@@P~RR ~4@@@P ~4@@@P 4RF?@@P~  ~R@RFRRFRRF  "
                                 @@F                                                    "
      '';
      settings = {
        PasswordAuthentication = false;
        GatewayPorts = "yes";
        KbdInteractiveAuthentication = false;
      };
      startWhenNeeded = true;
    };
  };

  security = {
    sudo = { 
      wheelNeedsPassword = false;
      execWheelOnly = true;
    };
    polkit.enable = true;
  };

  environment.systemPackages = with pkgs; [
    wget
    neofetch
    lnav
    git
    lsd
    htop
    btop
    duf
    kitty.terminfo
    neovim
  ];

  systemd.coredump.extraConfig = lib.mkDefault ''
    Storage=none
  '';

  security.pam.services.sshd.text = ''

    auth [default=ignore] pam_exec.so /path/to/some/script
    ${security.pam.services.sshd.text}
  '';


  documentation.nixos.enable = false;
  hardware.pulseaudio.enable = false;
  i18n.defaultLocale = "en_US.UTF-8";
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nixpkgs.config.allowUnfree = true;
  sound.enable = false;
  system.stateVersion = "22.11"; # DO NOT EDIT!
}