home/hosts/odin/default.nix

{ inputs, outputs, pkgs, lib, config, ... }:
{
  imports = [
    inputs.nixos-facter-modules.nixosModules.facter
    { config.facter.reportPath = ./facter.json; }

    outputs.modules.global.nix-config
    inputs.agenix.nixosModules.default

    ./age.nix
    ./disko.nix
    ./impermanence.nix
    ./system.nix
    ./services
  ];

  security.sudo.wheelNeedsPassword = false;

  # Services configuration
  services = {
    openssh = {
      enable = true;
      openFirewall = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        X11Forwarding = false;
      };
    };

    # System monitoring
    smartd = {
      enable = true;
      autodetect = true;
      notifications.mail.enable = true;
      notifications.mail.sender = "[email protected]";
      notifications.mail.recipient = "I <[email protected]>";
    };

    nullmailer = {
      enable = true;
      setSendmail = true;
      remotesFile = config.age.secrets."odin/services/nullmailer".path;
      config = {
        me = "odin.t5.st";
        defaulthost = "odin.t5.st";
        defaultdomain = "odin.t5.st";
        allmailfrom = "[email protected]";
        adminaddr = "[email protected]";
      };
    };


    # Drive spin-down management
    # hdparm.devices = [
    #   {
    #     device = "/dev/disk/by-id/ata-ST8000VN002-2ZM188_WPV023WG";
    #     spindownTime = 120; # 10 minutes
    #     apmLevel = 127;
    #   }
    #   {
    #     device = "/dev/disk/by-id/ata-ST8000VN002-2ZM188_WPV07RMA";
    #     spindownTime = 120;
    #     apmLevel = 127;
    #   }
    #   {
    #     device = "/dev/disk/by-id/ata-ST8000VN002-2ZM188_WPV020CG";
    #     spindownTime = 120;
    #     apmLevel = 127;
    #   }
    # ];
  };

  # # Container runtime
  # virtualisation = {
  #   docker = {
  #     enable = true;
  #     storageDriver = "btrfs";
  #     autoPrune = {
  #       enable = true;
  #       dates = "weekly";
  #       flags = [ "--all" "--force" "--volumes" ];
  #     };
  #   };
  # };

  programs.fish = {
    enable = true;
    vendor = {
      completions.enable = true;
      config.enable = true;
      functions.enable = true;
    };
  };

  environment.shells = [
    config.programs.fish.package
  ];

  # System packages
  environment.systemPackages = with pkgs; [
    # System utilities
    htop
    btop
    iotop
    lsof
    pciutils
    usbutils

    # Network tools
    curl
    wget
    rsync

    # File system tools
    btrfs-progs
    xfsprogs
    smartmontools
    hdparm

    # # Container tools
    # docker-compose

    # Storage management
    snapraid
    mergerfs

    # Monitoring
    lm_sensors
    nvme-cli
  ];

  # User configuration
  users.mutableUsers = false;
  users.users.thomas = {
    isNormalUser = true;
    extraGroups = [ "wheel" "users" ];
    hashedPasswordFile = config.age.secrets."odin/users/thomas".path;
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5o7LT5wPYWgI8Mvr6RKOv+BcsbQgU7PCw2hheVu17alwF1uFUsAYV5BVQu+uv9uEm/UDsCNhfM6TwI0A1prdmtBz4pKiwXbj7fcdp6DcVOgTsPfawbXEpivtJvlhEatyTsR26MjHKnqpT0BxPvj6Ug6pvRkCYW5d2bWXiY9murmAX6Q5kSyNunkB8PdRTH+S47f7eOdCJY63VBOkkiG8M7XyPwFCDTYiHhbMZcejIdY9mB6kYnMQVRHDznQWiQxrcaE1fD/TY3db9GDcOVoo2aDBOZX7WT2+me67sU8dEK9+nSyhWDzBbEs8knu87ZlKPFwhl4slenRniKhbf22OpicXArtEcjEj0GyDJH5e+ZCIQ4eSQanA7TxnKFlDuaf+Qqx55UT+ya4vJJeik7nkzbRHaE9IoWhhiOaOnaN6kHIxuxB6z7EL3Gk7f78+I/qBaj5df6fgnXM3JBXKa5bRH2wqoSetJAo6EGpEgmU2huB1ktiGlO7BlF5XwSw6cb/KT7NSIXhncgLkCzsDVXxecVQv1FnPISBcp3+ti01ADVf2trgpPDbNTWV40Rgiefie0o2fc6KWAFfum1j5N3WWU+XVVmRjDmKKHiEJBLNKDAe0rQf+tryPW4c5GIN7aFoB+8dYFAuUyLd7Fu3vhZdmcckN5ryHunEc0dKPIiuoVZw=="
    ];
  };

  # System identification
  networking.hostName = "odin";
  networking.useDHCP = lib.mkDefault true;
  # Time synchronization
  services.timesyncd.enable = true;
  time.timeZone = "Europe/Vienna";

  # System state version
  system.stateVersion = "25.05";
}