# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:

let
  kubeMasterIP = "192.168.11.2";
  kubeMasterHostname = "api.kube";
  kubeMasterAPIServerPort = 6443;
in
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./containers.nix
    ];

  nix.settings.trusted-users = [ "root" "liu" ];
  virtualisation.docker.enable = true;
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "nixos"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.nftables.enable = false;
  networking.firewall.package = pkgs.iptables-legacy;
  
  
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
  networking.networkmanager.enable = true;

  # Set your time zone.
  time.timeZone = "Asia/Tokyo";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable the X11 windowing system.
  # services.xserver.enable = true;

  # Enable the GNOME Desktop Environment.
  # services.xserver.displayManager.gdm.enable = true;
  # services.xserver.desktopManager.gnome.enable = true;

  # Configure keymap in X11
  # services.xserver = {
  #   layout = "us";
  #   xkbVariant = "";
  # };

  # Enable CUPS to print documents.
  # services.printing.enable = true;
  
  # Enable sound with pipewire.
  # hardware.pulseaudio.enable = false;
  # security.rtkit.enable = true;
  # services.pipewire = {
   #  enable = true;
   #  alsa.enable = true;
    # alsa.support32Bit = true;
    # pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  # };

  # i18n.inputMethod = {
   #  enabled = "fcitx5";
   #  fcitx5.addons = with pkgs; [
    #   fcitx5-mozc
     #  fcitx5-gtk
    #  fcitx5-configtool
    #  fcitx5-chinese-addons
  #  ];
  # };

 #  programs.steam = {
 #   enable = false;
 #   remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
 #   dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
 #  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  programs.zsh.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.liu = {
    isNormalUser = true;
    shell = pkgs.zsh;
    description = "Leon Liu";
    extraGroups = [ "networkmanager" "wheel" "docker" ];
  };
  users.extraGroups.docker.members = [ "liu" ];

  fonts = {
    fontDir.enable = true;
    enableDefaultPackages = true;
    packages = with pkgs; [
      mononoki
      ubuntu_font_family
      font-awesome
      source-han-serif
      noto-fonts-cjk-sans
    ];

    fontconfig = {
      defaultFonts = {
        serif = ["Ubuntu" "Source Han Serif"];
        sansSerif = ["Ubuntu" "Source Han Serif"];
        monospace = ["mononoki"];
      };
    };
  };

  # Enable automatic login for the user.
  # services.xserver.displayManager.autoLogin.enable = true;
  # services.xserver.displayManager.autoLogin.user = "liu";

  # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
#  systemd.services."getty@tty1".enable = false;
#  systemd.services."autovt@tty1".enable = false;

#  systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
#  systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;
  
  systemd.services.easytier = {
    enable = true;
    description = "Easytier";
    after = ["network.target" "syslog.target"];
    wants = ["network.target"];
    serviceConfig = {
      Type = "simple";
      User = "root";
      ExecStart = "${pkgs.easytier}/bin/easytier-core --file-log-level debug -i 10.144.144.1 --network-name 5b601a6b-fbc0-4c26-b8fb-0b6be0edfbf9 --network-secret d112e133-c80d-4b48-86bc-a2ec83a5e652 -e tcp://oracle-amd-ubuntu-1.ly-dodo.win:11010";
      # ...
    };
    path = with pkgs; [iptables-legacy iproute2 bash];
    wantedBy = [ "multi-user.target" ];
    # ...
  };

  
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  # services.netclient.enable = true;
#  services.netbird.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #  wget
     kompose
     kubectl
     kubernetes
     argocd
     cifs-utils
     samba
     pavucontrol
     netbird
     easytier
     iptables-legacy
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.kubernetes = {
    roles = ["master" "node"];
    masterAddress = kubeMasterHostname;
    apiserverAddress = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
    apiserver = {
      securePort = kubeMasterAPIServerPort;
      advertiseAddress = kubeMasterIP;
      allowPrivileged = true;
      extraOpts = "--service-node-port-range=20000-40000";
    };
    easyCerts = true;

    # use coredns
    addons.dns.enable = true;

    # needed if you use swap
    kubelet.extraOpts = "--fail-swap-on=false";
    # proxy.extraOpts = "--proxy-mode=nftables";
  };

  systemd.services.kube-proxy.path = with pkgs; lib.mkForce [iptables-legacy conntrack-tools];
  # Open ports in the firewall.
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = false;
 # services.tailscale.enable = false;
  services.adguardhome.enable = true;
  services.ollama = {
    enable = true;
    acceleration = "cuda";
  };
  services.open-webui = {
    enable = true;
    openFirewall = true;
    host = "0.0.0.0";
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?

}