# The is the system definition for vps-15813ce.ovh.net.

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Boot loader
  boot.loader = {
    grub = {
      enable = true;
      device = "/dev/sda";
    };
  };

  boot.cleanTmpDir = true;

  # Network configuration
  networking = {
    hostName = "vps-15813cea";
    useDHCP = false;
    interfaces.ens3.useDHCP = true;
    firewall.allowedTCPPorts = [ 22 80 443 ];
    firewall.allowedTCPPortRanges = [ { from = 40000; to = 49999; } ];
  };

  # Time zone
  time.timeZone = "Europe/Paris";

  # Packages installed in system profile
  environment.systemPackages = with pkgs; [
    git htop tmux vim wget
  ];

  # OpenSSH daemon
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  # Let's Encrypt certificates
  security.acme = {
    acceptTerms = true;
    email = "manu@beffara.org";
  };

  # Nginx web server
  services.nginx = {
    enable = true;

    virtualHosts."www.beffara.org" = {
      default = true;
      forceSSL = true;
      root = "/data/web/root";
      enableACME = true;
    };

    virtualHosts."cloud.beffara.org" = {
      forceSSL = true;
      enableACME = true;
    };
  };

  # Nextcloud
  services.nextcloud = {
    enable = true;
    hostName = "cloud.beffara.org";
    https = true;
    package = pkgs.nextcloud21;
    home = "/data/web/nextcloud";

    autoUpdateApps = {
      enable = true;
      startAt = "03:00:00";
    };

    config = {
      overwriteProtocol = "https";
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
      dbpassFile = "/data/web/nextcloud/db-pass";
      defaultPhoneRegion = "FR";
      adminpassFile = "/data/web/nextcloud/admin-pass";
      adminuser = "admin";
    };
  };

  # Ensure that postgres is running before setting up Nextcloud
  systemd.services."nextcloud-setup" = {
    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };

  # PostgreSQL database
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };

  # Initial user account
  users.users.manu = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    initialHashedPassword = "$6$40/yq55oyhD2MhbS$fox2DB5Aj4EpbQAx8z6FYEh3Jl3HKa7aHlGbijJukWxOpXIlKqNucBA8Eene7SaUQzHpvrhke9EFZIRxZpl5F/";
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCCf/v5xV24A0f6oqktmxl4qxbEAg+LSaPqiNzXB7b6m0+uYqxxL5ywLGyLp2Dv3xkMuKTqKV3BvXqZXUjgpWC8W1a952D4vRlghgX6ZaA4R0feQYeba8OaQTmDyPD1Ou4pRGHz/VPH1W8y+46lgOMzNHNuvnVuny72syfGFquN12aS+gvN7+FBQektcK+1Rs+EplaZ28rI6vFQycMK17/pXzD1ug42GQxeR9tzDQjJAyVz1nomwuwNOTJDbfd8qGSGYFUWLcKctn+ZWQhD0C1GD8+mdwYilve3su8N3XOuOi4umDFajAv7+CuVAD5RdtSwzx5knKMx/ksfels9MiQFPDz5z/doc4/s/t2qKKmP3bghrvLTEI1p4xiBj/4aJetyqlYgyYyrOYlm3xcx/ImL7oZYF2Jxq7ekio23hHaQLOHA+BYxYulTvDw99Mly933Ny9Z2Ead3mYYfCkRJieJ/7p62IcQUKIwU1pvqDHXRUYgeWJg8pW1TgqZB6rYkYk= manu@manivelle" 
    ];
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?

}