# The is the system definition for vps749417.ovh.net.

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Boot loader
  boot.loader = {
    grub = {
      enable = true;
      device = "/dev/sda";
    };
  };

  # Network configuration
  networking = {
    hostName = "vps749417";
    useDHCP = false;
    interfaces.ens3.useDHCP = true;
    firewall.allowedTCPPorts = [ 22 80 443 ];
    firewall.allowedTCPPortRanges = [ { from = 40000; to = 49999; } ];
  };

  # Time zone
  time.timeZone = "Europe/Paris";

  # Packages installed in system profile
  environment.systemPackages = with pkgs; [
    git htop tmux vim wget
  ];

  # OpenSSH daemon
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  # Let's Encrypt certificates
  security.acme = {
    acceptTerms = true;
    email = "manu@beffara.org";
  };

  # Nginx web server
  services.nginx = {
    enable = true;

    virtualHosts."www.beffara.org" = {
      default = true;
      forceSSL = true;
      root = "/data/web/root";
      enableACME = true;
    };

    virtualHosts."cloud.beffara.org" = {
      forceSSL = true;
      enableACME = true;
    };
  };

  # Nextcloud
  services.nextcloud = {
    enable = true;
    hostName = "cloud.beffara.org";
    https = true;
    package = pkgs.nextcloud21;
    home = "/data/web/nextcloud";

    autoUpdateApps = {
      enable = true;
      startAt = "03:00:00";
    };

    config = {
      overwriteProtocol = "https";
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
      dbpassFile = "/data/web/nextcloud/db-pass";
      defaultPhoneRegion = "FR";
      adminpassFile = "/data/web/nextcloud/admin-pass";
      adminuser = "admin";
    };
  };

  # Ensure that postgres is running before setting up Nextcloud
  systemd.services."nextcloud-setup" = {
    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };

  # PostgreSQL database
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };

  # Initial user account
  users.users.manu = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    initialHashedPassword = "$6$40/yq55oyhD2MhbS$fox2DB5Aj4EpbQAx8z6FYEh3Jl3HKa7aHlGbijJukWxOpXIlKqNucBA8Eene7SaUQzHpvrhke9EFZIRxZpl5F/";
  };

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "19.09"; # Did you read the comment?

}