# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

{

  imports = [
    ./server.nix
    private/junk.nix
  ];

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
  boot.kernel.sysctl = {
    "net.ipv6.conf.all.forwarding" = 1;
    "net.ipv4.ip_forward" = 1;
  };

  networking.hostName = "junk"; # Define your hostname.

  services.taskserver = {
    openFirewall = true;
    listenHost = "::";
    enable = true;
  };
  

  containers."jumphost" = {
    autoStart = true;
    privateNetwork = true;
    hostBridge = "br0";
    config = {config, pkgs, lib, ... }: {
      networking.useDHCP = lib.mkForce true;
      services.endlessh = {
        enable = true;
        port = 22;
        openFirewall = true;
      };
      services.openssh = {
        enable = true;
        ports = [ 2022 ];
        settings.PasswordAuthentication = false;
      };
      users.users."jump" = {
        name = "jump";
        isNormalUser = true;
      };
      services.fail2ban.enable = true;
    };
  };


  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 53589 ];
  networking.firewall.allowedUDPPorts = [ 9200 ];
  # Or disable the firewall altogether.
  networking.firewall.enable = true;

  networking = {
    bridges.br0.interfaces = [ "ens3" ];
    useDHCP = false;
    interfaces."br0".useDHCP = true;
  };
  users.users."annex" = {
    uid = lib.mkForce 1032;
    isNormalUser = true;
  };
  environment.systemPackages = with pkgs; [
    git-annex
  ];
}