# Buckwheat configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
let
  hostname="buckwheat";
in
{
  imports = [
    ./hardware-configuration.nix
  ];
  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 10;
      };
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint = "/boot/efi";
      timeout = 2;
    };

    # Hardware-configuration edits
    kernel.sysctl."net.ipv4.ip_forward" = 1;

    # Clean /tmp at boot
    tmp.cleanOnBoot = true;
  };
  networking = {
    hostName = "${hostname}"; # Define your hostname.
    firewall = {
      # To disable the firewall altogether:
      # enable = false;
      allowedTCPPorts = [ 445 139 ];
      allowedUDPPorts = [ 137 138 ];
    };
    # Proxy configuration
    # proxy = {
    #   default = "http://user:password@proxy:port/";
    #   noProxy = "127.0.0.1,localhost,internal.domain";
    # };
  };
  users.users.${user.name} = {
    extraGroups = [ "libvirtd" "transmission" ];
  };
  services = {
    mullvad-vpn = {
      enable = true;
      package = pkgs.mullvad-vpn;
    };
    transmission = {
      enable = true;
      openFirewall = true;
    };
    udisks2 = {
      enable = true;
      mountOnMedia = true;
    };
    # Enable automatic login for the user.
    # getty.autologinUser = "${user.name}";
  };

  virtualisation.libvirtd.enable = true;

  # Borg backup configuration
  services.borgbackup.jobs."daily" = {
    paths = [
      "/home"
    ];
    exclude = [
      "/home/*/go/bin"
      "/home/*/go/pkg"
    ];
    repo = "/mnt/daily/buckwheat";
    encryption = {
      mode = "repokey-blake2";
      passCommand = "cat /root/borgbackup/passphrase";
    };
    compression = "auto,lzma";
    startAt = "daily";
    prune.keep = {
      within = "7d";
    };
  };
  services.borgbackup.jobs."weekly" = {
    paths = [
      "/home"
    ];
    exclude = [
      "/home/*/go/bin"
      "/home/*/go/pkg"
    ];
    repo = "/mnt/weekly/buckwheat";
    encryption = {
      mode = "repokey-blake2";
      passCommand = "cat /root/borgbackup/passphrase";
    };
    compression = "auto,lzma";
    startAt = "weekly";
  };
  #services.borgbackup.jobs."borgbase" = {
  #  paths = [
  #    "/home"
  #  ];
  #  exclude = [
  #    "/home/*/go/bin"
  #    "/home/*/go/pkg"
  #  ];
  #  repo = "<repo_hash>.repo.borgbase.com:repo";
  #  encryption = {
  #    mode = "repokey-blake2";
  #    passCommand = "cat /root/borgbackup/passphrase";
  #  };
  #  environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
  #  compression = "auto,lzma";
  #  startAt = "daily";
  #};
}