# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let
  gitRev = "afca3f977175280668aaed92112eb42a171510d2";
  nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
in
{
  imports = [
    ../common.nix
    ./hardware-configuration.nix
    ./users.nix
    ./services.nix
  ];

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };

    supportedFilesystems = [ "zfs" ];

    tmpOnTmpfs = true;
  };

  nix.nixPath = [
    "nixpkgs=${nixpkgs}"
    "nixos-config=/etc/nixos/configuration.nix"
  ];

  nixpkgs.config.allowUnfree = false;
  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" ]);

  services.zfs = {
    autoSnapshot.enable = true;
    autoScrub.enable = true;
  };

  # eno1 -> VLAN100 -> Internet
  # eno2 -> LAN
  # eno3 -> accès serveur
  # eno4 -> Wifi ?

  networking = {
    hostName = "loutreos"; # Define your hostname.
    hostId = "7e66e347";

    # firewall.trustedInterfaces = [ "eno3" ];
    # interface.eno3 = {
    #   ipv4.addresses = [
    #     { address = "10.30.0.5"; prefixLength = 24; }
    #   ];
    # };

    vlans.bouyges = {
      id = 100;
      interface = "eno1";
    };

    interfaces = {
      bouyges = {
        # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
        macAddress = "00:11:22:33:44:55";
      };
      eno2 = {
        ipv4.addresses = [
          { address = "10.30.0.1"; prefixLength = 16; }
        ];
      };
    };

    # NAT bouyges <-> eno2
    nat = {
      enable = true;
      externalInterface = "bouyges";
      # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE
      # externalIP = "0.0.0.0";
      forwardPorts = [
        # FTP
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 20; }
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 21; }
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = "64000:65535"; }
        # SSH
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 22; }
        # Mails
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 25; }
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 143; }
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 587; }
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 4190; }
        # HAProxy
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 80; }
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 443; }
        # Matrix
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 8448; }
        # Syncthing
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 22000; }
        # Transmission
        { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 51413; }
        { destination = "10.30.0.5"; proto = "udp"; sourcePort = 51413; }
      ];
      internalIPs = [ "10.30.0.0/16" ];
      internalInterfaces = [ "eno2" ];
    };

  };

  services.dhcpd4 = {
    enable = true;
    interfaces = [ "eno2" ];
    extraConfig = ''
      option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40;
      option subnet-mask 255.255.0.0;
      option routers 10.30.0.1;
      subnet 10.30.0.0 netmask 255.255.0.0 {
        range 10.30.50.0 10.30.250.0;
      }
    '';
  };

  nixpkgs.overlays = [
    (import ../../overlays/riot-web.nix)
  ];

  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
  };

  networking.firewall = {
    allowedTCPPorts = [ ];
    allowedUDPPorts = [ ];
    enable = true;
  };

  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "18.03";
}